Snarkify
  • 🏗️GPU Prover Network
    • Introduction
    • Deploy a Elastic Prover
      • Integrate Elastic Prover SDK
    • Snakrify CLI
      • Installation
      • Authentication
      • Service Initialization
      • Build & Deployment
      • Proof Generation
      • Team Management
      • GPU Shell Management
    • Advanced Topics
      • Webhook
  • 🏚️High-Performance ZKP
    • zkEVM Halo2 GPU Prover
      • MSM
      • NTT
      • Quotient Polynomial Evaluation
      • KZG Multiopen
      • Polynomial Inversion
      • Permutation Generation
    • ZPrize
  • 🐺Sirius Folding
    • Introduction
    • Quickstart
    • Examples
      • Fold a Summation Circuit
      • Fold a Fibonacci Circuit
      • Fold a Halo2 Circuit
      • Fold the zkevm-circuits
    • Terminologies
    • Sirius Folding APIs
      • `StepCircuit` trait
      • `PublicParams` Struct
      • `IVC` struct
  • LInks
    • Github
    • Telegram Group
    • snarkify.io
Powered by GitBook
On this page
  • Architecture
  • Arithmetization Layer
  • Folding Scheme Layer
  • SNARK Layer
  1. Sirius Folding

Introduction

PreviousZPrizeNextQuickstart

Last updated 9 months ago

Sirius is an open-source plonkish folding framework for circuits.

Sirius, renowned as the most luminous star in the night sky, deceives the naked eye by appearing as a solitary point of light when, in fact, it is a binary star system. Inspired by this duality, our project bears the name Sirius, capturing the essence of folded instances that give the illusion of being a singular entity.

Within the context of an Incrementally Verifiable Computation (IVC) scheme, the prover's role is to demonstrate that, upon consecutively applying a step function F exactly n times to an initial value $z_0$, the result is $z_n$. Here, the step function F takes two inputs $z_i$ and $w$, and yields an output $z_{i+1}$.

Architecture

The Sirius folding framework is designed with a three-tiered architecture.

Arithmetization Layer

Supported front-ends:

Folding Scheme Layer

At the heart of the framework is the folding scheme IVC circuit that accumulates the computations of multiple steps. At each step, the prover first calculates the instance-witness pairs from the previous step and folds them into the accumulator, then computes the auxiliary data that is needed by the folding scheme verifier. An IVC circuit then takes the outputs from the prover and performs the following steps: apply the step function F, fold the previous step's instance into the accumulator instance, and verify the inputs of the IVC circuit.

The format and process of auxiliary data depend on the underlying folding scheme. We have implemented two types of folding schemes.

SNARK Layer

The SNARK layer leverages Polynomial Interactive Oracle Proofs (PIOP) and Polynomial Commitment Schemes (PCS) to generate zkSNARKs for succinct and zero-knowledge verification. Polynomial relation checks of the IVC decider are converted to the multivariate sum-check protocol. The evaluation phase of the sum-check protocol depends on the polynomial commitment scheme, e.g. hyperkzg commitment scheme.

The arithmetization layer, a.k.a. the front-end, serves as the interface of the constraint system. User-defined circuits and witness data are converted into an intermediate representation format defined by the folding scheme. Our current implementation follows the special-sound interactive protocol (SPS) from .

: Sirius accepts circuits expressed with halo2. See the Fold a Fibonacci Circuit or the Fold the zkevm-circuits example.

: the prover calculates two polynomials defined in the main protocol and sends them to the verifier. Protogalaxy supports the folding of multiple instances per step.

(deprecating): the prover calculates cross terms and error vectors for the folded instance-witness pairs as the auxiliary data. The elliptic curve multiplications in the folding verifier circuit scale linearly with the degree of the custom gates. Also, Sangria IVC scheme only supports the folding of one instance per step.

🐺
Protostar
halo2
Protogalaxy
Sangria
halo2