From 64e0ee9546827d4d6e8cdd299339313cd2285b81 Mon Sep 17 00:00:00 2001
From: oskarth <ot@oskarthoren.com>
Date: Mon, 29 Nov 2021 16:02:46 +0800
Subject: [PATCH] Initial Circom 2 support (#10)

* Import circom-2 test vectors

* Add failing test under feature flag

* Add exceptionHandler

* Add showSharedRWMemory

* Add getFieldNumLen32 and disable getFrLen

* Add getVersion

Also print version, n32

* Add getRawPrime

- Disable getPtrRawPrime
- Write as conditional cfg code blocks

* Refactor cfg code blocks

* Add readSharedRWMemory and get prime from WASM mem

- Add fromArray32 convenience function

* WIP: Debug R1CSfile header

field_size in header is 1, not 32 as expected

Don't see anything recently changed here:
https://github.com/iden3/r1csfile/blob/master/src/r1csfile.js (used by snarkjs)

But this seems new: https://github.com/iden3/circom/blob/0149dc0643c3842635fb758efc9ebc102f170a38/constraint_writers/src/r1cs_writer.rs

* Add CircomVersion struct to Wasm

* XXX: Enum test

* Trait version

* Move traits to Circom, CircomBase, Circom2

* Simplify Wasm struct and remove version

* Feature gate Circom1/Circom2 traits

* Use cfg_if for witness calculation

Make normal dependency

* Fix visibilty for both test paths

* Remove println

Can introduce tracing separately

* refactor

* Make clippy happy with imports, unused variables
---
 Cargo.toml                            |   4 +-
 src/witness/circom.rs                 |  91 +++++++++++++++++++++-----
 src/witness/mod.rs                    |   8 ++-
 src/witness/witness_calculator.rs     |  67 ++++++++++++++++---
 test-vectors/circom2_multiplier2.r1cs | Bin 0 -> 264 bytes
 test-vectors/circom2_multiplier2.wasm | Bin 0 -> 29071 bytes
 tests/groth16.rs                      |  32 +++++++++
 7 files changed, 175 insertions(+), 27 deletions(-)
 create mode 100644 test-vectors/circom2_multiplier2.r1cs
 create mode 100644 test-vectors/circom2_multiplier2.wasm

diff --git a/Cargo.toml b/Cargo.toml
index 59b97ab..2cc83dd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -32,12 +32,13 @@ thiserror = "1.0.26"
 color-eyre = "0.5"
 criterion = "0.3.4"
 
+cfg-if = "1.0"
+
 [dev-dependencies]
 hex-literal = "0.2.1"
 tokio = { version = "1.7.1", features = ["macros"] }
 serde_json = "1.0.64"
 ethers = { git = "https://github.com/gakonst/ethers-rs", features = ["abigen"] }
-cfg-if = "1.0"
 
 [[bench]]
 name = "groth16"
@@ -45,3 +46,4 @@ harness = false
 
 [features]
 bench-complex-all = []
+circom-2 = []
diff --git a/src/witness/circom.rs b/src/witness/circom.rs
index d9e9dbb..ae31b72 100644
--- a/src/witness/circom.rs
+++ b/src/witness/circom.rs
@@ -4,41 +4,92 @@ use wasmer::{Function, Instance, Value};
 #[derive(Clone, Debug)]
 pub struct Wasm(Instance);
 
-impl Wasm {
-    pub fn new(instance: Instance) -> Self {
-        Self(instance)
-    }
+pub trait CircomBase {
+    fn init(&self, sanity_check: bool) -> Result<()>;
+    fn func(&self, name: &str) -> &Function;
+    fn get_ptr_witness_buffer(&self) -> Result<i32>;
+    fn get_ptr_witness(&self, w: i32) -> Result<i32>;
+    fn get_n_vars(&self) -> Result<i32>;
+    fn get_signal_offset32(
+        &self,
+        p_sig_offset: u32,
+        component: u32,
+        hash_msb: u32,
+        hash_lsb: u32,
+    ) -> Result<()>;
+    fn set_signal(&self, c_idx: i32, component: i32, signal: i32, p_val: i32) -> Result<()>;
+    fn get_i32(&self, name: &str) -> Result<i32>;
+}
 
-    pub fn init(&self, sanity_check: bool) -> Result<()> {
-        let func = self.func("init");
-        func.call(&[Value::I32(sanity_check as i32)])?;
-        Ok(())
-    }
+pub trait Circom {
+    fn get_fr_len(&self) -> Result<i32>;
+    fn get_ptr_raw_prime(&self) -> Result<i32>;
+}
+
+pub trait Circom2 {
+    fn get_version(&self) -> Result<i32>;
+    fn get_field_num_len32(&self) -> Result<i32>;
+    fn get_raw_prime(&self) -> Result<()>;
+    fn read_shared_rw_memory(&self, i: i32) -> Result<i32>;
+}
 
