• Stars
    star
    186
  • Rank 207,316 (Top 5 %)
  • Language
    Rust
  • Created over 1 year ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DSL for Halo2 circuits

Chiquito

Chiquito is a high-level structured language for implementing zero knowledge proof applications.

Chiquito is being implemented in the DSL Working Group of PSE, Ethereum Foundation.

Image 2       Image 3

Why is chiquito different from other ZKP DSLs?

Most ZKP DSLs are based on writing constraints, witness generation and some abstraction for DRY like templates or gadgets.

Chiquito allows the developer to think in more high-level and structured abstractions that most ZKP DSLs, while not sacrificing performance.

What is the chiquito programming model?

Chiquito starts from the idea that every zero knowledge proof represents a program (the setup), which can have many computations (the trace) that is proven for a certain input, output and intermediate values (the witness).

The main structured abstraction in chiquito is the step. Any computation can be divided in individual steps. A program is represented by a circuit that has one or many step types, a particular computation is represented as a series of step instances that can have arbitrary order.

A step type contains:

  • Setup: a series of constraints or assertions that must hold for a step instance of this type to be valid.
  • Witness generation: code that for a particular input sets the values of the witness for a particular step instance.

A chiquito circuit contains a trace function that for a given input will generate the step instances in a particular order and use the step type witness generation.

Another important piece of Chiquito are the signals. They represent elements of the witness.

There are several types:

  • Internal signals: they are private for a particular step, and cannot be constraints for other steps.
  • Shared signals: they are shared by all steps in the circuit, and they can be constraints for their values on relative step instances (rotation). For example, if "a" is a shared signal, you could assert in a step type setup that a == a.rot(2) which means that a is equal to a in the next of the next step (super rotation +2).
  • Forward signals: They are like shared signals with the restriction that they can only constrain in the current and the next step instances. For example you could assert a == a.next() but you could not assert a == a.prev(). Forward signal has the advantage of allowing for witness size optimisations.
  • Fixed signals: Their values are set during setup and cannot change.

Chiquito has many more features, but these are enough to start writing basic circuits.

What proving system chiquito uses?

Currently Halo2 backend is implemented, but we are looking into implementing other backends.

Chiquito frontend comes in two flavours: rust and python, so you can write Chiquito applications in either Rust or Python. PyChiquito, and any other language interface in the future, uses ChiquitoCore for most of its work, so adding new languages is easy.

What are the features of chiquito?

  • Step-based, that abstracts out the computation that you want to prove.
  • Signals, that abstract out the data (witness) and how it is placed and handled.
  • Constraint builder, allows you to write the constraints of your application in a more readable and natural way.
  • Trace based witness generation, a way to generate the data that you are trying to prove that matches how computation is done.
  • Super circuits, that allow combining many circuits into one.
  • Lookup tables, that allow sharing data between multiple circuits.
  • Expose signals as public very easily.
  • Automatic padding.
  • Completely modular platform, that allows writing circuits in multiple languages and use different proving systems.

PLONKish-specific features:

  • Halo2 backend ready.
  • PLONKish Cell Managers. These are modular strategies to place signals in the PLONKish columns and rotations. These allows for steps to use different numbers of rows and columns, in a configurable way, so you can find the most efficient structure for your circuit.
  • PLONKish step selector builders. These are modular strategies to activate the steps in the witness.

Planned:

  • Nested steps, will allow more complex circuits and allow circuits coordination in proving systems without advice based lookup tables.
  • Gadget abstraction.
  • Arbitrary boolean assertions.

In research:

  • Signal typing system, which allows statically checking for soundness issues.
  • Folding backend with ProtoStar, HyperNova, and/or others.

Fibonnaci circuit in Chiquito's Python frontend.

