Minimal hash-based zkVM, targeting recursion and aggregation of hash-based signatures, for a Post-Quantum Ethereum.
Documentation: PDF
- multilinear with WHIR, allowing polynomial stacking (reducing proof size)
- SuperSpartan, with AIR-specific optimizations
- Logup, with a system of buses similar to OpenVM
The VM design is inspired by the famous Cairo paper.
123 bits of provable security, given by Johnson bound + degree 5 extension of koala-bear. (128 bits would require hash digests of more than 8 field elements, todo?). In the benchmarks, we also display performance with conjectured security, even though leanVM targets the proven regime by default.
Machine: M4 Max 48GB (CPU only)
Expect incoming perf improvements.
cargo run --release -- xmss --n-signatures 1350
| WHIR rate \ regime | Proven | Conjectured |
|---|---|---|
| 1/2 | 530 XMSS/s - 383 KiB | 530 XMSS/s - 209 KiB |
| 1/4 | 420 XMSS/s - 252 KiB | 420 XMSS/s - 148 KiB |
(Proving throughput - proof size)
cargo run --release -- recursion --n 2
2 to 1 recursion (WHIR rate = 1/4):
| Proven | Conjectured |
|---|---|
| 1.10s - 223 KiB | 1.05s - 134 KiB |