privacy-scaling-explorations / acceleration-program Goto Github PK
View Code? Open in Web Editor NEWAccelerate Early Stage Programmable Cryptography Talents
Accelerate Early Stage Programmable Cryptography Talents
Use the RSA signature that GitHub supports to generate off-chain zk proof from the commit message or pull request data, just like how zk email generate the proof from email payload. Use the zk proof to integrate with AA wallet and perform operations. The circom circuits supporting succinct RSA signature proof is already made by zk-email. We can also use their relayer to generate and submit proofs to the AA bundlers.
Provide as much detail as possible about the project's expected final state.
Scope of Work: PoC, Blog Post or Spec on HackMd
Key Features
The RSA GitHub Wallets POC project integrates several core components to create a seamless and secure system for authorizing transactions via GitHub operations:
Use Cases and Potential Impact
PoC/MVP or other relevant prior work or research on the topic
Deliverables:
Deliverables:
Deliverables:
Deliverables:
Deliverables:
Deliverables:
Implement micro benchmarking tooling for doing MSMs/using GPU on Mobile.
Refer to following for detail
Names of team members
Discord handle
run_msm_bench()
development, Arkworks MSM integration, FFI & UDL extension.We plan to develop a micro benchmarking tool for further enhancements in mopro project. Therefore, we expect the codebase is suitable to integrate back into the mopro project. We have initiated the main work in gpu_explorations
directory in mopro-core
.
We will ensure that all modifications are thoroughly documented. This includes detailed guidelines in the README
for running the tool, along with the initial benchmarks observed on an iOS device. Our documentation will clearly explain the purpose and usage of each component, making it easier for future integrations and enhancements.
we aim to develope a Swift test to assess initial performance on a laptop. This is a precursor to the more crucial phase of testing on an actual iOS device, which will provide real-world performance metrics. We are outlining a comprehensive testing guide that includes procedures for Swift testing on laptops and detailed steps for running the tool on iOS devices. This guide also establishes benchmarking standards for recording and interpreting performance in various testing environments
We have partially completed Milestone 1, which can be seen here
Implement the msmAccel trait which is mentioned at https://github.com/privacy-scaling-explorations/halo2/pull/277/files#diff-919910df38e231a60a5d3776e9a3f9cf0891a4c414c6b38cd9ba24ae7e6bda84 for Sppark-MSM and Icicle-MSM, and then integrate the msmAccel trait into halo2 at the end.
Participated in the development of Ethstorage's proof of storage and also participated in the development of EigenZkVM. Recently I have been doing research related to msm.
*https://github.com/cyl19970726/halo2/tree/zal-intergration
We plan to Implement msmAccel trait for Sppark-msm and icicle-msm at the zal-intergration branch of halo2, and then integrates into halo2 at the end
We will provide both inline documentation of the code and a basic tutorial that explains how to use different msm versions using different implementations of the msmAccel trait.
The code will have proper unit-test coverage to ensure functionality and robustness. In the guide we will describe how to run these tests.
Benchmark data between Halo2 proof-system using different GPU versions and CPU versions of msm in the same test environment.
This is a project combining ZKP with FHE to replace bootstrapping.
The project aims to replace a bootstrapping process in Fully Homomorphic Encryption (FHE) with ZK proof. We aim to write a ZK circuit about the correctness of decryption and re-encryption on the client (trusted site) and integrate it with existing (or newly generated) FHE code. We will make a working program that appears whole FHE processes, specifically the ZK process, replaced from bootstrapping. We will design several test cases for verification of the program. Also, we will write multiple articles about the entire FHE process and our project, and make a final paper explaining our project.
Since FFT is essential for CKKS scheme, this milestone aims to provide at least working (even if inefficient) real number FFT circuit in ZK. Weβll try to use zkVM or zkLLVM tools for this.
We will implement CKKS scheme in ZK circuit if Milestone 1 succesfully ends.
It will include writing zk circuits, designing proper tests, and writing a documentation post in GitHub.
The details will be decided after completion of the Milestone 1.
