Hello, is there any way to generate verifiers for func with circom/snarklibjs ?
Or should I first do it for solidity and then rewrite the verifier to func?
Feb 1, 2023, 1:12 PM
Hi, pairing operation is not still implemented in TVM and if you want to implement it in func it’ll not be gas efficient
You can check my implementation here:
https://github.com/SaberDoTcodeR/func-alt-bn128
You can check my implementation here:
https://github.com/SaberDoTcodeR/func-alt-bn128
Feb 1, 2023, 1:19 PM
Thanks! Will check it out
And what about zk friendly hash algorithms ? Like mimcsponge or Poseidon?
Feb 1, 2023, 1:36 PM
you have any statistics about gas usage?
Feb 1, 2023, 1:57 PM
for zk snark we need a pairing operation on 4 points and as far as I checked each miller loop will cost arround 1000 ton , so 4000 for a pairing of 4 points. Basically it’s infeasible in func, I think as Durov mentioned it in the whitepaper the core team should implement the alt-bn128 curve in the TVM opcodes
Feb 1, 2023, 3:21 PM
but if we only need to verify the proof, will only 1 pairing operation be required?
Feb 1, 2023, 3:28 PM
yeah 1 pairing with 4 miller loop
Feb 1, 2023, 3:30 PM
so this 1 pairing costs 250 ton?)
Feb 1, 2023, 3:30 PM
what’s miller loop? and this pairing thing. thanks)
Feb 1, 2023, 3:32 PM
@yungwine edited this one for clarification
Feb 1, 2023, 3:33 PM
oh got it thanks
the most expensive computations ever
Feb 1, 2023, 3:34 PM
if you are interested in details, Vitalik explained it perfect:
https://medium.com/@VitalikButerin/exploring-elliptic-curve-pairings-c73c1864e627
https://medium.com/@VitalikButerin/exploring-elliptic-curve-pairings-c73c1864e627
Feb 1, 2023, 3:38 PM
So it means zk proofs are not possible for now in ton?
Feb 1, 2023, 4:08 PM
hmm, that’s what we are trying to change(I’ll share my update in a few weeks)
Feb 1, 2023, 4:16 PM
Thank you! Keep me updated haha please 😁
Feb 1, 2023, 5:06 PM
Do we have strong reasons to support alt-bn128? bls12-381 looks more preferable
Feb 2, 2023, 9:34 AM