But better see for yourself:

class FiboStep(StepType):
    def setup(self: FiboStep):
        self.c = self.internal("c")
        self.constr(eq(self.circuit.a + self.circuit.b, self.c))
        self.transition(eq(self.circuit.b, self.circuit.a.next()))
        self.transition(eq(self.c, self.circuit.b.next()))

    def wg(self: FiboStep, args: Tuple[int, int]):
        a_value, b_value = args
        self.assign(self.circuit.a, F(a_value))
        self.assign(self.circuit.b, F(b_value))
        self.assign(self.c, F(a_value + b_value))

class Fibonacci(Circuit):
    def setup(self: Fibonacci):
        self.a: Queriable = self.forward("a")
        self.b: Queriable = self.forward("b")

        self.fibo_step = self.step_type(FiboStep(self, "fibo_step"))

        self.pragma_num_steps(11)

    def trace(self: Fibonacci, args: Any):
        self.add(self.fibo_step, (1, 1))
        a = 1
        b = 2
        for i in range(1, 11):
            self.add(self.fibo_step, (a, b))
            prev_a = a
            a = b
            b += prev_a

fibo = Fibonacci()
fibo_witness = fibo.gen_witness(None)
fibo.halo2_mock_prover(fibo_witness)

This is explained in more detail in the tutorial, but you can see already how concise and clear it is.

Getting Started

Read the tutorial

All located in the tutorial folder.

Run the tutorial locally

Follow Part 2: Quick Start of the tutorial folder.

Writing a chiquito circuit in your project

To use chiquito in Python, just need to install it with pip:

pip install chiquito

To use chiquito in Rust (TODO)

Build from source

Chiquito is built in Rust. First install Rust. Then clone this repo and enter the repo directory.

git clone https://github.com/privacy-scaling-explorations/chiquito
cd chiquito

Then to build Python chiquito with maturin

python -m venv .env
source .env/bin/activate
pip install -r requirements.txt
maturin develop

Testing and Links

API documentation: cargo doc --no-deps --package chiquito --open

Also auto-published here for the latest commit to main: docs.pecadorplonkish.xyz/

Licenses

MIT OR Apache-2.0

More Repositories

1

zkevm-circuits

Rust
819
star
2

maci

Minimal Anti-Collusion Infrastructure (MACI)
TypeScript
512
star
3

zkevm-specs

Python
332
star
4

zk-kit

A monorepo of reusable libraries for zero-knowledge technologies.
TypeScript
290
star
5

zkp-app-boilerplate

Build your zkp app with typescript, hardhat, circom, and snarkjs!
TypeScript
221
star
6

sonobe

Experimental folding schemes library
Rust
185
star
7

mpz

Multi-party computation libraries written in Rust 🦀
Rust
182
star
8

halo2curves

Rust
170
star
9

snark-verifier

Rust
143
star
10

core-program

141
star
11

halo2wrong

Rust
116
star
12

zk-eigentrust

EigenTrust - A distributed reputation system
Rust
109
star
13

p0tion

The MPC suite of tools for conducting zkSNARK Phase 2 Trusted Setup ceremonies
TypeScript
88
star
14

zkevm-chain

zkevm-chain: Deprecated
Rust
87
star
15

multifolding-poc

A PoC repo for a HyperNova impl
Rust
83
star
16

acceleration-program

Accelerate Early Stage Programmable Cryptography Talents
64
star
17

halo2-solidity-verifier

A set of tooling related to halo2 circuits verification inside Solidity contracts
Rust
62
star
18

maze

Multi proof Aggregation for Zk SNARK on Ethereum
Rust
61
star
19

anon-aadhaar

Anon Aadhaar is a zero-knowledge protocol that allows Aadhaar ID owners to prove their identity in a privacy preserving way.
JavaScript
61
star
20

bandada

A system for managing privacy-preserving groups.
TypeScript
51
star
21

incrementalquintree

An incremental Merkle tree written in Typescript and circom
TypeScript
43
star
22

nova-bench

A collection of comparison-benchmarks for Nova & related Proving systems
Rust
42
star
23

greco

Rust
42
star
24

poseidon

Rust
38
star
25

zkvm-ideas

A collection of the Vietnam Spring ZK Residency effort of the ZKWasm team
37
star
26

multisetups

A simple, IPFS-based multi-party trusted setup utility for snarkjs
TypeScript
27
star
27

