Implement PLONK in Aiken (ZK) - Eryx

[Proposal setup] Proposal title

Please provide your proposal title

Implement PLONK in Aiken (ZK) - Eryx

[Proposal Summary] Budget Information

Enter the amount of funding you are requesting in ADA

100000

[Proposal Summary] Time

Please specify how many months you expect your project to last

3

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

There are few on-chain implementations of ZK protocols in Cardano. Furthermore, the ones that are implemented are in low level languages, making it difficult for them to be adopted by new developers.

[Proposal Summary] Supporting Documentation

Supporting links

• https://eprint.iacr.org/2019/953.pdf
,
• https://eryx.coop/

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

License and Additional Information

The implementation will be open source and available on GitHub under the Apache 2.0 license.

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

Developer Tools

[Campaign Category] Category Questions

Mention your open source license and describe your open source license rationale.

We chose Apache 2.0 because it’s a well-established, permissive open source license that allows wide adoption, including commercial use, while still providing clear requirements for attribution and preserving notices. It also includes explicit patent rights grants, which help protect both users and contributors from patent disputes. This balance of openness, clarity, and legal protection aligns with our goal of encouraging collaboration and long-term community growth.

How do you make sure your source code is accessible to the public from project start, and people are informed?

All code will be publicly accessible in our GitHub repository, where anyone can view, clone, and contribute. We will also share regular updates, release announcements, and milestones through our active Twitter account @eryxcoop, ensuring that the community stays informed about the project’s progress.

How will you provide high quality documentation?

Eryx has a skilled team of industry experts with extensive experience in technical writing and documentation. The team will ensure that all project materials are clear, comprehensive, and well-structured, making it easy for both developers and end users to understand and contribute.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

We want to implement a PLONK verifier in Aiken. It will accept transactions only if it can successfully verify the proof of a program that was executed offchain.

Plonk is a Zero-Knowledge protocol based on the KZG polynomial commitment scheme. It is characterized by the fact that no matter the size of the original program, the proof size and the verifying time are both constant. The verifier is required to compute only two elliptic curve pairings to verify the proof. This comes at the cost of more computation for the prover, but in a blockchain context this is an acceptable tradeoff since we can have the burden of making the heavy computations offchain and verifying on-chain in constant time.

To our current knowledge there currently is no implementation of Plonk or even KZG in Aiken. We want to fill this gap. Our implementation will be fully compatible with the widely used SnarkJS library so that it will be possible to write and compile circuits in Circom, prove their execution with SnarkJS and verify their execution with our validator on-chain in Cardano.

Our implementation will be fully open-source and will be accompanied by clear documentation and blog posts explaining how to use it, how the protocol works, how it was implemented and guidelines on how to contribute.

[Your Project and Solution] Impact

Please define the positive impact your project will have on the wider Cardano community

There are two main ways in which adding more ZK will impact cardano: Privacy and scalability.

In terms of privacy, there are many use cases, such as proof of innocence, privacy-preserving authentication, selective disclosure, fully encrypted transactions among others. Some of these are already implemented in Cardano.

In terms of scalability, ZK protocols have the characteristic that verifying a program is always cheaper than executing it. Meaning a lot of the logic of transactions that were being executed on-chain can be done offchain and just be verified by the validator, cheapening the costs of operating on Cardano.

Having a modular ZK protocol written in a readable language, such as Aiken, will help devs add ZK to their projects, and will help bring cardano to the next level with ZK tech.

Developers in the general ZK ecosystem are familiar with the workflow of writing circuits in Circom and proving their execution with SnarkJS. When this proposal is complete, devs will be able to verify those PLONK proofs with an aiken validator. We want their experience to be similar to what they are used to so that they can bring their projects to Cardano with ease.

The transaction limit of 16kb limits the protocols that we can aim to have working on-chain, since they have larger proofs. Plonk is not affected by this restriction because it has a constant size proof. It is ideal for Cardano.

Furthermore, implementing Plonk is just the beginning of our roadmap. We aim to implement other zk-SNARKs and also, we would like to bring STARKs to Cardano by building a proof aggregation system where you run a STARK verifier inside a Circom circuit and prove it on-chain with a SNARK, similar to what other chains and ZK-rollups are doing (Polygon, Aztec).

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Eryx is a worker-owned labor cooperative with almost 15 years of experience solving complex problems involving mathematics and software. We are a group of nerdy PhDs with a solid background in math and computer science. Our team has extensive experience in blockchain development, cryptography, and privacy-focused protocols, which gives us the expertise required to successfully deliver the project.

We have already implemented proving systems and other ZK protocols. We’ve been core contributors to the Lambdaworks library, which implements several proving systems, including PLONK. We also implemented the CircleSTARKS protocol in GPU alongside with Nethermind. Both these projects involved implementing several ZK cryptographic primitives such as field operations, elliptic curve operations, merkle trees, polynomial commitment schemes, FRI protocols, FFTs among others, in different platforms and languages. We also wrote a simple interface to design circuits. It included basic operations and conditionals that made the building blocks for more complex cryptographic primitives.

There is no doubt that the team is capable of completing this proposal.

[Milestones] Project Milestones

Milestone Title

Research and specification

Milestone Outputs

Technical review of the research done.

We will review the PLONK protocol, along with the implementations it has in different languages. We'll go through the available implementations of elliptic curve operations and modular arithmetic. We will design and model our Aiken implementation of the verifier.

The team will write documentation that reflects this work.

Acceptance Criteria

The team has reviewed the literature and has documentation explaining how the protocol works.

The team agrees on the final specification for implementing the protocol and has documentation that supports the decisions made.

Evidence of Completion

The team will publish the technical documentation with the output of the research and the specification in an online platform.

Delivery Month

1

Cost

10000

Progress

10 %

Milestone Title

Polynomial commitment scheme

Milestone Outputs

An implementation of the verifier part of KZG in Aiken.

A huge part of the PLONK protocol is its polynomial commitment scheme: KZG. We will implement the verifier part of the protocol in aiken and deploy a validator on the testnet.

Acceptance Criteria

It is possible to go through the KZG polynomial commitment scheme with the verifier part being run on-chain. That is, the prover commits to a polynomial and the verifier is written in Aiken and can verify the value of that polynomial on the testnet.

Evidence of Completion

The code will be publicly available in the GitHub repository under the Apache 2.0 open-source license.

Delivery Month

2

Cost

40000

Progress

40 %

Milestone Title

PLONK protocol

Milestone Outputs

Programs represented through circuits can be verified on-chain.

We adapt the polynomial commitment scheme so that it can verify a plonk proof of a simple program. This program will be executed in a circuit and its proof will be built using the PLONK protocol.

Acceptance Criteria

The solution shows functionality for generating and verifying a zero-knowledge proof using SnarkJS within a blockchain testnet environment. A simple program (for example, an arithmetic circuit or other minimal logic) will be compiled into the necessary proving and verification keys, and a proof will be generated using SnarkJS which will in turn be verified by a smart contract on the testnet.

Evidence of Completion

The code will be publicly available in the GitHub repository under the Apache 2.0 open-source license.

Delivery Month

3

Cost

40000

Progress

30 %

Milestone Title

Final polishing and documentation

Milestone Outputs

• Final codebase after optimizations and bug fixes
• Full documentation for developers (including setup, usage, and contribution guidelines)
• User-friendly setup and usage tutorials
• Refactors, extended testing, writing comprehensive documentation and tutorials.

Acceptance Criteria

• The library meets all functional expectations, allowing users to verify PLONK proofs of programs on the testnet. It accepts valid proofs, rejects invalid ones, and integrates smoothly with the testnet environment.
• Documentation and tutorials are complete, clear, and easy to follow. They guide users through installation and usage.

Evidence of Completion

• The source code will be publicly available on GitHub
• Published documentation and tutorials on GitHub or another documentation platform

Delivery Month

3

Cost

5000

Progress

10 %

Milestone Title

Final report

Milestone Outputs

• Publicly available source-code of the library in GitHub with all the code for the PLONK verifier and its documentation.
• A final report describing the project process and outcome
• A video showcasing the library and its features

Acceptance Criteria

• The final library is functional and can be used to verify Plonk proofs on-chain of programs that were executed off-chain.
• The final video complies with Catalyst requirements.
• The final report complies with Catalyst requirements.

Evidence of Completion

• Source-code available in the GitHub repository
• Documentation publicly available
• Final video uploaded to Google drive or similar platform
• Final report uploaded to Google drive or similar platform

Delivery Month

3

Cost

5000

Progress

10 %

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

Total: ₳100,000

FTE = Full-time equivalent

• Development: ₳75,000 total
  • The activities of this item will be: Smart Contract Development; Implementation of math primitives and cryptographic protocols.
  • Cardano developer: ½ FTE x 3 months = ₳25,000
  • Zero-Knowledge Cryptographer: ½ FTE x 3 months = ₳25,000
  • Zero-Knowledge Cryptographer: ½ FTE x 3 months = ₳25,000
• Documentation & Reporting: ₳5,000
  • The activities of this item will include: Preparing clear and comprehensive technical documentation, project updates, and ensuring ongoing reporting to the community.
• Technical writer: 1/4 FTE x 4 months = ₳5,000
• Project management: ₳20,000
  • The activities of this item will be: Organize the project execution, create reports and write the documentation, and maintain communication with the community and reviewers.
  • Project Management: ½ FTE x 4 months = ₳20,000

[Final Pitch] Value for Money

How does the cost of the project represent value for the Cardano ecosystem?

We decided to focus on spending the expenses of the project in the development hours. In that regard, it is important to note:

The team consists of 2 developers that will work a combined total of 60 hours per week.

The total development hours of the whole team will be approximately 720 hours. If we divide the development hours by the full proposal budget (100000₳ / 720h = 138₳), it results in 138 Ada per hour which according with the current valuation it results 70 dollars per development hour. This gives a projected annual salary of $134,000 USD a year per developer. In practice, it will be less than that.

According to https://web3.career/web3-salaries/blockchain-developer, this value is within the range of developer's salaries. These salaries vary from $50,000 to $250,000 with an average of 150,000 up to 200,000k for the web3 developer. This information demonstrates that the price of each developer is according to the normal range of salaries and below the average of the industry, which is a reasonable price considering the skills and experience of the team.

[Required Acknowledgements] Consent & Confirmation

Terms and Conditions:

Yes