-    pub fn get_fr_len(&self) -> Result<i32> {
+#[cfg(not(feature = "circom-2"))]
+impl Circom for Wasm {
+    fn get_fr_len(&self) -> Result<i32> {
         self.get_i32("getFrLen")
     }
 
-    pub fn get_ptr_raw_prime(&self) -> Result<i32> {
+    fn get_ptr_raw_prime(&self) -> Result<i32> {
         self.get_i32("getPRawPrime")
     }
+}
 
-    pub fn get_n_vars(&self) -> Result<i32> {
-        self.get_i32("getNVars")
+#[cfg(feature = "circom-2")]
+impl Circom2 for Wasm {
+    fn get_version(&self) -> Result<i32> {
+        self.get_i32("getVersion")
+    }
+
+    fn get_field_num_len32(&self) -> Result<i32> {
+        self.get_i32("getFieldNumLen32")
     }
 
-    pub fn get_ptr_witness_buffer(&self) -> Result<i32> {
+    fn get_raw_prime(&self) -> Result<()> {
+        let func = self.func("getRawPrime");
+        let _result = func.call(&[])?;
+        Ok(())
+    }
+
+    fn read_shared_rw_memory(&self, i: i32) -> Result<i32> {
+        let func = self.func("readSharedRWMemory");
+        let result = func.call(&[i.into()])?;
+        Ok(result[0].unwrap_i32())
+    }
+}
+
+impl CircomBase for Wasm {
+    fn init(&self, sanity_check: bool) -> Result<()> {
+        let func = self.func("init");
+        func.call(&[Value::I32(sanity_check as i32)])?;
+        Ok(())
+    }
+
+    fn get_ptr_witness_buffer(&self) -> Result<i32> {
         self.get_i32("getWitnessBuffer")
     }
 
-    pub fn get_ptr_witness(&self, w: i32) -> Result<i32> {
+    fn get_ptr_witness(&self, w: i32) -> Result<i32> {
         let func = self.func("getPWitness");
         let res = func.call(&[w.into()])?;
 
         Ok(res[0].unwrap_i32())
     }
 
-    pub fn get_signal_offset32(
+    fn get_n_vars(&self) -> Result<i32> {
+        self.get_i32("getNVars")
+    }
+
+    fn get_signal_offset32(
         &self,
         p_sig_offset: u32,
         component: u32,
@@ -56,7 +107,7 @@ impl Wasm {
         Ok(())
     }
 
-    pub fn set_signal(&self, c_idx: i32, component: i32, signal: i32, p_val: i32) -> Result<()> {
+    fn set_signal(&self, c_idx: i32, component: i32, signal: i32, p_val: i32) -> Result<()> {
         let func = self.func("setSignal");
         func.call(&[c_idx.into(), component.into(), signal.into(), p_val.into()])?;
 
@@ -76,3 +127,9 @@ impl Wasm {
             .unwrap_or_else(|_| panic!("function {} not found", name))
     }
 }
+
+impl Wasm {
+    pub fn new(instance: Instance) -> Self {
+        Self(instance)
+    }
+}
diff --git a/src/witness/mod.rs b/src/witness/mod.rs
index 6112a06..2a2cb37 100644
--- a/src/witness/mod.rs
+++ b/src/witness/mod.rs
@@ -5,7 +5,13 @@ mod memory;
 pub(super) use memory::SafeMemory;
 
 mod circom;
-pub(super) use circom::Wasm;
+pub(super) use circom::{CircomBase, Wasm};
+
+#[cfg(feature = "circom-2")]
+pub(super) use circom::Circom2;
+
+#[cfg(not(feature = "circom-2"))]
+pub(super) use circom::Circom;
 
 use fnv::FnvHasher;
 use std::hash::Hasher;
diff --git a/src/witness/witness_calculator.rs b/src/witness/witness_calculator.rs
index 46fb6f2..54904da 100644
--- a/src/witness/witness_calculator.rs
+++ b/src/witness/witness_calculator.rs
@@ -1,10 +1,15 @@
+use super::{fnv, CircomBase, SafeMemory, Wasm};
 use color_eyre::Result;
 use num_bigint::BigInt;
 use num_traits::Zero;
 use std::cell::Cell;
 use wasmer::{imports, Function, Instance, Memory, MemoryType, Module, RuntimeError, Store};
 
