midnight-proofs

Crates.iomidnight-proofs
lib.rsmidnight-proofs
version0.7.0
created_at2025-10-28 16:29:19.935126+00
updated_at2025-12-19 13:44:29.152336+00
descriptionFast PLONK-based zero-knowledge proving system
homepage
repository
max_upload_size
id1905136
size881,315
(MidnightCI)

documentation

README

midnight_proofs

Implementation of Plonk proof system with KZG commitments. This repo initially started as a fork of halo2 v0.3.0 – by the Privacy Scaling Explorations (PSE) team, itself originally derived from the Zcash Sapling proving system.

Summary of Changes

  • Generic proof system interface
    The proof system is now built on top of a generic trait, PolynomialCommitmentScheme, with a simpler and more generic interface. At the moment, we provide an implementation using KZG commitments with the original Halo2
    multi-open argument.

  • Simplified transcript interface
    The Transcript API has been modified for easier use in and off-circuit.

  • Additive selector support
    Enabled additive selectors (via the trash argument), allowing selectors that do not increase
    the degree of the proof system.

  • Committed instances
    Added support for committed instances behind the committed-instances feature flag.
    See Section 4.2 of the aPLONK paper for details.

  • Truncated challenges for recursion
    To enable efficient recursion, Fiat–Shamir challenges can now be truncated to 128 bits
    (via the truncate-challenges feature). This halves the size of scalar multiplications
    in-circuit, resulting in considerable circuit size gains for in-circuit proof verificaiton.

Minimum Supported Rust Version

Requires Rust 1.85.0 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

Controlling parallelism

midnight_proofs currently uses rayon for parallel computation. The RAYON_NUM_THREADS environment variable can be used to set the number of threads.

When compiling to WASM-targets, notice that since version 1.7, rayon will fallback automatically (with no need to handle features) to require getrandom in order to be able to work. For more info related to WASM-compilation.

See: Rayon: Usage with WebAssembly for more

License

See root directory for Licensing. We have copied the license files of the original Zcash Sapling proving system.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Commit count: 0

cargo fmt