Add solidity groth16, kzg10 and final decider verifiers in a dedicated workspace (#70)

* change: Refactor structure into workspace

* chore: Add empty readme

* change: Transform repo into workspace

* add: Create folding-verifier-solidity crate

* add: Include askama.toml for `sol` extension escaper

* add: Jordi's old Groth16 verifier .sol template and adapt it

* tmp: create simple template struct to test

* Update FoldingSchemes trait, fit Nova+CycleFold

- update lib.rs's `FoldingScheme` trait interface
- fit Nova+CycleFold into the `FoldingScheme` trait
- refactor `src/nova/*`

* chore: add serialization assets for testing

Now we include an `assets` folder with a serialized proof & vk for tests

* Add `examples` dir, with Nova's `FoldingScheme` example

* polishing

* expose poseidon_test_config outside tests

* change: Refactor structure into workspace

* chore: Add empty readme

* change: Transform repo into workspace

* add: Create folding-verifier-solidity crate

* add: Include askama.toml for `sol` extension escaper

* add: Jordi's old Groth16 verifier .sol template and adapt it

* tmp: create simple template struct to test

* feat: templating kzg working

* chore: add emv and revm

* feat: start evm file

* chore: add ark-poly-commit

* chore: move `commitment` to `folding-schemes`

* chore: update `.gitignore` to ignore generated contracts

* chore: update template with bn254 lib on it (avoids import), update for loop to account for whitespaces

* refactor: update template with no lib

* feat: add evm deploy code, compile and create kzg verifier

* chore: update `Cargo.toml` to have `folding-schemes` available with verifiers

* feat: start kzg prove and verify with sol

* chore: compute crs from kzg prover

* feat: evm kzg verification passing

* tmp

* change: Swap order of G2 coordinates within the template

* Update way to serialize proof with correct order

* chore: update `Cargo.toml`

* chore: add revm

* chore: add `save_solidity`

* refactor: verifiers in dedicated mod

* refactor: have dedicated `utils` module

* chore: expose modules

* chore: update verifier for kzg

* chore: rename templates

* fix: look for binary using also name of contract

* refactor: generate groth16 proof for sha256 pre-image, generate groth16 template with verifying key

* chore: template renaming

* fix: switch circuit for circuit that simply adds

* feat: generates test data on the fly

* feat: update to latest groth16 verifier

* refactor: rename folder, update `.gitignore`

* chore: update `Cargo.toml`

* chore: update templates extension to indicate that they are templates

* chore: rename templates, both files and structs

* fix: template inheritance working

* feat: template spdx and pragma statements

* feat: decider verifier compiles, update test for kzg10 and groth16 templates

* feat: parameterize which size of the crs should be stored on the contract

* chore: add comment on how the groth16 and kzg10 proofs will be linked together

* chore: cargo clippy run

* chore: cargo clippy tests

* chore: cargo fmt

* refactor: remove unused lifetime parameter

* chore: end merge

* chore: move examples to `folding-schemes` workspace

* get latest main changes

* fix: temp fix clippy warnings, will remove lints once not used in tests only

* fix: cargo clippy lint added on `code_size`

* fix: update path to test circuit and add step for installing solc

* chore: remove `save_solidity` steps

* fix: the borrowed expression implements the required traits

* chore: update `Cargo.toml`

* chore: remove extra `[patch.crates-io]`

* fix: update to patch at the workspace level and add comment explaining this

* refactor: correct `staticcall` with valid input/output sizes and change return syntax for pairing

* refactor: expose modules and remove `dead_code` calls

* chore: update `README.md`, add additional comments on `kzg10` template and update `groth16` template comments

* chore: be clearer on attributions on `kzg10`

---------

Co-authored-by: CPerezz <c.perezbaro@gmail.com>
Co-authored-by: arnaucube <root@arnaucube.com>

