The original post is https://polkadot.polkassembly.io/post/167, after the feedbacks from the group, we have decided to modify our proposal into this, and we have highlighted the difference (bond and deletion)
Arkworks' library is better than Zcash's old library
Ethereum's alt_bn128 is too old, we originally decided only add bls12_381, W3F suggests to add another two curves: BLS12-377, BW6_761
The native layer's design (Runtime interface or WASM boundary) for final complete crypto curves support is TBD, so we will not try to merge our code into Substrate about the crypto units in native layer. We will change this project as the POC and show the real benchmark difference of native and WASM implementation. So, we have decided to deliver two version of the crypto units (ADD, MUL, Pairing) of those four curves in native layer and in Runtime WASM layer.
Among the current Layer 2 solutions to the privacy and throughput problems of blockchains, zero-knowledge proof is considered the most powerful solution. Compared with Channels, Mixers, and Ring Signature, zero-knowledge proof is the most difficult to implement, but the effect is the best, and it can be applied to almost all scenarios on the blockchain. With the development of some technologies around the Ethereum community in recent years, the efficiency of zero-knowledge generation and verification has been greatly improved, and the upper layer abstract has become more and more mature, and the development difficulty has been greatly reduced. Recently, some related projects have appeared in the Polkadot community, such as Matter Labs, Starks Network, etc., but for WASM smart contract and Runtime development, the Substrate framework still lacks some underlying technical support.
Patract Hub https://patract.io develops local open source tool suite and a one-stop cloud smart IDE, and is committed to providing free development tools and infrastructure services for Polkadot's WASM smart contract ecosystem. Megaclite is the 5th project of Patract Hub. In the process of developing this project, we will also launch the 6th project at the same time: Metis, a WASM smart contract library. The Megaclite project will be dedicated to introducing basic zero-knowledge proof underlying support for the Polkadot ecology, so that developers can easily develop applications at the upper level through WASM smart contracts or Runtime. Megaclite will support the more mature zkSNARK-related technologies firstly, and may also support zkSTARK-related underlying technologies later.
Compared with the privacy function, the performance improvement brought by Rollup is the early application direction of zero-knowledge proof. At present, the Layer 2 expansion plan of the blockchain is to transfer a considerable part of the on-chain workload to off-chain to complete, and the most watched one is ZK Rollup. The essence of ZK Rollup is to compress the application on-chain state and store it in a Merkle tree, and move the state transition funtions to off-chain. At the same time, the correctness of the off-chain state transition process is guaranteed through the proof of zkSNARK. Compared with the high cost of directly processing state changes on the chain, the ZK Proof's on-chain smart contract verification is extremely cost low. At the same time, the compressed information will also be submitted to the chain together with the proof, which ensures data availability and obtains the same level of security as Layer 1.
The Ethereum Layer 2 protocols related to ZK Rollup are: zkSync, aztec, etc. Their contract verification modules share a part of the elliptic curve's basic algorithms. In 2017, Ethereum integrated three basic cryptographic calculation units of the alt_bn128 curve in the form of pre-compiled contracts, which are EIP196’s ADD and Scalar_MUL algorithms, and EIP197’s Pairing algorithm. On top of this, due to the lack of rapid upgrade capabilities of Ethereum, the community can only encapsulate some tool libraries through costly Solidity contracts. On top of these basic contract libraries, many DApps can combine ZK Rollup technology to achieve some innovations, such as loopring, gitcoin and uniswap etc. However, in the past 3 years, ZK technology has further developed, such as the more practical BLS curve, and PLONK algorithm etc. Ethereum has not yet supported it.
Github:https://github.com/patractlabs/megaclite
Megaclite will firstly provide the following functions on our Jupiter smart contract testnet. After full verification, we will apply to Parity to merge this into the Substrate framework.
Provide more on-chain underlying cryptography support than Ethereum. The current stage includes two curves : alt_bn128 and bls12_381 , and two more: BLS12-377, BW6_761
Integrate ADD, MUL, Paring units in Native layer, and provide them to Runtime applications through Runtime-Interface, and further provide them to WASM contract applications through Contract-Seal
Integrate ADD, MUL, Paring units in Runtime WASM layer, and provide them to WASM contract applications through Contract-Seal
Through Pallet and Ink! contract libraries, providing more higher-level verification and crypto tools than Ethereum, improving execution efficiency and reducing development costs
Provide off-chain cryptography toolbox through Rust SDK
Provide typical sample applications through Ink! sample contracts
Integrate addition (ADD), scalar multiplication (MUL) and Pairing functions of the curves in Native layer and Runtime WASM layer.
Provide these three functions to the upper Runtime Pallets and Contracts to call.
In the Runtime layer and the Ink! contract layer, provide two zkSNARK Verify upper-layer interfaces ( verification function of groth16, similar to the Verifier library of ethsnarks).
Start the Metis project and implement EdDSA, MerkleTree, MiMC Hash, etc. contract library on the Ink! contract layer.
ZoKrates is the zkSNARKs toolbox on Ethereum. It helps developers generate computable proofs using high-level languages and verify the proofs in the Solidity environment. We will transform this toolbox based on ZoKrates to adapts to the Ink! smart contract environment.
Support the complete commands supporting the zkSNARKs protocol, including the use of Compile, Setup, Compute-witness, Generate-proof, Export-verifier and other commands in the Ink! smart contract environment
Provide Javascript toolkit, support API interface, including compile, computeWitness, setup, generateProof, exportSolidityVerifier, etc.
Payment is one of the typical scenarios for the large-scale popularization of blockchain applications. However, due to the performance, cost and scalability of the Layer 1 basic chain, low-latency and high-throughput payment applications cannot be implemented on the Layer 1 chain. Now benefiting from the basic capabilities of zkSNARKs provided by the previous two versions, we will implement a highly scalable payment application based on Layer 2 ZK Rollup technology for the community.
The application has the following characteristics: completely trust-free, anti-censorship, high security, fast real-time, high throughput. Developers can reuse the application code with very few changes and directly apply it to the Polkadot WASM smart contract ecosystem to serve large-scale community users, and it will also bring great scalability to the Polkadot parachain.
SubSquare is a project that aims to introduce basic zero-knowledge proof underlying support for the Polkadot ecology. They plan to provide more on-chain underlying cryptography support than Ethereum, integrate ADD, MUL, Pairing units in Native layer, and provide them to Runtime applications through Runtime-Interface, and further provide them to WASM contract applications through Contract-Seal. They will also provide off-chain cryptography toolbox through Rust SDK and typical sample applications through Ink! sample contracts. They plan to create a sample payment DApp based on Megaclite that supports deposit, withdrawal, transfer, and verification of off-chain ZK proof. They will integrate the basic units of alt_bn128, bls12_381, BLS12-377, and BW6_761, and provide them to upper runtime and smart contract applications. They will also integrate upper-level verification and tool functions, test, and benchmark their functions.