# Introduction
**Sirius is an open-source plonkish folding framework for** [**halo2**](https://github.com/zcash/halo2) **circuits.**
> Sirius, renowned as the most luminous star in the night sky, deceives the naked eye by appearing as a solitary point of light when, in fact, it is a binary star system. Inspired by this duality, our project bears the name Sirius, capturing the essence of folded instances that give the illusion of being a singular entity.
Within the context of an Incrementally Verifiable Computation (IVC) scheme, the prover's role is to demonstrate that, upon consecutively applying a step function `F` exactly `n` times to an initial value $z\_0$, the result is $z\_n$. Here, the step function `F` takes two inputs $z\_i$ and $w$, and yields an output $z\_{i+1}$.
## Architecture
The `Sirius` folding framework is designed with a three-tiered architecture.
### **Arithmetization Layer**
The arithmetization layer, a.k.a. the front-end, serves as the interface of the constraint system. User-defined circuits and witness data are converted into an intermediate representation format defined by the folding scheme. Our current implementation follows the special-sound interactive protocol (SPS) from [Protostar](https://eprint.iacr.org/2023/620).
Supported front-ends:
* [halo2](https://github.com/zcash/halo2): Sirius accepts circuits expressed with halo2. See the [Fold a Fibonacci Circuit](/sirius-folding/examples/fold-a-fibonacci-circuit.md) or the [Fold the zkevm-circuits](/sirius-folding/examples/fold-the-zkevm-circuits.md) example.
### **Folding Scheme Layer**
At the heart of the framework is the folding scheme IVC circuit that accumulates the computations of multiple steps. At each step, the prover first calculates the instance-witness pairs from the previous step and folds them into the accumulator, then computes the auxiliary data that is needed by the folding scheme verifier. An IVC circuit then takes the outputs from the prover and performs the following steps: apply the step function `F`, fold the previous step's instance into the accumulator instance, and verify the inputs of the IVC circuit.
The format and process of auxiliary data depend on the underlying folding scheme. We have implemented two types of folding schemes.
* [Protogalaxy](https://eprint.iacr.org/2023/1106): the prover calculates two polynomials defined in the main protocol and sends them to the verifier. Protogalaxy supports the folding of multiple instances per step.
* [Sangria](https://geometry.xyz/notebook/sangria-a-folding-scheme-for-plonk) (deprecating): the prover calculates cross terms and error vectors for the folded instance-witness pairs as the auxiliary data. The elliptic curve multiplications in the folding verifier circuit scale linearly with the degree of the custom gates. Also, Sangria IVC scheme only supports the folding of one instance per step.
### **SNARK Layer**
The SNARK layer leverages Polynomial Interactive Oracle Proofs (PIOP) and Polynomial Commitment Schemes (PCS) to generate zkSNARKs for succinct and zero-knowledge verification. Polynomial relation checks of the IVC decider are converted to the *multivariate sum-check protocol*. The evaluation phase of the sum-check protocol depends on the polynomial commitment scheme, e.g. `hyperkzg` commitment scheme.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.snarkify.io/sirius-folding/introduction.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.