We are researching the design concept and solution plan for ZKEVM, which requires a custom gate. As a result, we spent some time researching it and hope you will gain some insight after reading this paper: Why use the custom gate? What is a custom gate? Why? Layer 2 scalability on Ethereum is always a hot topic. At present, the rollup solution is the most acceptable, as it combines off-chain calculation and on-chain verification. In short, the state transition will occur off-chain. The prover will be responsible for generating proof of the transition’s validity, as illustrated below: For a particular contract, a corresponding specific state transition function (STF) must perform extensive calculations, including but not limited to global state modification and transaction signature verification. All calculation procedures above need to be converted to a circuit consisting of a simple add-gate and a mul-gate. The prover can generate a proof and send it to the verifier for verification using this circuit. The circuit’s expression form is as follows: As previously stated, the circuit is fixed, representing only one calculation, and thus cannot represent additional calculations. In other words, if the prover wishes to verify additional calculation statements, the circuit must be redesigned to allow for the re-deployment of the verification contract. That is not desirable. We hope that users will be able to define their contracts independently rather than re-deploy a verification contract. This is the EVM-compliant ZKRollup concept. Though the concept is difficult and time-consuming to implement, many people make significant efforts to achieve it. MatterLabs is a good example. We hold them in high regard and have benefited from their knowledge. What is the best way to achieve the generic? First, we need to understand the TinyRam principle. TinyRam is a framework for ensuring the accuracy of the calculation. It has the disadvantage that if the calculation is excessively complicated, the related TinyRam calculation becomes more complex. As a result, it’s difficult to accept simply using TinyRam to test the STF function’s validity during the process. TinyRam’s complexity comparison is as follows: Therefore, generic calculations cannot be implemented solely on TinyRam. We adopt the custom gate to simplify the calculations. We know that the calculation of the contract logic accounts for a small fraction of a transaction’s consumption, whereas the signature and hash account for a significant fraction. As a result, separating these actions from the transaction as an operating component (OP), analogous to ADD/MUL/SUB, etc., simplifies the overall calculation. Similarly, in the current fixed scenario, which is not generic, a custom gate can be constructed to minimize the circuit’s scale, except add-gate and mul-gate. This is why we research customized gates. What is a custom gate? For example, the circuit of the Plonk algorithm consists of an add-gate and a mul-gate, as shown below: Because the gate constants can be zero, the two gates can be combined into one. Based on the value of the Gates constants, determine if a certain restriction is an add-gate or a mul-gate, as seen below: When qM = 0, qL = 1, qR = 1 and qO = 1, the corresponding gate is an add-gate. When qM = 1, qL = 0, qR = 0 and qO = 1, the gate is a mul-gate. Consider that if the input wires of the gate exceed two, the associated gate may perform operations other than addition and multiplication. The AZTEC team has now developed several small circuit logic units, as seen below: For example, if the circuit requires a more efficient MiMc function calculation, after the addition of x3custom gate, the circuit constraint will become: qM·WL· WR + qL·WL + qR·WR + qO·WO + qL3WL3 + qC = 0 When qM = 0, qL = 0, qR = 0, qL3 = 1, qo = 1, the constraint responds to the “MiMc” gate. If it is the “Xor” gate, the circuit of sha256 will be much smaller. The custom gate enables a significant reduction in the circuit’s scale (number of gates) and increases the circuit’s design flexibility. In practice, numerous operations, such as point addition and scalar mul for elliptic curves, can be constructed as custom gates. This is precisely what we are doing at the moment. In addition to the Custom gate, the lookup table can be used to lower the scale of the circuit. When combined, they can provide a thrilling experience. Later, we’ll discuss how to use the lookup table in ZKP. In general, we refer to the Plonk algorithm that uses the custom gate as turbo Plonk. If the lookup is also employed, the Plonk algorithm is referred to as Ultra Plonk.

Ethereum

Chain

Scalar

Halo2 Circuit Development: Sin7Y Tech Review (20)

Zero-Knowledge Proof Algorithm: ZK-Stark-FRI Protocol

Nominated for 2022 - HackerNoon Contributor of the Year - Optimization

Nominated for 2022 - HackerNoon Contributor of the Year - Algorithms

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Architecture

Nominated for 2022 - HackerNoon Contributor of the Year - Blockchain

Too Long; Didn't Read

Design Concept and Applications of Custom Gate: Sin7Y Tech Review (19)

Design Concept and Applications of Custom Gate: Sin7Y Tech Review (19)

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Study on Parallel Execution: Everything You Need to Know

(1/100) Crypto Countdown: Golem

05/03/2018: Biggest Stories in the Cryptosphere

µRaiden: Micropayments for Ethereum

The Noonification: Have U Been Pwned? (1/12/2023)

0x (ZRX) Analysis : Decentralised Exchange Protocol On Ethereum

A Study on Parallel Execution: Everything You Need to Know

(1/100) Crypto Countdown: Golem

05/03/2018: Biggest Stories in the Cryptosphere

µRaiden: Micropayments for Ethereum

The Noonification: Have U Been Pwned? (1/12/2023)

0x (ZRX) Analysis : Decentralised Exchange Protocol On Ethereum

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps