Ethereum Protocol Fellowship : Final Presentation Cohort 4

The EPF Cohort 4 has come to an end, and it’s time to reflect on the journey and the lessons learned. This post will provide a brief overview of the work done during the cohort and the lessons learned along the way. This update will also include an idea of how much we expected to complete during the cohort and how much we actually accomplished.

So first let’s have a brief view of what the project was, and what we exactly wanted to acheive during the cohort. Find all the resources related to the project below :

• Project Proposal
• Project Presentation
• Project Presentation Slides
• Reference Implementation :
  • Go Verkle
  • Verkle Trie Reference (Python)
• Project Repository :
  • Constantine
  • Nim-Eth-Verkle

If you go through above the above links then you can find that the project was divided into 3 parts initailly :

• Curve Primitives - Banderwagon
• Pedersen Commitments & IPA
• Verkle Trie Structure

Now as we explore more and had a deeper understanding of what we need to do, we realised that spiliting or adding anohter phase would be the best idea for the project to be completed in the given time frame. So we added another phase to the project :

• Curve Primitives - Banderwagon
• Pedersen Commitments & IPA
• Multiproof system
• Verkle Trie Structure

Presentation at Devconnect Istanbul

Curve Primitives - Banderwagon

When we look into curve primitives in details we can see that a lot of primitives were missing. We were using the constantine library as out math base, but it turned out a lot of primitves were missing that we expected. The following things were implemented and added to the constantine library :

• Implementing the Twisted Edwards, projective & affine coordinates representation for the curves
• Implementing the interoperatibility between projective and affine coordinates, and adding hex support to it
• Adding the Bandersnatch curve
• Making the Banderwagon scheme as a curve over the Bandersnatch curve
• Adding a pre-compute of primeMinusOneOverTwo for the Banderwagon curve
• Making the serialization & deserialization of the Banderwagon curve points
• The transformation of Banderwagon curve points to Scalar Field $\mathbb{F_r}$ curve points
• Adding montgomery batchInversion for all elements
• Making all the serialization operation for batch operations

PRs Status

• https://github.com/mratsim/constantine/pull/261 ( Merged )
• https://github.com/mratsim/constantine/pull/271 ( Merged )
• https://github.com/mratsim/constantine/pull/278 ( Merged )
• https://github.com/mratsim/constantine/pull/283 ( Merged )

Pedersen Commitments & IPA

For this @agnish was working on it. This part comprises of writing the Pedersen commitments and then using the Inner Product Arguments(IPA) writing the Multiproof system for aggregating the proofs up the trie. The following things were implemented and added to the constantine library :

• Transcript generation using Fiat Shamir heurestic
• Barycentric form using precompute optimisation over domain
• Common util funs for ipa
• IPA functions for prover
• IPA functions for verifier
• Functions for creating multiproofs
• Functions for checking multiproofs
• Random element generator for Pedersen
• Functions for Pedersen Commitments

PRs Status

• https://github.com/mratsim/constantine/pull/276 ( WIP )

Verkle Trie Structure

This was getting handled by @danille from the Nimbus team along with @naman. This included implementing the trie structure with mock functions of the cryptographic primitives that were to be implemented in the previous phases. The following things were implemented and added to the constantine library.

Self Thoughts

We could have done the project timeline estimation a bit better, and tried less to parralize the work. I personally think that there have been more effort to parallalize the work, which is not needed and created a lot of unwanted codebase which now needs to be cleaned and refactored by us.