We will make the final article(paper) about what weβve done, and upload it on GitHub page.
Milestone 1 repo: https://github.com/ZK-Strapping/zk-fft
Team blog repo: https://github.com/ZK-Strapping/ZK-Strapping.github.io
It's agreed by FHE research team and applicants that the grant will only be given them for milestone1. If the milestone 1 accomplished well the following milestone could be consider to grant.
Merkle hash path retrieval using PIR.
In most cases, when the hash path is sensitive, applications have to maintain the tree (or have a way to recompute the tree) to compute the hash path privately.
This project aims to mitigate this by using PIR to privately request the hash path for some encrypted index query.
Output:
We have experience with ZK, FHE, and building complex systems.
ZK:
Merkle AVL Tree:
Here we explore the solution space, settle on concrete decisions and write a document detailing our decision and why we made them.
Some interesting things to explore:
Scope of Work & Expected Outcome
Establish a repository featuring small halo2 circuits, each presenting a unique soundness bug. Each entry should come with an exploiting example to:
Technical Requirements: halo2
simple (educational) python lookup argument implementation
Yu-Ming Hsu
Jing-Jie Wang
Paul Yu
Terminology
We aim to implement baseline protocol according to paper and will not implement extra optimization over it. Take cq for example, our code covers FK algorithm for faster amortized kzg proof but won't implement optimized multiscalar multiplication (msm) because we purely rely on pyecc lib unless key components are needed.
We plan to review these 2 codebase and see which multivariavte commitment scheme is easier to implement in Python
We will provide a markdown file explaining the detail implementation of each protocol and util function, for example, why radix 4 fft.
If there're already good resources out there. We'll reference it in write up and summarize how we utilize them.
similar to plonkathon, cover unit test for each components, let's say fft, we unit test fft overall rather than subfunction of it. dummy_test, basic testcase
Enhance the performance on proving speed using GPU on mobile phone.
Refer to following for detail
For milstone 1 & 2, we will focus on integrating the algorithms into mopro
and benchmark the performance using arkwork msm (which is already integrate in the project from previous work) as baseline.
Regarding milstone 3, we will try to optimize the msm algorithm on Apple chip using its GPU API called Metal
. And in the fourth milestone, we will benchmark our work in mopro to see if our work has a better performance than the others.
Names of team members
Discord handle
We plan to integrate msm optimizations for mobile built in Zprize (or find other implementations in GPU acceleration like Ingonyama - icicle) in mopro project. Moreover, we tend to conduct an experiment for optimizing an MSM algorithm designed for Apple Chip.
Afterwards, we will benchmark these integration with arkwork-msm
to observe the result in both laptops and real IOS devices.
milestone involved:
all
We commit to ensuring exhaustive documentation of all modifications undertaken. This will involve the provision of detailed operational guidelines within the README.md file for the utilization of the tool. Additionally, we will refine and augment the instructions for incorporating other msm-work into the benchmarks. This enhancement is aimed at bolstering future experimental endeavors and facilitating extensions.
milestone involved:
all
We will try to optimize some algorithms to accelerate the process on msm running on IOS GPU. In addition, we aim to integrate more MSM GPU optimization implementations and benchmark these operations running on IOS GPU.
The test guides would be written in the report in each milestone.
milestone involved:
all
Rust
Rust
, Java
milestone involved:
all
We aim to harness Apple's GPU architecture and Metal API, custom-optimizing MSM algorithms to exploit parallel processing and compute shaders. This approach guarantees better performance, energy efficiency, and security in msm computations on iOS devices.
milestone involved:
3 & 4
zprize 2022 msm acceleration on mobiles are mainly conducted on Samsung Galaxy A13 5G (SoC MediaTek Dimensity 700
(MT6833) and the MSM implementation were over BLS12-377 G1 curve.
Rust
Provide an article that explains the advantages of Nova's Folding Scheme mechanism compared to conventional recursive proofs and explains its primitives in an intuitive and in-depth, using many illustrations.
People who want to know how Nova folding works.
