Minimal hash-based zkVM, targeting recursion and aggregation of hash-based signatures, for a Post-Quantum Ethereum.
Documentation: PDF
- multilinear with WHIR, allowing polynomial stacking (reducing proof size)
- SuperSpartan, with AIR-specific optimizations
- Logup, with a system of buses similar to OpenVM
The VM design is inspired by the famous Cairo paper.
123 bits of provable security, given by Johnson bound + degree 5 extension of koala-bear. (128 bits would require hash digests of more than 8 field elements, todo?). In the benchmarks, we also display performance with conjectured security, even though leanVM targets the proven regime by default.
Machine: M4 Max 48GB (CPU only)
Expect incoming perf improvements.
cargo run --release -- xmss --n-signatures 1400| WHIR rate \ regime | Proven | Conjectured |
|---|---|---|
| 1/2 | 775 XMSS/s - 374 KiB | 775 XMSS/s - 204 KiB |
| 1/4 | 650 XMSS/s - 246 KiB | 650 XMSS/s - 146 KiB |
(Proving throughput - proof size)
2 to 1 recursion (WHIR rate = 1/4):
cargo run --release -- recursion --n 2| Proven | Conjectured |
|---|---|
| 0.77s - 223 KiB | 0.59s - 128 KiB |
cargo run --release -- fancy-aggregation
(Proven regime)