NEBRA is a research & development organization working to make the zero-knowledge future a reality. We research and build technologies, infrastructure, and products to facilitate the mass adoption of zero-knowledge proofs.  Our first step towards this goal is to scale the proof settlement capabilities of Ethereum in a trustless and censorship resistant manner. To achieve this, we are developing [Universal Proof Aggregation](https://eprint.iacr.org/2023/869) technologies, to aggregate proofs generated from different circuits, different proof systems and different parties. Read more from [Introducing NEBRA Article](https://docs.google.com/document/d/1RPSyZJrlRkmGllKnKxMxL5sU_KttOGAsAVM0H8NgY4o/edit?usp=sharing) ## The Problem: expensive ZKP onchain settlement One of the biggest problems that prevent zero-knowledge future from reality is the expensive onchain settlement (verification) cost. Below shows the cost of verifying different kinds of zero-knowledge proof on Ethereum today: | Proof System | Gas Cost | FIAT cost (10 gwei gas/ Ether 2000 USD) | |---------------|-----------|-------------------------------------------| | Groth16 | 250,000 | 5 US Dollar | | Halo2-KZG | 400,000 | 8 US Dollar | | STARK-FRI |1,500,000 | 30 US Dollar | This expensive proof verification cost means only a few kinds of applications can be built today (the ones that can justify the high verification cost), and only a subset of users have access to proof verification (the ones that can afford it). We believe a future where onboarding to vote privately on a DAO costs $20 will exclude a majority of the world, a majority who we believe blockchain technology should also serve. NEBRA proposes using zero knowledge proofs themselves to scale zero knowledge proof verification. As a result, zero knowledge proof settlement on Ethereum can be more accessible to the general public. The core idea is to use highly efficient recursive SNARKs ([IVCs](https://iacr.org/archive/tcc2008/49480001/49480001.pdf)/[PCDs](https://dspace.mit.edu/handle/1721.1/61151)) to get a near unlimited amount of recursion (almost) for free. This means we can recursively prove multiple zero-knowledge proofs **off-chain**, and verify only *a single aggregated proof* **onchain**. This significantly improves on the status quo, and provides nearly unbounded efficiency. ## Saturn, Saturn, Saturn **Saturn** is NEBRA's first product, which brings high throughput/low cost proof verification to `Groth16` Proofs (which is most widely used proof system on Ethereum [dune dashboard](https://dune.com/frits/zk-verify-pairing)). Saturn aggregates multiple proofs (`8`/`16`/`24`/`32` proofs per batch) into a single aggregated proof to be verified onchain. As a result, zero knowledge proof powered applications (privacy preserving apps/zkRollups/zk-coprocessors/zkML) can have much cheaper amortized proof verification cost (at least >50% reduction). To use Saturn is simple, for example, before using Saturn, a ZK powered app usually calls onchain verify function which wrapped pairing precompile such as: ```solidity function verifyProof(bytes calldata proofBytes, bytes calldata publicInputs, VK calldata vk) ``` Instead, ZK powered app simply needs to call deployed Saturn contract (by NEBRA Labs) instead: ```solidity function submitProof(uint256 circuitId, bytes calldata proofBytes, uint256[] calldata publicInputs) ``` Where `circuitId` is the Poseidon hash of verification key of the circuit. More can find in: [[Saturn Deployment]] [[Integrating with Saturn]] [[Security of Saturn]] ## Saturn Architecture ![[Saturn Architecture.png]] Architecturally, Saturn contains the following parts: - **Saturn contract:** entry point contract deployed on `Ethereum`/`Optimism`/`Arbitrum`/`zkSync` - **Offchain worker:** consists of the following parts - RPC Listener: listens to proofs submitted to Saturn contract - *SaturnX* Prover (GPU powered): perform offchain proof aggregation * **Proof indexer/proof explorer:** indexing and display verified proofs by Saturn * **Saturn SDK:** SDK helps ZK powered App user to integrate with Saturn