-use super::{fnv, SafeMemory, Wasm};
+#[cfg(feature = "circom-2")]
+use super::Circom2;
+
+#[cfg(not(feature = "circom-2"))]
+use super::Circom;
 
 #[derive(Clone, Debug)]
 pub struct WitnessCalculator {
@@ -19,6 +24,16 @@ pub struct WitnessCalculator {
 #[error("{0}")]
 struct ExitCode(u32);
 
+#[cfg(feature = "circom-2")]
+fn from_array32(arr: Vec<i32>) -> BigInt {
+    let mut res = BigInt::zero();
+    let radix = BigInt::from(0x100000000u64);
+    for &val in arr.iter() {
+        res = res * &radix + BigInt::from(val);
+    }
+    res
+}
+
 impl WitnessCalculator {
     pub fn new(path: impl AsRef<std::path::Path>) -> Result<Self> {
         let store = Store::default();
@@ -38,22 +53,44 @@ impl WitnessCalculator {
                 "logFinishComponent" => runtime::log_component(&store),
                 "logStartComponent" => runtime::log_component(&store),
                 "log" => runtime::log_component(&store),
+                "exceptionHandler" => runtime::exception_handler(&store),
+                "showSharedRWMemory" => runtime::show_memory(&store),
             }
         };
         let instance = Wasm::new(Instance::new(&module, &import_object)?);
 
-        let n32 = (instance.get_fr_len()? >> 2) - 2;
-
-        let mut memory = SafeMemory::new(memory, n32 as usize, BigInt::zero());
+        let n32;
+        let prime: BigInt;
+        let mut safe_memory: SafeMemory;
+
+        cfg_if::cfg_if! {
+            if #[cfg(feature = "circom-2")] {
+                //let version = instance.get_version()?;
+                n32 = instance.get_field_num_len32()?;
+                safe_memory = SafeMemory::new(memory, n32 as usize, BigInt::zero());
+                let _res = instance.get_raw_prime()?;
+                let mut arr = vec![0; n32 as usize];
+                for i in 0..n32 {
+                    let res = instance.read_shared_rw_memory(i)?;
+                    arr[(n32 as usize) - (i as usize) - 1] = res;
+                }
+                prime = from_array32(arr);
+            } else {
+                // Fallback to Circom 1 behavior
+                //version = 1;
+                n32 = (instance.get_fr_len()? >> 2) - 2;
+                safe_memory = SafeMemory::new(memory, n32 as usize, BigInt::zero());
+                let ptr = instance.get_ptr_raw_prime()?;
+                prime = safe_memory.read_big(ptr as usize, n32 as usize)?;
+            }
+        }
 
-        let ptr = instance.get_ptr_raw_prime()?;
-        let prime = memory.read_big(ptr as usize, n32 as usize)?;
         let n64 = ((prime.bits() - 1) / 64 + 1) as i32;
-        memory.prime = prime;
+        safe_memory.prime = prime;
 
         Ok(WitnessCalculator {
             instance,
-            memory,
+            memory: safe_memory,
             n64,
         })
     }
@@ -162,6 +199,20 @@ mod runtime {
         Function::new_native(store, func)
     }
 
+    // Circom 2.0
+    pub fn exception_handler(store: &Store) -> Function {
+        #[allow(unused)]
+        fn func(a: i32) {}
+        Function::new_native(store, func)
+    }
+
+    // Circom 2.0
+    pub fn show_memory(store: &Store) -> Function {
+        #[allow(unused)]
+        fn func() {}
+        Function::new_native(store, func)
+    }
+
     pub fn log_signal(store: &Store) -> Function {
         #[allow(unused)]
         fn func(a: i32, b: i32) {}
diff --git a/test-vectors/circom2_multiplier2.r1cs b/test-vectors/circom2_multiplier2.r1cs
new file mode 100644
index 0000000000000000000000000000000000000000..e61b9b091d3e08fab09d4639f9763e776451f221
GIT binary patch
literal 264
zcmXRiOfF_*U|?VdVkRK20AdgTiGlb)@L}@Tht3lVc2;`4FxH5TXl&f(8n8oif#Jg<
zzZ3(QUJ#8BfaIZS2%6^rHAn%X2d{b-h#IgCkb6OV5P-Q$0n9@XFn2=z2KF~d7696s
BEn)xw

