diff --git a/README.md b/README.md index 6ff01c56..50ca9d24 100644 --- a/README.md +++ b/README.md @@ -16,11 +16,12 @@ A distinctive aspect of Nova is that it is the simplest recursive proof system i ## Details of the library This repository provides `nova-snark,` a Rust library implementation of Nova over a cycle of elliptic curves. Our code supports three curve cycles: (1) Pallas/Vesta, (2) BN254/Grumpkin, and (3) secp/secq. -At its core, Nova relies on a commitment scheme for vectors. Compressing IVC proofs using Spartan relies on interpreting commitments to vectors as commitments to multilinear polynomials and prove evaluations of committed polynomials. Our code implements two commitment schemes and evaluation arguments: +At its core, Nova relies on a commitment scheme for vectors. Compressing IVC proofs using Spartan relies on interpreting commitments to vectors as commitments to multilinear polynomials and prove evaluations of committed polynomials. Our code implements three commitment schemes and evaluation arguments: 1. Pedersen commitments with IPA-based evaluation argument (supported on all three curve cycles), and -2. Multilinear KZG commitments and evaluation argument (supported on curves with pairings e.g., BN254). +2. HyperKZG commitments and evaluation argument (supported on curves with pairings e.g., BN254). +3. KZG commitments with a [Zeromorph](https://eprint.iacr.org/2023/917) evaluation argument (supported on curves equipped with a pairing). -For more details on using multilinear KZG, please see the test `test_ivc_nontrivial_with_compression`. The multilinear KZG instantiation requires a universal trusted setup (the so-called "powers of tau"). In the `setup` method in `src/provider/mlkzg.rs`, one can load group elements produced in an existing KZG trusted setup (that was created for other proof systems based on univariate polynomials such as Plonk or variants), but the library does not currently do so (please see [this](https://github.com/microsoft/Nova/issues/270) issue). +For more details on using HyperKZG, please see the test `test_ivc_nontrivial_with_compression`. The HyperKZG instantiation requires a universal trusted setup (the so-called "powers of tau"). In the `setup` method in `src/provider/hyperkzg.rs`, one can load group elements produced in an existing KZG trusted setup (that was created for other proof systems based on univariate polynomials such as Plonk or variants), but the library does not currently do so (please see [this](https://github.com/microsoft/Nova/issues/270) issue). We also implement a SNARK, based on [Spartan](https://eprint.iacr.org/2019/550.pdf), to compress IVC proofs produced by Nova. There are two variants, one that does *not* use any preprocessing and another that uses preprocessing of circuits to ensure that the verifier's run time does not depend on the size of the step circuit. diff --git a/examples/and.rs b/examples/and.rs index 4622ddd0..375beca5 100644 --- a/examples/and.rs +++ b/examples/and.rs @@ -290,7 +290,7 @@ fn main() { assert!(res.is_ok()); // produce a compressed SNARK - println!("Generating a CompressedSNARK using Spartan with multilinear KZG..."); + println!("Generating a CompressedSNARK using Spartan with HyperKZG..."); let (pk, vk) = CompressedSNARK::<_, S1, S2>::setup(&pp).unwrap(); let start = Instant::now(); diff --git a/examples/minroot.rs b/examples/minroot.rs index e443d1b2..0a0a6e47 100644 --- a/examples/minroot.rs +++ b/examples/minroot.rs @@ -334,7 +334,7 @@ fn main() { assert!(res.is_ok()); // produce a compressed SNARK - println!("Generating a CompressedSNARK using Spartan with multilinear KZG..."); + println!("Generating a CompressedSNARK using Spartan with HyperKZG..."); let (pk, vk) = CompressedSNARK::<_, S1, S2>::setup(&pp).unwrap(); let start = Instant::now(); diff --git a/src/provider/mod.rs b/src/provider/mod.rs index 60611ee6..ec5c4b5d 100644 --- a/src/provider/mod.rs +++ b/src/provider/mod.rs @@ -77,7 +77,7 @@ impl Engine for Bn256EngineZM { type TE = Keccak256Transcript; type CE = KZGCommitmentEngine; } -/// An implementation of Nova traits with multilinear KZG over the BN256 curve +/// An implementation of Nova traits with HyperKZG over the BN256 curve #[derive(Clone, Copy, Debug, Eq, PartialEq)] pub struct Bn256EngineKZG;