Add solidity verifier of the nova+cyclefold (#87)

* Add solidity verifier of the nova+cyclefold, and add method to prepare the calldata from Decider's proof. Missing conversion of the point coordinates into limbs (ark compatible) * chore: adding comments linking to the contract's signature * chore: update .gitignore * chore: add num-bigint as dev dependency * fix: work with abs path for storing generated sol code * chore: update comment * feat: solidity verifier working on single and multi-input circuits * feat: multi-input folding verification working + fixing encoding of additive identity in calldata * chore: make bigint a dependency * refactor: import utils functions from utils.rs and make them available from anywhere * chore: make utils and evm available publicly * fix: pub mod instead * chore: make relevant method public and add `get_decider_template_for_cyclefold_decider` to exported objects * solidity-verifiers: move tests to their corresponding files * small update: Cyclefold -> CycleFold at the missing places * abstract nova-cyclefold solidity verifiers tests to avoid code duplication, and abstract also the computed setup params (FS & Decider) to compute them only once for all related tests to save test time * small polish after rebase to last main branch changes * rm unneeded Option for KZGData::g1_crs_batch_points * add checks modifying z_0 & z_i to nova_cyclefold_solidity_verifier test * add light-test feature to decider_eth_circuit to use it in solidity-verifier tests without the big circuit * solidity-verifiers: groth16 template: port the fix from https://github.com/iden3/snarkjs/pull/480 & https://github.com/iden3/snarkjs/issues/479 * add print warning msg for light-test in DeciderEthCircuit * solidity-verifiers: update limbs logic to nonnative last version, parametrize limbs params solidity-verifiers: * update solidity limbs logic to last nonnative impl version, and to last u_i.x impl * parametrize limbs params * add light-test feature: replace the '#[cfg(not(test))]' by the 'light-test' feature that by default is not enabled, so when running the github actions we enable the feature 'light-tests', and then we can have a full-test that runs the test without the 'light-tests' flag, but we don't run this big test every time. The choice of a feature is to allow us to control this from other-crates tests (for example for the solidity-verifier separated crate tests, to avoid running the full heavy circuit in the solidity tests) * move solidity constants into template constants for auto compute of params * polishing * revm use only needed feature This is to avoid c depencency for c-kzg which is behind the c-kzg flag and not needed. * nova_cyclefold_decider.sol header * rearrange test helpers position, add error for min number of steps * in solidity-verifiers: 'data'->'vk/verifier key' * add From for NovaCycleFoldVerifierKey from original vks to simplify dev flow, also conditionally template the batchCheck related structs and methods from the KZG10 solidity template --------- Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
2026-01-08 15:01:30 +01:00 · 2024-04-25 11:51:59 +02:00
parent 8b233031a6
commit 97df224579
24 changed files with 1019 additions and 482 deletions
--- a/cli/README.md
+++ b/cli/README.md
@@ -1,26 +1,6 @@
 # Solidity Verifiers CLI
-                                    _____  ______  ______  ______  ______  ______  ______ 
-                                    | |__| || |__| || |__| || |__| || |__| || |__| || |__| |
-                                    |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
-                                    |______||______||______||______||______||______||______|
-                                    ______                                          ______ 
-                                    | |__| |   ____        _ _     _ _ _            | |__| |
-                                    |  ()  |  / ___|  ___ | (_) __| (_) |_ _   _    |  ()  |
-                                    |______|  \___ \ / _ \| | |/ _` | | __| | | |   |______|
-                                    ______    ___) | (_) | | | (_| | | |_| |_| |    ______ 
-                                    | |__| |  |____/ \___/|_|_|\__,_|_|\__|\__, |   | |__| |
-                                    |  ()  |  __     __        _  __ _     |___/    |  ()  |
-                                    |______|  \ \   / /__ _ __(_)/ _(_) ___ _ __    |______|
-                                    ______    \ \ / / _ \ '__| | |_| |/ _ \ '__|    ______ 
-                                    | |__| |    \ V /  __/ |  | |  _| |  __/ |      | |__| |
-                                    |  ()  |     \_/ \___|_|  |_|_| |_|\___|_|      |  ()  |
-                                    |______|                                        |______|
-                                    ______  ______  ______  ______  ______  ______  ______ 
-                                    | |__| || |__| || |__| || |__| || |__| || |__| || |__| |
-                                    |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
-                                    |______||______||______||______||______||______||______|

-Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
+Solidity Verifiers CLI is a Command-Line Interface (CLI) tool to generate the Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0xPARC teams.

 Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.

@@ -34,7 +14,7 @@ Solidity Verifier currently supports the generation of Solidity smart contracts

 - **KZG:**
  - Uses the Kate-Zaverucha-Goldberg polynomial commitment scheme.
-  - Example credit: [weijiekoh - KZG10 Verifier Contract](https://github.com/weijiekoh/libkzg/blob/master/sol/KZGVerifier.sol)
+  - Template credit: [weijiekoh - KZG10 Verifier Contract](https://github.com/weijiekoh/libkzg/blob/master/sol/KZGVerifier.sol)

 - **Nova + CycleFold Decider:**
  - Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
@@ -43,19 +23,19 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
 ## Usage

 ```bash
-solidity-verifiers-cli [OPTIONS] -p <PROTOCOL> -d <PROTOCOL_DATA> -o <OUTPUT_PATH>
+solidity-verifiers-cli [OPTIONS] -p <PROTOCOL> -k <PROTOCOL_VK> -o <OUTPUT_PATH>
 ```

 A real use case (which was used to test the tool itself):
-`solidity-verifiers-cli -p groth16 -d ./solidity-verifiers/assets/G16_test_vk_data`
-This would generate a Groth16 verifier contract for the given G16 data (which consists on the G16_Vkey only) and store this contract in `$pwd`.
+`solidity-verifiers-cli -p groth16 -k ./solidity-verifiers/assets/G16_test_vk`
+This would generate a Groth16 verifier contract for the given G16 verifier key (which consists on the G16_Vk only) and store this contract in `$pwd`.

 ### Options:
    -v, --verbose: Increase logging verbosity
    -q, --quiet: Decrease logging verbosity
    -p, --protocol <PROTOCOL>: Selects the protocol for which to generate the Decider circuit Solidity Verifier (possible values: groth16, kzg, nova-cyclefold)
    -o, --out <OUT>: Sets the output path for all generated artifacts
-    -d, --protocol-data <PROTOCOL_DATA>: Sets the input path for the file containing all the data required by the chosen protocol for verification contract generation
+    -k, --protocol-vk <PROTOCOL_VK>: Sets the input path for the file containing the verifier key required by the protocol chosen such that the verification contract can be generated.
    --pragma <PRAGMA>: Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact
    -h, --help: Print help (see a summary with '-h')
    -V, --version: Print version
@@ -66,6 +46,3 @@ Solidity Verifier CLI is released under the MIT license, but notice that the Sol
 ## Contributing
 Feel free to explore, use, and contribute to Solidity Verifiers CLI as we strive to enhance privacy and scalability in the blockchain space!
 We welcome contributions to Solidity Verifiers CLI! If you encounter any issues, have feature requests, or want to contribute to the codebase, please check out the GitHub repository and follow the guidelines outlined in the contributing documentation.
-
-
-
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -25,12 +25,12 @@ fn main() {
    // Fetch the exact protocol for which we need to generate the Decider verifier contract.
    let protocol = cli.protocol;
    // Fetch the protocol data passed by the user from the file.
-    let protocol_data = std::fs::read(cli.protocol_data).unwrap();
+    let protocol_vk = std::fs::read(cli.protocol_vk).unwrap();

