minimal-plonk
This is a minimal implementation of PLONK in JavaScript, instantiated with the inner product argument PCS on BLS12-381. It was created for myself as a learning experience, leaves out protocol features like zero knowledge, doesn't provide an actual way to create circuits and witnesses, and is neither efficient nor secure.
To see the code in action, check out this test.
TODOs
The first thing to address would be the awful speed. Currently the runtime of both prover & verifier is completely dominated (>98%) by scalar multiplications. These should be made much more efficient by
- using linearization/batching techniques
- implementing a smaller curve, e.g. Pasta
- using multi scalar multiplication (MSM) techniques, e.g. bucket method / Pippenger
- implementing core routines in Wasm (at least double / add operations, better the entire MSM)
After that, it would be interesting to start testing some non-trivial circuits and think about how to easily create them.
Details
-
Inner product argument: ./src/inner-product.js implements the polynomial commitment scheme (PCS) described here, here and here.
-
PLONK: ./src/plonk.js implements the Prover / Verifier algorithms of PLONK over IPA, with no special gates, no plookup, no zero knowledge, very inefficient use of the PCS.
Test
To run tests in watch mode:
npx ava --watchTo inspect performance in Chrome:
npx chrode perf/plonk.js --no-headless