Implementations

These are implementations which I have authored. This list is not exhaustive.

Plookup

Short description : A protocol for table lookups.

Paper : https://eprint.iacr.org/2020/315.pdf

Implementation : https://github.com/kevaundray/plookup

Discussion : Comments, corrections and suggestions were sent to the authors regarding the security proof.

Qesa

Short description : A zero knowledge protocol using the DLOG which allows for efficient quadratic constraints.

Paper : https://eprint.iacr.org/2019/944.pdf

Implementation : https://github.com/crate-crypto/qesa

Discussion : Comments, corrections and suggestions were sent to the authors regarding the prover runtime. See paper for more details.

PLONK

Short description : A zero knowledge protocol which allows for efficient evaluation of custom constraints.

Paper : https://eprint.iacr.org/2019/953.pdf

Implementation : https://github.com/dusk-network/plonk

Discussion : Comments and corrections were sent to the authors. This implementation separates the commitment scheme from the constraint system and therefore works for all homomorphic commitment schemes.

Ed448-Goldilocks with Decaf

Short description : Multiple isogenous elliptic curves with a protocol for removing the cofactor.

Papers :

• https://eprint.iacr.org/2015/625.pdf
• https://www.shiftleft.org/papers/decaf/decaf.pdf
• https://www.shiftleft.org/papers/isogeny/isogeny.pdf
• https://www.shiftleft.org/papers/fff/fff.pdf

Implementation : https://github.com/crate-crypto/Ed448-Goldilocks

Discussion : The main purpose of this codebase was to port the reference implementation from C into Rust with a clearer structure.

X448

Short description : Elliptic-Curve Diffie-Hellman. A key agreement protocol to generate a shared secret.

Paper : https://tools.ietf.org/html/rfc7748#page-7

Implementation : https://github.com/crate-crypto/x448

MLSAG - Schnorr derived ring signature

Short description : A schnorr derived ring signature scheme.

Paper : https://eprint.iacr.org/2019/654

Implementation : https://github.com/crate-crypto/MLSAG

Discussion : Comments, corrections and suggestions were sent to the authors regarding the security proof. Benchmarks were sent to the Monero community as a normative comparison to the CLSAG implementation with Ristretto.

CLSAG

Short description : A schnorr derived ring signature scheme. Using an aggregation trick, it achieves improvements over MLSAG.

Paper : https://eprint.iacr.org/2019/654

Implementation : https://github.com/crate-crypto/CLSAG

Discussion : Comments, corrections and suggestions were sent to the authors regarding the security proof. Benchmarks were sent to the Monero community suggesting that using Ristretto increases the verification time and consequently can allow one to increase the ring size of the Monero blockchain.

JubJub

Short description : A twisted edwards curve. It’s main use case is as an embedded curve in Zk-Snarks with bls12-381.

Implementation : https://github.com/crate-crypto/go-jubjub

Discussion : This is a reference implementation of the first Rust implementation.

Other

These are codebases which I have previously authored, contributed a significant amount of code to, or codebases which I have enjoyed contributed to. This list is not exhaustive.

Dusk-Blockchain

Short description : A full node implementation of the dusk protocol.

Implementation : https://github.com/dusk-network/dusk-blockchain

Although I was once the author of this project, it has changed significantly enough to be put in Other.

Discussion : This full node implementation also required the implementation of a variant of RingCT, the bulletproofs rangeproofs protocol and a wallet to interact with the full node.

Neo-Go

Short description : A full node implementation of the neo protocol.

Implementation : https://github.com/nspcc-dev/neo-go

Although I was once the author of this project, it has changed significantly enough to be put in Other.

Discussion : This was originally a reference implementation of https://github.com/decred/dcrd with significant modifications applied to account for the simpler protocol in Neo. The reference was used as, at the time, it was one of the only readable modular implementations of a full node. The current implementation may differ from my original vision, as I have not been the maintainer for a few years.

ZkVM

Implementation : https://github.com/stellar/slingshot

Short description : A zero knowledge virtual machine using bulletproofs.

Discussion : Code contributions were made, however my main contributions were to the specification.