Submission period: September 25, 2021 00:01 UTC - October 25, 2021 at 23:59 UTC
Voting period: 14 days
=nil; Foundation as an initial member of Free TON community developed an upgraded version of TON Virtual Machine, which includes cryptographic primitives required for usage zero-knowledge proof verification within the virtualized applications. =nil; Foundation also prepared C++ (GitHub - NilFoundation/cpp-ton: Cryptography-enhanced Telegram Open Network Protocol C++ Implementation) and Rust-y (GitHub - NilFoundation/rust-ton: Cryptography-enhanced Telegram Open Network Protocol Rust Implementation) ZK proof verification instruction-enhanced TON protocol implementations.
Crucial application for such a verificaiton instruction is to verify rollups which often consist of transactions/replication packages/votes signatures etc.
Verifying transactions, votes etc. is all about verifying its signatures. Widespread signatures (EdDSA, ECDSA) are defined over non-pairing friendly curves (Ed25519, secp256k1) which have no twisted curves and induce high verification costs and timings. In case of FreeTON verification timings are required to be kept as low as possible.
Ths document proposes a contest results of which are supposed to introduce the way to efficiently verity non-pairing friendly curves-based signatures over BLS12-381-based Groth16 SNARK proof which would result in the introduction of a way to verify zk-rollups on FreeTON.
Participants are expected to introduce the way to efficiently verify EdDSA over Ed25519 signatures with the newly introduced
VERGRTH16 instruction to make it possible to verify outside protocols zk-rollups inside the TVM.
Solutions provided are expected:
- To be a correctly functioning FreeTON virtualized application deployed either to https://main.ton.dev (https://ton.live) (in case the protocol gets upgraded) either to https://net.freeton.nil.foundation (https://nil.ton.live or https://live.freeton.nil.foundation) either to https://fld.ton.dev (https://fld.ton.live).
- To involve VERGRTH16 TVM instruction usage.
- To be able to verify a Groth16 proof of at least 32000 EdDSA over Ed25519 signatures within a single replication packet production interval.
- Apart from uploading a submission, a code should be submitted in accordance with GitHub - freeton-org/readme and deployed either to https://main.ton.dev (https://ton.live) (in case the protocol gets upgraded) either to https://net.freeton.nil.foundation (https://nil.ton.live or https://live.freeton.nil.foundation).
- A participant should do a presentation of her solution at a convenient time agreed with Cryptography SG members. A solution should include tests with clear instructions.
- If a test does not cover some scenarios, then jurors can develop their own tests, but it should reduce such a submission score.
- The solution should have an open source license.
- The solution should contain at least a draft of an architecture description.
Jurors are supposed to verify the correctness of the protocol submitted by the participant to the test cluster as follows:
- Reproduce use case scenario (verification of batches with various amount of signatures)
- Confirm the solution complies to the architecture description.
- Confirm the solution complies to protocol requirements.
- Compare the performance of submissions. Better performance means better score.
- Compare the nature of solutions provided. Purely technical circuit crafting solutions are less welcome than scheme modification-based ones.
Jurors whose team(s) intend to participate in this contest by providing submissions lose their right to vote in this contest.
A jury from other sub-governance groups could be added to this contest to provide additional technical expertise.
Each juror will vote by rating each submission on a scale of 1 to 10.
Jurors should provide feedback on each submission.
The jury will reject duplicate, subpar, incomplete, or inappropriate submissions.
Only submissions with an average score equal to or more than 5.0 can get a reward.
- 1st prize (score >= 7.0) - 300000 TONs
- 2nd prize (score >= 6.0) - 150000 TONs
- 3rd prize (score >= 5.0) - 50000 TONs
Note: If the number of winning submissions is less than the number of rewards available, any remaining rewards are not subject to distribution and are considered void.
An amount equal to 10% of all total tokens actually awarded will be distributed equally between all jurors who vote and provide feedback. Both voting and feedback are mandatory in order to collect the reward.
An amount equal to 5% of the prize fund will be allocated to members who participated in organizing the contest, to be distributed equally among them:
- Participants must upload their work correctly so it can be viewed and accessible in the formats described. If work is inaccessible or does not fit the criteria described, the submission may be rejected by jurors.
- Participants must submit their work before the closing of the filing of applications. If not submitted on time, the submission will not count.