literal 0
HcmV?d00001

diff --git a/test-vectors/circom2_multiplier2.wasm b/test-vectors/circom2_multiplier2.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..7ea487c35dda61de0272a262f576c463808a5ab4
GIT binary patch
literal 29071
zcmeHPdyHJwc|Z3t&pWeoclN>TdUrW<v4ahmI^kiPfbF|r0tpZk0tE811q*m>FJ`^G
zD%jn`Jd!Gv5|uPj6BVZsqJKb0DumodYB!HoRBcpRRTXMe#ZlTkT4-IBR3t%hf8TfS
z+_{f)?u<9cB$5|AckcPl<NN)-@0@$icg|d~=g<K|2w~hYwA)--61xrlXDrbjKCPwb
zB5<<^skyW$cH2m&?~9AZB4=IPEyQkt5>W-lVo(c}=u{=lt!8Qd-noUn2WH%v2X31=
zxUl!`xvTcf-M)WjUer6H=ApapzW;{1_RP=R{=S>9ojGv#{DZ==?wApVX;_wJ+XW$t
zrE;NwEB+V46h@(3#-(7E48t&mX%-5Wg$%);C=@D{YN23s61ZeR4AyD`?m)dU&~$3G
zdc9u5ja@JfqK<-Xh~uTww~Six0Bc~1>YXzSH_gl+g399kqqs?`c*DY;`2}%fbAD#e
z?MaEaY3Tm>y$ds`)SK<Sb9)!WEdz&U7OtK<c<;gud+(gvvtNA3LEZ1$bN{Y+&?G+W
z;_k}5Gy8A9?%o5}%*<Wz4)KuzB;CAsVQ%Kop&R!8_Kf%_sTL-P-6XvhqCI!cTn-Y&
zZIzNCeBl^(RG;~VF>{WPh7=ntvDpg0l{Z`EAkE!uxxu&AW~=2)2`Q#IA79GBof}+Q
z&IJ%}uv)w99dvcWYdO4%U5$b-8cz3v?zl>WnpRf%uAoY3px*1ldg;auZ=mM}s~p}y
zeZaV0)y%`OdfspEK+6Tzl`Fmp2}Y0rw5U9mBS?tl2wIHg2ohpB0yS=GIQ&N-PkrmR
z##;YJxbLDA7nx8D9}l%HX-aDwZjokFn*ETprsXFhiA@sV!beI1lV4=kNK#8lY9s+$
z_()0M9~YU!BpFUghDp*QNh>93kz|4-6Di3AtNOI_DKmlU;Q-b23H&t<C%`>SB_0pK
zMHylk)fr+?)fr-l)fr;I)fr;=)fr+ms53Adk3a3a+Ax}nz!|_N@`P6)`h-_pB<OZ%
zVY_2{8wRKJP7%&+du8NCUZe;95Xn)c?Uf|e7MGjS-UcTk_o4JeZDp^TYCDpbBsCOQ
zD-xlhvRC1T;&OJ`GV7I5yXMtWYDH?7B<T>>I1*J@2c-x))I3KGwx$N_dILH{B}wYV
z!9-vyte#Tj<Wl5%bu~q<nxbLP)$vf0q`8uZ3Tv(uIeKF2xx@~84K=aDYGPYnQ^#IO
z5-25m6$YggIeK%{_2y{gnxo|ns?E_-n`6Qo)^T2vgjdOVh4Csyj^2oMy%8IFBM#;o
zal#u?8!;H3<3mA75>%xnDhyRAa`dLH>rLCxn|4rd+M$eTd9aZg(^VLXhJUTq>Uyg+
z^i~_xTWu&~H6Df6X8Mn#r@pSIzM-dnP*43(hI%G(eTKxkp2UXU^#}DN4rNGWI?l_`
z(a_T|sHbBnLk9!flmRxV2R4)e#wuQzQE@1vA~&|B(-;@K)cL<bqqaCL+9v*CHWxm1
zr;W$j$c_t=!s%S+fy^_4BKKKjiR6YfX|80U!}5fnkf~G_X*PjJKRR)|WIv5|9<{NO
zvOr@2H;aDMtJyNoM^3iclGG^+kiiT|tx>tRMm4XZAwmXonv+#FUn5L5dU53PEKAia
zG}0-X=PG3$4wV(=E9>@FcGz?D^wCUB*=%`LIP#UnY@-*mEuK~?H7ZFhjxvwVs#1BR
zSF{j&_-v~;jtQ@>V>XzYs+5&wJ;Y$vsw$NSG2b4TION!)B()IA{NPb3BP&`6d3sj0
z2JB%9nG2z;hY(D&l@O|{f{;%&CJH%JSM+*TwN&Tv>1ZMJ;B$Sho>je`!3<x;XP%z<
zq+vRdLz<&iCa=Ysmd_r{Y|2%pwkl=v;bW?zho6VBu2rT7#x1cHF=0TM;ZmoHm=*pr
zT*rAKjA{woF480jAuW6t7YT&4C=}9-XCVd2h-ameDZ(QV%t|FwTt^_1l}e^)jzAbI
zl}s@lff!aQnIbm=0jyN=gmaxqk#I@#HtQl%K78hp@-%B}o8}H{hctK94QcuIY$u<Y
