Skip to content

odyssey2077/halo2-cairo

BranchesTags

Repository files navigation

Halo2 Cairo

This repository provides functionabilities to verify cairo program execution using plonkish arithemization + KZG polynomial commitment. This repository is built based on Axiom's halo2-lib library. state transition function is implemented following section 4.5 of Cairo white paper.

Motivation

The Cairo language is a popular programming language for building zero knowledge applications which has a long track record with production apps built on top and zk friendly design. Building the Cairo VM in halo2 would allow any previous code written in the VM to be able to generate ZK proofs that can be efficiently verified on-chain through our existing snark-verifier stack. Compared to proofs generated by STARK, proofs generated by Halo2 with KZG backend should have smaller proof size, shorter verification time with tradeoff on transparency and post quantum security. goal: verify any Cairo program on Ethereum using Halo2 efficiently.

Design

Cairo frontend: Transform Cairo program into Cairo chip input data. The vm function succeeds iff executing the Cairo program generates expected return value. Cairo Chip input: data fed to the circuit simulating state transition of Cairo VM. includes:

  1. immutable memory
  2. value of the three registers before & after execution
  3. public instance constraints to enforce Cairo program return value is expected.
  4. number of cpu cycles

Cairo Chip: circuits built on halo2 simulating state transition function of Cairo VM. VM function: given register values, number of cpu cycles and memory, return True if:

  1. all public instance constraints satisfied.
  2. no unidentified behavior.
  3. after running state_transition function for the given cpu cycles, the register values match expected register value.

state transition function: given register values, return register values after one cycle. Panic if unidentified behavior encountered. memory read function: read the immutable memory at arbitrary index. Will start with naive O(n) solution then adopt dynamic lookup table.

Setup

Install rust:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Clone this repo:

git clone https://github.com/odyssey2077/halo2-cairo.git
cd halo2-cairo

Quick start with halo2-cairo

Mock Prover

LOOKUP_BITS=10 cargo run --example cairo_program_with_builtin -- --name cairo_program_with_builtin -k 11 mock

Key generation

LOOKUP_BITS=10 cargo run --example cairo_program_with_builtin -- --name cairo_program_with_builtin -k 11 keygen

Proof generation

After you have generated the proving and verifying keys, you can generate a proof using

LOOKUP_BITS=10 cargo run --example cairo_program_with_builtin -- --name cairo_program_with_builtin -k 11 prove

Proof verification

After you have generated the proving and verifying keys, you can verify a proof using

LOOKUP_BITS=10 cargo run --example cairo_program_with_builtin -- --name cairo_program_with_builtin -k 11 verify

About

verify cairo execution in Halo2

Resources

Readme
Activity

Stars

17 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages