owned this note
owned this note
Published
Linked with GitHub
## Mopro: Client-side proving on mobile made easy
@oskarth, ZK Summit 2024
---
## TLDR
1) We want to make proofs on mobile
2) Mopro is a toolkit for ZK app dev on mobile
4) Let's make ZKPs on mobile great together
---
## PART 1
### We want to make proofs on mobile
---
## Why client-side proving?
Let's put the "Zero Knowledge" back in ZK.
Note:
A lot of focus on ZK for succinctness in L2 context,
Not enough for many apps where you want privacy or interop.
Let's look at examples
---
## Zupass: Crypto-native identity
![kotor-2048x1365](https://hackmd.io/_uploads/HJV8XcUR6.jpg)
Note:
ZK identity solution: has to be mobile, 95% usage
Zuzalu last year, Devconnect and more this year
Allowed you to catch frogs (ECDSA signatures), need mobile
---
## Aadhaar: Real-world identity
![image](https://hackmd.io/_uploads/Sy7nE5IA6.png)
Note:
Anon-Aadhaar project to do ZK on this
Take traditional ID thing and permissionlessly use
RSA verification in PDF
Selective disclosure, Gitcoin Passport/PoH
Other similar solutions, proof of passport EU, japan etc
This is a lot more complex in terms of circuits
---
## More examples...
![zkprivate](https://hackmd.io/_uploads/B1MB55UAp.jpg)
Note:
Outside of ZK-Identity, a big one is fungible money
Bitcoin origin, make like cash, private txs
Private finances more generally
Also private social networks
And ZK-ML projects use priv data photos, hackathon
User wants to generate proof on their phone
---
## Client-side proving
- Secure: User generates claims
- Fast: Good performance for big circuits
- Friendly: Easy to use and robust
Note:
What properties we want?
Trust-minimized and secure, user gen proof
Fast: ECDSA/RSA ~1m constraints, much bigger than Semaphore, good UX
Helps with large anonymity sets
Should just work incl on all devices (accessible)
easy, good devex
---
## Browser vs native
- Security: OS-level security
- Performance: Native performance
- Affordances: Better integration with phone
- Trade-off: Complex to develop and distribute
Note:
When I say mobile, I don’t just mean browsers
Why bother?
OS-level security (secure storage, biometric auth); Isolation - important for secrets like real-world id! Not webview
Native perf; multi threading, GPU; can get on browser but limited
Better integration with camera/sensors/secure enclave/push notif; more native and fluent experience
Tradeoff: no need app ok; poss censorship; platform specific; complex to develop app, esp ZK
Leads us to mopro
---
## PART 2
### mopro is a toolkit for ZK app dev on mobile
---
## What is mopro?
- Toolkit: set of libraries and utils
- Goals
- Modularity
- Developer-friendly
- Performance
- Multi-platform
- Foundry for ZK app dev
Note:
Modularity - easy to add proof systems
Dev friendly fast to get started
Fast proving
Works on many platforms
---
## mopro-cli 1-2-3
```
# Create a Circom project with iOS and Android support
mopro init --platforms ios, android
# Prepare circuit and artifacts
mopro prepare
# Build for iOS
mopro build --platforms ios
# Also options for testing, exporting bindings, etc
```
Note:
New, main interface point
Get started in under 5m
---
## Example project
```
> tree -L 1
.
├── README.md
├── android # Android project
├── core # Circom circuits, Rust wrapper
├── ios # iOS project
├── mopro-config.toml # Project config
├── ptau
└── target
```
---
## mopro-config.toml
```
[build]
ios_device_type = "device" # x86_64, simulator, device
android_device_type = "arm64" # x86_64, x86, arm, arm64
build_mode = "release" # debug, release (recommended)
[circuit]
dir = "core/circuits/keccak256"
name = "keccak256_256_test"
ptau = "19"
[dylib]
use_dylib = true # true, false
name = "keccak256" # Name of the dylib file
```
Note:
Specify relevant options
---
## Example app (XCode)
![image](https://hackmd.io/_uploads/BJN_kp8Ca.png)
Note:
Generate some example app with basic proving/verifying
We'll look at more examples later
---
## Architecture
![image](https://hackmd.io/_uploads/S1v0Ja8Rp.png)
Note:
We can think of this flow as multiple layers
Starting with the user, then app, tooling, then towards proving systems and computer science
Let's zoom in
(Skip this slide?)
---
## Architecture
![image](https://hackmd.io/_uploads/SJuQxp8R6.png)
Note:
The key idea is separation of concerns, modularity
A user has no brain, they just want to use an app
Circuit dev only cares circuit, and likewise app dev
A lot of things going on: Circom circuits, mopro-core, circom-compat, arkworks, mopro modules, UniFFI bindings, Swift library, iOS app...
We take a slice of one thing at each layer (proof system, platform)
How do all of these things fit together?
---
## Circom
Most widely used DSL for client-side proving
![keccak](https://hackmd.io/_uploads/By1xXVYCa.jpg)
Note:
mopro prepare, compile, run trusted setup, gen arkzkey
Bring your own circuit setup
---
## mopro-core
- Core Rust library with multiple adapters
- Starting with Circom, easy to add more
- API for init/prove/verify, serialization etc
- Circom: Use circom-compat to load circuit
- Witness gen native or via wasmer
- Proving done natively with ark-groth16
Note:
Trivial to add new adapters, WIP
.wasm/dylib for witness calc with wasmer, arkzkey
wt
---
## mopro-ffi
- FFI: Talking across language barriers
- Bridge between Rust and Swift/Kotlin/Python
- Wraps Rust API, deals with lowering/lifting
- UniFFI to generate bindings for languages
- Support iOS, Android, and React Native
Note:
Foreign function interface
Recently added Android
RN support separate via bridge from Yanis PSE
---
## UniFFI
![uniffi2](https://hackmd.io/_uploads/HyvpIVKAa.jpg)
Note:
How do we build complex cross-platform applications?
