Cradicle Explorer
Groth.jl
/ docs / Implementation_vs_Arkworks.md
Implementation_vs_Arkworks.md
 1  # Implementation vs. Arkworks
 2  
 3  This reference maps each major subsystem in Groth.jl to the analogous pieces in
 4  arkworks (`ark-ff`/`ark-poly`/`ark-groth16`) and calls out where we mirror or
 5  intentionally diverge from their design.
 6  
 7  ## Evaluation Domains & FFTs
 8  
 9  | Topic | Arkworks | Groth.jl |
10  | --- | --- | --- |
11  | Domain sizing | `EvaluationDomain::new(num_constraints + num_inputs)` ensures every slot is populated before an IFFT | Currently: minimal power-of-two ≥ `num_constraints`; subset circuits pad coefficients after barycentric interpolation. **Next step:** match arkworks by filling every slot so we can drop the barycentric shim |
12  | Coset shift | `EvaluationDomain::get_coset(F::GENERATOR)` with tracked offset/inverses | `get_coset(domain, default_coset_offset)` tracks offset, inverse, and `offset_pow_size` |
13  | Vanishing on coset | `domain.evaluate_vanishing_polynomial(g)` with cached powers | We FFT `t(x)` on the coset; for full domains we use closed form `g^n - 1`. After we align domains we can mirror arkworks’ cached evaluation |
14  
15  Aug 2025 refactor summary:
16  - Coset path is default (`compute_h_polynomial` asserts coset/dense equality).
17  - Subset domains temporarily recover coefficients via barycentric interpolation
18    before padding in coefficient space.
19  - Planned alignment: populate the entire domain as arkworks does so the FFT/IFFT
20    pair is used directly with no coefficient recovery helper.
21  
22  ## Multi-Scalar Multiplication (MSM) & Precomputation
23  
24  | Topic | Arkworks | Groth.jl |
25  | --- | --- | --- |
26  | MSM backend | `VariableBaseMSM` (Straus + endomorphism on BLS curves) | `GrothAlgebra.multi_scalar_mul` with Straus-like algorithm; w-NAF helpers mirror arkworks. Endomorphism optimisations TBD |
27  | Fixed-base tables | `FixedBaseMSM` with windowing | `FixedBaseTable` in `GrothAlgebra/src/Group.jl`; benchmarks cover table build & batch multiply |
28  
29  Planned work: evaluate window sizes and endomorphisms once we profile the coset
30  prover path.
31  
32  ## Curve Abstractions & Pairing Engine
33  
34  | Topic | Arkworks | Groth.jl |
35  | --- | --- | --- |
36  | Curve traits | `AffineCurve`, `ProjectiveCurve`, generic engines | `ProjectivePoint{Curve,F}` abstraction; pairing engine (`BN254Engine`) mirrors arkworks’ API |
37  | Pairing pipeline | Optimal ate with sparse line placement, Frobenius corrections | Same formulas; files named `BN254MillerLoop.jl`, `BN254FinalExp.jl`, `BN254Pairing.jl` |
38  | Engine extension | Additional curves (BLS12-381, etc.) provided via feature flags | Planned; abstractions ready but only BN254 implemented today |
39  
40  ## Groth16 Pipeline
41  
42  | Topic | Arkworks | Groth.jl |
43  | --- | --- | --- |
44  | R1CS → QAP | Domain filled completely, IFFT → FFT on coset | Same structure; subset handling currently requires barycentric recovery (to be removed when we align domains) |
45  | Prover | Coset FFT path by default, dense path available for debugging | Coset path now default, dense used only for assertions; matches arkworks once domain alignment lands |
46  | Prepared verifier | `PreparedVerifyingKey` with batched pairing | `prepare_verifying_key`, `prepare_inputs`, `verify_with_prepared` mirror arkworks and use the pairing engine |
47  | Aggregation | `groth16::aggregate_proofs` available | Not yet ported; on roadmap |
48  
49  ## Documentation Cross-links
50  
51  - RareSkills mapping: see `docs/RareSkills_Groth16_Map.md` for how textbook
52    chapters map to Groth.jl modules.
53  - Package reference: `CODEX_ANALYSIS.md` summarises modules and implementation
54    notes.
55  
56  ## Upcoming Alignment Tasks
57  
58  1. Populate the entire evaluation domain (constraints + inputs) before calling
59     IFFT, eliminating the barycentric interpolation helper.
60  2. Mirror arkworks’ domain helpers (vanishing evaluations, cached twiddles) once
61     the layout matches.
62  3. Re-run benchmarks after domain alignment to ensure performance remains stable.
63  4. Port proof aggregation once the core prover alignment is complete.
64  
65  Feel free to extend this comparison as additional features (e.g., aggregation,
66  poly-commitments) land in the Julia stack.