CAP-0059 is highly relevant to this project. It introduces native BLS12-381 cryptographic operations to Soroban, specifically designed to enable zero-knowledge proof verification in smart contracts. This directly aligns with OpenZKTool's mission.
Key consideration: OpenZKTool currently uses BN254 (BN128) curve with Groth16 proofs, while CAP-0059 standardizes BLS12-381. This creates both an opportunity and a strategic decision point.
CAP-0059 ("BLS12-381 Host Functions") adds 11 new cryptographic host functions to Soroban smart contracts:
Curve Operations:
- Point addition and scalar multiplication on G1 and G2 groups
- Multi-scalar multiplication (MSM) for batch operations
- Hash-to-curve operations (RFC 9380 compliant)
Field Arithmetic:
- Modular operations on Fr scalar field
- Scalar inversion for division
Why This Matters: These operations are the foundation for:
- Zero-knowledge proof verification
- BLS signatures
- Polynomial commitments
- Advanced cryptographic protocols
Problem Space: CAP-0059 exists because "Pairing friendly elliptic curve operations are the backbone of many advanced Zero Knowledge (ZK) constructions" - exactly what OpenZKTool provides.
Use Case Overlap:
- Privacy-preserving verification
- Identity management
- Scaling solutions
- Compliance + privacy
Strategic Positioning: OpenZKTool demonstrates these use cases working TODAY on Stellar, making it a compelling early example of what CAP-0059 will enable at scale.
Current Implementation:
- OpenZKTool: BN254 (BN128) curve
- Groth16 proving system
- Verified with custom pairing operations
CAP-0059 Standard:
- BLS12-381 curve
- Native Soroban host functions
- Optimized cost metering
Implication: OpenZKTool contracts currently implement pairing verification in Rust/WASM. CAP-0059 will enable much more efficient verification using native host functions - but requires migrating to BLS12-381.
Short term: Continue BN254 implementation
- Proven, working today
- Extensive tooling (snarkjs, circom, many audited implementations)
- Demonstrates ZK capabilities immediately
Long term: Add BLS12-381 support when CAP-0059 is live
- Native Soroban support = lower gas costs
- Future-proof for Stellar ecosystem
- Align with ecosystem standards
Migration Path:
- Keep BN254 circuits working (2024-2025)
- Add BLS12-381 circuit variants (when CAP-0059 launches)
- Update Soroban contract to use host functions
- Maintain both for compatibility period
- Eventually deprecate BN254 once ecosystem migrates
Approach: Migrate to BLS12-381 now
- Align with future Stellar standard
- Prepare for native host function integration
- Requires significant circuit rewrites
Trade-offs:
- Less mature tooling ecosystem
- More complex initial implementation
- Positions as "CAP-0059 ready"
| Aspect | BN254 (Current) | BLS12-381 (CAP-0059) |
|---|---|---|
| Curve Type | Barreto-Naehrig | Barreto-Lynn-Scott |
| Security Level | ~100 bits (controversial) | 128 bits (strong) |
| Pairing Efficiency | Fast, but aging | Industry standard |
| Tooling | Excellent (snarkjs, etc.) | Growing |
| Soroban Support | Custom implementation | Native host functions |
| Gas Cost | Higher (WASM pairing) | Lower (native operations) |
| Ecosystem | EVM standard | Stellar future standard |
Message: "OpenZKTool demonstrates the exact use cases that CAP-0059 is being built for - privacy-preserving verification on Stellar. We're showing what's possible today, and we're ready to adopt CAP-0059 when it launches for even better performance."
Positioning:
- Early adopter of ZK on Stellar
- Proof of concept for CAP-0059 use cases
- Migration path defined for BLS12-381 adoption
Phase 1 (Current): BN254 + Custom Pairing
- Demonstrate working ZK on Soroban
- Prove feasibility of privacy-preserving contracts
- Build developer tools and documentation
Phase 2 (CAP-0059 Launch): Add BLS12-381 Support
- Rewrite circuits for BLS12-381
- Update Soroban contract to use host functions
- Benchmark gas cost improvements
Phase 3 (Future): Ecosystem Standard
- Publish BLS12-381 circuit library
- Integrate with CAP-0059 ecosystem tools
- Maintain backward compatibility where needed
What CAP-0059 Does: Imagine you want to verify a secret password, but checking if the password is correct takes a very long time and costs money. CAP-0059 adds special built-in tools to Stellar that make this verification much faster and cheaper.
How OpenZKTool Relates: OpenZKTool is like a working example of why those tools are needed. We show that you can verify private information (like KYC checks) without revealing the details. Right now, we use our own method that works but is slower. When CAP-0059 is ready, we can switch to the faster built-in tools.
Simple Analogy:
- OpenZKTool: Solving math problems with a calculator you built yourself
- CAP-0059: Stellar adding a built-in scientific calculator
- Future: Using the built-in calculator because it's faster and cheaper
Why Both Matter:
- We prove it works NOW
- CAP-0059 makes it work BETTER later
- Together they show Stellar is serious about privacy
Does CAP-0059 serve this project? Yes, absolutely. CAP-0059 provides the native infrastructure that will make OpenZKTool's verification dramatically more efficient on Stellar.
Why it doesn't serve us YET:
- CAP-0059 is a future upgrade, not live today
- Requires curve migration (BN254 → BLS12-381)
- Native host functions need Soroban contract updates
Strategic Value: OpenZKTool demonstrates the demand for what CAP-0059 will enable. This positions the project as:
- Early validation of CAP-0059 use cases
- Reference implementation for ZK on Soroban
- Ready to migrate when ecosystem standards mature
Recommendation: Maintain BN254 implementation for immediate functionality, plan BLS12-381 migration for post-CAP-0059 efficiency gains.
- CAP-0059 Proposal: https://github.com/stellar/stellar-protocol/blob/master/core/cap-0059.md
- BLS12-381 Specification: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature
- Stellar Privacy Roadmap: https://stellar.org/blog/sdf-roadmap-2024
- OpenZKTool Current Implementation:
/soroban/src/lib.rs