e2e-zk-ecdsa

End to End ZK ECDSA
TypeScript
25
star
28

nova-ml

Jupyter Notebook
23
star
29

zkevm-docs

AppliedZKP's zkEVM Documentation
Shell
23
star
30

DefinitelySetup

The repository for high quality Trusted setups for groth16 based SNARKS
TypeScript
21
star
31

nova-by-hand

A collection of the Notes on the Nova folding scheme explained from scratch
21
star
32

zkey-manager

TypeScript
18
star
33

rln

Shell
18
star
34

pse.dev

PSE website v2 with more user research and new branding!
TypeScript
17
star
35

UniRep

A private and non-repudiable reputation system
TypeScript
16
star
36

semaphore-phase2-setup

Phase 2 of a multi-party trusted setup ceremony for the Semaphore zk-SNARK circuit
Python
16
star
37

taz-apps

Simple DApp to allow Devcon attendees to review events anonymously.
JavaScript
13
star
38

zk-kit.circom

A monorepo of reusable Circom circuits.
Circom
13
star
39

circom-ecdsa-p256

Big integer arithmetic // secp256k1 & additional P256 ECC operations in circom
Circom
12
star
40

PSE-Lectures-Notes

A collection of the Notes by Matan from each of the PSE Lectures sessions that have happened so far.
12
star
41

pairing

Rust
11
star
42

website

Privacy and Scaling Explorations
TypeScript
11
star
43

researches

10
star
44

webauth-circom

Circom
10
star
45

security

A collection of resources relevant to the PSE Security Team.
10
star
46

qdh

The Quadratic Dollar Homepage is a spin on the Million Dollar Homepage. While it also features a space for images on a webpage, it allows users to vote on how much space each image takes up. Moreover, it employs a quadratic and collusion-resistant voting mechanism on Ethereum called Minimal Anti-Collusion Infrastructure (MACI) to prevent bribery and scale images quadratically.
JavaScript
10
star
47

maci-platform

MACI Platform - Voting and Funding using MACI
TypeScript
10
star
48

zk-kit.solidity

A monorepo of reusable contracts for zero-knowledge technologies.
Solidity
10
star
49

crypt-keeper-extension

Crypt-Keeper Extension, zero knowledge identity management and proof generation tool.
TypeScript
7
star
50

zk-kit.rust

A monorepo of reusable crates for zero-knowledge technologies.
Rust
6
star
51

zk-keeper

ZK Keeper
TypeScript
6
star
52

hacking-pse

PSE Hackathon
TypeScript
5
star
53

poseidon_in_circomlib_check

5
star
54

zkevm-testing-vectors

Go
5
star
55

sonobe-docs

Docs for https://github.com/privacy-scaling-explorations/sonobe
5
star
56

ideas

4
star
57

keccak_circuit

Rust
4
star
58

snark-artifacts

A streamlined mechanism for distributing SNARK artifacts.
TypeScript
4
star
59

mixer

TypeScript
4
star
60

zk-kit.noir

A monorepo of reusable Noir circuits.
Roff
4
star
61

sugesto

Sugesto is an internal application to allow PSE members to send anonymous feedback on team events and activities.
TypeScript
3
star
62

perpetualpowersoftau

Standard ML
3
star
63

github-ops

Shell
2
star
64

poseidon-gadget

Poseidon gadget for Halo2, previously at halo2_gadgets.
Rust
2
star
65

technical-reports

PSE Technical Reports
TeX
2
star
66

maci-coordinator

🏗 coordinator = tallier + prover
Go
2
star
67

mpt-witness-generator

Go
2
star
68

zuzalu-feedback

An app to allow Zuzalu attendees to send anonymous feedback.
TypeScript
1
star
69

zkevm-chain-testing

Python
1
star
70

MACI-v2

MACI + Nova + ElGamal PoC
1
star
71

vFSM

An opinionated framework aimed at facilitating the zero knowledge verification of state transitions in Mealy machines with encrypted inputs.
1
star
72

maci-phase2-setup

TypeScript
1
star
73

qdh-admin

Admin panel for QDH. Based on Strapi
JavaScript
1
star
74

pse-gfis

A simple app to view good first issues from a set of repos/orgs
TypeScript
1
star
75

zkevm-params

Shell
1
star