This is a proof-of-concept implementation of KiloNova for academic use. Please do NOT use this in the production environment.
KiloNova is a high-speed recursive zkSNARK, allowing a group of mutually distrusted provers to perform a complicated computation in private, and finally output a short proof with succinct verification to convince the verifier.
Theoretically, KiloNova solves a specific class of problems called Proof-Carrying Data (a generalized version of Incrementally Verifiable Computation) by utilizing the generic folding schemes we proposed. Moreover, KiloNova provides some useful attributes such as (1) handling non-uniform circuits, which is necessary for building zkVM, and (2) zero-knowledge, which ensures privacy among different provers.
Inspired by HyperNova, KiloNova linearizes the high-degree CCS (Customizable Constraint Systems) relation by running an “early stopping” version of SuperSpartan and folds the derived instances without introducing extra communications. The theoretical analysis shows that KiloNova achieves the same asymptotic complexity as HyperNova while providing the more appealing attributes mentioned above.
Kilonova Space Explosion Could (from agnirva.medium.com)
- Implement multi-folding schemes for CCS instances (Finished).
- Generalize the folding scheme to handle instances with non-uniform circuits (In Progress).
- Achieve zero knowledge (In Progress).
This step requires a crate for building CCS arithmetic circuits from rust (just like the bellpepper for building R1CS circuits in Nova). However, there is no known crate that satisfies this requirement.
Implement the zero-knowledge PCD scheme, and integrate it with an off-the-shell SNARK system.