Geometry Research empowers protocols using cryptography
Israel
- Tweets 62
- Following 6
- Followers 1,098
- Likes 0
🪁 Hello, we have exciting news to share with you 🪁
Geometry Research is a team working on open-source cryptography, protocol design, implementation and security analysis.
1/15
2
38
182
40,057
We are happy to announce our collaboration with @MinaFoundation and @CelestiaOrg.
Geometry Research will be integrating Celestia's modular DA to the Mina ecosystem. We unroll our roadmap and the technical challenges we will meet along the way in the thread below 🧵⬇️
1/6
3
33
161
42,863
What if… verifying the execution of pairings inside SNARKs can be done much faster than already known?
@AndrijaNovakov6 and @LiamEagen have just published a paper on this!
Let’s explore this below 🧵
1/13
3
26
139
38,275
This method are applicable anywhere where pairings are verified inside SNARKs today. They can also be used in on chain contexts.
We're using this with @MinaFoundation and @CelestiaOrg to bring Celestia DA to Mina zkapps.
Read the full paper here: eprint.iacr.org/2024/640
13/13
8
52
5,322
🎉 @weijie_eth won a special prize in ZPrize 2023's browser-based MSM track, in a joint work with @MariusMargulus, achieving the best WebGPU-based solution
While CPU-based solutions are still favorable, WebGPU will be important for larger workloads
1/2
3
5
43
12,599
Paper: eprint.iacr.org/2024/640
Let’s say that you have an existing Groth16 or Plonk proof, and you want to verify them in a SNARK.
This is needed for a bunch of use cases:
* zk light clients
* zkzkrollups
* private voting
* aggregation of proofs
* games with private state
2/13
1
7
29
3,687
ZK Summit 11 was a blast! Watch @nico_mnbl present Arke (joint work with @alberto_sonnino @Daeinar @kobigurk) a privacy-preserving contact discovery scheme, and much beyond! This talk also serves as a gentle introduction to identity-based cryptography
piped.video/watch?v=_TVAYEzD…
6
23
8,908
But our journey in the space didn't start there.
Our founding team, consisting of @nico_mnbl, @AndrijaNovakov6, @weijie_eth, @therealyingtong and @kobigurk, has worked with leading teams in the space, supporting security, scalability and privacy across the industry.
4/15
1
21
1,673
Our work and library will be distributed as fully open-source software.
Stay tuned for more information!
6/6
1
1
16
1,499
We're looking forward to explore the different ways our work can influence the future of the space, which we'll navigate through 2024 and beyond.
Happy new year!
15/15
2
19
1,729
High performance client side proving is important for applications that involve secrets - web2->web3 identity, games and more
Catch @weijie_eth talk at @d_InfraSummit about WebGPU and its practical applications in ZK!
💫 Another workshop highlight! This time, ft. @MariusMargulus @penumbrazone and @weijie_eth @__geometry__
Delve into WebGPU, a modern API empowering GPU parallelism for computationally intensive tasks - compete w/ code demos & hands-on guidance
Details @ dinfra.xyz
2
19
3,673
Our team will work on optimized pairing verification in o1js. Through this effort, circuit engineering and native support for recursion, we hope to produce the most efficient pairing verification circuit.
5/6
1
15
10,280
Concretely, we will verify Blobstream X proofs produced by @SuccinctLabs, which are Groth16 proofs of Celestia's consensus, giving Mina zkApps access to Celestia block headers.
This doesn't end here though!
Execution of pairings inside zkApps unlocks many more use cases:
3/6
2
17
4,370
Catch @therealyingtong’s talk about next-gen lookup arguments in halo 2!
Today, 24/4, at 3:10pm SGT, organized by @NTU_CCTF
Livestream:
Discover the future of NTU-CCTF Blockchain Academic Workshop.
Date: 24 Apr 2024 (Wed)
Time: 2:30 pm-7 pm
Venue: North Spine LT3, NTU
Scan the QR or click the link to register now:
wis.ntu.edu.sg/webexe88/owa/…
2
15
5,395
This suggests that instead of performing the expensive final exp, we can check that the miller loop result is an rth-residue by providing this element as witness. Concretely, instead of proving the pairing output is 1, we prove it lies in the same equivalence class of 1.
8/13
1
17
2,433
To start the year, we want to recap a bit of our previous work.
