Epoxy Rollup - cast your app in integrity

Epoxy is a validity rollup framework integrated as a first class citizen in the Tezos economic protocol that allows the origination of a large class of applications. Thanks to aPlonK, Epoxy can reach high tps by aggregating multiple proofs. Furthermore, the content of rollup operations can be kept private with respect to the blockchain - only the operator processing the L2 operations knows their content.

aPlonK - prove facts with aplomb!

aPlonK is a PlonK-inspired proving system which focuses on proof-aggregation and distributed proof generation. It's an OCaml implementation from scratch of the PlonK proving system based on the bls12-381 curve, which eases the integration of new custom gates and lookup tables. Instead of the classic KZG commitment scheme, our custom aggregation protocol can verify multiple proofs in logarithmic time.

Plompiler is a monadic Domain Specific Language embedded in OCaml that can be used to build circuits for aPlonK. Programs written in Plompiler are typed to increase safety and can be compiled to their circuit representations or interpreted directly in OCaml for testing. Together with the circuit, Plompiler also returns an efficient one-pass solver that given an input finds a valid assignment for the wires of the circuit.
Additionally, Plompiler contains a generic optimizer capable of significantly reducing the size of commonly developed circuits. Flamegraphs can be generated to inspect the generated circuits and guide the optimization of each primitives.
The library also features a highly performant set of primitives for hashing (Poseidon and Anemoi) and signing.

• New optimization techniques for PlonK’s arithmetization.
• aPlonK: Aggregated PlonK from Multi-Polynomial Commitment Schemes.
• New Design Techniques for Efficient Arithmetization-Oriented Hash Functions: Anemoi Permutations and Jive Compression Mode.
• Presentations at ZKProof Workshop 2022: aPlonK, Anemoi.

Improved randomness using Verifiable Delay Functions

In 2022, Tezos' protocol Kathmandu improved the randomness generation based on its RANDAO scheme by integrating an additional VDF phase. This work was built on top of Chia's VDF library which implements Wesolowski's scheme.

• Announcement
• Documentation
• In-depth article

Sapling integration

Sapling is a protocol enabling privacy preserving transactions of fungible tokens in a decentralized environment. It was designed and implemented by the Electric Coin Company building on the seminal Zerocoin paper. In 2019, Tezos protocol Edo integrated the Sapling protocol by extending the Michelson smart contract language, allowing for the exchange of digital assets in a privacy preserving way.

• Announcement
• Documentation

Working on the incremental Merkle tree used in Sapling was also the occasion to try some formal verification which was presented at the ML workshop in 2022.

HACL*

HACL* is a High Assurance Crypto Library which implements a variety of cryptographic primitives ensuring functional correctness and side-channel resistance all the while offering highly performant (memory-safe) C code. HACL* was integrated in Tezos back in 2018 and since then we maintain its package for the OCaml community. During 2022 we also developed a verified implementation of the Bitcoin curve secp256k1.

• In-depth article