Constantine v0.2.0 (Jan 2025)

I have released last weekend Constantine v0.2.0.

Release notes: Release Constantine v0.2.0 "Coat of Arms" · mratsim/constantine · GitHub

Highlights:

• [Consensus] Constantine has seen significant speed on ARM64 (18% for BLS verification to 27% for signatures, for now MacOS until runtime CPU feature detection lands for Linux, Android and iOS) and is now faster than BLST on ARM64.
  
  

  image2939×237 85 KB

  As a side note, Apple M4 Max (a laptop CPU is as fast single-threaded as AMD overclocked flaship i9-9950X)

• [Consensus] This integrates EF sponsored work to make Secret Leader Election fast enough to be practical: The return of Torus Based Cryptography: Whisk and Curdleproof in the target group - #4 by mratsim
• [Execution] Precompiles and key primitives are almost all supported with only Blake2 missing, and ECDSA/ECRECOVER under review as it seems to me like the EVM is underspecified and test coverage of error handling is insufficient. The following have been added to Nim, C and Rust backend
  • Keccak
  • RIPEMD160
  • KZG Point Evaluation (EIP 4844)
  • ECDSA (secp256k1) and ECRECOVER are added and pass tests but unexposed and having a second round of review AND performance optimization.
    Performance on Apple M4 MAX:
    
    

    Performance on Apple M4 MAX686×1201 38.9 KB
    
    Performance on Ryzen 9 9950X overclocked
    
    

    image1132×1328 333 KB
    
    I can add perf on laptop CPUs, the recommended mini-PCs from @kevaundray and even Raspberry Pi 4 if desired.
• [Proof system] There is a circom/rapidsnarks Groth16 prover in PR pending review
• [Backend] There is now a prototype JIT compiler that can output a serial MSM on Nvidia GPUs and we can also JIT compile for AMD GPUs. In the future I expect all integrated GPUs even in laptops and mini-PCs to be decently fast (for AI) and fast enough to accelerate multiscalar multiplications (MSM) and KZG blobs.
• [Backend] That JIT compiler backend can also be used to generate assembly ahead of time. This would enable using Constantine in Go and Rust without needing to have the Nim compiler installed.
  Furthermore, I plan to SIMD vectorize MSMs for hopefully an extra 2~4x on KZG, paving the way for very fast PeerDAS (and it would be also beneficial for KZG-based proof systems). Note that Constantine (and Gnark) are already around 2x faster than Rust-based MSM and KZG implementation (see Pasta / Halo2 MSM bench by mratsim · Pull Request #243 · mratsim/constantine · GitHub and Parallel Multi-Scalar-Multiplication by mratsim · Pull Request #226 · mratsim/constantine · GitHub)
• [Benchmark] Constantine can now output bench timings compatible with https://zka.lc for easy comparison, instructions: feat(bench): PoC of integration with zkalc by mratsim · Pull Request #425 · mratsim/constantine · GitHub

Lastly, I’m gearing for an audit and looking for auditors, sponsors and review on audit scope. The scope can be split as finding auditors that cover the entire stack (from assembly to KZG with pairings in-between) might be hard. Issue/discussion: audit: tentative scoping document by mratsim · Pull Request #483 · mratsim/constantine · GitHub