z$yXByF#fS=*-IwXXd*mnwhIM+#b_5CY2g+oEBMEZw(UqEZP%2Bf5gD0;9CB&iH|ee
zMf@vKi;&3D>_%u&@~tc9(R#@@_O(mYN+9#CeNcEB3S)*aZ6N46jhOB7xI@KRX<HV#
zhN55M8j4gyk!nEvsW|JG_H7WNjYpj<FXK{_rG37=uU+NBmFZ>t9Xz~CR()~ZJy4)B
zUH$~JRefW&UFBLT6ic=VM0sc3oHp7OU$m>NU&TLSx&tIMWpy9WR>x&QR%d0!Z7@?`
zG7V?RUoqPjK7d`c9sd{z11ZN$*Yuac7Cv0Wr`t9Ehy|1a7f4nt&~(gdm;4nwRJQEe
zP_Tf9BtW<>K2g?oG1Ni98sf>znBBVN@QbWM8&q2_z@(7yt<kO{7EbwaUm5rLJ}Mie
zMMbEpSXoN%6h+Nc6dYS1%Z9&H(NimJ4AyN7OYNF0AiWHrB|xeK7G*sRS_nWhXoaik
zIOlQa!uJYVGyP)-7P6SWvIbEanmePDx!TQK8HYgl%UCm@lMXqbA2h5*o^lVgO<t?e
zIz*a5TH`Pj<pl1nXoQ3|<|-D-cO%qYsU4Sw5!|j6(ZO!nFnrsU*5c9{wTt;GjS}20
z!e-sFVc@na9ga)GsBKq@7*Drs7_#k3C*slx|5%Az#j2~r2Ut$>0hfsMO7M|EoZusa
zIKf8-ae|Kw;shTV#0fq!h!cEF5Yw0$MTio7$SxmthmUfa4=l@~(g{8?h!cEd5GVM^
zAWra+L7d<tgE+xQ262K9Nqnr0AxiMEw#!Gk!$&R6M-YJy{5HWy262Lq4B`YI8N>-b
zGKdp=WDqC#$RJMev6lG2OfRx<f{*oGK5894+%zBYew^SVgE+xQ262Lq4B`YI8N>-b
zGKdp=WDqC#SWkQev8%ws2|mv2^5J&)7*6vM1kx4$kwKi`BZD}>M+R|%j|}1j9~s06
zJ~D_Ce4IyoV7{yNk4;@ZhC6(;(tKcv9F<P^M+R|%j|}1j9~s06J~D_Cd}I(O_{bnm
z@Ue;b2m*%+|G2QrN2|lfM4FEvMz8RX4B`YI8N>-bGKdp=WDqC#$RJMekwKi`<3i#C
zYlX<diT<*s%f|$L6~3Is%%ti3e9AbhGc&>bClw~;jZ+FDD)%M|(c_w)OhG`=hZe_d
z>|3VyHPid7McS3MISfWqKlMIql_QucIkod|Ha7pX8?{~SV1W*<>_#3DhUr&Ff6QQ^
zSJ`XmKnH;cB_B|!><zHWN_nsWr4kXEAKTbFOS2ZK)kQ<2e7L<G?1RNCRI*(2hJZ%J
zqO3{+suT@yxI!s{wl%M*wT;Z#>CtcJ5C^Z=-bg<dMZf5BklsO5TGaK<&|8$~iL)3H
zJizoQMNOthDFP7J8_n|r?M`5@y`!vkB(t&9QInWEZhK?>cn>`TBJXLXa4WrM*juA>
zk*Xw8l`b+MwLaI>``l=*&kcLyc|J#Il)B_>NR8;X)5e%@RfWX&YqmGpkEdc3?(#j6
z(opHCE$>WZQ@TJ^k|~s;0XBtF)MQgAMWcHE9?$jfmN%8>-vm_I;Gj(VT;z@;nJvFa
zG?v+Vj6{>Uz2bG-YxmPDXk8Zd3Yk(~*()Zzvye^Y9T-!|fJ)H-8&D}~>ig2DzAugI
z`_fcyUz+f|yuL&nDAgR4X(x{SdxUMPEH$Rz5}wrez;<pAe8cwE_0t2_#(Ut}6s~j+
ztV%Mg(sc*etV&T+-!Dh?{c>F2FQ@eV($n|Lx+Hi?4F_e~t0RXWVT&qDjp=*qq`tSd
z^}TgnrngeKnu1+43xf`wUO2#ZQ2J6+-@Qil-D_Omy{7ct%hPwSK_*+N;Ruth6piV-
z&!oQlwDsL*U8ei+(Fio2n%6e<o;|Af>~XzkPw73|(|h)a-bcsuK02xQ(YD@4*JXT^
zy$#E?l(&uQy=`3YZBu%0^Yq>}ruUmkz2CI;ezPv)H|zmHaEu1=PM;drd%%?513bM4
zOzLgf*4uJj#+GaqEQC{5nbKRu(_5vj=XYI(UuG%@6UCYG^h~YGU}o*H6c4oL8WC7{
zy1N-b8w<*vgTrlOva|LsB1#eL4D@rL2oq3&L&)0WJ;m6{yi*^|TBDUYl#b3m<!oq5
zL<(q?t~-&Ex8d0t%VTF*f<sSng|LLL@k2bWP$vUUX@$Ov4V)-3dzhgofU@@BM;?IH
zoPUV4tnp)7g^KKewSI7pR+S+Jdms**PAA9n_k>;Jv(E7%k$U<=19^<}G^wod8AN51
