PLONK Benchmarks II — ~5x faster than Groth16 on Pedersen Hashes

Benchmarks from Aztec

Thomas Walton-Pocock
Feb 20 · 2 min read

Following our first benchmarks on the MiMC hash at the end of December, we’re excited to present benchmarks on Pedersen hashes, whose security properties are less controversial than MiMC because they rest on assumptions no stronger than discrete log.

To refresh your memory about why hash benchmarks are so important, read our primer.

PLONK

PLONK is a new type of ZK-SNARK — a highly efficient Universal SNARK, created in a collaboration between Zac Williamson and Ariel Gabizon. ‘Universal’ of course means that all circuits (read: private transactions / smart contracts) can be validated with just one trusted setup. Before this, we require a new setup for every new circuit (read: every edit to a private smart contract).

Sonic, PLONK and Marlin are a new circuit description which consists of gates, of two kinds: multiplications (×) and additions (+).

So — the results.

The Benchmarks

PLONK is ~5x faster over Pedersen Hashes, 3x faster over MiMC, but ~1.5x slower over SHA-256. Pedersen vs Groth16 is measured over 2,400 hashes. Note: MiMC, Pedersen and SHA-256 are here benchmarked over different numbers of hashes bytes, and so these benchmarks are only valid by comparing across a row, not across a column

Proving Times in Pictures

Prover time in seconds for given number of hashes
The same graph but measuring constraint count rather than seconds to prove

Quick Glance in the Rear-View Mirror

This is another exciting milestone for universal SNARKs.

That there is now a secure hash over which a universal SNARK can not just match but outpace the seminal single-circuit Groth16 by 5x on prover speed — this is extraordinary.

We must remember that Sonic, that historic first breakthrough in universal SNARKs from Maller, Bowe, Kohlweiss and Meiklejohn, was published only a year ago.

Aztec and other teams will keep working to push the boundaries of mathematics and smart contract engineering to eliminate the trade-offs between public blockchains and private networks.


Join the Team

We’re on the lookout for talented engineers and applied cryptographers. If joining our mission to bring scalable privacy to Ethereum excites you — get in touch with us at hello@aztecprotocol.com.

Join our Community

AZTEC Protocol

Private transaction network on Ethereum.

Thomas Walton-Pocock

Written by

CEO Aztec

AZTEC Protocol

Private transaction network on Ethereum. Email: hello@aztecprotocol.com, Discord: https://discordapp.com/invite/Z2kyTTu, Telegram: https://t.me/aztecprotocol

More From Medium

More on Privacy from AZTEC Protocol

More on Privacy from AZTEC Protocol

Aztec: Fast Privacy with ZK² Rollup

More on Zero Knowledge Proofs from AZTEC Protocol

More on Zero Knowledge Proofs from AZTEC Protocol

The First 10,000 zkDAI

More on Zero Knowledge Proofs from AZTEC Protocol

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade