## Mopro: Client-side proving on mobile made easy @oskarth, ZK Summit 2024 --- ## TLDR 1) We want to make proofs on mobile 2) Mopro is a toolkit for ZK app dev on mobile 4) Let's make ZKPs on mobile great together --- ## PART 1 ### We want to make proofs on mobile --- ## Why client-side proving? Let's put the "Zero Knowledge" back in ZK. Note: A lot of focus on ZK for succinctness in L2 context, Not enough for many apps where you want privacy or interop. Let's look at examples --- ## Zupass: Crypto-native identity  Note: ZK identity solution: has to be mobile, 95% usage Zuzalu last year, Devconnect and more this year Allowed you to catch frogs (ECDSA signatures), need mobile --- ## Aadhaar: Real-world identity  Note: Anon-Aadhaar project to do ZK on this Take traditional ID thing and permissionlessly use RSA verification in PDF Selective disclosure, Gitcoin Passport/PoH Other similar solutions, proof of passport EU, japan etc This is a lot more complex in terms of circuits --- ## More examples...  Note: Outside of ZK-Identity, a big one is fungible money Bitcoin origin, make like cash, private txs Private finances more generally Also private social networks And ZK-ML projects use priv data photos, hackathon User wants to generate proof on their phone --- ## Client-side proving - Secure: User generates claims - Fast: Good performance for big circuits - Friendly: Easy to use and robust Note: What properties we want? Trust-minimized and secure, user gen proof Fast: ECDSA/RSA ~1m constraints, much bigger than Semaphore, good UX Helps with large anonymity sets Should just work incl on all devices (accessible) easy, good devex --- ## Browser vs native - Security: OS-level security - Performance: Native performance - Affordances: Better integration with phone - Trade-off: Complex to develop and distribute Note: When I say mobile, I don’t just mean browsers Why bother? OS-level security (secure storage, biometric auth); Isolation - important for secrets like real-world id! Not webview Native perf; multi threading, GPU; can get on browser but limited Better integration with camera/sensors/secure enclave/push notif; more native and fluent experience Tradeoff: no need app ok; poss censorship; platform specific; complex to develop app, esp ZK Leads us to mopro --- ## PART 2 ### mopro is a toolkit for ZK app dev on mobile --- ## What is mopro? - Toolkit: set of libraries and utils - Goals - Modularity - Developer-friendly - Performance - Multi-platform - Foundry for ZK app dev Note: Modularity - easy to add proof systems Dev friendly fast to get started Fast proving Works on many platforms --- ## mopro-cli 1-2-3 ``` # Create a Circom project with iOS and Android support mopro init --platforms ios, android # Prepare circuit and artifacts mopro prepare # Build for iOS mopro build --platforms ios # Also options for testing, exporting bindings, etc ``` Note: New, main interface point Get started in under 5m --- ## Example project ``` > tree -L 1 . ├── README.md ├── android # Android project ├── core # Circom circuits, Rust wrapper ├── ios # iOS project ├── mopro-config.toml # Project config ├── ptau └── target ``` --- ## mopro-config.toml ``` [build] ios_device_type = "device" # x86_64, simulator, device android_device_type = "arm64" # x86_64, x86, arm, arm64 build_mode = "release" # debug, release (recommended) [circuit] dir = "core/circuits/keccak256" name = "keccak256_256_test" ptau = "19" [dylib] use_dylib = true # true, false name = "keccak256" # Name of the dylib file ``` Note: Specify relevant options --- ## Example app (XCode)  Note: Generate some example app with basic proving/verifying We'll look at more examples later --- ## Architecture  Note: We can think of this flow as multiple layers Starting with the user, then app, tooling, then towards proving systems and computer science Let's zoom in (Skip this slide?) --- ## Architecture  Note: The key idea is separation of concerns, modularity A user has no brain, they just want to use an app Circuit dev only cares circuit, and likewise app dev A lot of things going on: Circom circuits, mopro-core, circom-compat, arkworks, mopro modules, UniFFI bindings, Swift library, iOS app... We take a slice of one thing at each layer (proof system, platform) How do all of these things fit together? --- ## Circom Most widely used DSL for client-side proving  Note: mopro prepare, compile, run trusted setup, gen arkzkey Bring your own circuit setup --- ## mopro-core - Core Rust library with multiple adapters - Starting with Circom, easy to add more - API for init/prove/verify, serialization etc - Circom: Use circom-compat to load circuit - Witness gen native or via wasmer - Proving done natively