Aleo’s circuits and GPU acceleration
Aleo is one platform for building private applications. To that purpose, a total of four circuits and two zero-knowledge algorithms (Groth16/Marlin) are used by Aleo. This article tries to explain Aleo’s design from the circuits’ point of view. Further, the proving performance of those circuits can be accelerated by GPU. And the PoSW circuit’s performance can be accelerated by more than 4 times.
Four Circuits
Aleo uses four circuits for private applications — PoSW circuit, Inner circuit, Outer circuit, and Program circuit. All circuits work together to make Aleo private.
To keep transactions anonymous, the sender/receiver information and transaction value are encrypted. One transaction is composed of several transitions. One transition is one tuple of two input records and two output records. The record is the “basic” transition information, including owner, value, payload, program ID, and so on. Keep in mind that one record is encrypted and only can be decrypted by “viewing key”. The Inner, Program, and Outer Circuits are used to constrain one transition is correct.
- Inner Circuit
The Inner Circuit is used to constrain the values from two input records are equal to values from two output records plus transition fee. Inner Circuit is constrained by Groth16 algorithm.
- Program Circuit
One transition is with different operations: Noop, Coinbase, Transfer and Evaluate. Noop operation is used for none operation. Coinbase operation is used for block reward. Transfer operation is used to token transfer. Evaluation brings the programmability. For one transition, two input records are “consumed” by a specified program, and two output records are “produced”, constrained by the specified Program Circuit. Program Circuit is constrained by Groth16 algorithm.
- Outer Circuit
As mentioned above, for one transition, there are two circuits. That’s to say, there are two proofs for one transition. The Outer Circuit helps to combine those two proofs into one. One Outer Circuit ties to verify one Inner Circuit and according Program Circuit. Outer Circuit is constrained by Groth16 algorithm.
All transactions are serialized by transaction ID, which is the serialization of several transition IDs. Those transactions are constructed as Merkle tree and only the Merkle tree root is saved in Block Header.
- PoSW Circuit
Aleo uses the “PoSW” consensus algorithm. PoSW — Proof of Succinct Work. Block Header is composed of previous ledger root, current transactions’ root, metadata, and one nonce. PoSW circuit tries to calculate one “masked” Merkle tree, in which nonce is the mask. If one proof is found with specified difficulty, the miner can create the block. By the way, the ledger root of Aleo is NOT accouts’ Merkle root anymore. Aleo’s ledger root is the Merkle root of all block headers. PoSW Circuit is constrained by Marlin algorithm.
Proving Performance Acceleration
GPU can accelerate the proving performance for all the above circuits. The performance is measured on the CPU (Intel Xeon Gold 6254) and GPU (Nvidia RTX 3090). Note that Program Circuit’s proving performance is dependent on the program itself, which is NOT measured and summarized in the table.
Summary:
Aleo is one platform for building private applications. Aleo uses four circuits to keep all transaction information confidential. PoSW circuit is used for consensus. The proving performance for all circuits can be accelerated by GPU. With Nvidia RTX 3090, the PoSW circuit proving performance can be accelerated by more than four times.
