ZKFold logozkFold
background image

zkWrapper

Takes any Untyped Plutus Core (UPLC) script as input and produces a zero-knowledge version of it. No ZKP expertise required!

No script length limit

Normally, UPLC scripts are limited by the Cardano transaction size (currently, 16KB).

No CEK execution budget limit

Original script execution happens off-chain. The wrapper script only checks the proof of execution, which requires a fixed amount of ExUnits.

No redeemer size limit

Redeemers are the input data to Plutus scripts. We supply short polynomial commitments to the zk-wrapped scripts instead of the actual data. This allows us to circumvent the Cardano transaction size limit.

No datum size limit

Similarly to redeemers, polynomial commitments (or hashes) can be used in datums to reduce the overall transaction size. The difference is that datums usually also contain public data that is critical for determining the on-chain state of the smart contract. This public data cannot be hashed without changing the smart contract trust model (data availability).

Private smart contracts become possible

Since the original script is not submitted on-chain, it can be kept private. It is up to the developers or users to disclose it.

Results

zkFold team has been working on the project since early May. We are proud to announce that we have achieved the following:

  • Zeroed in on the tools, frameworks, and algorithms we will be using for the project. Devised a detailed development plan for zkWrapper and beyond.
  • Developed an early prototype of the circuit for verifying CEK machine executions.
  • Implemented a tool for constructing ZKP witness data from a CEK machine execution trace of a UPLC program.
  • Started documenting our version of the ZKP protocol and UPLC arithmetization.

Solution Components

1

ZKP Witness Generation Tool

In order to construct a zero-knowledge proof of a correct UPLC program execution, one needs to encode the execution trace with numbers. More specifically, in Plonk arithmetization we encode it with the coefficients of a certain set of polynomials. The tool takes a UPLC program in text form as input and produces a JSON file with the polynomial coefficients data as output.

UPLC program for fibonacci sequence
UPLC program for fibonacci sequence
2

Arithmetic Circuit Prototype

We have implemented an arithmetic circuit (unoptimized) prototype that verifies the execution trace data. In this code snippet, we verify one of the transition rules of the CEK state machine.

Circom code snippet
3

Decomposition of Problematic Builtin Operations

While for UPLC code that is executed on-chain ExUnits and script size are the key performance metrics, for zk-wrapped scripts, it is the proving time. Certain builtin operations may be decomposed into larger UPLC code snippets for improved efficiency. We have implemented such decompositions for certain operations directly in UPLC.

zkWrapper Development Plan

  • Finish protocol documentation
  • Finish ZKP witness generation tool
  • Develop ZK prover backend
  • Implement on-chain script for verifying ZKPs of correct UPLC execution
  • Create public APIs for converting transactions with original scripts into transactions with zk-wrapped versions of those scripts
ZKFold logozkFold
© Copyright 2024 ZKFold.