zja){s@^ALz2!nA(22Yj|mm?uc^{V_JRf+N#S<S9~WQ3Yb1BgVyfmoF`G6+1VL}45t
zh@hx4#5@bZ^3HQ1IL#Z+-_x^(z0nl)QEgRz_Qz|BL_t_cCCa0?AE%>uimG1O&{N#h
zyXr`;t77Tj>c>^jh*L~~lDLLFDQ<aVsUi`NRjFmau4O-uVpr??(TqH%eR32>mrrAh
z6b%j<$6-gJrrt0kdc(AG4TIJGntlv39yiQ*ishb$neb=@tOQk+TAS7NHgi{Hvwpfo
z8e7DELvOPtPnwnRM)Wpo>20<q*JfD7PxWK7$+*oXQwGShS(T@oN<4MFxm>Ne^7_$`
z){=eoqcp6TxwMuH!bVDXK|oC@YUwSxMsLX=q7<*t=zVOyuIJy?^FOpI{(JX{hSZYW
zlv<KU^xdVU?=EZfBu`~XW+t&%!!m?d5{e%nxOygsv`pr?>!_CGKHRmbXL3Z(WJ}NF
z8a<O!877%7>^kPqHKeC&bX9cq_O1~<CoMfEYxJB<WjJBrSlj0SAJqcSbA~Z3Cw(|W
zOAmaF9(WKz%8V!2;LJf6M9|`eI>Tfhy56>1qlYk+fxuQk+(55qo-z|!1NA}mR7Ou$
z2K#!EGQla~30a^Z1WtA0ATS?aq_2E@F-pTJ#po#UC{8R&ob<#&P<PZBq3_2WIuBaI
zA<<(FQb(L7=cu{k{*l^xQ~1U`;qgazywlJiS~uJ=r-I^mw*Zb){-t5qIF^fABo1HV
zz%L(jMKkZI<LIa_uf*xlm6|(=6T3KXN}p&Shdgn23|}dBf}>w<6G@Ve0i(!lyTIpQ
z4PPE4*gNeV4V+>nO+~xN_2VS!m8icct&KulB2a}z=VvX6!??5IVO(9~s43IBGl8R=
z&}F&qPT_;DW1wicj`OXf&Qqpg;xMy+q>f|7mW$a++h#RvI{FI(NSjUs13!*CyJrBy
zvhiM6hpzkD1(ag};SS|1B9N~LwOj^bsg}Bd)KyE%fwZia+JO`Yl2v+{fz(t>Lr^J9
z_RhM&XOI8cFf7pI+T@t71)EK@P5%fE6ccY?v*hC>WZjkczCz!Z2XM*_$EuMCcXEq$
zxNhA)GT@%!8-XL?rX#^Ol7xn)22roSGJvXKlznW8z$nlM=_EP>2bRe~>`oSxq2xNM
zM>8l4T}Gh<r7jP+qg*Gxtf2$V1As6L1JV_ThH+Gvf#DSz`0gJm5)`P94_45*5E=N*
z9Q>9K`o=F9;WU212!Ep&j0E}QW=lGk5n+HT1-u9`JAeItI6tF6PaqFRa`@5`+b_>j
zF1lFE_nByNqbR}2?g8Th0@vP2>QUzv?{apb$!T#T$)xt>BbbUv<KecEmj^Q84m-}x
zxKe{F0u9ouMB=T}x%P)HHf>fU&}Ix-pp_ICn!<fsT!8PC-$s6nQg4sfo2~VMWUX}i
z`s%Pm2t86NtT$64tq3(vnH*<bvL+X2xS+DX+;B?~l~*|*!~1m>rP0O9UzvxnNrFzT
zL^Wf`B<N(7VI~<QJdBm4Ieq5iu(-7gv3uj8UGr=n{(UNpma2q{V|08QAh)xMt~bkM
z1(+LsO*rHa?m2MYGOp+PXxcq*A7yaQWBD^y3WTY|!>MU#0U9%c)I`+VJv)Xylfglb
zu3e1$%yH(jHKD2)-#yxmSLI`T34D)?fjc%w)9L6IxX<d;L~RDwO^tMUAzhKo?b3Fw
zMdrpsY!{yXk-39Y{~B{!Y;NbxwAN5BYYlZ63GAM4E!5Wa^R%^wh}^!dm8eQ>Ev_);
zseM~3UAMwo1Us@8y<BJ2*7_v9+bPwZ*t^gGIY-bqzIVrm?ob-%i#(KzxJC42ys(Mi
zCWSs63``kOl5InmjZCJfI5JjjAPv>#{L#q$>!&sid(yxM%`iirFeebslSn^VQ-C(6
zj)qTsqt7m1rEUYEH8@A`Hm!)&SgzHu`sQm85%lh^{!Gv~c*E$ui9k-%!~o90FFbRc
zgoxgOMk31MIOoPo1tO~D?TT8Gd4m@E%bTt@sX~6esl3m<iBG%Hyb*6SId<xY#;6va
zCh@S)eQ=EWD`6ic$HSr{*|GB<dZ@XZfhRxd+NrwL45FyH`!G<~92-LEC#tI+LJz{h
zq7hU-Y*Ih%A^|Guf#Fjg3po7o#14eeh}pRhM&XEV-*sK*6gAkHcDT-+eIf)RTGz89
zV8z{?MFn`GS$4-|+{m+nIc<~Xd6<H@@1&VK47kO)hAwBHBymYU^<|)ubcRsb^oqEZ
