Plonkish is a popular circuit format for developing zero-knowledge proof systems that powers a number of major projects in the blockchain space, responsible for holding billions of dollars and processing millions of transactions per day. These projects, including zero-knowledge rollups, rely on highly hand-optimized circuits whose correctness comes at the cost of time-consuming testing and auditing. In this paper, we present Clap, the first Rust eDSL with a proof system agnostic circuit format, facilitating extensibility, automatic optimizations, and formal assurances for the resultant constraint system. Clap casts the problem of producing Plonkish constraint systems and their witness generators as a semantic-preserving compilation problem. Soundness and completeness of the transformation guarantees the absence of subtle bugs caused by under- or over-constraining. Our experimental evaluation shows that its automatic optimizations achieve better performance compared to manual circuit optimization. The optimizer can also be used to automatically derive custom gates from circuit descriptions.

翻译：Plonkish是一种流行的零知识证明系统电路格式，支撑着区块链领域中多个重要项目，负责管理数十亿美元资产并每日处理数百万笔交易。这些项目（包括零知识汇总）依赖于高度手工优化的电路，其正确性以耗时的测试和审计为代价。本文提出Clap，这是首个采用证明系统无关电路格式的Rust嵌入式领域特定语言，能够为生成的约束系统提供可扩展性、自动优化和形式化保证。Clap将生成Plonkish约束系统及其见证生成器的问题转化为语义保持的编译问题。变换的可靠性与完备性保证了由约束不足或过度约束引发的隐蔽错误得以消除。实验评估表明，其自动优化相比手工电路优化实现了更优的性能。该优化器还可用于从电路描述中自动推导自定义门电路。