Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting EIP-196 (elliptic curve alt_bn128) #409

Open
0x3bfc opened this issue Jan 7, 2022 · 4 comments
Open

Supporting EIP-196 (elliptic curve alt_bn128) #409

0x3bfc opened this issue Jan 7, 2022 · 4 comments

Comments

@0x3bfc
Copy link
Contributor

0x3bfc commented Jan 7, 2022

Description

One of our partners is asking for zkSNARK precompile contract support. The alt_bn128 precompile is needed in order to proceed with his zkSNARK app/protocol(s). More details can be found in eip-196 and eip-197.

Motivation

  • It scales Aurora
  • It supports confidential transactions.
@snjax
Copy link

snjax commented Jan 7, 2022

Related PR in NEAR is near/nearcore#3971. Currently, it is WIP.

@andrcmdr
Copy link
Contributor

andrcmdr commented Jan 7, 2022

Hm...
If I understand correctly, zero-knowledge proof verification should be implemented with usage of alt_bn128 elliptic curve, to support confidential transactions.
A former tinysnark (now https://github.com/ebfull/hackishlibsnarkbindings) libsnark bindings can be used to implement that, if it fits well (for standalone engine for sure, but practically not sure about compiling libsnark into WASM or using it as binary blob from WASM code of engine contract on Near - cc @joshuajbouw, @birchmd, @mrLSD):
https://github.com/ebfull/hackishlibsnarkbindings/blob/master/src/lib.rs#L57

Example of implementation I found for former Parity node:
gancherj/parity@b820abf#diff-d3c7f08c14ccf9138a1f95de4e78c1a5164026a0127a5f8c1ec4a0619e72ca61R105

Example of usage in a contract (mixer in this case, babyzoe uses Parity node):
https://github.com/zcash-hackworks/babyzoe/blob/master/zoe/contract/mixer.sol#L2
https://github.com/zcash-hackworks/babyzoe/blob/master/zoe/contract/mixer.sol#L10
https://github.com/zcash-hackworks/babyzoe/blob/master/zoe/contract/mixer.sol#L83

@andrcmdr
Copy link
Contributor

andrcmdr commented Jan 7, 2022
edited
Loading

If I understand correctly, zero-knowledge proof verification should be implemented with usage of alt_bn128 elliptic curve, to support confidential transactions.

Ah... right... to support confidential transactions and zk proof verification from their, partner's, side... now it's clear. alt_bn128 support is already implemented.
But... Support for zk proof verification as precompile in engine - this maybe an interesting case, nevertheless!

@joshuajbouw
Copy link
Contributor

We need to implement it as a precompile on NEAR. Way too expensive through Aurora.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@snjax @0x3bfc @andrcmdr @joshuajbouw