Mirror of forum.nim-lang.org

11935 :: Releasing Constantine v0.1.0 - A modular cryptography stack for blockchain and proof systems

• mratsim (orginal) [2024-07-06T01:05:53+02:00] view original

  I am very proud to release the very first version of Constantine, a high-performance modular cryptography stack for blockchains and proof systems.

  I thank Ethereum Protocol Fellowship Program and Status for sponsoring the part-time work of 2 fellows on Constantine (then hiring them!) as well as a couple hours a week of my time for several months to prepare an upcoming complete refactoring of the Ethereum blockchain called Verkle Tries/Trees.

  I also thank Araq, ringabout and all other contributors to the Nim compiler: the static ICE must flow.

  Today Constantine is focused on the Ethereum blockchain, tomorrow I hope it will also address the need of (potentially Zero-Knowledge) proof systems and privacy-preserving protocols.

  It currently exposes the following high-level protocols:

  • BLS signatures for Ethereum
  • BLS Key derivation for Ethereum - EIP-2333
  • Optimized BigInt and Cryptographic Primitives for the Ethereum Virtual Machine
  • KZG commitment for EIP4844 for scaling Ethereum
  • SHA256 hash function
  • Exposing the operating system Cryptographically Secure RNG
  • An optimized threadpool, building upon both the performance of Weave and the simplicity and auditability of nim-taskpools.

  On Ethereum protocols, Constantine is noticeably faster than other alternatives on x86 thanks to a mix of theoretical math, engineering and hardware-specific optimizations.

  Those high-level protocols hide a modular stack of generic math and cryptography that can be reused to build optimized cryptographic protocols. This even includes a JIT assembler as macro for x86 and a code generator for Nvidia GPU assembly through LLVM IR, skipping Cuda and Nvidia toolchain woes.

  On the security side:

  • Constantine has been written to have zero-dependency, besides the Nim compiler. It doesn't depend on Nim runtime or even allocator (including exceptions or sequences). This eases using tools like sanitizers or Valgrind, significantly hinder supply chain attacks, reduces security audit scope and will allow end-users to use specialized allocators like jemalloc. Current proof systems may need more than 1TB of memory for hours for example when proving the Ethereum Virtual Machine which is very different from what Nim allocator was built for.
  • Constantine features as far as I know the largest test suite in the Nim ecosystem after the Nim compiler and Nimbus with 176 Nim files, 159 Json files and 253 yaml test vectors.
  • The tests use a custom RNG that trigger rare events like carries (2⁻⁶⁴ chance) with high probability
  • Constantine has had a fuzzing campaign sponsored by the Ethereum Foundation and has been added to Google OSS Fuzz: https://github.com/google/oss-fuzz/pull/10710
  • It strive to test 32-bit, 64-bit, Linux, Windows, MacOS, x86, ARM as part of its CI. (Technically ARM hasn't work since Travis CI removed the free tier, but Github MacOS now uses ARM so soon)
  • Constantine has NOT had a security audit. Here be dragons!

  Constantine is built with use-cases beyond Nim:

  • It has a C, Go and Rust backend within the repo. Python, C#, Typescript, Java are being considered to serve the full range of Ethereum clients + fast prototyping in Python.
  • It can accelerate Rust ZK proof systems through ZAL, the ZK (Zero-Knowledge) Acceleration API: https://github.com/privacy-scaling-explorations/halo2/issues/216

  The future:

  Please refer to https://github.com/mratsim/constantine/blob/v0.1.0/PLANNING.md and the issue tracker https://github.com/mratsim/constantine/issues?q=is%3Aopen+is%3Aissue+label%3A%22enhancement+%3Ashipit%3A%22

  This includes:

  • Continuing to follow Ethereum needs
  • A focus on proof systems, zero-knowledge and potentially zkML (zero-knowledge machine learning)
  • ARM Assembly
  • RISC-V / WASM / WebGPU code generation
  • Nvidia/AMD/Intel GPU code generation
  • Potentially using LLVM MLIR and other compiler techniques for zkVMs (Virtual Machines for Proof Systems)

  Some potential goals that I have no time for at the moment:

  • Compete in the language benchmark game for https://programming-language-benchmarks.vercel.app/problem/secp256k1
  • Implement classic cryptography like TLS or QUIC (Webrtc dependency) or Json Web Tokens in pure Nim
  • Implement Fully-Homomorphic Encryption to enable privacy-preserving machine learning
  • Implement Post-Quantum Cryptography in pure Nim

---

• mratsim (orginal) [2024-07-06T13:39:06+02:00] view original

  For those interested in Nim performance vs C, Rust, Go implementations of the same algo, I have made a comprehensive post at https://ethresear.ch/t/releasing-constantine-v0-1-0-a-modular-cryptography-stack-for-ethereum/19990

---

• pietroppeter (orginal) [2024-07-07T08:25:53+02:00] view original

  👏👏👏

  🗝️

---

• Clonk (orginal) [2024-07-07T17:55:05+02:00] view original

  Very impressive.

---

• wwang1990 (orginal) [2024-07-08T11:02:21+02:00] view original

  Congratulations :)

  I hope your Constantine will be the foundamental stones of blockchain.

---

• mratsim (orginal) [2025-01-27T11:02:24+01:00] view original

  And I've released v0.2.0 yesterday!

  Announcement: https://github.com/mratsim/constantine/releases/tag/v0.2.0

  I'll skip the cryptography-heavy part to present the Nim specific features developed within that time.

  1. There is a compile-time ARM64 assembler implemented in Nim macros:

     • Assembler: https://github.com/mratsim/constantine/blob/v0.2.0/constantine/platforms/isa_arm64/macro_assembler_arm64.nim
     • complex example usage, big int mul: https://github.com/mratsim/constantine/blob/v0.2.0/constantine/math/arithmetic/assembly/limbs_asm_mul_arm64.nim#L23-L125

  2. LLVM IR to AMD GPU JIT compiler, already discussed here https://forum.nim-lang.org/t/12184
  3. Constantine's threadpool had a deadlock fix on ARM64 and other ISA with weak memory model (i.e. loads/stores are not cache-coherent across CPUs unless explicitly asked)
  4. Nim faster than C, C++, Go and Rust: https://github.com/grandinetech/rust-kzg
  5. SHA256 and SHA3/Keccak faster or within 1% of OpenSSL
  6. A Nim install script for CI that can handle builds from website|nightlies|source, with specific versions or branches for Linux (x86-32, x86-64, ARM32, ARM64), MacOS (x86-64, ARM64), Windows (x86-64) https://github.com/mratsim/constantine/blob/v0.2.0/scripts/install_nim.sh

---

• Clonk (orginal) [2025-01-27T23:33:19+01:00] view original

  Amazing work even if I don't understand half what you're doing :D

---

• mratsim (orginal) [2025-01-28T08:58:41+01:00] view original

  If you understand half, I have a job for you as a cryptography engineer :P

---