# The OpenZL Conference Talks

## Curious to know what we’ll be discussing? We’ve published our agenda and topics below.

# About the OpenZL Conference

We welcome you to join us for the first OpenZL Conference. OpenZL is an open-source library for more accessible ZKP. It is a collaborative effort pushed forward by the collective ZK community, led by Manta Network. We’re proud to bring this ZK community together for the first inaugural OpenZL Conference, which hosts discussions that push the envelope of ZK innovation.

## Time: Dec 21st 11:00am EST

## Speakers Include

**Bowen Huang**, Cofounder & CTO at Cysic**Brain Retford**, CEO at RISC Zero**Brandon H. Gomes**, CTO at Manta Network**Eduardo Morais**, Research Engineer at Protocol Labs**Pratyush Mishra**, Chief Scientist at Aleo**Jeff Burdges**, Applied cryptographer and mathematician at Web3 Foundation**Todd Norton**, Applied Cryptographer at Manta Network**Sebastien La Duca**, ZK Engineer**Wei Dai**, Cryptography Researcher**Rahul Maganti**, Jump Crypto

## Agenda

- Session 1, Talk 1 — Talk 5: 11:00am — 12:40pm
- Session 2, Talk 6 — Talk 10: 12:50pm — 2:30pm
- Open Discussion Session: 2:40pm — 3:10pm

# Session 1 Talks (in order of talk)

**Brandon Gomes, CTO, Manta Network — **OpenZL: Middleware and Open Standards for the Next Generation of zkApps

In recent years, there’s been an explosion of new frameworks for building ZK applications with incredible strides being made to increase performance and usability. However, along with these new systems we run into three problems: a lack of standardization and interoperability for common circuits, large gap between proof system designers and language designers, and an ever-increasing security surface. OpenZL is a new middleware platform for integrating together the entire ecosystem leveraging an embedded DSL called ECLAIR that lets developers build circuits in a proof-system-agnostic way without sacrificing performance and modularity. Separating the circuit development effort from the proof-system implementation effort makes it easier for developers to migrate to better and faster proof systems as they come out and reduces the duplication of work that’s ever present in our open source community. OpenZL is also a test-bed for better standards for constraint systems and proof system implementations especially for PLONK-like systems.

**Jeff Burdges**, Applied Cryptographer, Web3 Foundation — Ring VRFs from zero knowledge continuations

Ring VRFs are (anonymized) ring signatures that prove correct evaluation of some authorized signer’s PRF, while hiding the specific signer’s identity within some set of possible signers, known as the ring. We design a ring VRF protocol which has efficient instantiations with our novel zero-knowledge continuation technique. We demonstrate a reusable zero-knowledge continuation technique, which works by adjusting a Groth16 trusted setup to hide public inputs when rerandomizing the Groth16. We then build ring VRFs that amortizes expensive ring membership proofs across many ring VRF signatures. Incredibly, our ring VRF needs only eight G_1 and two G_2 scalar multiplications, making it the only ring signature with performance competitive with group signatures.

**Eduardo Morais**, Research Engineer, Protocol Labs — A Zero-Knowledge circuit for the Lurk language

In this talk we are going to present Lurk, a Turing-complete, Lisp-based functional programming language where the reduction step can be constructed using a small number of R1CS constraints. Lurk by design is content-addressable, allowing to represent recursive data efficiently. It also provides an efficient way to carry out equality tests between data structures. We construct a universal circuit that can build proofs for any zero-knowledge statement written in Lurk language. Shortly, the interpretation of the code produces a sequence of frames, and each one is proved in zero-knowledge way to be a valid reduction step. Our current circuit implementation has roughly twenty thousand R1CS constraints and there is still room for improvement. Frames can be folded using Nova backend, giving an efficient solution to accumulate Lurk frames. We describe some gadgets that were used as building blocks for the circuit construction. Namely, we show how we constructed the multicase gadget, which permits to select multiple values, expressed as multiple case clauses, and we show how to eliminate some constraints to achieve smaller circuit. Also, we show how we compare field elements, an operation that is important since it is a pre-requisite for other gadgets, as for example division with remainder. We also show how to construct hash-based commitments and functional commitments natively. The talk will describe how to construct a functional language interpreter using the continuation-passing paradigm, where expressions can be reduced to a simple step and the rest of the computation is determined by a continuation. The language can deal with any kind of computation, including recursions.

