Add solidity verifier of the nova+cyclefold (#87)

* Add solidity verifier of the nova+cyclefold, and add method to prepare the calldata from Decider's proof. Missing conversion of the point coordinates into limbs (ark compatible) * chore: adding comments linking to the contract's signature * chore: update .gitignore * chore: add num-bigint as dev dependency * fix: work with abs path for storing generated sol code * chore: update comment * feat: solidity verifier working on single and multi-input circuits * feat: multi-input folding verification working + fixing encoding of additive identity in calldata * chore: make bigint a dependency * refactor: import utils functions from utils.rs and make them available from anywhere * chore: make utils and evm available publicly * fix: pub mod instead * chore: make relevant method public and add `get_decider_template_for_cyclefold_decider` to exported objects * solidity-verifiers: move tests to their corresponding files * small update: Cyclefold -> CycleFold at the missing places * abstract nova-cyclefold solidity verifiers tests to avoid code duplication, and abstract also the computed setup params (FS & Decider) to compute them only once for all related tests to save test time * small polish after rebase to last main branch changes * rm unneeded Option for KZGData::g1_crs_batch_points * add checks modifying z_0 & z_i to nova_cyclefold_solidity_verifier test * add light-test feature to decider_eth_circuit to use it in solidity-verifier tests without the big circuit * solidity-verifiers: groth16 template: port the fix from https://github.com/iden3/snarkjs/pull/480 & https://github.com/iden3/snarkjs/issues/479 * add print warning msg for light-test in DeciderEthCircuit * solidity-verifiers: update limbs logic to nonnative last version, parametrize limbs params solidity-verifiers: * update solidity limbs logic to last nonnative impl version, and to last u_i.x impl * parametrize limbs params * add light-test feature: replace the '#[cfg(not(test))]' by the 'light-test' feature that by default is not enabled, so when running the github actions we enable the feature 'light-tests', and then we can have a full-test that runs the test without the 'light-tests' flag, but we don't run this big test every time. The choice of a feature is to allow us to control this from other-crates tests (for example for the solidity-verifier separated crate tests, to avoid running the full heavy circuit in the solidity tests) * move solidity constants into template constants for auto compute of params * polishing * revm use only needed feature This is to avoid c depencency for c-kzg which is behind the c-kzg flag and not needed. * nova_cyclefold_decider.sol header * rearrange test helpers position, add error for min number of steps * in solidity-verifiers: 'data'->'vk/verifier key' * add From for NovaCycleFoldVerifierKey from original vks to simplify dev flow, also conditionally template the batchCheck related structs and methods from the KZG10 solidity template --------- Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
2026-01-11 08:21:37 +01:00 · 2024-04-25 11:51:59 +02:00
parent 8b233031a6
commit 97df224579
24 changed files with 1019 additions and 482 deletions
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -25,12 +25,12 @@ fn main() {
    // Fetch the exact protocol for which we need to generate the Decider verifier contract.
    let protocol = cli.protocol;
    // Fetch the protocol data passed by the user from the file.
-    let protocol_data = std::fs::read(cli.protocol_data).unwrap();
+    let protocol_vk = std::fs::read(cli.protocol_vk).unwrap();

    // Generate the Solidity Verifier contract for the selected protocol with the given data.
    create_or_open_then_write(
        &out_path,
-        &protocol.render(&protocol_data, cli.pragma).unwrap(),
+        &protocol.render(&protocol_vk, cli.pragma).unwrap(),
    )
    .unwrap();
 }
--- a/cli/src/settings.rs
+++ b/cli/src/settings.rs
@@ -1,6 +1,8 @@
 use ark_serialize::SerializationError;
 use clap::{Parser, ValueEnum};
-use solidity_verifiers::{Groth16Data, KzgData, NovaCyclefoldData, ProtocolData};
+use solidity_verifiers::{
+    Groth16VerifierKey, KZG10VerifierKey, NovaCycleFoldVerifierKey, ProtocolVerifierKey,
+};
 use std::{env, fmt::Display, path::PathBuf};

 fn get_default_out_path() -> PathBuf {
@@ -13,7 +15,7 @@ fn get_default_out_path() -> PathBuf {
 pub(crate) enum Protocol {
    Groth16,
    Kzg,
-    NovaCyclefold,
+    NovaCycleFold,
 }

 impl Display for Protocol {
@@ -22,7 +24,7 @@ impl Display for Protocol {
    }
 }

-// Would be nice to link this to the `Template` or `ProtocolData` traits.
+// Would be nice to link this to the `Template` or `ProtocolVerifierKey` traits.
 // Sadly, this requires Boxing with `dyn` or similar which would complicate the code more than is actually required.
 impl Protocol {
    pub(crate) fn render(
@@ -31,19 +33,20 @@ impl Protocol {
        pragma: Option<String>,
    ) -> Result<Vec<u8>, SerializationError> {
        match self {
-            Self::Groth16 => {
-                Ok(Groth16Data::deserialize_protocol_data(data)?.render_as_template(pragma))
-            }
+            Self::Groth16 => Ok(Groth16VerifierKey::deserialize_protocol_verifier_key(data)?
+                .render_as_template(pragma)),

-            Self::Kzg => Ok(KzgData::deserialize_protocol_data(data)?.render_as_template(pragma)),
-            Self::NovaCyclefold => {
-                Ok(NovaCyclefoldData::deserialize_protocol_data(data)?.render_as_template(pragma))
-            }
+            Self::Kzg => Ok(KZG10VerifierKey::deserialize_protocol_verifier_key(data)?
+                .render_as_template(pragma)),
+            Self::NovaCycleFold => Ok(NovaCycleFoldVerifierKey::deserialize_protocol_verifier_key(
+                data,
+            )?
+            .render_as_template(pragma)),
        }
    }
 }

-const ABOUT: &str = "A Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
+const ABOUT: &str = "A Command-Line Interface (CLI) tool to generate the Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
 ";

 const LONG_ABOUT: &str = "
@@ -68,7 +71,7 @@ const LONG_ABOUT: &str = "
 |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
 |______||______||______||______||______||______||______|

-Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
+Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0xPARC teams.

 Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.

@@ -84,7 +87,7 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
        Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
 ";
 #[derive(Debug, Parser)]
-#[command(author = "0XPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
+#[command(author = "0xPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
 #[command(propagate_version = true)]
 /// A tool to create Solidity Contracts which act as verifiers for the major Folding Schemes implemented
 /// within the `sonobe` repo.
@@ -100,9 +103,9 @@ pub(crate) struct Cli {
    /// Sets the output path for all the artifacts generated by the command.
    pub out: PathBuf,

-    #[arg(short = 'd', long)]
-    /// Sets the input path for the file containing all the data required by the protocol chosen such that the verification contract can be generated.
-    pub protocol_data: PathBuf,
+    #[arg(short = 'k', long)]
+    /// Sets the input path for the file containing the verifier key required by the protocol chosen such that the verification contract can be generated.
+    pub protocol_vk: PathBuf,

    /// Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact.
    #[arg(long, default_value=None)]