What Firefox developed to build complex cross-platform applications
More modern version of `cbindgen`
Keep business logic in Rust
With native binds can make app
---
## App (Anon-Aadhaar)
![aadhaar-both](https://hackmd.io/_uploads/r1uLYEFCp.jpg)
Note:
In the end you have an app like Anon-Aadhaar
Will get back to later
---
## User
Just wants things to work
![user-license-scan](https://hackmd.io/_uploads/H1nboEt0T.jpg)
Note:
Users have no brain, just want things to work
This means fast proofs, few actions etc
Create experiences that hide ZK voodoo and integrate seamlessly into app and user’s life
---
### Zooming back out
Making life of app developer easy
![image](https://hackmd.io/_uploads/SJuQxp8R6.png)
Note:
Can only focus on so much at a time
UX, App development, Swift libraries, architectures/linking, Rust, ZK, circuits, proving systems, infra...
Requires a lot of people, and doing this takes away from focusing on "business problem"
With mopro, we split this up and create tooling to allow developers to focus on their area of expertise
Details not important; make life easy
---
## DevEx: mopro-cli 1-2-3
```
# Create a Circom project with iOS and Android support
mopro init --platforms ios, android
# Prepare circuit and artifacts
mopro prepare
# Build for iOS
mopro build --platforms ios
# Also options for testing, exporting bindings, etc
```
Note:
Write your circuit
UniFFI ibindings, can test in isolation
Xcode painful
App dev POV: No Rust/ZK, just another app
Embed Rust lib, hide complexity, linking/architecture, Cocoapods etc
---
### Modularity
- Platforms: Adding support for e.g. Python trivial
- Proof systems: Adding new proof systems easy
- Tooling: Two birds with one stone
- FFI, serialization, linking, packaging etc
- Rust core: Schelling point for ZKP
- Public good: Not tied to specific business
- Thanks PSE and 0xPARC for grant!
Note:
Modularity as a design goal; Easy to add new platforms; new proof system (wrap Rust API+expose bindings)
Rust fast, secure, flexible, developers
Not tied to some specific proof system, whatever is useful to people, agnostic
---
## Where are we now?
- Anon-Aadhaar v1 showcase app
- AA: Constraints up x10 from 160k to 1.6m
- Also Proof-Of-Passport
- Performance
- Understand limits of client-side proving
- Native witness generation, arkzkey loading
- Improve DevEx
- mopro-cli 1-2-3
- API, React Native support, distribution
Note:
Three main areas of focus
Proof of passport cool, also similar Myna JP
Late last year, increase complexity due to sel disc/nullifier
---
### Client-side proving: How big can circuits be?
![image](https://hackmd.io/_uploads/HyMmmSKAa.png)
Note:
Memory biggest bottleneck, up to 4GB OK
Not gonna go into other perf details
10s witness gen, ~20s prover time, load zkey, smalelr zkey arkzkey
Other proof systems and techniques
Next part coming up
---
## PART 3
### Let's make ZK on mobile great together
---
## You are nobody
![g0v](https://hackmd.io/_uploads/BJAZPSt06.jpg)
---
## Contribute
- Try it out and provide feedback
- Write ZK apps in it, easy with mopro-cli
- Community project
- More platforms
- More proof systems
- Performance improvements
- Docs, API, ...
- ZK grants available
Note:
ZK-ML hackathon Oxford Confidenti used
GH user or TG
Foundry for ZK
---
## Contribute (cont)
- Platforms: React Native, Web?
- Proof systems: Halo2, Noir, ...
- Performance: Native witness gen, GPU...
Note:
RN integrate better, desktop/web
Proof systems Kimchi PoC wknd
Halo2/Noir, some interest, Nova, VOLE, binius?
Perf: Native wtns gen, GPU grant WIP, load zkey
Also docs/API
---
## Contributors etc
- Downstream, upstream and main
- 0xPARC/PSE, Vivian, Yanis, Moven/Foodchain, Phil/Remco, Aaryamann/Vac, Florent, ...
- You?
Note:
Everything from upstream deps, main contributions and downstream
---
## Recap
1) We want to make proofs on mobile
2) Mopro is a toolkit for ZK app dev on mobile
3) Let's make ZKPs on mobile great together
---
## The future is ZK.
## The future is mobile.
## The future is now.
---
## Thank you
- Questions?
- Mopro
- Repo: github.com/oskarth/mopro
- TG: t.me/zkmopro
- Oskar
- X/FC: @oskarth
- Site: oskarth.com
Note:
Qs?
---
---
## Performance notes
- Keccak256 (150k constraints): 1.5s
- ~x10 faster vs comparable circuit in browser
- Anon-Aadhar 1.6m
- 10s witness gen (wasm), 20s prover time
- arkzkey load slow (~1.5m)
- arkzkey size ~500mb (50% smaller)
- Bottlenecks: memory, loading zkey, and wasm witness generation