**Pratyush Mishra**, Chief Scientist, Aleo — Arkworks: A Rust Ecosystem for zkSNARKs

zkSNARKs are an exciting avenue for enhancing the privacy and scalability of decentralized systems. Indeed, researchers and practitioners are implementing and deploying decentralized applications atop zkSNARKs at breakneck speed. However, existing zkSNARK implementations live in their own “walled gardens”: optimizations and improvements in one implementation cannot easily be shared with other projects, leading to either inefficiency, or wasted effort due to reimplementation. In this talk, I will introduce *arkworks*: a set of Rust libraries that resolves the foregoing problem by providing all of the components required for zkSNARK programming, packaged into generic, efficient, and easy-to-use modules, such as the following: * Generic implementations of finite fields, elliptic curves, and pairings, as well as instantiations of widely-used curves. *State-of-the-art zkSNARKs such as Groth16, Groth-Maller17, Marlin. * Ergonomic libraries for writing constraints, along with implementations of many commonly-used constraint “gadgets”. * Recursive composition of arbitrary SNARKs, including recursion from accumulation schemes. * Libraries for aggregating proofs and signatures. The modular design of our libraries means that improvements in one component (such as finite field arithmetic) are inherited for free by downstream components (such as zkSNARK implementations). We achieve this composability without sacrificing performance: our generic libraries are competitive with the best application-specific libraries. As a result, our libraries have been deployed in existing industry products such as Celo, MINA, and Aleo.

## Bowen Huang, Cofounder & CTO at Cysic — Hardware acceleration of ZKP

The main bottleneck in deploying ZKP is the time-consuming proof generation process, where the multi-scalar multiplication is a major part of it. For better efficiency, we propose a fully pipelined acceleration design for the proof generation process. Our design combines novel algorithmic approaches and hardware-specific optimizations. We implemented and tested our design on FPGA, which outperforms the current state-of-the-art GPU-based solution.

# Session 2 Talks (in order of talk)

**Todd Norton**,** **Applied Cryptographer, Manta Network — Tutorial: Poseidon in ECLAIR

We will walk through an implementation of the popular Poseidon hash function in ECLAIR. The goal is to highlight some of ECLAIR’s features and demonstrate that ECLAIR is ready for complex gadgets. Familiarity with the Poseidon hash is helpful but not strictly necessary.

**Sebastien La Duca**, ZK Engineer — Considering Plonky2

Plonky2 has been out for almost a year now, and many teams are looking to use it. This talk is an engineering-focused talk designed to help you decide whether or not to use it by outlining the more practical reasons why you would or wouldn’t want to use it — concrete performance, tunability, flexibility, developer experience, ecosystem, things it’s good at, and things it’s not.

## Brian Retford, CEO, RISC Zero — Multi-level IR and its utility in ZK

A short introduction to MLIR and our MLIR-based ZK compiler Zirgen.

**Wei Dai**, Cryptography Researcher — On Interoperability of Crypto Compute Environments

This talk extrapolates the recent progress of zero-knowledge applications in blockchains to offer a glimpse into the future — where applications are built using many different computing environments (such as zero-knowledge and on-chain confidential computing). We will discuss one of the main challenges in building towards this future — interoperability between different environments.

## Rahul Maganti, Jump Crypto — CycloneNTT: Improving Twiddle Access for Number Theoretic Transforms

Number-Theoretic-Transform (NTT) is a variation of Fast-Fourier-Transform (FFT) on finite fields. NTT is being increasingly used in blockchain and zero-knowledge proof applications. Although FFT and NTT are widely studied for FPGA implementation, we believe CycloneNTT is the first to solve this problem for large data sets (>= ²²⁴, 64-bit numbers) that would not fit in the on-chip RAM. CycloneNTT uses a state-of-the-art butterfly network and maps the dataflow to hybrid FIFOs composed of on-chip SRAM and external memory. This manifests into a quasi-streaming data access pattern minimizing external memory access latency and maximizing throughput. We implement two variants of CycloneNTT optimized for DDR and HBM external memories. Although historically this problem has been shown to be memory-bound, CycloneNTT’s quasi-streaming access pattern is optimized to the point that when using HBM (Xilinx C1100), the architecture becomes compute-bound. On the DDR-based platform (AWS F1), the latency of the application is equal to the streaming of the entire dataset log N times to/from external memory. Moreover, exploiting HBM’s larger number of channels, and following a series of additional optimizations, CycloneNTT’s only requires (1/6)*log N$ passes.

**Open Discussion Session**

- Hosted by
**Shumo Chu**, Cofounder at Manta Network **Bowen Huang**, Cofounder & CTO at Cysic**Brian Retford**, CEO at RISC Zero**Brandon H. Gomes**, CTO at Manta Network**Eduardo Morais**, Research Engineer at Protocol Labs**Rahul Maganti**, Jump Crypto

# About OpenZL

#OpenZL is an initiative that we started at @MantaNetwork to make it easier for devs who aren’t cryptography experts to build zero-knowledge proofs into their applications. The goal is to make ZKP accessible not just to cryptographers but to all developers.

**About Manta Network**

Manta Network is committed to building a better Web3 world through privacy protection. Manta’s product design starts from first principles and provides end-to-end privacy protection for blockchain users through leading cryptography architectures such as zkSNARK. While ensuring privacy, Manta offers interoperability, convenience, high performance, and auditability, allowing users to conduct private transfers and transactions between any parallel chain of assets. Manta’s vision is to provide more convenient privacy protection services for the entire blockchain world.