zej7`ZWNAF6Nc)7-g2cD4rV)bp-#?3`Ov9NL&VholL_ZLwe?AoTi}&p#*P+E4Ec)#9
z_QP!(ElB%e{3ulfzulE3pBMe~+g;R!G0ehmdEFiO73?<L;Fq6tQ*^gKLQ63Gu6H*0
z6{s^CYmM6qn!-wJ6-{lAH?=L@6t4pDT1d&;uXN~i`(Z5fn7B@ShRhn7w~E!w;|MP#
z7Z>ch;o}-+^zrz=Jm$>QC;36uM|X)HW6F9=f9gFjPe1)GzoK9k_3UH6$^hVe)_|Wx
zm;f?1=YjguZvq9$I!s@N-bs@Q^S+DmGF3E!WtgB<J}t+v^1?dW<aO01T+j8({wDur
z;a=>QQ7H87P3}f_CyKfje(j8(cBV6+;70d~AVc33hWYgshAleiQiy@j+f6wF0gnss
zgSU3#9xCzMN=feG9!r+)n?Z5kat_-`?jtk2IU{lEd306Gl;qqe<IyMc0O;9l_em1-
zyi)|3o$Ay#3p=y7<KrGUde_g>e#C<t`$^zOxKH>I?h}55`%~>l?|y6iDBJ9*^CLyu
zeLoC-g|3rrHs(k3xqkF$YCOVy!jEvD@FU!xYCpQ>t?{F5v!~9F6m6dhKgu>6^P@v4
zKe`w)ey&X~u@mu4nQt&8@e_@25Q^i+8Q-*=oha7l^NSx4Jkh=`<pRzmYH`=$$-V9#
z#TvIO<p^$S9ZfS|cO4f?E=z~8^|4ioSsH;cH{MTQ99#INQxN`(4QGHpp-CulySLJy
zS;^(tG4N?+-!=&IY}=&yGbG!E?=E2Wg}o4((eakZi4zurp7-q#{t^XA3NF2)#&EV7
zm~|iD>{BuSwasmVHyjNAjm@;<VDR*Zl$&kyzK;LZt^V^{DeuuO?##Gz3-9tg?Vm92
zAti!W`S`~h()4TCzQ8n|CL-c`Xkk%=8oORdz&mXyl7&phEElD18-vtBD(}2NIZ`Je
z$N38FD?&?xiYl=O=$kIh&Yqo?k4fX%N8DQ}tV-zyrQ`h~v^`?`=05j>NVGT+8!G;%
zx6n)<JC6-_V;e7r1QOiQ+zuBkwQ0{0G75(j6w<KhS+r@n1bEO%T2u$?^!!%$4oneg
zr`12wfbFnZ1ap?@!*<Rlrr!W0-&`O|chmuG?gm;C%?2gT3Cv6!zt~{aaHWt;IlQ{z
zwdJ^=7G=q0k%rbbQ5)ahN<2Y?Hy&XN51bbK7s<~y3IQR~jak&r+W>!P60<L2ZRj62
zU@#Lo!`-%{@02F_07fC&k)oYFEVArN1bmFvQ}8Of@b(kFN)iMqxV(am*x2n)lDGer
zy#4p&?Inq#vU}&_HBaoG1;4t#v#DI&AM6kZf<Q?u0O$Nov)z*D9)*K#+Jmmn#j;yK
zP7p0WrUCokx3{wAJLeOjUu8mJr?59j_7{WtOc_F?*N9N`rd>uO?2+&-A3d_<zb@Pl
zpk;Uf8J)T)3=jXrqEyWKMsVZPZXXieEu8G0<)b!K={T=WjteXxoboS4_=hb%bllFJ
z?utbv=Q{p-KmGpYpE>xa4_@`-3)X-510Va?3p;lm-EidX-=Dwk_D%2*yf^C?Cr-R~
z;=<p5X2W-OKl$1F-njVuD<6E|?k~^X@mt?3{lPcxuVNHBf?Q7@Xn$qr509?-!7U&9
z!PhSN<qeN6fBlBb4qyGLr>?ke>1!{I!dq96YlrxY=fD5*6CXMH!Y?NN{EJte^XlI{
z`K8<c>e5d>H1oGh@44mmn!pBWKP@g7vF7Uahn-i>_4;4`{P>ryI{Mv9*S<FP#QD#x
z?D!XN{db37`uxGIXTPHby^srh^~iM$xqf)!#FIZ8sIS@nnRCAU<-7juKR#Lf*O%}6
z&zIlzt*`%7-dKKV1bmeox&4+iw+&Z5_l3tF*>?CJ9vx}j^+Eg5FPP&)=l|%6qD4Am
zo7<6JyzK9nZ#*=2+drMyxpv`y&;6s9tv{JsIcMihKl<5i8=m;@-J}<C9eJj4=I=c6
zH{ZE@`bqyM->lZ2-}v!wUTger<#UI;!)#-0KK6qV&yAx~+%&SIU=OpeG@NqC?lO9Q
z!&z>Hx2G?s892?rX$DR+aGHU)lz~sZVmx-ucW-;nd`q?X&1n3o{{dIuyX`rief(yq
zd|J!X44h`**NFkdCJ<1-AFVrR)D6}$pWfoEr&Rnc^NJ++uKq+k3&9ThL!iNlK3{yN
sBX`cv-#st)&dG(D0|)o-S(uU6-n)Nc@4@|hXXfAW(M`yE^fE{MKk84CFaQ7m