Yugo
Discord: yugokoral
Github: https://github.com/yugocabrio
PSE ZK Summer Open Source Contribution Program fellow My contribution
https://github.com/yugocabrio/Folding_by_Hand
Total Estimated Duration: 8 weeks(4 milestones)
Full-time equivalent (FTE): 0.4-0.5
Starting Date: December 11th
Estimated delivery date: February 26th
Note: I would like to break 3 weeks to focus on the final exam at Univ between Milestones 2 and 3.
Introduction to Nova
Explain Incremental Computation and Incremental Verifiable Computation with simple illustrations.
Explain the mechanism of recursion or accumulation, for example, Halo2 or Plonky, briefly with diagrams. Also, discuss their disadvantages, such as the overhead of pairing in the snark verifier during proving.
Explanation of elliptic curve's subgroups defined on finite fields. Also, an explanation of the mismatch between the base field and the scalar field during recursion. Explain that using two elliptic curves, the scalar field of each curve is the base field of the other curve.
Explain Nova, which introduces a Folding scheme that compresses two R1CS (NP instances) into one. Briefly introduce the differences between Nova, Snagira, SuperNova, and HyperNova.
Relaxed R1CS by Hand
Explain how to construct the R1CS(AzβBz=Cz) from the equation x^2-5x+9=3, which has roots at x=2 and x=3.
The reason I chose this is that I want to show the folding with different witnesses.
Explain that simple folding with linear combination fails due to cross-term.
Explain the Relaxed R1CS(AzβBz=uCz+E) structure. Introduce folding the above R1CS by hand calculation while using Python's snippet.
Explain the additive homomorphism of the Pedersen commitment.
Explain a committed R1CS that allows the Prover to compute computationally expensive error terms, including cross terms, instead of having the Verifier compute them and also realizes zero knowledge.
Explain the Interactive Folding scheme for Committed Relaxed R1CS. Explain what Prover and Verifier do and in what order they work.
Explain the Fiat-Shamir transformation as a general idea and then how to apply it to the Non-Interactive Folding Scheme. In this case, the prover takes in the commitment of cross-term as a parameter of a random oracle.
Explain how the cycle of the curve works in Nova. I will read and study the Revisiting Nova video or paper.
Finish the incomplete tasks and review the article. In previous milestones, I will have prepared the initial versions of the handwritten illustrations. During this final milestone, I will refine and finalize these illustrations.
Important
A proposal will go through a review process by a PSE to ensure the quality of the task and alignment with the acceleration program mission. Please be patient and wait for the review to complete.
This task explores different zk-applicable machine learning techniques and compare them.
Throughout the project, we explore different zk-applicable machine learning algorithms that can perform the Heart Failure Prediction Dataset.
Specifically, we target to explore
I plan to compare the folloings:
0a. Source code / Documentation - We plan to provide the source code and the documentations of how one can train a neural network, using the heart failure dataset and make heart failure prediction with it. The code should also contain evaluation pipeline where one can check the model accuracy. Also, it would allow one to prove that the prediction was made using the correct circuit.
0a. Source code / Documentation - We plan to provide the source code and the documentations of how one can make classification using linear regression using given dataset, and make heart failure prediction with it. The code should also contain evaluation pipeline where one can check the model accuracy. Also, it would allow one to prove that the prediction was made using the correct circuit.
0a. Source code / Documentation - We plan to provide the source code and the documentations of how one can make classification using decision tree using given dataset, and make heart failure prediction with it. The code should also contain evaluation pipeline where one can check the model accuracy. Also, it would allow one to prove that the prediction was made using the correct circuit.
0a. Source code / Documentation - We plan to provide the source code and the documentations of how one can make classification using kNN using given dataset, and make heart failure prediction with it. The code should also contain evaluation pipeline where one can check the model accuracy. Also, it would allow one to prove that the prediction was made using the correct circuit.
0b. Final report - We plan to write down the final reports on observed models, where we compare the followings:
I am planning to first construct each model using pytorch and try EZKL. Yet if the operations are unimplemented, I am planning to look for other conversion methods, or construct circom circuit on my own.
The Halo2 Aggregation Toolbox aims to provide users with a user-friendly interface for merging proofs, verifying them, and generating verifiers using the Halo2 zero-knowledge proof system.
Names of team members
Telegram handle
Student in cryptography from BUPT
Main contributor to the open source zk tutorials z2o-k7e and WTF-zk.
Student in cryptography from POLYU
Focus on zk security.
1. Research and Feasibility Study:
2. Project Structure and Initial Setup:
1. API Design:
2. Proof Aggregation Implementation:
3. Testing Framework:
1. Verification Functionality Development:
2. Verifier Generation:
3. Documentation and Examples:
1. Library Optimization and Final Testing:
2. Output Documentation and Blogpost:
Project Name: Astra: Accelerating Client-Side ZK with WebGPU
Astra is a cutting-edge library designed to accelerate zero-knowledge proof generation directly within web browsers. By harnessing the power of WebGPU, Astra aims to overcome the computational barriers that have traditionally hindered the performance of privacy-preserving applications. Our project focuses on optimizing critical operations like MSMs and NTTs and aims to establish a comprehensive ecosystem for seamless integration across various proof systems.
Astra leverages the emerging WebGPU standard to tap into the parallel processing capabilities of GPUs directly within the browser. This approach promises to bridge the gap between the computational demands of zero-knowledge proofs and the limitations of traditional browser-based environments. By optimizing key operations such as multi-scalar multiplications (MSMs) and number-theoretic transforms (NTTs), Astra aims to set a new benchmark for performance in the realm of client-side zero-knowledge proofs.
WebGPU is a groundbreaking API that provides web applications with access to the computational power of modern GPUs. Unlike its predecessors, WebGPU is designed with both graphics and general-purpose computation in mind, making it an ideal choice for computationally intensive tasks like zero-knowledge proof generation. By utilizing the parallel processing capabilities of GPUs, WebGPU can execute operations much faster than traditional CPU-based approaches, especially when dealing with large datasets or complex calculations.
The generation of zero-knowledge proofs is a resource-intensive process that has traditionally been hampered by the constraints of browser environments. With the advent of WebGPU, a new pathway has opened up, allowing direct access to GPU resources within the browser. Astra seeks to exploit this opportunity to accelerate proof generation, making zero-knowledge applications more practical and user-friendly.
The project is divided into three milestones, each focused on a different aspect of the library's development:
Total Estimated Duration: 8 weeks
Full-time Equivalent (FTE): 2
Estimated Duration: 2 weeks
FTE: 2
In this phase, we plan on implementing shaders for field arithmetic and curve operations for BN254.
No. | Deliverable | Specification |
---|---|---|
1 | WebGPU Primitives | Implement WGSL shaders for field arithmetic and curve operations for the BN254 family of curves. |
2 | Interfacing for Primitives | Implement helper functions to interface with WebGPU primitives for testing and benchmarking |
3 | Testing Framework | Develop a regression test suite to ensure the correctness and stability of the implemented primitives. |
4 | Benchmarking Tools | Create tools for benchmarking the performance of primitives across different hardware configurations. |
5 | Documentation | Provide comprehensive documentation for the implemented primitives and testing framework. |
Estimated Duration: 3 weeks
FTE: 2
In this phase, we focus on integrating the primitives with the halo2 library and benchmarking it.
No. | Deliverable | Specification |
---|---|---|
1 | MSM, NTT with WebGPU | Implement Pippenger's Algorithm for MSM and NTT with WebGPU primitives |
2 | Integrate with halo2 | Dirty integration of WebGPU primitives with the halo2 |
3 | Benchmarking | Compare results of halo2 MSMs and NTTs with WebGPU MSMs and NTTs |
4 | Testing | Unit/Integration/Regression/Stress Testing for MSMs, NTT with WebGPU |
Estimated Duration: 3 weeks
FTE: 2
No. | Deliverable | Specification |
---|---|---|
1 | Rust Library | Create a library that enables easy usage of WebGPU crypto and integrate it with halo2 |
2 | Optimizations | Study the biggest bottlenecks and work on optimizing them |
3 | Security Analysis | Conduct an internal security analysis to identify potential vulnerabilities, such as timing attacks or side-channel attacks. |
4 | Documentation | Documentation of the Rust Library |
By the end of 8 weeks, we aim to establish the groundwork for a robust ecosystem dedicated to zero-knowledge proof generation utilizing WebGPU. Future work will involve further optimizations and integrations with other proof-generation libraries.
