Minimal hash-based zkVM, targeting recursion and aggregation of hash-based signatures, for a Post-Quantum Ethereum.
Documentation: PDF
- multilinear with WHIR, allowing polynomial stacking (reducing proof size)
- SuperSpartan, with AIR-specific optimizations
- Logup, with a system of buses similar to OpenVM
The VM design is inspired by the famous Cairo paper.
123 bits of provable security, given by Johnson bound + degree 5 extension of koala-bear. (128 bits would require hash digests of more than 8 field elements, todo?). In the benchmarks, we also display performance with conjectured security, even though leanVM targets the proven regime by default.
Machine: M4 Max 48GB (CPU only)
Expect incoming perf improvements.
cargo run --release -- xmss --n-signatures 1400| WHIR rate \ regime | Proven | Conjectured |
|---|---|---|
| 1/2 | 800 XMSS/s - 355 KiB | 800 XMSS/s - 188 KiB |
| 1/4 | 700 XMSS/s - 229 KiB | 700 XMSS/s - 130 KiB |
(Proving throughput - proof size)
2 to 1 recursion (WHIR rate = 1/4):
cargo run --release -- recursion --n 2| Proven | Conjectured |
|---|---|
| 0.75s - 188 KiB | 0.57s - 116 KiB |
cargo run --release -- fancy-aggregation
(Proven regime)