* We've contributed to the state-of-the-art cryptography research with Sangria:
geometry.dev/notebook/sangri…
6/15
1
1
15
1,534
* zkBridges based on Groth16 or Plonk proofs
* Large rollups, utilizing a higher constraint limit
* BLS signatures, for consensus verification
* Interoperability with existing apps - such as private and collusion-resistant voting and hidden information games
... and more
4/6
1
13
864
In order to verify Celestia inclusion proofs on Mina, we will be building a Groth16 verifier in a zkApp. This is a very unique environment: zkApps are limited to 2^16 plonkish rows; on the other hand, they support recursion natively, which enables exciting use cases.
2/6
2
13
823
We believe cryptography and user-friendly decentralized protocol design are key to a future of universal autonomy and security.
2/15
1
13
2,008
* Helped create a signature scheme that produces unique deterministic nullifiers (eprint.iacr.org/2022/1255) and implemented the SNARK for it: geometry.dev/notebook/Hashin…
12/15
1
1
13
1,442
* Looked into security topics in SNARKs and cryptography such as geometry.dev/notebook/the-hi…, geometry.dev/notebook/groth1… and through a collaboration with @__zkhack__
13/15
1
12
1,365
Naively, you would run the proving system’s verification algorithm as you would outside of a SNARK.
This works, but has a few efficiency downsides.
3/13
1
11
1,207
We've began our collaboration as a team in @__geometry__, where we had the pleasure of working with incredible founders and teams, allowing us to both internally advance solutions and support long-term projects with portfolio companies.
3/15
1
11
1,857
* Implemented recent lookup schemes and worked with multiple teams to integrate them into leading SNARK frameworks: github.com/geometryresearch/…
9/15
1
11
1,235
* Designed super efficient membership protocols based on recent research: geometry.dev/notebook/geomet…
8/15
1
10
1,217
* Worked on ARKE, a privacy-preserving contact discovery protocol, in collaboration with @alberto_sonnino and @Daeinar, which provides a cryptographic answer to this problem:
7/15
1
10
2,026
SNARKs can receive witness inputs, which allow you to verify results of operations instead of running them. E.g. z being the inverse of x can be “computed” by verifying z*x = 1, instead of a costly inversion process.
Shame not to use it.
4/13
1
10
1,060
We are collaborating with teams in the space to implement cryptographic protocols, extend protocol functionality, audit implementations and specifications, collaborate on research papers, assist in following security best practices, and accelerate performance.
5/15
2
10
1,706
First, observe that pairing execution is comprised of two steps - miller loop and final exponentiation. The final exp is needed since the miller loop output of computations that are eventually the same differ from each other by an element of order r, the order of the curve.
7/13
1
9
833
So what can we do?
The paper introduces previously unexplored before methods, and combines them with existing methods, to achieve a significant improvement of pairing execution inside SNARKs.
Let’s see how.
6/13
1
9
907
Second, miller loops consist of computing lines between elliptic curve points and then evaluating them at another point.
We can again use witness inputs to provide the line coefficients and, instead of computing, we verify that the line passes through the points.
11/13
1
9
702
* A couple of not-yet-publicly-disclosed security bugs...
and much more!
Check github.com/geometryresearch and geometry.dev/notebook for more
14/15
2
1
9
2,268
We then combine these with using an affine representation of points and randomized big integer arithmetic, which are known to be efficient in SNARKs but not necessarily outside them.
Lastly, we batch miller loop squarings together with the new final-exp-saving element.
12/13
1
9
1,188
* Optimized BLS multisignatures for Ethereum: geometry.dev/notebook/Optimi…
10/15
1
8
1,236
It turns out that, while good, the final exp is already optimized because of its structure, so doing that directly helps, but not as much as we want.
Instead, you can use the Frobenius operator, low hamming weight exponents and lattices to make this new check efficient.
9/13
2
8
832
Note that all of these methods are focused on using exponents that are the most efficient to exponentiate by, while saving unnecessary exponentiations in a SNARK context.
10/13
1
8
732
* Explored recent cryptographic paradigms for running private programs: geometry.dev/notebook/functi…
11/15
1
8
1,246
If you missed @weijie_eth's talk and still craving some WebGPU knowledge, catch him at @DelendumV's Future Computing Research Workshop at 2pm and at @0xPolygon's Aggregation Cave today after 3:30pm
High performance client side proving is important for applications that involve secrets - web2->web3 identity, games and more
Catch @weijie_eth talk at @d_InfraSummit about WebGPU and its practical applications in ZK!
1
2
8
1,777
Furthermore, when verifying an existing proof inside another SNARK, you often have to work over a field that is different from the SNARK’s native field. This increases the constants of every operation by a lot, making any improvement very meaningful.
5/13
1
8
961
Check out their repo and technical docs to learn how they built it and about the optimizations they used: github.com/td-kwj-zp2023/web…
2/2
3
691