Sirius, renowned as the most luminous star in the night sky, deceives the naked eye by appearing as a solitary point of light when, in fact, it is a binary star system. Inspired by this duality, our project bears the name Sirius, capturing the essence of folded instances that give the illusion of being a singular entity.

Sirius is an open-source Plonkish Folding Framework for Incrementally Verifiable Computation [IVC].

Within the context of an IVC scheme, the prover's role is to demonstrate that, upon consecutively applying a step function F exactly n times to an initial value $z_0$, the result is $z_n$. Here, the step function F takes two inputs $z_i$ and $w$, and yields an output $z_{i+1}$.

The Sirius folding framework is designed with a three-tiered architecture.

• Arithmetization Layer: This layer serves as the interface of the constraint system. User-defined circuits and witness data are converted into an intermediate representation format defined by the folding scheme. Our current implementation follows the special-sound interactive protocol (SPS) from Protostar.
• Folding Scheme Layer: At the heart of the framework is the folding scheme IVC circuit that accumulates the computations of multiple steps. At each step, the prover first calculates the instance-witness pairs from the previous step and folds them into the accumulator, then computes the cross terms and error vector for the folded instance-witness pairs. An IVC circuit then takes the outputs from the prover and performs the following steps: apply the step function F, fold the previous step's instance into the accumulator instance, and verify the inputs of the IVC circuit.
• SNARK Layer: The SNARK layer leverages Polynomial Interactive Oracle Proofs (PIOP) and Polynomial Commitment Schemes (PCS) to generate zkSNARKs for succinct and zero-knowledge verification. Polynomial relation checks of the IVC decider are converted to the multivariate sum-check protocol. The evaluation phase of the sum-check protocol depends on the polynomial commitment scheme (PCS) we choose, e.g. Hyrax. It is worth noting that when the polynomials are sparse, we can use the Spark compiler from Spartan to handle them efficiently.

• 2023Q4 - halo2 frontend support
• 2023Q4 - folding scheme for plonkish custom gates
• 2023Q4 - folding scheme for lookup arguments
• 2024Q1 - IVC circuit
• 2024Q1 - IVC Benchmarks
• 2024Q1 - Snarkify Cloud integration and GPU acceleration
• 2024Q2 - Agg circuit
• 2024Q2 - high-degree gates optimization from Protogalaxy
• 2024Q3 - IOP + PCS SNARK support (Spartan / Hyperplonk)
• 2024Q4 - on-chain verifier support

The estimated timeline is subject to change.

/// To allow your circuit to be folded, impl this trait
/// `ARITY` - size of input & output
pub trait StepCircuit<const ARITY: usize, F: PrimeField> {
    type Config: Clone;
    fn configure(cs: &mut ConstraintSystem<F>) -> Self::Config;
    /// This method represents step function `F: z_i -> z_{i+1}`
    ///
    /// Unlike `halo2::Circuit`, it takes array of assigned cells
    /// and returns array of assigned cells
    fn synthesize_step(
        &self,
        config: Self::Config,
        layouter: &mut impl Layouter<F>,
        z_in: &[AssignedCell<F, F>; ARITY],
    ) -> Result<[AssignedCell<F, F>; ARITY], SynthesisError>;
}

We'd love for you to be a part of our community!

If you're as enthusiastic about Sirius as we are, we invite you to join our developer community at Telegram. It's a great place to stay updated, get involved, and contribute to the project. Whether you're looking to contribute code, provide feedback, or simply stay in the loop, our Telegram group is the place to be.

👉 Join our developer community

Thank you for your interest in contributing to Sirius! ✨