add sophon naming

README.md

@@ -1,10 +1,27 @@
-# folding-schemes
-(brief description) .. implemented on [arkworks](https://github.com/arkworks-rs).
+# sophon
 
-> **Warning**: experimental code, do not use in production.
+Experimental folding schemes library implemented in a joint effort of [0xPARC](https://0xparc.org/) and [PSE](https://pse.dev).
+
+
+<img align="left" style="width:30%;min-width:250px;" src="sophon-folding-schemes.png">
+
+<br>
+<i>"The creation of the Sophon involves unfolding a proton's extra dimensions, turning it into a sheet the width of a planet. Circuits are etched onto the sheet using strong interaction force before the sheet is folded back into a proton, now a powerful computer."</i>
+<br><br>
+The <b>sophon library</b> allows to define the arithmetic circuit instances which are folded in an Incremental Verifiable computation (IVC) fashion, furthermore, obtaining at the end a succinct proof of all the circuit foldings that can be verified in Ethereum's EVM.
+
+<br>
+
+[TODO before finishing the PR, move all image files into a `imgs` directory or similar]
+
+<br>
+
+> **Warning**: experimental code, do not use in production.<br>
 > The code has not been audited, and we have pending to implement several optimizations. The focus so far has been on implementing from scratch Nova + CycleFold and achieving onchain (EVM) verification.
 
 ## Schemes implemented
+The library uses [arkworks](https://github.com/arkworks-rs), and implements the following folding schemes:
+
 - [Nova: Recursive Zero-Knowledge Arguments from Folding Schemes](https://eprint.iacr.org/2021/370.pdf), Abhiram Kothapalli, Srinath Setty, Ioanna Tzialla. 2021
 - [CycleFold: Folding-scheme-based recursive arguments over a cycle of elliptic curves](https://eprint.iacr.org/2023/1192.pdf), Abhiram Kothapalli, Srinath Setty. 2023
 
@@ -14,15 +31,18 @@ Work in progress:
 - [ProtoGalaxy: Efficient ProtoStar-style folding of multiple instances](https://eprint.iacr.org/2023/1106.pdf), Liam Eagen, Ariel Gabizon. 2023
 
 ### Available frontends
-Available frontends to define the folded circuit.
+Available frontends to define the folded circuit:
 
 - [arkworks](https://github.com/arkworks-rs), arkworks contributors
 - [Circom](https://github.com/iden3/circom), iden3, 0Kims Association
 
 ## Usage
 
 ### Folding Schemes introduction
-[introductory text here]
+
+[introductory text here (TODO)]
+
+[TODO diagram showing the folding concept]
 
 - https://youtu.be/IzLTpKWt-yg?t=6367 , where [Carlos Pérez](https://twitter.com/CPerezz19) overviews the features of folding schemes and what can be build with them.
 
@@ -33,7 +53,7 @@ Later the user can for example change with few code changes the Folding Scheme b
 
 ![](folding-schemes-lib-pipeline.png)
 
-Complete examples can be found at [folding-schemes/examples](https://github.com/privacy-scaling-explorations/folding-schemes/tree/main/folding-schemes/examples)
+Complete examples can be found at [folding-schemes/examples](https://github.com/privacy-scaling-explorations/sophon/tree/main/folding-schemes/examples)
 
 ### The folding circuit
 For the next example, we're going to use Nova+CycleFold for the folding, with the On-chain (EVM) verifier.
@@ -120,7 +140,7 @@ for i in 0..num_steps {
     println!("Nova::prove_step {}: {:?}", i, start.elapsed());
 }
 
-let (running_instance, incomming_instance, cyclefold_instance) = folding_scheme.instances();
+let (running_instance, incoming_instance, cyclefold_instance) = folding_scheme.instances();
 
 println!("Run the Nova's IVC verifier");
 NOVA::verify(
@@ -129,7 +149,7 @@ NOVA::verify(
     folding_scheme.state(), // latest state
     Fr::from(num_steps as u32),
     running_instance,
-    incomming_instance,
+    incoming_instance,
     cyclefold_instance,
 )
 .unwrap();
@@ -138,14 +158,12 @@ NOVA::verify(
 ### Final proof (decider proof)
 Two options:
 
-- offchain mode
 - onchain (Ethereum's EVM) mode
+- offchain mode
 
 Once we have been folding our circuit instances, we can generate the *"final proof"*, the Decider proof.
 
