Owner: @Thomas Lavaur
Reviewer: 🟢@Mehmet 🟢@Daniel Sanchez Quiros 🟢@Álvaro Castro-Castilla
In Nomos, nodes need to produce ZK proofs to interact with the blockchain for various purposes: producing proofs of leadership, proving their right to send messages in the Blend Network, or proving ownership of notes in the Mantle for example.
To support the generation of these ZK proofs, each node must integrate two components: a witness generator that computes the result of a ZK circuit, and a prover that generates the ZK proof of the populated circuit.
The witness generator and prover must be lightweight to enable broad participation in the blockchain, efficient enough to ensure quick generation times for better user experience and to meet Cryptarchia delay requirements, and flexible enough to work across multiple operating systems—promoting easy access and better decentralization.
We benchmarked various witness generators and provers, collecting data on licenses, repository maintenance status, and other metrics. Performance testing was conducted on the proof of leadership circuit using a single CPU thread with the Groth16 proving scheme. For accuracy, we averaged the results across 100 executions for witness generation and 10 executions for proof generation.
The benchmark hardware specifications:
| Witness generators | ‣ | Native Circom C++ | ‣ | ‣ | ‣ | ‣ | ‣ |
|---|---|---|---|---|---|---|---|
| Company | Iden3 (Polygon) | Iden3 (Polygon) | Arkworks | None | Iden3 (Polygon) | kroma | zkmopro |
| Ready for production | No disclaimer | No disclaimer | No disclaimer | No disclaimer | No disclaimer | No disclaimer | No disclaimer |
| Language | JavaScript | C++ | Rust and JavaScript | Rust | Rust | C++ | mainly rust |
| Support GPU ? | 🔺 | 🔺 | 🔺 | 🔺 | 🔺 | 🟢 | 🟢 |
| Supported OS | Supposed Linux, Windows and Mac | Linux, Mac, Windows and supposed on Android and IOS. | Supposed Linux, Windows and Mac | Supposed Linux, Windows, Mac and ARM | Supposed Linux, Windows, Mac, Android and IOS | Supposed Linux and Mac | IOS, Android, Mac |
| PoL time on CPU on 1 thread | 62 ms | 17 ms | 7 396 ms | - | 20 ms | - | - |
| Date of evaluation | 11 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 |
| Maintained ? | 🟢 | 🟢 | 🟨 | 🔺 | 🟢 | 🟨 | 🟢 |
| Licence(s) | GPL-3 | GPL-3 | Apache License 2.0 and MIT | MIT | MIT | Apache Licence 2.0, MIT, BSD-3 | Apache License 2.0 and MIT |
| Miscellaneous | Use the slow WASM code of circom | Use the fast C++ code of circom | Use the slow wasm code of Circom (as in SnarkJS) |
Directly integrable in rust code. | I wasn’t able to use it after compilation due to a lack of documentation | - | I wasn’t able to use it after compilation due to a lack of documentation | Cannot compile in Linux |
| Proof generators | ‣ | ‣ | ‣ | ‣ | ‣ | ‣ | ‣ | ‣ |
|---|---|---|---|---|---|---|---|---|
| Company | Iden3 (Polygon) | Iden3 (Polygon) | Arkworks | zkmopro | Iden3 (Polygon) | Codex IFT | Ingonyama | kroma |
| Ready for production | No disclaimer | No disclaimer | No disclaimer | No disclaimer | No disclaimer | No disclaimer | 🔺 | No disclaimer |
| Language | JavaScript | C++ | rust | mainly rust | Go | Nim | mostly C++ | C++ |
| Support GPU ? | 🔺 | 🟨 through Orbital Finance repo | 🔺 not sure | 🟢 | 🔺 | 🔺 | 🟢 | 🟢 |
| Supported OS | Linux, and supposed on Windows and Mac | Linux, Mac, Windows and supposed on Android and IOS. | Suppposed Linux, Windows and Mac | IOS, Android, supposed Linux, Mac and Windows | Suppposed Linux, Windows and Mac | Suppposed Linux, Windows and Mac | Suppposed Linux, Windows and Mac | Linux and supposed on Mac |
| PoL time on CPU on 1 thread | 11 704 ms | 2 072 ms | 2 686 ms | - | - | - | ~3 500 ms | 2 212 ms |
| Date of evaluation | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 | 12 June 2025 |
| Maintained ? | 🟢 | 🟢 | 🟢 | 🟢 | 🔺 | 🔺 | 🟢 | 🟨 |
| Licence(s) | GPL-3 | LGPL-3 | Apache License 2.0 and MIT | Apache License 2.0 and MIT | GPL-3 | Apache License 2.0 and MIT | MIT | Apache Licence 2.0, MIT, BSD-3 |
| Miscellaneous | - | This may be ported to windows using a porting gmp library |
can be integrated into rust with ‣ | - | Cannot Compile on Linux | I wasn’t able to use it as I don’t know go. I suppose it’s not better than rapidsnark. | I wasn’t able to use it after compilation due to a lack of documentation and I don’t know Nim. | very easy to build | Hard to install |
PoL inputs was generated using the python script available in the Github repository along with the Circom circuit.