Evaluating the LEO Compiler for Zero-Knowledge Applications

In the realm of secure computing, zero-knowledge applications play a vital role in protecting sensitive data. To ensure the efficiency and reliability of these applications, the LEO compiler has emerged as a powerful tool. In this blog post, we delve into the evaluation of the LEO compiler, exploring its methodology, benchmark programs, and performance results.

Methodology

To gauge the effectiveness of the LEO compiler, a comprehensive evaluation methodology was devised. The primary focus was on measuring the running time of crucial compiler phases. The machine used for evaluation featured an AMD Ryzen Threadripper 3960x at 3.8 GHz with 64 GB of RAM.

Benchmark Programs

Three diverse LEO programs were implemented and assessed for their constraint sizes:

Pedersen Hash: A simple 256-bit Pedersen hash circuit that evaluates a message using public parameters.

A simple 256-bit Pedersen hash circuit

Bubble Sort: A standard algorithm to sort an array of u32 elements.

A bubble sorting algorithm function.

Least-squares Linear Regression: A machine learning algorithm that models the linear relationship between two variables.

Evaluation of Compiler Phases

Each compiler phase underwent individual performance evaluation. The running time for parsing LEO programs from source code to their AST representations, ASG compiler passes, and circuit synthesis to R1CS representation were measured. Notably, circuit synthesis accounted for the majority of compilation time.

Running time for parsing each compile phase from LEO source code to an R1CS instance.

Formal Verification of Blake2s from LEO CORE

Utilizing the Axe Lifter and Axe Prover for R1CS, a handcrafted R1CS gadget representing the Blake2s hash function was formally verified. The verification process achieved promising results for the one-round version, composed of 2,864 variables and 2,896 constraints. The full version with 21,728 variables and 22,048 constraints required more time, though future improvements are anticipated.

Conclusion

The evaluation of the LEO compiler has proven its efficiency and robustness in handling complex zero-knowledge applications. With its ability to handle cryptographic functions and support various zkSNARK proof systems, the LEO compiler empowers developers to build secure and privacy-preserving solutions. As further optimizations and improvements are underway, the LEO compiler is expected to remain at the forefront of zero-knowledge application development.

For developers seeking powerful tools to construct secure zero-knowledge applications, the LEO compiler offers a reliable solution with promising performance and formal verification capabilities.