folding-schemes/src/commitment/mod.rs

@@ -0,0 +1,127 @@
+use ark_ec::CurveGroup;
+use ark_std::fmt::Debug;
+
+use crate::transcript::Transcript;
+use crate::Error;
+
+pub mod kzg;
+pub mod pedersen;
+
+/// CommitmentProver defines the vector commitment scheme prover trait.
+pub trait CommitmentProver<C: CurveGroup>: Clone + Debug {
+    type Params: Clone + Debug;
+    type Proof: Clone + Debug;
+
+    fn commit(
+        params: &Self::Params,
+        v: &[C::ScalarField],
+        blind: &C::ScalarField,
+    ) -> Result<C, Error>;
+    fn prove(
+        params: &Self::Params,
+        transcript: &mut impl Transcript<C>,
+        cm: &C,
+        v: &[C::ScalarField],
+        blind: &C::ScalarField,
+    ) -> Result<Self::Proof, Error>;
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use ark_bn254::{Bn254, Fr, G1Projective as G1};
+    use ark_crypto_primitives::sponge::{poseidon::PoseidonConfig, Absorb};
+    use ark_poly::univariate::DensePolynomial;
+    use ark_poly_commit::kzg10::{
+        Commitment as KZG10Commitment, Proof as KZG10Proof, VerifierKey, KZG10,
+    };
+    use ark_std::Zero;
+    use ark_std::{test_rng, UniformRand};
+
+    use super::kzg::{KZGProver, KZGSetup, ProverKey};
+    use super::pedersen::Pedersen;
+    use crate::transcript::{
+        poseidon::{poseidon_test_config, PoseidonTranscript},
+        Transcript,
+    };
+
+    // Computes the commitment of the two vectors using the given CommitmentProver, then computes
+    // their random linear combination, and returns it together with the proof of it.
+    fn commit_rlc_and_prove<C: CurveGroup, CP: CommitmentProver<C>>(
+        poseidon_config: &PoseidonConfig<C::ScalarField>,
+        params: &CP::Params,
+        r: C::ScalarField,
+        v_1: &[C::ScalarField],
+        v_2: &[C::ScalarField],
+    ) -> Result<(C, CP::Proof), Error>
+    where
+        <C as ark_ec::Group>::ScalarField: Absorb,
+    {
+        let cm_1 = CP::commit(params, v_1, &C::ScalarField::zero())?;
+        let cm_2 = CP::commit(params, v_2, &C::ScalarField::zero())?;
+
+        // random linear combination of the commitment and the witness (vector v)
+        let cm_3 = cm_1 + cm_2.mul(r);
+        let v_3: Vec<C::ScalarField> = v_1.iter().zip(v_2).map(|(a, b)| *a + (r * b)).collect();
+
+        let transcript = &mut PoseidonTranscript::<C>::new(poseidon_config);
+        let proof = CP::prove(params, transcript, &cm_3, &v_3, &C::ScalarField::zero()).unwrap();
+
+        Ok((cm_3, proof))
+    }
+
+    #[test]
+    fn test_homomorphic_property_using_CommitmentProver_trait() {
+        let rng = &mut test_rng();
+        let poseidon_config = poseidon_test_config::<Fr>();
+        let n: usize = 100;
+
+        // set random vector for the test
+        let v_1: Vec<Fr> = std::iter::repeat_with(|| Fr::rand(rng)).take(n).collect();
+        let v_2: Vec<Fr> = std::iter::repeat_with(|| Fr::rand(rng)).take(n).collect();
+        // set a random challenge for the random linear combination
+        let r = Fr::rand(rng);
+
+        // setup params for Pedersen & KZG
+        let pedersen_params = Pedersen::<G1>::new_params(rng, n);
+        let (kzg_pk, kzg_vk): (ProverKey<G1>, VerifierKey<Bn254>) =
+            KZGSetup::<Bn254>::setup(rng, n);
+
+        // Pedersen commit the two vectors and return their random linear combination and proof
+        let (pedersen_cm, pedersen_proof) = commit_rlc_and_prove::<G1, Pedersen<G1>>(
+            &poseidon_config,
+            &pedersen_params,
+            r,
+            &v_1,
+            &v_2,
+        )
+        .unwrap();
+
+        // KZG commit the two vectors and return their random linear combination and proof
+        let (kzg_cm, kzg_proof) =
+            commit_rlc_and_prove::<G1, KZGProver<G1>>(&poseidon_config, &kzg_pk, r, &v_1, &v_2)
+                .unwrap();
+
+        // verify Pedersen
+        let transcript_v = &mut PoseidonTranscript::<G1>::new(&poseidon_config);
+        Pedersen::<G1>::verify(&pedersen_params, transcript_v, pedersen_cm, pedersen_proof)
+            .unwrap();
+
+        // verify KZG
+        let transcript_v = &mut PoseidonTranscript::<G1>::new(&poseidon_config);
+        transcript_v.absorb_point(&kzg_cm).unwrap();
+        let challenge = transcript_v.get_challenge();
+        // verify the KZG proof using arkworks method
+        assert!(KZG10::<Bn254, DensePolynomial<Fr>>::check(
+            &kzg_vk,
+            &KZG10Commitment(kzg_cm.into_affine()),
+            challenge,
+            kzg_proof.0, // eval
+            &KZG10Proof::<Bn254> {
+                w: kzg_proof.1.into_affine(), // proof
+                random_v: None,
+            },
+        )
+        .unwrap());
+    }
+}