What is Halo 2?
Halo2 is a newer alternative proving system to Filecoin’s existing Groth16 proving system.
Goals:
- Improved flexibility for on-chain proofs aggregation
- TODO: (CryptoNetLab): how to utilize these aggregation capabilities within Filecoin correctly and securely
- This may include the ability to use Halo2’s recursion
- No more trusted setups for new circuits (making it faster to roll out future proofs innovations)
- (TBD) Possibly faster proving and verification
Halo 2 Dev Timeline
Milestones
- Pasta field hashers and vanilla proofs
- GPU Pasta field arithmetic
- [x] Fork
pasta_curves and implement ec_gpu::GpuField for Pasta fields
- [ ] Make
neptune's GPU code generic over any field
- [ ] Make
rust-fil-proofs GPU code compatible with multiple fields
- Poseidon circuit in
neptune and rust-fil-proofs
- Replace ECC’s
poseidon::Spec with neptune::PoseidonConstants
- Replace const generics with
typenum
- SHA256 hash function in
rust-fil-proofs
- Create wrapper around
halo2_gadgets::Sha256 which uses typenum to specify preimage lengths (measured in number of u32s)
- Hasher circuit interface in
rust-fil-proofs that’s capable of computing and verifying digests
- Merkle proof circuit with configurable hash function and arity (using
typenum)
- This may require separate Merkle proof gadgets for each hasher (Sha256 and Poseidon)
- Proofs circuit utils
- Binary decomposition circuit
- 32-bit uints
- Pick and insert circuits
- Proofs circuits (PoRep, PoSt, ESU)
rust-fil-proofs Halo2 APIs
- TBD: API version handling in existing APIs vs new versioned APIs
- TBD: Parameter loading, caching and runtime validation against manifest (if required)
- Create Halo2 and Groth16 circuits for a vanilla proof
- Halo2 compatible
CompoundProof interface: generate SNARK from vanilla proof, SNARK verification
- Halo2 keygen, reading, and writing