From the heights of these towers of fields, forty centuries of mathematics look down on us.
This library provides an efficient implementation of cryptographic primitives used to build proving systems. Along with it, many backends for proving systems are shipped, and compatibility with different frontends is supported.
- Transforming the Future with Zero-Knowledge Proofs, Fully Homomorphic Encryption and new Distributed Systems algorithms
- Lambda Crypto Doctrine
Below is a list of examples to understand lambdaworks and learn what you can build with the tools provided. Most are educational examples and must not be used in production.
- ECDSA signatures (secp256k1)
- BLS signatures
- Schnorr signatures
- FROST threshold signatures
- XMSS post-quantum signatures
-
You can use Circom to generate circuits and use lambdaworks's capabilities to prove the execution with Groth16.
-
You can use the Stark prover to define an algebraic intermediate representation (AIR) and prove the execution of a program
Zero-Knowledge and Validity Proofs have attracted significant attention over the last few years. We strongly believe in this potential, which is why we decided to start working in this challenging ecosystem where math, cryptography, and distributed systems meet. The main barrier at the beginning was not cryptography or math, but the lack of good, performant, developer-friendly libraries. There are some exceptions, though, like gnark or Halo 2. Some have nice APIs and are easy to work with, but they are not written in Rust; others are written in Rust but have poor programming and engineering practices. Most of them don't support CUDA, Metal, WebGPU, or distributed FFT calculations using schedulers like Dask.
So, we decided to build our library with performance in mind, providing clear documentation and a developer-focused approach. Our core team is a group of passionate people from diverse backgrounds and strengths; we believe the whole is greater than the sum of its parts. We don't want to be a compilation of every research result in the ZK space. We want this to be a library that can be used in production, not just in academic research. We want to offer developers the main building blocks and proof systems so that they can build their applications on top of this library.
Add lambdaworks to your project:
[dependencies]
lambdaworks-math = "0.13.0"
lambdaworks-crypto = "0.13.0"use lambdaworks_math::field::{
element::FieldElement,
fields::fft_friendly::stark_252_prime_field::Stark252PrimeField,
};
// Create field elements
type FE = FieldElement<Stark252PrimeField>;
let a = FE::from(5u64);
let b = FE::from(3u64);
// Arithmetic operations
let sum = &a + &b; // 8
let product = &a * &b; // 15
let square = a.square(); // 25
let inverse = b.inv().unwrap();
assert_eq!(&b * &inverse, FE::one());use lambdaworks_math::elliptic_curve::{
short_weierstrass::curves::bls12_381::curve::BLS12381Curve,
traits::IsEllipticCurve,
};
// Get the generator point
let g = BLS12381Curve::generator();
// Scalar multiplication
let g2 = g.operate_with_self(2u64);
let g3 = g.operate_with(&g2);
// Convert to affine coordinates
let g3_affine = g3.to_affine();use lambdaworks_math::{
field::element::FieldElement,
field::fields::u64_prime_field::U64PrimeField,
polynomial::Polynomial,
};
type F = U64PrimeField<65537>;
type FE = FieldElement<F>;
// Create polynomial: p(x) = 1 + 2x + 3xΒ²
let p = Polynomial::new(&[FE::from(1), FE::from(2), FE::from(3)]);
// Evaluate at a point
let result = p.evaluate(&FE::from(2)); // 1 + 4 + 12 = 17
// Interpolate from points
let poly = Polynomial::interpolate(
&[FE::from(0), FE::from(1), FE::from(2)],
&[FE::from(1), FE::from(2), FE::from(5)], // values of some quadratic
).unwrap();For more examples, see the examples directory and the math crate documentation.
- x86-64 Assembly Optimizations: Hand-tuned assembly for field arithmetic on supported platforms
- GPU Acceleration: CUDA backend for Merkle tree construction and FFT operations
- Metal Backend: Apple Silicon GPU acceleration for FFT and field operations
- Sparse Polynomials: Memory-efficient representation for polynomials with few non-zero coefficients
- Optimized FFT: Circle FFT and NTT implementations with field-specific optimizations
Most of the math and crypto crates support no-std without allocation with no-default-features. A few functions and modules require the alloc feature.
Both Math and Crypto support wasm with the target wasm32-unknown-unknown. To see an example of how to use this to deploy a verifier in a browser, check the Cairo Prover wasm-pack verifier.
If you use lambdaworks libraries in your research projects, please cite them using the following template:
@software{lambdaworks,
author={lambdaworks contributors},
title={lambdaworks},
url={https://github.com/lambdaclass/lambdaworks},
year={2023}
}Disclaimer: This list contains cryptographic primitives and mathematical structures that we want to support in lambdaworks. It can be expanded later to include new primitives. If you find a mistake or notice an update in another library, please let us know.
List of symbols:
- βοΈ means the feature is currently supported.
- ποΈ means that the feature is partially implemented or is under active construction.
