You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The main issue we are encountering is that the SHA-256 hash function, which we currently use for our Merkle proofs in the Ethereum consensus specification trees, is not zk-friendly.
We propose to create a commitment mapping from the validators' root (a SHA-256 Merkle tree comprising all validators) to a Poseidon root of validators. This process would involve generating a proof that a given SHA-256 Merkle tree of validators matches a corresponding Poseidon Merkle tree of validators. Given the sheer number of validators, this tree will be formed using recursive proofs. Since only a small fraction of validators changes per epoch, we can economically update and reuse the proofs. The Poseidon hash function, being more zk-friendly, could then be used to validate that a specific validator belongs to the tree in a more cost-effective manner.
Steps:
We will begin by creating the leaves level with a hashtree root of a single validator.
Then, the second level will aggregate their hashes and the proofs of the leaves, producing one SHA256 hashtree root and one Poseidon hashtree root.
Eventually, we will provide proof that the SHA256 root corresponds to the Poseidon root.
Plonky2 seems like the suitable proving system for this as recursion there is very cheap and we have verifiers for circom implemented.
The text was updated successfully, but these errors were encountered:
The main issue we are encountering is that the SHA-256 hash function, which we currently use for our Merkle proofs in the Ethereum consensus specification trees, is not zk-friendly.
We propose to create a commitment mapping from the validators' root (a SHA-256 Merkle tree comprising all validators) to a Poseidon root of validators. This process would involve generating a proof that a given SHA-256 Merkle tree of validators matches a corresponding Poseidon Merkle tree of validators. Given the sheer number of validators, this tree will be formed using recursive proofs. Since only a small fraction of validators changes per epoch, we can economically update and reuse the proofs. The Poseidon hash function, being more zk-friendly, could then be used to validate that a specific validator belongs to the tree in a more cost-effective manner.
Steps:
Plonky2 seems like the suitable proving system for this as recursion there is very cheap and we have verifiers for circom implemented.
The text was updated successfully, but these errors were encountered: