Verify eddsa signatures on zk-snarks with Zokrates

In order to perform zkrollups of transactions, the zk-SNARKs has to be able to verify the validity of offline transactions.

Zokrates is a toolbox to generate zk-SNARKs on ethereum, however it has been proofed that it can be also used to generate zk-SNARKs on tezos:

The only issue preventing Zokrates to be able to create zk-rollups on Tezos, is the fact, that Zokrates stdlib only support signature verification using the baby jubjub curve which is based on the bn128 used by ethereum. Adding support for the jubjub curve (suggested by Zcash and based on the bls12_381) in the zokrates stdlib (ZoKrates/zokrates_stdlib/stdlib/ecc at develop · Zokrates/ZoKrates · GitHub) would solve the problem

5 Likes

Very interesting read, thank you for sharing!

Is the tz4 curve scheduled for the Mumbai protocol upgrade the right one?

https://tezos.gitlab.io/protocols/016_mumbai.html#cryptography

@murbard answer in slack: The answer is yes, it’s the right one but no it’s not the one used by Ethereum and Zokrates.

What makes the particular choice for the implementation behind tz4 superior and desirable e.g. for zokrates to adapt to this one?

I dont know, I forwarded your previous question to slack and got the answer. Probably good to follow up there. Although getting it in the forum would be good to preserve it for everyone.