We have made considerable strides in advancing the Astra project, effectively mitigating risks associated with key milestones. Our achievements thus far include:
Name | Telegram | |
---|---|---|
Gunit Malik | [email protected] | @GumNut |
Saurabh Chalke | [email protected] | @saurabhchalke |
The team has been deeply involved in the zk space for over a year. We have previously built distributed versions of the primitives required to generate proofs to enable distributed proof generation in Arkworks and halo2.
Estimated Duration of the project: 8 weeks
Project Complexity: Medium, requiring expertise in Rust, Zero Knowledge Proofs, and WebGPU.
Establish a repository featuring small halo2 circuits, each presenting a unique soundness bug
PSE Summer Contribution Program
This section should break out the development roadmap into a number of milestones. Since the milestones will appear in the grant contract, it helps to describe the functionality we should expect, plus how we can check that such functionality exists.
Below we provide an example roadmap. We recommend that the scope of the work can fit within a 3 month period and that teams structure their roadmap as 2 weeks = 1 milestone.
For each milestone:
References
Project: Porting real-world ML model(s) into ZK
Motivation: Oracles serve as bridges between blockchain systems and external data sources, playing a pivotal role in smart contracts and decentralized applications. There is often a limit to the amount of authenticated data that can be provided by an Oracle. Also, the data provided by the oracle may not meet the needs of the dApp's usage. For example, dApps are often limited in their use of rainfall data by the distribution of weather stations. Especially in a large number of developing countries, there is a lack of appropriate infrastructure. To address this concern, researcher have proposed the use of radar signals to assess rainfall over large areas and then use a limited number of weather stations to correct the radar estimates. ML has demonstrated extremely high accuracy in this area (Continuous Ranked Probability Score, which represents the evaluation error, is less than 0.01). By porting real-world ML models into a zkML, I aim to establish a novel methodology for verifying the accuracy and integrity of inference results without revealing sensitive data. This project is motivated by the potential to significantly enhance the functionality and security of blockchain Oracles, making them more applicable for sectors like agriculture where decision-making is heavily data-dependent.
Data Set: the AMS-AI 2015-2016 Contest: Probabilistic estimate of hourly rainfall from radar in 13th Conference on Artificial Intelligence. All the data is stored in CSV format. The training data consists of NEXRAD and MADIS data collected over midwestern corn-growing states the first 8 days of Apr to Nov 2013. Time and location information have been censored, and the data have been shuffled so that they are not ordered by time or place. The test data consists of data from the same radars and gauges over the same months but in 2014. The train set has 1048575 samples. The test set has 630452 samples. We are given polarimetric radar values and derived quantities at a location over the period of one hour. We will need to produce a probabilistic distribution of the hourly rain gauge total.
Related Work:
Method: The rainfall will be evaluated by decision tree, random forest or XGBoost, and proved by ZK-DTP/circomlib-ml/EZKL.
Scope of Work:
Model Selection and Development: Identify and develop an ML model capable of generating probabilistic rainfall distributions from polarimetric radar data, suitable for ZK implementation. Using polarimetric radar values and derived quantities to predict the probability distribution of rainfall. Correct this prediction using available meteorological base station data.
ZK Proof System Integration: Implement the selected ML model within a ZK proof system, ensuring that inference results can be verified on the blockchain without compromising data privacy.
Performance and Security Analysis: Evaluate the system's performance in terms of accuracy, computational efficiency, and security. Compare the ZK-enabled model's inference results with traditional approaches to demonstrate improvements.