literal 0
HcmV?d00001

diff --git a/tests/groth16.rs b/tests/groth16.rs
index c7eadd7..f4873ef 100644
--- a/tests/groth16.rs
+++ b/tests/groth16.rs
@@ -58,3 +58,35 @@ fn groth16_proof_wrong_input() {
 
     builder.build().unwrap_err();
 }
+
+#[test]
+#[cfg(feature = "circom-2")]
+fn groth16_proof_circom2() -> Result<()> {
+    let cfg = CircomConfig::<Bn254>::new(
+        "./test-vectors/circom2_multiplier2.wasm",
+        "./test-vectors/circom2_multiplier2.r1cs",
+    )?;
+    let mut builder = CircomBuilder::new(cfg);
+    builder.push_input("a", 3);
+    builder.push_input("b", 11);
+
+    // create an empty instance for setting it up
+    let circom = builder.setup();
+
+    let mut rng = thread_rng();
+    let params = generate_random_parameters::<Bn254, _, _>(circom, &mut rng)?;
+
+    let circom = builder.build()?;
+
+    let inputs = circom.get_public_inputs().unwrap();
+
+    let proof = prove(circom, &params, &mut rng)?;
+
+    let pvk = prepare_verifying_key(&params.vk);
+
+    let verified = verify_proof(&pvk, &proof, &inputs)?;
+
+    assert!(verified);
+
+    Ok(())
+}