 
-#### Offchain Decider
-
 #### Onchain Decider
 
 ![](decider-onchain-flow-diagram.png)
@@ -191,7 +209,11 @@ let verified = DECIDER::verify(decider_vp, nova.i, nova.z_0, nova.z_i, &nova.U_i
 assert!(verified);
 ```
 
-As mentioned above, complete examples can be found at [folding-schemes/examples](https://github.com/privacy-scaling-explorations/folding-schemes/tree/main/folding-schemes/examples)
+As mentioned above, complete examples can be found at [folding-schemes/examples](https://github.com/privacy-scaling-explorations/sophon/tree/main/folding-schemes/examples)
+
+#### Offchain Decider
+Not available yet, meanwhile the onchain Decider can be used also offchain. We plan to implement a separate offchain decider which will be more efficient and faster generating the proofs (without EVM constraints).
+
 
 ### Swapping curves and proving schemes
 Thanks to the modularity of arkworks, we can swap between curves and proving systems.
@@ -207,7 +229,7 @@ First we need to generate the Solidity contracts that verify the Decider proofs.
 ```
 
 ## License
-https://github.com/privacy-scaling-explorations/folding-schemes/blob/main/LICENSE
+https://github.com/privacy-scaling-explorations/sophon/blob/main/LICENSE
 
 [TODO: add references to
 - arkworks

cli/README.md

@@ -54,7 +54,7 @@ This would generate a Groth16 verifier contract for the given G16 data (which co
     -v, --verbose: Increase logging verbosity
     -q, --quiet: Decrease logging verbosity
     -p, --protocol <PROTOCOL>: Selects the protocol for which to generate the Decider circuit Solidity Verifier (possible values: groth16, kzg, nova-cyclefold)
-    -o, --out <OUT>: Sets the output path for all generated artifacts (default: /home/kr0/Desktop/HDD/ethereum/folding-schemes/verifier.sol)
+    -o, --out <OUT>: Sets the output path for all generated artifacts
     -d, --protocol-data <PROTOCOL_DATA>: Sets the input path for the file containing all the data required by the chosen protocol for verification contract generation
     --pragma <PRAGMA>: Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact
     -h, --help: Print help (see a summary with '-h')

cli/src/settings.rs

@@ -87,7 +87,7 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
 #[command(author = "0XPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
 #[command(propagate_version = true)]
 /// A tool to create Solidity Contracts which act as verifiers for the major Folding Schemes implemented
-/// within the `folding-schemes` repo.
+/// within the `sophon` repo.
 pub(crate) struct Cli {
     #[command(flatten)]
     pub verbosity: clap_verbosity_flag::Verbosity,

folding-schemes/src/folding/nova/cyclefold.rs

@@ -264,7 +264,7 @@ where
             // TODO instead of bytes, use field elements, but needs x,y coordinates from
             // u_i.{cmE,cmW}, U_i.{cmE,cmW}, cmT. Depends exposing x,y coordinates of GC. Issue to
             // keep track of this:
-            // https://github.com/privacy-scaling-explorations/folding-schemes/issues/44
+            // https://github.com/privacy-scaling-explorations/sophon/issues/44
         ]
         .concat();
         sponge.absorb(&input)?;
@@ -340,8 +340,8 @@ where
         // check that x == [u_i, U_i, U_{i+1}], check that the cmW & cmW from u_i, U_i, U_{i+1} in
         // the CycleFoldCircuit are the sames used in the public inputs 'x', which come from the
         // AugmentedFCircuit.
-        // TODO: Issue to keep track of this: https://github.com/privacy-scaling-explorations/folding-schemes/issues/44
-        // and https://github.com/privacy-scaling-explorations/folding-schemes/issues/48
+        // TODO: Issue to keep track of this: https://github.com/privacy-scaling-explorations/sophon/issues/44
+        // and https://github.com/privacy-scaling-explorations/sophon/issues/48
 
         Ok(())
     }

solidity-verifiers/README.md

@@ -1,4 +1,4 @@
 # `solidity-verifiers`
 
-This crate implements templating logic to output verifier contracts for `folding-schemes`-generated decider proofs.
+This crate implements templating logic to output verifier contracts for `sophon`-generated decider proofs.
 This crate is accompanied with the [cli](cli) crate, which allows to generate the Solidity contracts from the command line.