Short Guide

This repo is a proof-of-concept implementation of polynomial commitment schemes and NIZK from the Expand-Accumulate code. This is modified from the open-source project Spartan (commit hash: e0f964c3f93dc95134ba36940b22e0ad6b09fe98), a lot of credits go there. We also includes the original README from Spartan, but rename it to README-SPARTAN in this repo.

Environment and Testing

We run all the experiments on AWS c5a.16xlarge Ubuntu 22.04 machine with 64 cores and 124G memory.

To bench the Expand-Accumulate Code, first compile it:

RUSTFLAGS="-C target_cpu=native" cargo build --release --features profile --features ecc_pc

and then run

./target/release/poly_commit
./target/release/nizk

to see the result.

For Brakedown, compile it with

RUSTFLAGS="-C target_cpu=native" cargo build --release --features profile --features brakedown_pc

and similarly, run

./target/release/poly_commit
./target/release/nizk

to see the result.

To build the doc, run

cargo doc --features ecc_pc
cargo doc --features brakedown_pc

respectively.

Code Organization

We use exactly Spartan's IOP in our implementation, but replace the underlying polynomial commitment scheme with our implementation of Expand-Accumulate Code and the code used in Brakedown. For a description of Spartan's IOP and the original code structure, please refer to README-SPARTAN.md.

The implementation of our polynomial commitment based on the new code is located in src/dense_mlpoly. You can find the parameters we use for Brakedown and EACode there in brakedown_dense_mlpoly.rs(line 70) and ecc_dense_mlpoly.rs(line 66), respectively. We include both the original and improved parameters for Brakedown. We include both the proved and conjectured parameters for EACode (Need some comment/uncomment to switch between them though.).

To reproduce the figures for the performance of polynomial commitment(PC) and NIZK, simply choose the correct set of parameters, and run the benchmark for PC/NIZK according to the instructions in the previous section.