Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/personaelabs/efficient-zk-ecdsa

Lowering client-side proving cost for private ZK signatures in circom
https://github.com/personaelabs/efficient-zk-ecdsa

Last synced: 3 months ago
JSON representation

Lowering client-side proving cost for private ZK signatures in circom

Host: GitHub
URL: https://github.com/personaelabs/efficient-zk-ecdsa
Owner: personaelabs
License: gpl-3.0
Created: 2022-09-10T12:31:31.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-03-18T01:09:26.000Z (almost 2 years ago)
Last Synced: 2024-10-04T16:42:51.174Z (4 months ago)
Language: JavaScript
Homepage:
Size: 24.3 MB
Stars: 106
Watchers: 5
Forks: 16
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-circom - efficient-zk-ecdsa

README

        # efficient-zk-ecdsa

### ⚠️ This repo is no longer maintained⚠️

### We recommend [spartan-ecdsa](https://github.com/personaelabs/spartan-ecdsa) as a replacement

_The code in this repo is unaudited and not recommended for production use._

Please refer to [this blog post](https://personaelabs.org/posts/efficient-ecdsa-1/) for details. The circuits in this repo uses circuits from [circom-ecdsa](https://github.com/0xPARC/circom-ecdsa).

## Install dependencies

```

yarn

```

## Compile the circuit and generate the zkey

```

yarn run build:ecdsaverify

```

## Run proof generation

```

yarn run run:ecdsaverify

```

## Run benchmarks

```

cd ./bench

```

```

open ./index.html

```

_The full proof and the proving time will be displayed in the browser console._

## Benchmarks

_Disclaimer: the following benchmarks are to give an intuition about the proving time of this method. We hope to run a more comprehensive benchmark across many devices soon._

### Circuit info

We include details on the circuit implementing the rearranged formula without precomputed multiples for comparison. The more precomputed multiples one uses, the larger the input size but the fewer the # of constraints. This tradeoff is relevant for any on-chain applications of this work:

| Circuit                     | Constraints | zKey size |

| --------------------------- | ----------- | --------- |

| ecdsa_verify                | 163,239     | 119MB     |

| ecdsa_verify_pubkey_to_addr | 315,175     | 197MB     |

| ecdsa_verify_no_precompute  | 1,401,956   | 874MB     |

### Browser proving

_The setup_:

- M1 Pro Macbook Pro

- Internet speed: 40Mbps

- Browser: Chrome browser

| Circuit                     | Proving time |

| --------------------------- | ------------ |

| ecdsa_verify                | 39.4s        |

| ecdsa_verify_pubkey_to_addr | 58.2s        |

### Command line proving

_The setup:_

- M1 Pro Macbook Pro

| Circuit                     | Proving time |

| --------------------------- | ------------ |

| ecdsa_verify                | 18s          |

| ecdsa_verify_pubkey_to_addr | 30s          |