{"id":13511346,"url":"https://github.com/0xProject/OpenZKP","last_synced_at":"2025-03-30T20:33:03.958Z","repository":{"id":37664905,"uuid":"178040830","full_name":"0xProject/OpenZKP","owner":"0xProject","description":"OpenZKP - pure Rust implementations of Zero-Knowledge Proof systems.","archived":false,"fork":false,"pushed_at":"2024-04-23T12:24:45.000Z","size":10756,"stargazers_count":626,"open_issues_count":299,"forks_count":104,"subscribers_count":34,"default_branch":"master","last_synced_at":"2024-05-20T05:00:37.640Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xProject.png","metadata":{"files":{"readme":"Readme.md","changelog":"Changelog.md","contributing":"Contributing.md","funding":null,"license":"License.md","code_of_conduct":"Code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"Security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-27T17:11:52.000Z","updated_at":"2024-06-01T21:01:08.150Z","dependencies_parsed_at":"2024-06-01T21:00:40.747Z","dependency_job_id":"70b8f52c-bce4-4510-af3d-a5b8eff31738","html_url":"https://github.com/0xProject/OpenZKP","commit_stats":{"total_commits":1888,"total_committers":5,"mean_commits":377.6,"dds":"0.10963983050847459","last_synced_commit":"c28a5c66b6ee9b97bf177373ba148981df60b7fb"},"previous_names":["0xproject/starkcrypto"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xProject%2FOpenZKP","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xProject%2FOpenZKP/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xProject%2FOpenZKP/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xProject%2FOpenZKP/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xProject","download_url":"https://codeload.github.com/0xProject/OpenZKP/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221957354,"owners_count":16907604,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T03:00:47.925Z","updated_at":"2024-11-01T13:30:48.178Z","avatar_url":"https://github.com/0xProject.png","language":"Rust","funding_links":[],"categories":["Cryptography","Rust"],"sub_categories":["Zero Knowledge Proofs"],"readme":"# OpenZKP\n\n[![Crates.io](https://img.shields.io/crates/l/zkp-stark)](/License.md)\n[![](https://docs.rs/zkp-stark/badge.svg)](https://docs.rs/zkp-stark)\n[![CircleCI](https://img.shields.io/circleci/build/github/0xProject/OpenZKP)](https://circleci.com/gh/0xProject/OpenZKP)\n[![Codecov](https://img.shields.io/codecov/c/gh/0xproject/OpenZKP)](https://codecov.io/gh/0xProject/OpenZKP)\n\nOpenZKP - pure Rust implementations of Zero-Knowledge Proof systems.\n\n## Overview\n\nProject current implements\n\n* 🐺 the Stark protocol (see its [readme](/crypto/stark/Readme.md) for details)\n\nand has\n\n* 🌞 a simple interface (see the [example](#example) below),\n* 🗜️ succinct proofs,\n* 🏎️ decent performance, and\n* 🌐 webassembly support.\n\nThat being said, it also has a number of limitations, it has\n\n* *no* high-level language,\n* *no* comprehensive security audit,\n* *no* perfect zero-knowledge,\n* hard-coded field and hash function,\n\nand some others, see [features and limitations](#features-and-limitations) below for details.\n\n## Packages\n\n| Package | Version | Description |\n| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------- |\n| `utils/` | | |\n| [`criterion-utils`](/utils/criterion-utils) | [![Crates.io](https://img.shields.io/crates/v/zkp-criterion-utils?label=)](https://crates.io/crates/zkp-criterion-utils) | Criterion helpers to benchmark over size and number of processors. |\n| [`error-utils`](/utils/error-utils) | [![Crates.io](https://img.shields.io/crates/v/zkp-error-utils?label=)](https://crates.io/crates/zkp-error-utils) | Assertion like macros for returning `Result::Err`. |\n| [`logging-allocator`](/utils/logging-allocator) | [![Crates.io](https://img.shields.io/crates/v/zkp-logging-allocator?label=)](https://crates.io/crates/zkp-logging-allocator) | Wrapper around the system allocator that logs large allocations. |\n| [`mmap-vec`](/utils/mmap-vec) | [![Crates.io](https://img.shields.io/crates/v/zkp-mmap-vec?label=)](https://crates.io/crates/zkp-mmap-vec) | Substitute for `Vec` that uses file-backed storage. |\n| [`macros-lib`](/utils/macros-lib) | [![Crates.io](https://img.shields.io/crates/v/zkp-macros-lib?label=)](https://crates.io/crates/zkp-macros-lib) | Library of procedural macros implemented using `proc_macro2` |\n| [`macros-impl`](/utils/macros-impl) | [![Crates.io](https://img.shields.io/crates/v/zkp-macros-impl?label=)](https://crates.io/crates/zkp-macros-impl) | Implementation crate for `proc_macro_hack` |\n| [`macros-decl`](/utils/macros-decl) | [![Crates.io](https://img.shields.io/crates/v/zkp-macros-decl?label=)](https://crates.io/crates/zkp-macros-decl) | Procedural macros. |\n| `algebra/` | | |\n| [`u256`](/algebra/u256) | [![Crates.io](https://img.shields.io/crates/v/zkp-u256?label=)](https://crates.io/crates/zkp-u256) | Implementation of 256-bit unsigned integers. |\n| [`primefield`](/algebra/primefield) | [![Crates.io](https://img.shields.io/crates/v/zkp-primefield?label=)](https://crates.io/crates/zkp-primefield) | A 251-bit prime field suitable for FFTs. |\n| [`elliptic-curve`](/algebra/elliptic-curve) | [![Crates.io](https://img.shields.io/crates/v/zkp-elliptic-curve?label=)](https://crates.io/crates/zkp-elliptic-curve) | An elliptic curve over the `primefield`. |\n| `crypto/` | | |\n| [`elliptic-curve-crypto`](/crypto/elliptic-curve-crypto) | [![Crates.io](https://img.shields.io/crates/v/zkp-elliptic-curve-crypto?label=)](https://crates.io/crates/zkp-elliptic-curve-crypto) | Pedersen commitments and digital signatures. |\n| [`hash`](/crypto/hash) | [![Crates.io](https://img.shields.io/crates/v/zkp-hash?label=)](https://crates.io/crates/zkp-hash) | Hash primitive used in `zkp-stark`. |\n| [`merkle-tree`](/crypto/merkle-tree) | [![Crates.io](https://img.shields.io/crates/v/zkp-merkle-tree?label=)](https://crates.io/crates/zkp-merkle-tree) | Merkle tree based vector commitment. |\n| [`stark`](/crypto/stark) | [![Crates.io](https://img.shields.io/crates/v/zkp-stark?label=)](https://crates.io/crates/zkp-stark) | STARK protocol implementation |\n\n## Example\n\nExample from the [`stark`](/crypto/stark) package:\n\n```rust\nuse zkp_stark::{*, primefield::*};\n\nstruct FibonacciClaim {\n index: usize,\n value: FieldElement,\n}\n\nimpl Verifiable for FibonacciClaim {\n fn constraints(\u0026self) -\u003e Constraints {\n use RationalExpression::*;\n\n // Seed\n let mut seed = self.index.to_be_bytes().to_vec();\n seed.extend_from_slice(\u0026self.value.as_montgomery().to_bytes_be());\n\n // Constraint repetitions\n let trace_length = self.index.next_power_of_two();\n let g = Constant(FieldElement::root(trace_length).unwrap());\n let on_row = |index| (X - g.pow(index)).inv();\n let every_row = || (X - g.pow(trace_length - 1)) / (X.pow(trace_length) - 1.into());\n\n let mut c = Constraints::from_expressions((trace_length, 2), seed, vec![\n (Trace(0, 1) - Trace(1, 0)) * every_row(),\n (Trace(1, 1) - Trace(0, 0) - Trace(1, 0)) * every_row(),\n (Trace(0, 0) - 1.into()) * on_row(0),\n (Trace(0, 0) - (\u0026self.value).into()) * on_row(self.index),\n ])\n .unwrap()\n }\n}\n\nimpl Provable\u003c\u0026FieldElement\u003e for FibonacciClaim {\n fn trace(\u0026self, witness: \u0026FieldElement) -\u003e TraceTable {\n let trace_length = self.index.next_power_of_two();\n let mut trace = TraceTable::new(trace_length, 2);\n trace[(0, 0)] = 1.into();\n trace[(0, 1)] = witness.clone();\n for i in 0..(trace_length - 1) {\n trace[(i + 1, 0)] = trace[(i, 1)].clone();\n trace[(i + 1, 1)] = \u0026trace[(i, 0)] + \u0026trace[(i, 1)];\n }\n trace\n }\n}\n\npub fn main() {\n let claim = FibonacciClaim {\n index: 5000,\n value: FieldElement::from_hex_str(\"069673d708ad3174714a2c27ffdb56f9b3bfb38c1ea062e070c3ace63e9e26eb\"),\n };\n let secret = FieldElement::from(42);\n let proof = claim.prove(\u0026secret).unwrap();\n claim.verify(\u0026proof).unwrap();\n}\n```\n\n## Features and Limitations\n\n### Features\n\n**A simple interface.** The public interface is simple and is considered [semver-stable](https://github.com/rust-lang/rfcs/blob/master/text/1105-api-evolution.md). Future versions are expected to add functionality without breaking this interface.\n\n**Succinct proofs.** For a given security parameter, the proof size is close to minimal. Significant improvements here would require innovations in the way constraint systems are designed or in the underlying cryptography.\n\n**Decent performance.** All steps of the proof are using asymptotically optimal algorithms and all of the major steps are multi-threaded. There are no hard memory requirements. We can expect a good amount of performance improvements by fine-tuning, but we don't expect orders of magnitude improvements.\n\n**Webassembly support.** The verifier can be used in a WebAssembly environment without the Rust `std` lib. The prover will work too, but has not been a priority.\n\n### Limitations\n\n**No high-level language.** Constraints are specified using their algebraic expressions. This requires complicated and careful design from the library user and is easy to do wrong, leading to insecure systems. A high level language would help make development simpler and safer and facilitate re-use of components.\n\n**No comprehensive security audit.** While development is done with the best security practices in mind, it is still very early stage and has not had the amount of expert peer review required for a production grade system.\n\n**No perfect zero-knowledge.** The current implementation provides succinct proofs but not perfect zero knowledge. While non-trivial, it is theoretically possible to learn something about the secret. Achieving perfect zero-knowledge is possible and can be implemented.\n\n**No side-channel resistance.** The implementation favours performance over side-channel resistance. While this is common in zero-knowledge proof system, you should be aware that his might leak intermediate computations. Side-channel resistance can be implemented.\n\n**Hard-coded field and hash.** The current implementation uses a particular [prime field](/algebra/primefield) and a particular [hash function](/crypto/hash). These are optimized for verification in the Ethereum Virtual Machine. This can be generalized to other primitives optimized for other use cases.\n\n## Contributing\n\nSee our [Contributing guideline](/Contributing.md) and [Code of conduct](/Code_of_conduct.md).\n\nSee CircleCI documentation on how to [run tests locally][cci-local].\n\n[cci-local]: https://circleci.com/docs/2.0/local-cli/\n\n## References\n\nResource overviews on Zero Knowledge Proof protoocols:\n\n* The excelent [zkp.science](https://zkp.science/).\n* The [overview](https://github.com/matter-labs/awesome-zero-knowledge-proofs) by Matter Labs\n\nResources on numeric and cryptographic algorithm implementation:\n\n* Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone (2001).\n \"Handbook of Applied Cryptography\". Available [online](http://cacr.uwaterloo.ca/hac/)\n* Donald Knuth (1968-).\n \"The art of computer programming\". In particular part II: Seminumerical algorithms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xProject%2FOpenZKP","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xProject%2FOpenZKP","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xProject%2FOpenZKP/lists"}