基于Nova的MinRoot VDF实现

1. 引言

前序博客有:

  • Nova代码解析

代码见:

  • https://github.com/Microsoft/Nova(Rust)
  • https://github.com/protocol/vdf(Rust,基于Nova的Sloth-based VDF实现)

有多种类型的VDF算法:
基于Nova的MinRoot VDF实现_第1张图片
同一类型的VDF,根据所选择的曲线不同,所使用的参数也有所不同:
基于Nova的MinRoot VDF实现_第2张图片
https://github.com/Microsoft/Nova 中的MinRoot,所采用的为:
f ( x i + 1 , y i + 1 ) = ( ( x i + y i ) 1 / 5 , x i ) f(x_{i+1},y_{i+1})=((x_i+y_i)^{1/5}, x_i) f(xi+1,yi+1)=((xi+yi)1/5,xi)

详细代码见examples/minroot.rs

Nova-based VDF with MinRoot delay function
=========================================================
Proving 1024 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 73.078327592s 
Number of constraints per step (primary circuit): 12888
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 12882
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 4.624µs 
RecursiveSNARK::prove_step 1: true, took 1.166330261s 
RecursiveSNARK::prove_step 2: true, took 1.224084382s 
RecursiveSNARK::prove_step 3: true, took 1.275612276s 
RecursiveSNARK::prove_step 4: true, took 1.247531567s 
RecursiveSNARK::prove_step 5: true, took 1.276658484s 
RecursiveSNARK::prove_step 6: true, took 1.233760567s 
RecursiveSNARK::prove_step 7: true, took 1.230236579s 
RecursiveSNARK::prove_step 8: true, took 1.24617902s 
RecursiveSNARK::prove_step 9: true, took 1.202719954s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 381.332458ms
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 33.365056086s
CompressedSNARK::len 9403 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 388.515267ms
=========================================================
Proving 2048 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 70.355994544s 
Number of constraints per step (primary circuit): 15960
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 15954
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 4.213µs 
RecursiveSNARK::prove_step 1: true, took 1.163035595s 
RecursiveSNARK::prove_step 2: true, took 1.211507467s 
RecursiveSNARK::prove_step 3: true, took 1.228544979s 
RecursiveSNARK::prove_step 4: true, took 1.218547311s 
RecursiveSNARK::prove_step 5: true, took 1.221717836s 
RecursiveSNARK::prove_step 6: true, took 1.218962179s 
RecursiveSNARK::prove_step 7: true, took 1.230055614s 
RecursiveSNARK::prove_step 8: true, took 1.218389455s 
RecursiveSNARK::prove_step 9: true, took 1.220260741s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 327.467486ms
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 28.405642566s
CompressedSNARK::len 9404 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 338.551301ms
=========================================================
Proving 4096 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 70.092380898s 
Number of constraints per step (primary circuit): 22104
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 22098
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 4.543µs 
RecursiveSNARK::prove_step 1: true, took 1.262449816s 
RecursiveSNARK::prove_step 2: true, took 1.30737881s 
RecursiveSNARK::prove_step 3: true, took 1.315299705s 
RecursiveSNARK::prove_step 4: true, took 1.298120798s 
RecursiveSNARK::prove_step 5: true, took 1.293002033s 
RecursiveSNARK::prove_step 6: true, took 1.296309126s 
RecursiveSNARK::prove_step 7: true, took 1.304054547s 
RecursiveSNARK::prove_step 8: true, took 1.290177872s 
RecursiveSNARK::prove_step 9: true, took 1.291139605s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 371.391454ms
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 42.00665964s
CompressedSNARK::len 9704 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 456.396603ms
=========================================================
Proving 8192 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 73.216632509s 
Number of constraints per step (primary circuit): 34392
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 34386
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 3.449µs 
RecursiveSNARK::prove_step 1: true, took 1.539035436s 
RecursiveSNARK::prove_step 2: true, took 1.622303693s 
RecursiveSNARK::prove_step 3: true, took 1.534060709s 
RecursiveSNARK::prove_step 4: true, took 1.500765389s 
RecursiveSNARK::prove_step 5: true, took 1.541102208s 
RecursiveSNARK::prove_step 6: true, took 1.521414059s 
RecursiveSNARK::prove_step 7: true, took 1.498017567s 
