paint-brush
Design Concept and Applications of Custom Gate: Sin7Y Tech Review (19)by@sin7y
221 reads

Design Concept and Applications of Custom Gate: Sin7Y Tech Review (19)

by Sin7YFebruary 24th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

We are researching the design concept and solution plan for ZKEVM, which requires a custom gate. So Why use the custom gate? and What is a custom gate? AZTEC team has now developed several small circuit logic units. For example, the circuit of the Plonk algorithm consists of an add-gate and a mul-gate. Because the gate constants can be zero, the two gates can be combined into one. In practice, the gate can be constructed as custom curves, such as addition and scalar mulic curves.

Company Mentioned

Mention Thumbnail

Coins Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Design Concept and Applications of Custom Gate: Sin7Y Tech Review (19)
Sin7Y HackerNoon profile picture

We are researching the design concept and solution plan for ZKEVM, which requires a custom gate. As a result, we spent some time researching it and hope you will gain some insight after reading this paper:


  1. Why use the custom gate?
  2. What is a custom gate?

Why?

Layer 2 scalability on Ethereum is always a hot topic. At present, the rollup solution is the most acceptable, as it combines off-chain calculation and on-chain verification. In short, the state transition will occur off-chain. The prover will be responsible for generating proof of the transition’s validity, as illustrated below:


For a particular contract, a corresponding specific state transition function (STF) must perform extensive calculations, including but not limited to global state modification and transaction signature verification. All calculation procedures above need to be converted to a circuit consisting of a simple add-gate and a mul-gate. The prover can generate a proof and send it to the verifier for verification using this circuit. The circuit’s expression form is as follows:


As previously stated, the circuit is fixed, representing only one calculation, and thus cannot represent additional calculations. In other words, if the prover wishes to verify additional calculation statements, the circuit must be redesigned to allow for the re-deployment of the verification contract. That is not desirable. We hope that users will be able to define their contracts independently rather than re-deploy a verification contract. This is the EVM-compliant ZKRollup concept. Though the concept is difficult and time-consuming to implement, many people make significant efforts to achieve it. MatterLabs is a good example. We hold them in high regard and have benefited from their knowledge.


What is the best way to achieve the generic? First, we need to understand the TinyRam principle. TinyRam is a framework for ensuring the accuracy of the calculation. It has the disadvantage that if the calculation is excessively complicated, the related TinyRam calculation becomes more complex. As a result, it’s difficult to accept simply using TinyRam to test the STF function’s validity during the process. TinyRam’s complexity comparison is as follows:


Therefore, generic calculations cannot be implemented solely on TinyRam. We adopt the custom gate to simplify the calculations. We know that the calculation of the contract logic accounts for a small fraction of a transaction’s consumption, whereas the signature and hash account for a significant fraction. As a result, separating these actions from the transaction as an operating component (OP), analogous to ADD/MUL/SUB, etc., simplifies the overall calculation.


Similarly, in the current fixed scenario, which is not generic, a custom gate can be constructed to minimize the circuit’s scale, except add-gate and mul-gate. This is why we research customized gates.

What is a custom gate?

For example, the circuit of the Plonk algorithm consists of an add-gate and a mul-gate, as shown below:


Because the gate constants can be zero, the two gates can be combined into one. Based on the value of the Gates constants, determine if a certain restriction is an add-gate or a mul-gate, as seen below:


When qM = 0, qL = 1, qR = 1 and qO = 1, the corresponding gate is an add-gate.


When qM = 1, qL = 0, qR = 0 and qO = 1, the gate is a mul-gate.


Consider that if the input wires of the gate exceed two, the associated gate may perform operations other than addition and multiplication. The AZTEC team has now developed several small circuit logic units, as seen below:


For example, if the circuit requires a more efficient MiMc function calculation, after the addition of x3custom gate, the circuit constraint will become:


qM·WL· WR + qL·WL + qR·WR + qO·WO + qL3WL3 + qC = 0


When qM = 0, qL = 0, qR = 0, qL3 = 1, qo = 1, the constraint responds to the “MiMc” gate. If it is the “Xor” gate, the circuit of sha256 will be much smaller.


The custom gate enables a significant reduction in the circuit’s scale (number of gates) and increases the circuit’s design flexibility. In practice, numerous operations, such as point addition and scalar mul for elliptic curves, can be constructed as custom gates. This is precisely what we are doing at the moment.


In addition to the Custom gate, the lookup table can be used to lower the scale of the circuit. When combined, they can provide a thrilling experience. Later, we’ll discuss how to use the lookup table in ZKP. In general, we refer to the Plonk algorithm that uses the custom gate as turbo Plonk. If the lookup is also employed, the Plonk algorithm is referred to as Ultra Plonk.