Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider a larger sized inputs and outputs arrays for the fungible tokens #8

Open
jimthematrix opened this issue Jul 2, 2024 · 1 comment · May be fixed by #83
Open

Consider a larger sized inputs and outputs arrays for the fungible tokens #8

jimthematrix opened this issue Jul 2, 2024 · 1 comment · May be fixed by #83
Assignees
@Chengxuan

Comments

@jimthematrix
Copy link
Contributor

jimthematrix commented Jul 2, 2024
edited
Loading

The underlying circuit library supports arbitrary number of inputs and outputs, but the top-level circuit must have a fixed size. The fixed size is due to the fact that a ZKP circuit design must not have different steps of computation dependent on the input values. Having variable sized arrays is not possible as a result, because that would cause the circuit runtime to perform different computations dependent on the number of elements in the arrays.

At the moment all top level circuits (in the /zkp/circuits folder) for fungible tokens use 2-sized arrays for both inputs and outputs. Either array can have a 0-valued UTXO so that transactions with either single input or single output can be supported.

With the above, the following combinations of transactions can be supported:

  • 2 inputs, 2 outputs
  • 1 input, 2 outputs (the 2nd element in the inputs array is set to 0)
  • 2 inputs, 1 output (the 2nd element in the outputs array is set to 0)
  • 1 input, 1 output (2nd element in the inputs and outputs array are set to 0)

If we want to support larger sized inputs and outputs, we need the following layers to be updated:

  • top level circuits, plus the corresponding proving keys, verification keys (optional if verification is only performed by the Solidity verifier code) and the solidity verifier
  • solidity tokens implementations

Having a larger sized inputs and outputs means that, when not all input elements are used, meaning they are set to 0, all computations are still carried out as if they were non-zero elements, yet the results are not compared with the public inputs. This effectively multiplies the cost of the proof generation, although verification time is still constant thanks to SNARK.

The most efficient way from the runtime point of view is having the exact sized inputs. However this means for every circuit, we need many copies of derived artifacts: verifier contracts, unit tests, etc. Maintenance will be a big headache.
@jimthematrix
Copy link
Contributor Author

One proposal is having a small number of sizes to cover the majority of the use cases:

  • 2-sized inputs: this probably covers 80% of the cases
  • 10-sized inputs: this is much more expensive to use, in terms of proof generation. this size can be made even larger, since it's only used in rare occasions anyway

@Chengxuan Chengxuan self-assigned this Sep 24, 2024
@Chengxuan Chengxuan linked a pull request Sep 26, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Chengxuan Chengxuan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

supports larger sized input & output utxos hyperledger-labs/zeto
2 participants
@jimthematrix @Chengxuan