Patract Hub's treasury proposal for Megaclite (ZKP support) v0.1

The original post is, after the feedbacks from the group, we have decided to modify our proposal into this, and we have highlighted the difference (bond and deletion)

Suggestions from W3F and Parity

Arkworks' library is better than Zcash's old library

Ethereum's alt_bn128 is too old, we originally decided only add bls12_381, W3F suggests to add another two curves: BLS12-377, BW6_761

The native layer's design (Runtime interface or WASM boundary) for final complete crypto curves support is TBD, so we will not try to merge our code into Substrate about the crypto units in native layer. We will change this project as the POC and show the real benchmark difference of native and WASM implementation. So, we have decided to deliver two version of the crypto units (ADD, MUL, Pairing) of those four curves in native layer and in Runtime WASM layer.

Among the current Layer 2 solutions to the privacy and throughput problems of blockchains, zero-knowledge proof is considered the most powerful solution. Compared with Channels, Mixers, and Ring Signature, zero-knowledge proof is the most difficult to implement, but the effect is the best, and it can be applied to almost all scenarios on the blockchain. With the development of some technologies around the Ethereum community in recent years, the efficiency of zero-knowledge generation and verification has been greatly improved, and the upper layer abstract has become more and more mature, and the development difficulty has been greatly reduced. Recently, some related projects have appeared in the Polkadot community, such as Matter Labs, Starks Network, etc., but for WASM smart contract and Runtime development, the Substrate framework still lacks some underlying technical support.

Patract Hub develops local open source tool suite and a one-stop cloud smart IDE, and is committed to providing free development tools and infrastructure services for Polkadot's WASM smart contract ecosystem. Megaclite is the 5th project of Patract Hub. In the process of developing this project, we will also launch the 6th project at the same time: Metis, a WASM smart contract library. The Megaclite project will be dedicated to introducing basic zero-knowledge proof underlying support for the Polkadot ecology, so that developers can easily develop applications at the upper level through WASM smart contracts or Runtime. Megaclite will support the more mature zkSNARK-related technologies firstly, and may also support zkSTARK-related underlying technologies later.

ZK Rollup Introduction

Compared with the privacy function, the performance improvement brought by Rollup is the early application direction of zero-knowledge proof. At present, the Layer 2 expansion plan of the blockchain is to transfer a considerable part of the on-chain workload to off-chain to complete, and the most watched one is ZK Rollup. The essence of ZK Rollup is to compress the application on-chain state and store it in a Merkle tree, and move the state transition funtions to off-chain. At the same time, the correctness of the off-chain state transition process is guaranteed through the proof of zkSNARK. Compared with the high cost of directly processing state changes on the chain, the ZK Proof's on-chain smart contract verification is extremely cost low. At the same time, the compressed information will also be submitted to the chain together with the proof, which ensures data availability and obtains the same level of security as Layer 1.

The Ethereum Layer 2 protocols related to ZK Rollup are: zkSync, aztec, etc. Their contract verification modules share a part of the elliptic curve's basic algorithms. In 2017, Ethereum integrated three basic cryptographic calculation units of the alt_bn128 curve in the form of pre-compiled contracts, which are EIP196’s ADD and Scalar_MUL algorithms, and EIP197’s Pairing algorithm. On top of this, due to the lack of rapid upgrade capabilities of Ethereum, the community can only encapsulate some tool libraries through costly Solidity contracts. On top of these basic contract libraries, many DApps can combine ZK Rollup technology to achieve some innovations, such as loopring, gitcoin and uniswap etc. However, in the past 3 years, ZK technology has further developed, such as the more practical BLS curve, and PLONK algorithm etc. Ethereum has not yet supported it.

Megaclite's Future Development Plan (v0.1 ~ v0.3)


Megaclite will firstly provide the following functions on our Jupiter smart contract testnet. After full verification, we will apply to Parity to merge this into the Substrate framework.

  • Provide more on-chain underlying cryptography support than Ethereum. The current stage includes two curves : alt_bn128 and bls12_381 , and two more: BLS12-377, BW6_761

  • Integrate ADD, MUL, Paring units in Native layer, and provide them to Runtime applications through Runtime-Interface, and further provide them to WASM contract applications through Contract-Seal

  • Integrate ADD, MUL, Paring units in Runtime WASM layer, and provide them to WASM contract applications through Contract-Seal

  • Through Pallet and Ink! contract libraries, providing more higher-level verification and crypto tools than Ethereum, improving execution efficiency and reducing development costs

  • Provide off-chain cryptography toolbox through Rust SDK

  • Provide typical sample applications through Ink! sample contracts

v0.1: Provide on-chain support for elliptic curve alt_bn128 and bls12_381 and BLS12-377, BW6_761(5 weeks)

  • Integrate addition (ADD), scalar multiplication (MUL) and Pairing functions of the curves in Native layer and Runtime WASM layer.