RecursiveSNARK::prove_step 8: true, took 1.507547714s 
RecursiveSNARK::prove_step 9: true, took 1.654619421s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 608.025166ms
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 73.425426802s
CompressedSNARK::len 10001 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 694.724361ms
=========================================================
Proving 16384 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 105.921985131s 
Number of constraints per step (primary circuit): 58968
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 58962
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 25.76µs 
RecursiveSNARK::prove_step 1: true, took 1.813137744s 
RecursiveSNARK::prove_step 2: true, took 1.878074321s 
RecursiveSNARK::prove_step 3: true, took 1.80861029s 
RecursiveSNARK::prove_step 4: true, took 2.396045213s 
RecursiveSNARK::prove_step 5: true, took 1.729798055s 
RecursiveSNARK::prove_step 6: true, took 1.729107037s 
RecursiveSNARK::prove_step 7: true, took 1.720501846s 
RecursiveSNARK::prove_step 8: true, took 1.743876552s 
RecursiveSNARK::prove_step 9: true, took 1.737904666s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 711.567199ms
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 78.038337919s
CompressedSNARK::len 9998 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 668.522336ms
=========================================================
Proving 32768 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 107.353152111s 
Number of constraints per step (primary circuit): 108120
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 108114
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 4.849µs 
RecursiveSNARK::prove_step 1: true, took 2.265852376s 
RecursiveSNARK::prove_step 2: true, took 2.2747954s 
RecursiveSNARK::prove_step 3: true, took 2.281599611s 
RecursiveSNARK::prove_step 4: true, took 2.306338036s 
RecursiveSNARK::prove_step 5: true, took 2.320080158s 
RecursiveSNARK::prove_step 6: true, took 2.281631356s 
RecursiveSNARK::prove_step 7: true, took 2.297964832s 
RecursiveSNARK::prove_step 8: true, took 2.281593708s 
RecursiveSNARK::prove_step 9: true, took 2.410508168s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 1.256136737s
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 138.11442845s
CompressedSNARK::len 10296 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 1.098852882s
=========================================================
Proving 65535 iterations of MinRoot per step
Producing public parameters...
PublicParams::setup, took 191.407999313s 
Number of constraints per step (primary circuit): 206421
Number of constraints per step (secondary circuit): 10347
Number of variables per step (primary circuit): 206415
Number of variables per step (secondary circuit): 10329
Generating a RecursiveSNARK...
RecursiveSNARK::prove_step 0: true, took 17.903µs 
RecursiveSNARK::prove_step 1: true, took 3.626168253s 
RecursiveSNARK::prove_step 2: true, took 3.637881318s 
RecursiveSNARK::prove_step 3: true, took 3.746542026s 
RecursiveSNARK::prove_step 4: true, took 3.559443813s 
RecursiveSNARK::prove_step 5: true, took 3.556236556s 
RecursiveSNARK::prove_step 6: true, took 3.591468574s 
RecursiveSNARK::prove_step 7: true, took 3.784589713s 
RecursiveSNARK::prove_step 8: true, took 3.766741089s 
RecursiveSNARK::prove_step 9: true, took 3.712172217s 
Verifying a RecursiveSNARK...
RecursiveSNARK::verify: true, took 2.256590247s
Generating a CompressedSNARK using Spartan with IPA-PC...
CompressedSNARK::prove: true, took 262.484895111s
CompressedSNARK::len 10590 bytes
Verifying a CompressedSNARK...
CompressedSNARK::verify: true, took 1.846402449s
=========================================================

参考资料

[1] Origami: Fold a Plonk for Ethereum’s VDF
[2] MinRoot: Candidate Sequential Function for Ethereum VDF
[3] VDF Proving with SnarkPack

Nova系列博客

  • Nova: Recursive Zero-Knowledge Arguments from Folding Schemes学习笔记
  • Nova 和 SuperNova:无需通用电路的通用机器执行证明系统
  • Sangria:类似Nova folding scheme的relaxed PLONK for PLONK
  • 基于Nova/SuperNova的zkVM
  • SuperNova:为多指令虚拟机执行提供递归证明
  • Lurk——Recursive zk-SNARKs编程语言
  • Research Day 2023:Succinct ZKP最新进展
  • 2023年 ZK Hack以及ZK Summit 亮点记
  • 基于cycle of curves的Nova证明系统(1)
  • 基于cycle of curves的Nova证明系统(2)
  • Nova代码解析
  • Nova中 Vitalik R1CS例子 的 folding scheme

你可能感兴趣的:(零知识证明,零知识证明)