ark-bcs
is a Rust library that provides implementations of public coin RS-IOP and BCS Transform. This library is released under the MIT License
and the Apache v2 License (see License).
WARNING: This is an academic prototype, and in particular has not received careful code review. This implementation is NOT ready for production use.
An RS-IOP is an interactive protocol where prover can send message oracles with degree bound. This library provides an interface of public coin RS-IOP protocol, an efficient implementation of LDT to enforce degree bound, and a BCS transformation algorithm to convert RS-IOP to non-interactive succinct proof.
This implementation uses public-coin IOP assumption that all verifier messages are sampled uniformly at random, and all verification logic can be delayed to query and decision phase.
ark-bcs
differs from BCS Paper in several aspects:
- Instead of explicitly using a hash chain, this implementation uses
CryptographicSponge
inark-sponge
as random oracle. - This implementation has low-degree test built-in, and can handle RS-IOP.
- Multiple oracles with same evaluation domain share a merkle tree and be submitted in one round, which greatly reduces verification overhead and number of constraints.
- Each leaf of an low-degree oracle is a coset instead of an individual field element, which significantly reduces merkle tree overhead on FRI query.
Check out the tutorial to learn how to write (RS-)IOP using this library.
The library compiles on the stable
toolchain of the Rust compiler. To install the latest version
of Rust, first install rustup
by following the instructions here, or via
your platform's package manager. Once rustup
is installed, install the Rust toolchain by invoking:
rustup install stable
After that, use cargo
(the standard Rust build tool) to build the library:
git clone https://github.com/arkworks-rs/bcs.git
cd bcs
cargo build --release
This library comes with some unit and integration tests. Run these tests with:
cargo test
This library is licensed under either of the following licenses, at your discretion.
Unless you explicitly state otherwise, any contribution that you submit to this library shall be dual licensed as above (as defined in the Apache v2 License), without any additional terms or conditions.
Aurora: Transparent Succinct Arguments for R1CS
Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, Nicholas P. Ward
Fast Reed-Solomon Interactive Oracle Proofs of Proximity
Eli Ben-Sasson, Iddo Bentov, Ynon Horesh, Michael Riabzev
Interactive Oracle Proofs
Eli Ben-Sasson, Alessandro Chiesa, Nicolas Spooner