⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

feat: add blake3 extension #2351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
shreyas-londhe wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: add blake3 extension #2351

shreyas-londhe wants to merge 2 commits into from

Conversation

@shreyas-londhe
Copy link

@shreyas-londhe shreyas-londhe commented Jan 13, 2026

[Draft] feat: BLAKE3 VM Extension

⚠️ Draft Status: This PR is not ready for merge. See "Known Limitation" below.

Summary

Adds a BLAKE3 hashing extension to OpenVM, following the existing extension architecture pattern (SHA256, Keccak). The extension provides accelerated BLAKE3 hashing for guest programs via a custom RISC-V instruction.

Architecture

Guest Layer (extensions/blake3/guest)

  • Custom instruction: opcode=0x0b, funct3=0b100, funct7=0x02
  • Handles memory alignment (input 16-byte, output 32-byte aligned)
  • Exposes zkvm_blake3_impl for guest programs

Transpiler (extensions/blake3/transpiler)

  • Converts RISC-V custom instruction to OpenVM instruction format
  • Global opcode 0x330

Circuit (extensions/blake3/circuit)

  • Blake3VmExecutor: Runtime execution, produces records
  • Blake3VmFiller: Trace generation from execution records
  • Blake3VmAir: Constraints wrapping p3-blake3-air compression + VM integration
  • Multi-block support with chaining value propagation
  • Memory bus integration for input reads and output writes

Known Limitation

This implementation does not produce standard BLAKE3 hashes.

The circuit uses p3-blake3-air which has hardcoded compression parameters:

Parameter Standard BLAKE3 p3-blake3-air
counter Block index in message Batch enumerate index
block_len Bytes in block (0-64) Batch size
flags Domain separation (CHUNK_START, CHUNK_END, ROOT) Always 0

This is by design in p3-blake3-air—it's intended as an internal ZK primitive for Plonky3 (FRI, Merkle trees), not for user-facing BLAKE3 hashing.

Impact: The hash output from this extension will not match the standard blake3 crate for any input.

Path Forward

To achieve standard BLAKE3 compatibility:

  1. Fork p3-blake3-air - Modify to accept counter, block_len, flags as witness inputs rather than deriving from batch metadata
  2. New BLAKE3 AIR - Build from scratch using the correct BLAKE3 parameterization

The VM integration in this PR (executor, filler, memory bus, execution bridge) is reusable—only the core compression AIR needs replacement.

Testing

  • Single/multi-block hash tests (verify internal consistency)
  • Boundary condition tests (0, 64, 65, 128, 129, 8192 bytes)
  • test_blake3_matches_standard - Intentionally fails to document the incompatibility

Checklist

  • Extension architecture (guest, transpiler, circuit)
  • Multi-block hashing with CV chaining
  • Memory bus integration
  • Test suite
  • Standard BLAKE3 compatibility (blocked on AIR)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shreyas-londhe