Assess constraints on Halo2 circuit verification #2799
Description
Why
The verification of a Halo2 circuit depends on a verification key wich is computed from the circuit.
Any change in the Halo2 circuits has an impact on the verification key of the circuit (even a dependency update from the Midnight library): this results in a breaking change for the verifier which does not know which verification key to use.
This raises the following questions:
- How do we provide the circuit verification (hard coded, re-computed from circuit -each time, on demand-, …)
- How do we guarantee that the verification is legitimate (do we sign it with Mithril?)
- How do we support breaking changes introduced by the modification of the verification key?
What
Assess the constraints on Halo2 proofs verification and design clear operation guidelines to support them.
How
- Assess the constraints and possible breaking changes scenario
- Assess how to guarantee authenticity of the verification key of a circuit (multiple strategies)
- Prepare clear operation guidelines to support constraints on the verification key of a Halo2 circuit
Answer from @iquerejeta:
- New release and vk: they are still releasing major versions, still doing crypto changes (like lookups)
Genesis of the vk, verifying next vk with the old one. Midnight plan people to generate it once and store.- Put
kas input of the circuit to adapt tokbeing decreased without modifying the circuit (same form)