    // Generate the Solidity Verifier contract for the selected protocol with the given data.
    create_or_open_then_write(
        &out_path,
-        &protocol.render(&protocol_data, cli.pragma).unwrap(),
+        &protocol.render(&protocol_vk, cli.pragma).unwrap(),
    )
    .unwrap();
 }
--- a/cli/src/settings.rs
+++ b/cli/src/settings.rs
@@ -1,6 +1,8 @@
 use ark_serialize::SerializationError;
 use clap::{Parser, ValueEnum};
-use solidity_verifiers::{Groth16Data, KzgData, NovaCyclefoldData, ProtocolData};
+use solidity_verifiers::{
+    Groth16VerifierKey, KZG10VerifierKey, NovaCycleFoldVerifierKey, ProtocolVerifierKey,
+};
 use std::{env, fmt::Display, path::PathBuf};

 fn get_default_out_path() -> PathBuf {
@@ -13,7 +15,7 @@ fn get_default_out_path() -> PathBuf {
 pub(crate) enum Protocol {
    Groth16,
    Kzg,
-    NovaCyclefold,
+    NovaCycleFold,
 }

 impl Display for Protocol {
@@ -22,7 +24,7 @@ impl Display for Protocol {
    }
 }

-// Would be nice to link this to the `Template` or `ProtocolData` traits.
+// Would be nice to link this to the `Template` or `ProtocolVerifierKey` traits.
 // Sadly, this requires Boxing with `dyn` or similar which would complicate the code more than is actually required.
 impl Protocol {
    pub(crate) fn render(
@@ -31,19 +33,20 @@ impl Protocol {
        pragma: Option<String>,
    ) -> Result<Vec<u8>, SerializationError> {
        match self {
-            Self::Groth16 => {
-                Ok(Groth16Data::deserialize_protocol_data(data)?.render_as_template(pragma))
-            }
+            Self::Groth16 => Ok(Groth16VerifierKey::deserialize_protocol_verifier_key(data)?
+                .render_as_template(pragma)),

-            Self::Kzg => Ok(KzgData::deserialize_protocol_data(data)?.render_as_template(pragma)),
-            Self::NovaCyclefold => {
-                Ok(NovaCyclefoldData::deserialize_protocol_data(data)?.render_as_template(pragma))
-            }
+            Self::Kzg => Ok(KZG10VerifierKey::deserialize_protocol_verifier_key(data)?
+                .render_as_template(pragma)),
+            Self::NovaCycleFold => Ok(NovaCycleFoldVerifierKey::deserialize_protocol_verifier_key(
+                data,
+            )?
+            .render_as_template(pragma)),
        }
    }
 }

-const ABOUT: &str = "A Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
+const ABOUT: &str = "A Command-Line Interface (CLI) tool to generate the Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
 ";

 const LONG_ABOUT: &str = "
@@ -68,7 +71,7 @@ const LONG_ABOUT: &str = "
 |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
 |______||______||______||______||______||______||______|

-Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
+Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0xPARC teams.

 Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.

@@ -84,7 +87,7 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
        Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
 ";
 #[derive(Debug, Parser)]
-#[command(author = "0XPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
+#[command(author = "0xPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
 #[command(propagate_version = true)]
 /// A tool to create Solidity Contracts which act as verifiers for the major Folding Schemes implemented
 /// within the `sonobe` repo.
@@ -100,9 +103,9 @@ pub(crate) struct Cli {
    /// Sets the output path for all the artifacts generated by the command.
    pub out: PathBuf,

-    #[arg(short = 'd', long)]
-    /// Sets the input path for the file containing all the data required by the protocol chosen such that the verification contract can be generated.
-    pub protocol_data: PathBuf,
+    #[arg(short = 'k', long)]
+    /// Sets the input path for the file containing the verifier key required by the protocol chosen such that the verification contract can be generated.
+    pub protocol_vk: PathBuf,

    /// Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact.
    #[arg(long, default_value=None)]