  • Provide these three functions to the upper Runtime Pallets and Contracts to call.

  • In the Runtime layer and the Ink! contract layer, provide two zkSNARK Verify upper-layer interfaces ( verification function of groth16, similar to the Verifier library of ethsnarks).

  • Start the Metis project and implement EdDSA, MerkleTree, MiMC Hash, etc. contract library on the Ink! contract layer.

v0.2: Provide off-chain toolbox support for Ink! contract (5 weeks)

ZoKrates is the zkSNARKs toolbox on Ethereum. It helps developers generate computable proofs using high-level languages and verify the proofs in the Solidity environment. We will transform this toolbox based on ZoKrates to adapts to the Ink! smart contract environment.

  • Support the complete commands supporting the zkSNARKs protocol, including the use of Compile, Setup, Compute-witness, Generate-proof, Export-verifier and other commands in the Ink! smart contract environment

  • Provide Javascript toolkit, support API interface, including compile, computeWitness, setup, generateProof, exportSolidityVerifier, etc.

v0.3: Create a sample payment DApp based on Megaclite (6 weeks)

Payment is one of the typical scenarios for the large-scale popularization of blockchain applications. However, due to the performance, cost and scalability of the Layer 1 basic chain, low-latency and high-throughput payment applications cannot be implemented on the Layer 1 chain. Now benefiting from the basic capabilities of zkSNARKs provided by the previous two versions, we will implement a highly scalable payment application based on Layer 2 ZK Rollup technology for the community.

The application has the following characteristics: completely trust-free, anti-censorship, high security, fast real-time, high throughput. Developers can reuse the application code with very few changes and directly apply it to the Polkadot WASM smart contract ecosystem to serve large-scale community users, and it will also bring great scalability to the Polkadot parachain.

  • Provide a Metis smart contract library that supports deposit, withdrawal, transfer and verification of off-chain ZK proof
  • Provide ZKP engine including transaction pool, Merkel state tree, circuit, and proof generation
  • Provide state management module and transaction pool module

Detailed Design of v0.1: 5 weeks (16 Nov - 21 Dec)

M1: Integrate the basic units of alt_bn128 & bls12_381 & and BLS12-377, BW6_761 (3 developer * 1 weeks)

  1. Prepare the 3 basic algorithm codes (Add, Scalar_Mul, and Pairing) of alt_bn128 elliptic curve from zcash's official library bn
  2. Prepare the same 3 basic algorithm codes of bls12_381 from zcash's official library bls12_381
  3. Prepare the basic algorithm codes (Add, Scalar_Mul, and Pairing) for 4 curves from arkworks' library
  4. Integrate the above algorithms into the under layer of Substrate Runtime and Runtime WASM layer.

M2: Provide to upper runtime and smart contract applications (3 developers * 1 weeks)

  1. Add Runtime_interface to the Jupiter testnet and provide it to Runtime applications.
  2. Add Contract_Seal to the contract module of the Jupiter testnet and provide it to the WASM contract application.

M3: Integrate upper-level verification and tool functions (3 developers * 1 week)

  1. The runtime pallet that implements the zkSNARK verification algorithm.
  2. The Metis contract library that implements the zkSNARK verification algorithm.
  3. The Metis contract library that implements other commonly used algorithms, such as EdDSA, MerkleTree, MiMC Hash, etc. and other commonly used algorithms.

M4: Test (3 developers * 1 week)

  1. Test six basic elliptic curve algorithms
  2. Test the zkSNARK verification algorithm of the Runtime layer
  3. Test the zkSNARK verification algorithm implemented in the contract layer
  4. Test EdDSA, MerkleTree, MiMC, etc. and other commonly used algorithm contract templates.

M5: Benchmark (3 developers * 1 week)

  1. Provide benchmark results of all the above functions and develop them for the community as a reference for transaction weight and pricing.

Cost of v0.1 (15 developers * weeks)

  • Operating activities: $3000 ( Rent and Devices: $200 per employee * week )
  • Developer payments: $28500 ($1900 per developer * week)
  • —————————— +
  • Total Cost: $31500
  • Exchange Rate: $5.8 / DOT
  • Treasury Proposal: 5431 DOT

How to verify v0.1: Jupiter Testnet & Youtube demo & Github library

  1. The cryptographic units can be verified through the Runtime and Metis contract modules that we deploy on Jupiter.
  2. The upper-level Verification function can be verified through the Runtime and Metis contract modules deployed on Jupiter.
  3. The functions of the upper-level tools can be verified through the Metis contract module deployed on Jupiter.
  4. You can view and reproduce our Benchmark results.
  • Metadata
  • Timeline2

No comments here