 Hello everyone, I'm Fabrizio from Statebox and I'm going to talk about how to map finite state machines to ZK snarks using category theory. This is joint work with Andren Ispel and Joshua Fitzgerald from our team as well. We have a paper about what we did which is this archive link there. Okay, so let's start. What is a zero-knowledge snark? They are just a way to prove that some computation follows some rules without revealing anything about the computation itself. They are good for privacy. They compress a lot of information and blockchain people seem to love them so why not doing some research about them. The nice thing is that for this talk you don't really have to know what a ZK snark is. Everything you have to know is that if you have a Boolean circuit then you can turn it into a ZK snark. So now the question becomes cool but what is a Boolean circuit? Well, it's just literally a bunch of logical gates work together. So in here you see for instance four gates, an AND gate, an OR gate, a copy gate, and a constant gate. And you know this is a Boolean circuit. You just like guard them together and you put bits in the vertical wires and you get an output bit on the right. Okay, so what is a finite state machine? A finite state machine in some very old gadget in theoretical computer science. All the means good because it means that a lot of theory has been really developed about finite state machines. We know perfectly well how they work and how to prove formal properties about them. So in here you can see this is just a vending machine, a model of a very simple vending machine. And you can think about it just as a graph. The vertexes represent all the possible states of the system and the edges, so the arcs represent operations that mutate state. So you see that in here you can insert a coin and go from ready to select and then you can order stuff and get changed. And a computation that follows the rules of the finite state machine is just a path in this graph. So you see that you can't buy coke if you are not in the select state. You need to, and if you are in a ready state then you have to insert a coin first. So the idea is that if we can map these paths of this graph to Boolean circuits then we can basically turn this circuit into a snark that verifies that a computation followed the rules determined by the finite state machine. Okay, so but what is category theory? Like where do you use category theory? So category theory is a super complicated thing that is used to do simple things that seems like not great, but actually it is because it scales better. So the idea is that in category theory everything is compositional. It's super related to type theory. So if you like functional programming you should really like category theory even if functional programmers won't agree with me on this. So the idea is that in category theory you can relate different mathematical structures. Everything is formally interconnected in a way that respects the structures of the things you are connecting. This means that if we build a categorical correspondence between graphs and Boolean circuits then we can be sure that if we morph the graph the circuit will morph accordingly. And moreover once you categorify a concept you automatically connect it to the whole of mathematics. And this basically means that now if you have a categorical correspondence between whatever you like to graphs then you will be able to pipe this correspondence inside the thing we are doing and get automatically ZK snarks out of it. So this is an example. With each graph G you can build a free category, free of G. This free category represents all the possible parts in the graphs, all the possible local computations we are interested about. And you know this is a community square which is the very heart of category theory. And what it means is that if you have an F that morphs your graph G to a graph G prime then you obtain automatically a way to morph the corresponding categories. And if you map the graph G to the free category and then you morph that's the same of morphing the graph first and then doing the free category. So this square commutes. It doesn't matter which path you take. You can go from G to free of G prime using both paths. So what we do is this. We can basically use the adjacency matrix of the graph corresponding to the FSM to build a circuit. In this circuit you see you basically plug in an enumeration of a vertex on the left and an edge. And this circuit will give you zero or one depending if the vertex you plugged in is the starting vertex of the edge and it will give you the next vertex. So if X to the E is a thing that goes from A to B and you plug A on the left on XV then you get one and B on the other side. Now we can connect these things together. And this is exactly what this free category will do. So we can map now everything in this free category to a piping of these modular circuits basically. But we can do more. We can obstruct the adjacency matrix which at the moment is encoded in these S of G and T of G like this. And now the idea is that in this densely dotted wire you can also specify the adjacency matrix of the graph you want to use. So now you are plugging in the vertex, an edge, and also the graph the vertex and the edge belong to. So again all these things are composable and you can basically obtain a functor that goes from your free categories to these circuits. This means that you are basically a categorical way to map a finite state machine to this category of Boolean circuits. And everything we built is compositional. So basically you see in this huge diagram you start with graphs on the left. Then you calculate this free category thing. And then you can there are different kind of things that are related to knowledge proofs or zero knowledge proofs. And the idea is that if you morph the graph down there you can basically traverse this diagram in any way you want. It doesn't matter which path you take. The only thing that matters is what is your starting point and your end point. And this is exactly what category theory is about. So the take home message of this talk is this. If you build things categorically there's a good chance that they will be formally correct because category theory is all about structure and when you are able to express some concept categorically then the concept will be correct and type check by definition. You can think about category theory really like a semantics for type theory if you want. Then you will be able to verify that your constructions satisfy some nice properties. And this is because categories are very structured. So once you turn something into categories you have a plethora of formal tools that you can use to verify that your constructions have some properties. And they will be more easily implementable in a formally verified setting because basically many formally verified settings are fully functional. For instance we are mainly using Idris to implement this stuff. And we just built a category theory library in Idris. We literally took a category theory book and implemented all the definitions with proofs in Idris. And then you see that if you are able to just have to translate the theory we developed to the Idris library. Just is between quotes obviously because it's not easy but it's a very conceptually straight path to get to formal verification. And yeah in the end you will be able to link things together without making a mess. So that's basically it. So yeah category theory is difficult in the beginning especially if you don't know it but it pays off big time as your system becomes more complicated. So for instance in this case we have basically built a categorical module for our infrastructure. A categorical gadget that turns graphs into zero-image proofs. Now whatever you are doing if you are able to translate the stuff you care about into graphs then you can just use this module to get a zero-image proof from that graph that verifies that the rule specified by the finite state machine corresponding to the graph are being followed. And yeah I think that's it basically. Thank you.