Orion is a high-speed zero-knowledge proof system, that achieves
This repo provides a C++ implmenetation of Orion polynomial commitment, that can be coupled with other proof systems like (Virgo/Ligero/Hyrax/Spartan...) to achieve linear time zero-knowledge proofs.
Note that this library has not received a security review or audit.
We supports both univariant and multivariant polynomial commitment schemes.
The proof size of our system is
We offers the fastest prover that can prove
We offer our expander testing protocol for people to setup their own expander.
Our main expander generation is defined in linear_code/linear_code_encode.h
Our main PC interface is defined in include/VPD/linearPC.h
To use our protocol, you need to first generate a expander:
int col_size = XXX, row_size = N / col_size;
expander_init(row_size);
Then commit your secret coefficient array using:
auto h = commit(coefs, N);
You can open the polynomial at a given point x using:
auto result = open_and_verify(x, N, h);
cmake .
make linearPC
See examples/univariate_PC_test.cpp
cmake .
make linearPC_multi
See examples/multivariate_PC_test.cpp
Most of the source and header files in the Orion are licensed under Apache License 2.0, see LICENSE file for details. The exceptions are the following in XKCP library:
lib/common/brg_endian.his copyrighted by Brian Gladman and comes with a BSD 3-clause license;tests/UnitTests/genKAT.cis based on SHA-3 contest's code by Larry Bassham, NIST, which he licensed under a BSD 3-clause license;tests/UnitTests/timing.his adapted from Google Benchmark and is licensed under the Apache License, Version 2.0;KeccakP-1600-AVX2.sis licensed under the CRYPTOGAMS license (BSD-like);support/Kernel-PMU/enable_arm_pmu.cis licensed under the GNU General Public License by Bruno Pairault.