with ark-groth16 Note: Trivial to add new adapters, WIP .wasm/dylib for witness calc with wasmer, arkzkey wt --- ## mopro-ffi - FFI: Talking across language barriers - Bridge between Rust and Swift/Kotlin/Python - Wraps Rust API, deals with lowering/lifting - UniFFI to generate bindings for languages - Support iOS, Android, and React Native Note: Foreign function interface Recently added Android RN support separate via bridge from Yanis PSE --- ## UniFFI  Note: How do we build complex cross-platform applications? What Firefox developed to build complex cross-platform applications More modern version of `cbindgen` Keep business logic in Rust With native binds can make app --- ## App (Anon-Aadhaar)  Note: In the end you have an app like Anon-Aadhaar Will get back to later --- ## User Just wants things to work  Note: Users have no brain, just want things to work This means fast proofs, few actions etc Create experiences that hide ZK voodoo and integrate seamlessly into app and user’s life --- ### Zooming back out Making life of app developer easy  Note: Can only focus on so much at a time UX, App development, Swift libraries, architectures/linking, Rust, ZK, circuits, proving systems, infra... Requires a lot of people, and doing this takes away from focusing on "business problem" With mopro, we split this up and create tooling to allow developers to focus on their area of expertise Details not important; make life easy --- ## DevEx: mopro-cli 1-2-3 ``` # Create a Circom project with iOS and Android support mopro init --platforms ios, android # Prepare circuit and artifacts mopro prepare # Build for iOS mopro build --platforms ios # Also options for testing, exporting bindings, etc ``` Note: Write your circuit UniFFI ibindings, can test in isolation Xcode painful App dev POV: No Rust/ZK, just another app Embed Rust lib, hide complexity, linking/architecture, Cocoapods etc --- ### Modularity - Platforms: Adding support for e.g. Python trivial - Proof systems: Adding new proof systems easy - Tooling: Two birds with one stone - FFI, serialization, linking, packaging etc - Rust core: Schelling point for ZKP - Public good: Not tied to specific business - Thanks PSE and 0xPARC for grant! Note: Modularity as a design goal; Easy to add new platforms; new proof system (wrap Rust API+expose bindings) Rust fast, secure, flexible, developers Not tied to some specific proof system, whatever is useful to people, agnostic --- ## Where are we now? - Anon-Aadhaar v1 showcase app - AA: Constraints up x10 from 160k to 1.6m - Also Proof-Of-Passport - Performance - Understand limits of client-side proving - Native witness generation, arkzkey loading - Improve DevEx - mopro-cli 1-2-3 - API, React Native support, distribution Note: Three main areas of focus Proof of passport cool, also similar Myna JP Late last year, increase complexity due to sel disc/nullifier --- ### Client-side proving: How big can circuits be?  Note: Memory biggest bottleneck, up to 4GB OK Not gonna go into other perf details 10s witness gen, ~20s prover time, load zkey, smalelr zkey arkzkey Other proof systems and techniques Next part coming up --- ## PART 3 ### Let's make ZK on mobile great together --- ## You are nobody  --- ## Contribute - Try it out and provide feedback - Write ZK apps in it, easy with mopro-cli - Community project - More platforms - More proof systems - Performance improvements - Docs, API, ... - ZK grants available Note: ZK-ML hackathon Oxford Confidenti used GH user or TG Foundry for ZK --- ## Contribute (cont) - Platforms: React Native, Web? - Proof systems: Halo2, Noir, ... - Performance: Native witness gen, GPU... Note: RN integrate better, desktop/web Proof systems Kimchi PoC wknd Halo2/Noir, some interest, Nova, VOLE, binius? Perf: Native wtns gen, GPU grant WIP, load zkey Also docs/API --- ## Contributors etc - Downstream, upstream and main - 0xPARC/PSE, Vivian, Yanis, Moven/Foodchain, Phil/Remco, Aaryamann/Vac, Florent, ... - You? Note: Everything from upstream deps, main contributions and downstream --- ## Recap 1) We want to make proofs on mobile 2) Mopro is a toolkit for ZK app dev on mobile 3) Let's make ZKPs on mobile great together --- ## The future is ZK. ## The future is mobile. ## The future is now. --- ## Thank you - Questions? - Mopro - Repo: github.com/oskarth/mopro - TG: t.me/zkmopro - Oskar - X/FC: @oskarth - Site: oskarth.com Note: Qs? --- --- ## Performance notes - Keccak256 (150k constraints): 1.5s - ~x10 faster vs comparable circuit in browser - Anon-Aadhar 1.6m - 10s witness gen (wasm), 20s prover time - arkzkey load slow (~1.5m) - arkzkey size ~500mb (50% smaller) - Bottlenecks: memory, loading zkey, and wasm witness generation