Binius: Helping the development of ZK industry

Enterprise 2024-01-08 20:09:53 views: null

1 Introduction

Preface blog:

Zero-knowledge and validity proofs, often abbreviated to ZK, represent a fascinating area of ​​cryptography, mathematics, and computer science. ZK allows one party, the Prover, to convince another party, the Verifier, in a time- and space-efficient manner that a specific statement (such as the execution of a certain computer program) is correct. This means that verifying a proof is much faster and requires less information than Verifier performing calculations directly, and the proof may not reveal sensitive data.

2. Current progress of ZK

To prove the execution of any computer program, it needs to be converted into a form suitable for ZK:

  • This process is called arithmetic
  • Represent a program as a set of equations defined over an integer/finite field
  • This is different from the way computer programs express and think using bytes and binary operations.

For example, if a program has a Boolean variable, it must be ensured that the variable only takes the value 0 or 1. Since integers are used, add the form b ( 1 − b ) = 0 b(1-b)=0b(1b)=0 such conditions. The problem is that when the variable is represented by a large integer (at least 64 bits long), the memory usage and calculation time overhead will be significantly increased due to the operation on finite fields (rather than bits). Operations such as bitwise operations or binary decomposition of an integer are expensive.

Performance in ZK involves different trade-offs than normal programming, and developers need to have a deeper understanding of cryptography and learn to code differently. Developer tools are still being created and in some cases rely on writing arithmetic circuits directly, which is time-consuming and error-prone. In addition, proving adds a lot of overhead, including memory usage and duration. As a result, ZK creates difficulties both in terms of developer and user experience. This means more time and money spent on training developers and less availability of existing skilled programmers.

In the past few years, the ZK industry has developed rapidly to improve the performance of the proof system. There are currently multiple research directions:

  • Use STARKs with small field sizes, such as mini-Goldilocks and 31-bit Mersenne prime.
  • Folding schemes, such as Nova, Protostar and Protogalaxy, etc.
  • Lookup arguments, the current goal of Jolt is to reduce everything to just looking up any operation on a precomputed table of valid input/output pairs.

Each system has advantages and disadvantages in terms of proof size, proof time, verification time, and types of computations that can be easily supported. Hardware efforts have been made to speed up these proof systems, but they all come at the cost of using field elements to represent bits.

3. Binius and the binary fields it uses

Using smaller fields in STARK reduces the overhead of representing variables and shortens the proof time. The question naturally arises:

  • Can we do better?

At the end of 2023, the Ulvetanna team Benjamin E. Diamond and Jim Posen published the paper " Succinct Arguments over Towers of Binary Fields ". For the open source code, see:

Binius shows:

  • Smaller fields can be used.

Binius's main contributions are divided into three major parts:

  • 1) Based on binary fields: Its essence is based on bitstrings of various sizes. Can be resized to represent variables without overhead.
  • 2) Commitment solution based on small fields. This commitment scheme is based on hash functions, is faster than elliptic curve-based commitment schemes, and does not require a trusted setup. This borrows heavily from Brakedown .
  • 3) SNARK built based on 1) and 2) above, which is based on HyperPlonk idea but can be extended to other arithmetic schemes.

The main advantages of the entire Binius build are:

  • It handles bit operations more naturally (e.g. XOR between two bitstrings is just addition on the binary field)
  • Eliminates the overhead associated with data type representation. For example, a Boolean variable can be represented by only a field element of size 1 bit! This reduces the memory footprint of the entire proof system (although we need to use larger fields for cryptographic security).
  • The computation is very fast and hardware-friendly. In the case of adding field elements, it's just an XOR operation, avoiding carry and overflow.
  • There are also very efficient algorithms based on binary fields, such as the additive Fast Fourier Transform (FFT) for generating Reed-Solomon codes.

The main disadvantages of Binius are:

  • The main disadvantages are related to the proof size (it is significantly larger than most SNARKs and STARKs, on the order of several MB) and the verification time.
    • However, verification times are comparable to most proof systems, while Prover is significantly faster.
    • Furthermore, the smaller proof size in SNARKs comes at the expense of a trusted setup, making the entire system dependent on the integrity of parameter initialization rituals, typically using several GB of memory.

4. Binius application

The Binius paper shows how to arithmeticize the Keccak and Grøstl hash functions:

  • This involves many bitwise operations, making them difficult to use with other proof systems.
  • And performance analysis of this shows the potential of Binius:
    • The ability to handle bitwise operations more naturally enables the Keccak and Grøstl hash functions to be used in commitment schemes and is easy to prove.

You can also use Binius to build a virtual machine and prove its correct execution. This allows for efficient proofing of general-purpose computer programs, at least in terms of the time required to generate the proof.
The problem of proof size can then be solved by using SNARK/STARK wrapping, which only needs to verify Binius's proofs, thereby achieving a more lightweight and efficient construction.

Reducing Prover's memory and proof times enables provable fully homomorphic encryption (FHE), which allows users to delegate expensive computations to untrusted servers without compromising data. FHE allows users to perform computations on encrypted data without first decrypting it.

5 Conclusion

The LambdaClass team believes that Binius can be a game-changer when it comes to scaling provable computing, triggering significant changes in fields as diverse as software engineering and finance.
Reduced memory usage, hardware-friendliness of computing, and the development of virtual machines will make provable computing a reality in consumer-grade hardware while enhancing the developer experience and reducing required resources and training. We are one step closer to large-scale adoption of ZK technology. Lambdaclass is interested in this new proof system and its capabilities and hopes to start implementation and development in 2024.

References

[1] LambdaClass team’s December 2023 blog How Binius is helping move the ZK industry forward

Binius series blog

Guess you like

Origin blog.csdn.net/mutourend/article/details/135422339
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com