Documentation and Publication: Document the development process, challenges, solutions, and performance analysis. Prepare comprehensive materials for scientific publication, highlighting the project's contribution to blockchain and ML fields.
Expected Outcomes:
A machine learning model capable of producing probabilistic rainfall estimates from polarimetric radar data.
Implementation of the model in a ZK environment, demonstrating the application of privacy-preserving techniques in agricultural data analysis.
A comprehensive documentation of the project process, findings, and a scientific article ready for publication.
I used my vacation time during the preparation of the proposal to conduct preliminary experiments and analysis, pruning the Devin Anzelmo's solution, a multi-class XGBoost model with soft labels, which can estimate rainfall amounts accurately. However, the original model was aggregated from five XGBoost models, each including 10,000 decision trees, for a total of 50,000 decision trees. I tried to use Bonsai's zero knowledge prove hardware acceleration. The proof limit is about 6 million, and the proof time is in the range of 7 to 10 minutes. The complexity of this model makes it extremely difficult to implement the proof on a personal laptop. To address this problem, I pruned the model, reducing the number of decision trees for a single model to 300, for a total of 1500 decision trees. As shown in the figure, the loss of Continuous Ranked Probability Score was only 0.00002, less than 1/300.
Overview
Milestone 1: Data Analysis and Model Selection
Milestone 2: ZK Model Implementation
Milestone 3: Integration with Blockchain Oracles
Milestone 4: Performance Evaluation and Final Reporting
[1] Wendy Kan Alex Kleeman, Lakshmanan V. 2015. How Much Did It Rain? (2015). https://kaggle.com/competitions/how-much-did-it-rain
[2] Devin Anzelmo. 2015. First place code. https://www.kaggle.com/c/how-much-did-it-rain/discussion/16260. (2015). Accessed: 2023-11-20.
[3] Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, and Madars Virza. 2013. SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge. IACR Cryptol. ePrint Arch. 2013 (2013), 507.
[4] Tianqi Chen and Carlos Guestrin. 2016. XGBoost: A Scalable Tree Boosting System. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2016).
Liam Eagen's paper suggested a protocol to prove a point on an elliptic curve is the multi-scalar multiplication of some points. We want to implement this on halo2.
Applying the protocol on a zk-SNARK will improve performance compared to directly proving the multiplication. The main idea of reducing proof size is to express the information of points on an element in the function field of the elliptic curve. The performance of this will depend on which proof system we use. To optimize, we want to first study about how zk-proof systems work, especially focusing on halo2 using KZG and IPA. We will summarize proof systems and materials in Liam Eagen's paper, and post it.
Next, we will implement the protocol using halo2, and compare the performance. The protocol can make the information of points or scalars zero-knowledge, or both. Every three versions can be optimized using the techniques described in the paper. The final output will be
PSE summer contribution 2023, learning about zkp and halo2.
Ph.D major in number theory and algebraic geometry (ongoing)
We want to study carefully about Liam Eagen's paper and some proof systems. We will focus on how the halo2 works and want to explore ways to optimize the ecip protocol if possible. The summary of what we studied will be posted on blog. After milestone 1, we will make concrete milestones such as functions we need or optimizations, for implementing the protocol at milestones 2 and 3.
We will first implement the simplest version of the ecip protocol. This doesn't require a zero-knowledge setting. But, this needs some general functions and algorithms, for example calculating function field elements of an elliptic curve using incremental construction or Mumford representation. We will deliver test functions to check these.
Now, we plan to make the protocol zero knowledge in scalars and points, and both. Each version needs some improvements using techniques in the paper. Plus, using elliptic curves with complex multiplication structure will reduce proof size so we want to explore this. After implementing every version of the protocol, we want to compare how this protocol improves performance compared to simply calculating multi-scalar multiplications on a circuit.
This is a project to port zk-kit circuits from Circom to Noir.
unconstrained
functions wherever possible.N/A
Will have noir circuits for every circom circuit in zk-kit.
I will provide inline documentation of the circuits.
The circuits will come with lots of unit tests and integration tests(wherever possible).
I will try to add the number of constraints for every circuit.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.