Zkwasm Rollups Transfer

• Team Name: Zkwasm Rollups Transfer
• Payment Address: 0x9061b0787D28d0fDaD845d670F7505EAE5F3B01B (USDT)
• Level: 3

Project Overview 📄

We would like to implement transfer rollups by zkwasm.

This project enables us high speed and cheap gas fee transfer transactions by zkwasm. The structure is similar to zk rollup but we use wasm as execution environment.

Overview

Through this grant, we would like to implement rollup L2 envorinment for transfer transactions powered by zkwasm. The zk rollup allows us high speed and cheap gas fee transfer transactions, and to deposit asset safely. We inherit these features and execute transfer transactions on L2 wasm environment, and prove the validity of state transition by zero knowledge proof. The main differences from zk rollup are two things.

General purpose rollup

The zk rollup is application specific and it can only execute transfer transactions. Supporting wasm allows us to extend to other functionalities easily as in zkevm and we can reuse the circuit which proves the validity of wasm instruction set. By implementing all wasm ISA, we can finally prove every kind of state transition.

Implement verification function as built-in

The zk rollup is smart contract project. Users need to deposit their asset to smart contract on mainchain, transfer asset on chain after deposit is confirmed and withdraw asset from smart contract on mainchain. It's complicated process and needed a lot of developer workload. By implementing verification function as built-in, normal node can be L2, aggregate transfer transactions without any customizing and send it to verification on mainchain directly. This has huge usability benefit because users don't care about anything but just transfering asset as usual.

Project Details

zkwasm depends on cryptography primitive and zero knowledge proof library.

Cryptography Primitive

In zkwasm scheme, proof generations needs heavy workload. The prover time is latency when users send transaction and verification time is gas cost for miner. We have two approach to resolve this problem. One is the optimization and the other is outsource. We already implemented curve so we would like to optimize and extend it. We are going to implement and optimize as following.

1. implement RedDSA
2. optimize jubjub curve
3. implement client wallet

RedDSA allows us to generate one time signing key which has same signature with private key. We can outsource the computation when generating proof by generating proof generation key. There are several ways to optimize jubjub so we are going to apply it to our implementation.

Finally, we are going to implement client libraries.

Zero Knowledge Proof Library

We generate the proof to prove the validity of wasm execution. To prove validity of execution, we use plonk. The main strategy is that writing circuits for each wasm instruction set and generate the proof. The transaction can be divided into sequence of instruction set. To prove each sequence of instruction set are executed correctly, we can prove the validity of transaction. Finally, we aggregate these proof and generate one proof. Users attach it with their transaction and blockchain verify the proof. We are going to implement following libraries to realize this scheme.

1. implement plookup
2. implement recursive proof
3. implement instruction set circuits

plookup allows us to reduce the complexity of instruction set by using lookup table and recursive proof allows us to generate one proof by aggregating proof for each instruction set.

Ecosystem Fit

This zkwasm allows us to prove the validity of wasm state transition. In the future, we can extend it to general purpose rollup as in smart contract executions. This is totally compatible with wasm so every project work on wasm can use this library and rollup their transaction.

Our project specializes in working with Substrate and Polkadot, and if we implement cryptographic libraries and optimize these, it would be used for whole network developer.

I think this can be applied for XCMP to prove the validity of state transaction.

Team 👥

Team members

• Ash Whitehat
• Kirill Karbushev

Contact

• Contact Name: Invers Inc
• Contact Email: info@invers.tech
• Website: Invers

Legal Structure

• Registered Address: 2F・3F Emblem Nishiarai, 3-33-6 Umejima, Adachi City, Tokyo-to 121-0816, Japan
• Registered Legal Entity: Invers Inc.

Team's experience

Our company is working on the blockchain scaling and information hiding technologies. We already delivered several grants and implemented cryptographic primitives which are compatible parity-scale-codec as described in Development Status.

• zk-rollup
• zk-plonk
• zero-network

Team Code Repos

• Zero Network
• Ash Whitehat
• Kirill Karbushev

Team LinkedIn Profiles

We are not on LinkedIn.

Development Status 📖

We already implemented cryptographic primitives which are compatible with parity-scale-codec.

• zero-crypto
• zero-jubjub
• zero-bls12-381
• zero-elgamal
• zero-pairing
• zero-plonk

Development Roadmap 🔩

Through this grant, we are going to implement the zkwasm which supports transfer transactions.

Overview

• Total Estimated Duration: 6 months
• Full-Time Equivalent (FTE): 2 FTE
• Total Costs: 40,000 USDT

Milestone 1 | Crypto Primitive

• Estimated duration: 1.5 month
• FTE: 2
• Costs: 10,000 USDT

In Milestone 1, we are going to implement RedDSA, optimize Jubjub curve and client wallet. These can improve usability.