- β means that the feature is not currently supported.
| Finite Fields | Lambdaworks | Arkworks | Plonky3 | gnark | Constantine | Halo2 |
|---|---|---|---|---|---|---|
| StarkField 252 | βοΈ | βοΈ | β | βοΈ | β | β |
| Goldilocks | βοΈ | βοΈ | βοΈ | βοΈ | β | β |
| Mersenne 31 | βοΈ | β | βοΈ | β | β | β |
| Baby Bear | βοΈ | β | βοΈ | β | β | β |
| KoalaBear | βοΈ | β | βοΈ | β | β | β |
| MiniGoldilocks | βοΈ | β | βοΈ | βοΈ | β | β |
| Binary fields | βοΈ | β | β | β | β | β |
| ZK friendly Hash function | Lambdaworks | Arkworks | Plonky3 | gnark | Constantine | Halo2 |
| Poseidon | βοΈ | βοΈ | βοΈ | β | β | βοΈ |
| Pedersen | ποΈ | βοΈ | β | β | β | βοΈ |
| Rescue Prime XLIX | βοΈ | β | βοΈ | β | β | β |
| Elliptic Curves | Lambdaworks | Arkworks | Plonky3 | gnark | Constantine | Halo2 |
| BLS12-381 | βοΈ | βοΈ | β | βοΈ | βοΈ | βοΈ |
| BLS12-377 | βοΈ | βοΈ | β | βοΈ | βοΈ | β |
| BN-254 | βοΈ | βοΈ | β | βοΈ | βοΈ | βοΈ |
| Pallas | βοΈ | βοΈ | β | β | βοΈ | βοΈ |
| Vesta | βοΈ | βοΈ | β | β | βοΈ | βοΈ |
| Bandersnatch | βοΈ | βοΈ | β | βοΈ | βοΈ | β |
| secp256k1 | βοΈ | βοΈ | β | βοΈ | βοΈ | βοΈ |
| secq256k1 | βοΈ | βοΈ | β | β | β | βοΈ |
| secq256r1 | βοΈ | βοΈ | β | β | β | βοΈ |
| STARKs | Lambdaworks | Arkworks | Plonky3 | gnark | Constantine | Halo2 |
| STARK Prover | βοΈ | β | βοΈ | β | β | β |
| Circle STARKs | ποΈ | β | βοΈ | β | β | β |
| SNARKs | Lambdaworks | Arkworks | Plonky3 | gnark | Constantine | Halo2 |
| Groth16 | βοΈ | βοΈ | β | βοΈ | β | β |
| Plonk | ποΈ | βοΈ | β | βοΈ | β | βοΈ |
| GKR | βοΈ | βοΈ | β | βοΈ | β | β |
| Polynomial Commitment Schemes | Lambdaworks | Arkworks | Plonky3 | gnark | Constantine | Halo2 |
| KZG10 | βοΈ | βοΈ | β | βοΈ | βοΈ | βοΈ |
| FRI | βοΈ | β | βοΈ | βοΈ | β | β |
| Binius | β | β | β | β | β | β |
| Circle FRI | ποΈ | β | βοΈ | β | β | β |
Additionally, provers are compatible with the following frontends and VMs:
| Backend | Frontend | Status |
|---|---|---|
| Groth16 | Arkworks | βοΈ |
| Groth16 | Gnark | β |
| Groth16 | Circom | ποΈ |
| Plonk | Gnark | ποΈ |
| Plonk | Noir | β |
| Stark | Winterfell | βοΈ |
| Stark | Miden | βοΈ |
This can be used in a multi-prover setting for extra security, or as a standalone with Rust.
Fuzzers are divided between those that use only the CPU and those that use CUDA.
To use them, make sure you have installed cargo fuzzer
You can install it with:
cargo install cargo-fuzz
CPU Fuzzers can be run with the command bash make run-fuzzer FUZZER=fuzzer_name
For example:
make run-fuzzer FUZZER=stark252The list of fuzzers can be found in fuzz/no_gpu_fuzz
Fuzzers for FTT in Cuda can be run with make run-cuda-fuzzer
Run a specific fuzzer from the ones contained in fuzz/fuzz_targets/ folder withcargo, for example, to run the one for the target field_from_hex:
make run-fuzzer FUZZER=field_from_hexTo serve the documentation locally, first install both mdbook and the Katex preprocessor to render LaTeX, then run
make docsIf you want to learn about proof systems/cryptography, we have a list of resources available here
The following links, repos, companies, and projects have been important in the development of this library, and we want to thank and acknowledge them.
- Starkware
- Polygon
- Mina
- zcash
- Matter Labs
- o1Labs
- zkSync
- Aleo
- Risc0
- Aztec
- Ingonyama
- Neptune
- Winterfell
- Anatomy of a Stark
- Giza
- Ministark
- Sandstorm
- STARK-101
- starknet-rs
- Summary on FRI low degree test
- STARKs paper
- DEEP FRI
- BrainSTARK
- Plonky2
- Arkworks
- Thank goodness it's FRIday
- Diving DEEP FRI
- Periodic constraints
- Chiplets Miden VM
- Valida
- Solidity Verifier
- CAIRO verifier
- EthSTARK
- CAIRO whitepaper
- Gnark
- Constantine
- Plonky3
- Stwo
- Binius
- Zorch
- Jolt
We take security seriously. If you discover a vulnerability in this project, please report it responsibly.
- You can report vulnerabilities directly via the GitHub "Report a Vulnerability" feature.
- Alternatively, send an email to security@lambdaclass.com.
For more details, please refer to our Security Policy.