This document outlines a strategy for efficient management and distribution of SNARK artifacts, which are essential for verifying or creating zero-knowledge proofs but are challenging to distribute due to their size. This project propose a solution leveraging npm for versioning and integrity checks, and AWS S3+CloudFront for distribution; focusing on ease of access and reusability within the community.
SNARK artifacts are relatively large binary files (typically .wasm
, .zkey
and .json
files) required across numerous projects for cryptographic operations. If these operations take place in a browser, including the SNARK artifacts in the JavaScript libraries can increase the size of the bundle by many MBs depending on the project.
Their size and frequent updates pose challenges for version control, efficient distribution, and project repository bloat, necessitating an effective management and distribution solution.
Cryptographic proofs, particularly those involving SNARKs, require specific artifacts that are circuit specific (e.g. see phase 2 .zkey
) for proof verification and generation.
- Efficiently distribute SNARK artifacts without repository bloat.
- Ensure artifacts are easily accessible and reusable by the community.
- Provide version control for artifacts to enable access to different versions as needed.
- Implement integrity checks to ensure artifact authenticity.
- Automate file distribution.
- Decentralize version control (e.g. Radicle).
- Decentralize file distribution (e.g. IPFS).
Tool | Purpose | Pros | Cons |
---|---|---|---|
Git | - Version control. | ||
GitHub | - Repository management. - Hosting. |
- Centralization. - Repository bloat. |
|
npm | - Versioning. - Distribution as packages. |
- Integrity checks (npm audit signatures ). |
- Centralization. - Bloat if included as dependencies. |
AWS S3 + CloudFront CDN | - Files distribution. | - Fast. - Light: no need to include artifacts in project build as dependencies. - Compatible with npm versioning. |
- Centralized. - No integrity check. |
Web Application | - Provide a simple GUI to download snark artifacts | - Simplicity. - Convenience. |
GitHub/Git are used for the detailed management of the artifact repository, offering advantages like sparse-checkout. This feature is particularly useful for developers needing access to a subset of artifacts, reducing the footprint and speeding up the local setup and development process.
npm is central to this solution, serving not only for version control and distribution but also for ensuring the integrity of the artifacts. After artifacts are fetched from a CDN, the integrity of these packages can be verified using NPM's built-in capabilities such as npm audit and signature verifications. This adds an essential layer of security, ensuring that the downloaded artifacts have not been tampered with and are exactly as published. It's a vital step for cryptographic artifacts where integrity is paramount.
The npm packages will be part of the @zk-kit
npm org and will have the following format: @zk-kit/{project}-artifacts
.
Artifacts packages are released either as major or beta versions.
Only major releases contain artifacts generated with genuine trusted setup (see ceremony.pse.dev).
Beta releases contain artifacts generated with dummy setups and should therefore not be trusted to generate proofs in production environments or sensitive applications.
source circuits are packaged | artifacts package version | custom circuit field in package.json |
ex |
---|---|---|---|
yes | should match circuits' version | must be set to circuits package name | @zk-kit/semaphore-artifacts |
no | has its own version | must be set to the remote commit sha url referring to the circuit |
We use CloudFront, a Content Delivery Network (CDN), to deliver content stored as static files on an S3 instance. CDNs provide a layer for the npm packages, enabling fast and reliable access to artifacts worldwide. This service allows projects to use artifacts without including them directly in their build, optimizing download times and minimizing bandwidth usage. Despite being a centralized distribution method, it offers unparalleled ease of access to the necessary files.
The snark-artifacts.pse.dev web application provides a simple interface for users to download specific version of any artifacts supported by this project without requiring technical knowledge.
In summary, this approach leverages the strengths of each platform to address the distribution, version control, and security of SNARK artifacts. GitHub/Git enhances repository management and selective access for developers, NPM ensures artifact integrity and manages versions, and CDNs facilitate fast, global distribution. This strategy effectively meets the challenges of managing relatively large, frequently updated cryptographic artifacts in a secure and efficient manner.