Number	Deliverable	Specification
0a.	License	Apache 2.0
0b.	Documentation	We will provide both inline documentation of the code and a basic tutorial that explains how users use the wallet and delegate proof generation.
0c.	Testing Guide	Core functions will be fully covered by unit tests to ensure functionality and robustness. In the guide, we will describe how to run these tests.
0d.	Docker	We will provide Dockerfiles that can be used to test all the functionality delivered with this milestone.
0e.	Article	We will publish an article/tutorial/workshop that explains
1.	RedDSA implementation	We are going to implement RedDSA. RedDSA implementation allows us to generate one time signing key to encrypt zero knowledge proof witness. One time signing key doesn't have permission to transfer asset. The specification is aligned with zcash sapling 5.4.6
2.	Jubjub curve optimization	Jubjub curve optimization allows us to perform elliptic curve arithmetic quickly. In our scheme, zero-knowledge prover time is latency when users send transaction and verification time is gas cost on chain. Specifically, we implement Twisted Edwards Curves Revisited, Jacobian Coordinates and wNAF, pippenger.
3.	Client wallet implementation	We are going to implement client wallet of RedDSA. With this wallet, user can generate private key and one time signing key, and delegate their proof generation, in addition to normal wallet functionalities through RPC.

Milestone 2 | Plonk Extension

• Estimated duration: 1.5 month
• FTE: 2
• Costs: 10,000 USDT

In Milestone 2, we are going to implement plookup and recursion on top of plonk. These can improve the performance and prove the validity of several circuits separatelly.

Number	Deliverable	Specification
0a.	License	Apache 2.0
0b.	Documentation	We will provide both inline documentation of the code and a basic tutorial that explains how users implement plookup circuit and aggregate proofs.
0c.	Testing Guide	Core functions will be fully covered by unit tests to ensure functionality and robustness. In the guide, we will describe how to run these tests.
0d.	Docker	We will provide Dockerfiles that can be used to test all the functionality delivered with this milestone.
0e.	Article	We will publish an article/tutorial/workshop that explains
1.	plookup implementation	We are going to implement plookup to our plonk. plookup allows us to use precomputed lookup table in zero knowledge circuit and reduce complexity of circuit.
2.	recursive proof implementation	We are going to implement recursive proof to our plonk. recursive proof allows us to generate aggregation circuit and bundle wasm ISA proofs to one.
3.	circuit implementation	We are going to implement zero knowledge circuit which supports combination of plookup and recursive proof. This circuit allows us to implement the circuit for zkwasm.

Milestone 3 | Zk Wasm Transfer Prover and Verifier

• Estimated duration: 1.5 month
• FTE: 2
• Costs: 10,000 USDT

In Milestone 3, we are going to implement plookup and recursive proof on top of plonk. These can improve the performance and prove the validity of several circuits separatelly.

Number	Deliverable	Specification
0a.	License	Apache 2.0
0b.	Documentation	We will provide both inline documentation of the code and a basic tutorial that explains how users prove the validity of wasm ISA execution.
0c.	Testing Guide	Core functions will be fully covered by unit tests to ensure functionality and robustness. In the guide, we will describe how to run these tests.
0d.	Docker	We will provide Dockerfiles that can be used to test all the functionality delivered with this milestone.
0e.	Article	We will publish an article/tutorial/workshop that explains
1.	wasm circuit implementation	We are going to implement zero knowledge circuit for wasm ISA. The transfer transaction consists of wasm ISA. We divide it into read and write access to each resource and prove with plookup and recursive proof.
2.	proof generator implementation	We are going to implement proof generator which generates the proof for wasm ISA. The input is execution trace of wasm ISA and output is zero knowledge proof. This is implemented on off-chain.
3.	proof verification implementation	We are going to implement proof verification function which verifies the proof. This is implemented on on-chain.

Milestone 4 | Zk Wasm Transfer Rollup Node

• Estimated duration: 1.5 month
• FTE: 2
• Costs: 10,000 USDT

In Milestone 4, we are going to implement rollup node. This can aggregate transfer transactions and generate proof.

Number	Deliverable	Specification
0a.	License	Apache 2.0
0b.	Documentation	We will provide both inline documentation of the code and a basic tutorial that explains how users setup the node and send transfer transactions.
0c.	Testing Guide	Core functions will be fully covered by unit tests to ensure functionality and robustness. In the guide, we will describe how to run these tests.
0d.	Docker	We will provide Dockerfiles that can be used to test all the functionality delivered with this milestone.
0e.	Article	We will publish an article/tutorial/workshop that explains
1.	rollup node implementation	We are going to implement rollup node. This allows to setup the execution environment of L2 transfer transactions, generate the proof and commit the state to mainchain.
2.	client transactor implementation	We are going to implement client library to request transfer transactions to rollup node. This is the combination of Redsa wallet and proof generator.
3.	integrate network	We are going to integrate network. There are four actor mainchain, rollup node and transactor, prover. The transactor generates the transaction and delegate proof generation to prover. The prover generates proof and send it back to transactor. The transactor send transaction to rollup node. The rollup node aggregates these transaction and commit the state to mainchain.

Future Plans

• Fully zkwasm rollup
• Proof for XCMP
• FHE
• Verifiable hardware

Additional Information ➕

• How did you hear about the Grants Program?
  • Announcement by another team
• Work you have already done.
  • zero-crypto
  • zero-jubjub
  • zero-bls12-381
  • zero-elgamal
  • zero-pairing
  • zero-plonk
  • pallet-plonk
  • pallet-encrypted-balance
  • pallet-confidential-transfer
  • above documentation
• Wheter there are any other teams who have already contributed (financially) to the project.
  • No.
• Previous grants you may have applied for.
  • zk-rollup
  • zk-plonk
  • zero-network