# ZkVM call [TOC] ## 2021-07-02 attenddee: barry, mary, yt, han, miha,onur, cc, cp, kev, thore ### updates - onur: kzg https://github.com/kilic/poly/blob/master/src/poly/kzg.rs - carlos and cc: testing vector https://github.com/appliedzkp/zkevm-testing-vectors/pull/1 - han: stack circuit https://hackmd.io/Nwd0e5AgTVSBWRQlp-Ving - miha: halo2 https://hackmd.io/96v0-vTnTM-iUzCpKt8o3Q - copy contraint for variable size of slots - Custom constraints verifyer - Call - Slot size Next week - barry: call - miha: look into the testing vec, and doc of han, and debug halo2 - yt: start making issues - onur: continnue the previous work, - han: stack circuit - cc: define plookup function need to figure out Reverts to figure out how storage work ## 2021-06-25 attenddee: barry, mary, yt, han, miha,onur, cc, cp, kev, Rahul, thore - barry: - thinking about gas - cc: - mem proof review - onur: - port kzg code to halo2 lib - miha: - looked into dusk plonk - cp: - test vector https://github.com/appliedzkp/zkevm-testing-vectors/blob/layout_structure/contracts/StackPushPop/enriched-abi.json - yt: - prototyping mem circuit using UltraPlonkArith ### Gas reentry attack: no gas the contract can call other contracts ### What lib to use? cp: halo2 is the best option ### plookup cp: dusk 1 constraint per lookup yt: barry can present slot ### Goal next week - miha: impl bus mapping halo2 - cp: build test vec for example bus mapping - han: mem or stack cirucit - onur: continue on the kzg and bn - rahul: catch up ## 2021-06-18 attenddee: barry, mary, yt, han, miha,onur, cc, cp ### updates - barry: - zkevm ealy spec - looking into call, return, calldatacopy - cc: - spec review - talked to carlos about the implementation issue - onur: - study plookup - study the paper of dusk implementation - explore the halo2 lib - halo2 traits not competible to bn curve lib by matterlabs - cp(CPerezz): - reading the spec - reading the halo2 - talk to jordi about plookup - talk to cc - miha - I was mostly studying EVM related things as I am new to that, I felt I need to do this first (before going more deeply into checking the existing plonk/marlin codebases). I went through the dusk network plonk / plookup code though. Just one question - does anybody know whether the modularise_plookup is the most up to date plookup branch? mary: bn not secure barry: wait bls for 4yr, too long yt: need to check if we can swap pasta for other curve. halo2 modified lookup argument, subset argument. need to check if the halo2 plookup can do the requiremtn we need. halo2 is audited our requirement - plookup - custom constraint yt: halo2 has poseidon and sha256 gadget.arith is quite separeate from the poly commit scheme. mary: issues about bounded degree onur: l2, cp: do we have any time constraint in the impl? barry: tooling should save us time. want to do poc soon. halo2: circuit fine. replacing kzg unsure. doeverything in plookup, do everything in 8 bits. do we need ecc operation? How do we handle throw? The throw is important in many applications Get rid of gas ### action items gather info to decide which lib to do imple next week - replacing halo2 to kzg - simple circuit using halo2 - barry: - prioritize the spec for mem - explore the plookup shared from yt - write more spec - onur: - impl bn curve - cc: - write simple circuit using halo2 ## 2021-06-11 goal next week - Barry: - talk to people present next week - onur - halo2 - understand more plookup - han - dive in halo2 - miha - dusk network - look into marlin - cc: - spec review - halo2 update: - Barry: - presenting idea to people - writing the spec - intermediate data format - Onur: - learn Dusk custom constraint - learn plookups - the dusk bug, talked to Carlos and Luke Need to decide what lib to use next week - Dusk-network plonk - https://github.com/zcash/halo2 the halo2 - Arkwork's one https://github.com/arkworks-rs/marlin Reviewed the memory part in last week's presentation ## 2021-06-04 Barry's presentation https://docs.google.com/presentation/d/12xhjy4iftPSDAI1dPodmp6LAQkTenMmBD6tXK--j41Y/ ## 2021-05-28 - barry: presentation of how this project should go - cc: draft a state commitment doc - onur: dive into vm cost - thore: looking for people - han: (optional) dynamic table and merging table max constraint is about 2^16 table < 2^25 ## 2021-05-21 - cc:read barry's article, halo2. pederson bn254. proof of membership of a deep tree - onur: custom constraint, range proof. ## 2021-05-14 - go with bls12381 ## 2021-05-07 - focus on dusk now - kate state proof - Can you open multiple points on many different polynomials in Kate commitment? If you can, what's the cost? We want to do multiple read/write on a state commitment ## 2021-04-30 1. poly acuu to store the jump 2. stack push/pop pedersen hash for state proof onur: custom constraint cc: same+ 128, 256 layer pederson hashes ## 2021-04-23 spec https://hackmd.io/OD2O9dZRSTukWEpGmtS9ww - soliditiy part - because zkrollup - plonk part - not decided yet use mimc to replace keccak 600k to verify ECDSA capcaity of state mem que check sig in EVM, before checking the proof What kind of poeple we can onboard to work closely ASAP? action items: - Barry: research on state proof. What kind of accumenlator to use - Onur and cc: get familiar with barretenberg. build add+jump + mul ## 2021-04-19 https://github.com/barryWhiteHat/zkvm#variables-used rough plan: sep testnet opcode priorities - simple arithmatics like ADD/MUL - JUMP - Skip all precompiles load state into state queue We do arithmatics in 254 bits: 0 - 1 will yield 2^254 - 1 not 2^256 -1 action items: - onur - survey building on plonk - cc - add [test cases](/4rcO3SPTSkSoLvpMjrNn1Q) - barry - load things to memory - write up idea Looking for these people. 1. a person for evm proof 2. a person for proving of state load 3. (optional) testing /fuzzing make sure everything works. We can benefit from onboarding this person sooner