Onchain decider circuit for Protogalaxy (#145)

* Move r1cs and ccs to standalone folders * Simplify type bounds of SparseMatrixVar * Implement `EquivalenceGadget` trait for `FpVar` and `NonNativeUintVar`. Together with the existing `MatrixGadget` and `VectorGadget`, we can now use the same logic for checking R1CS satisfiability of `R1CSVar` both natively and non-natively. * Simplify trait bounds * Implement `ArithGadget` for `R1CSMatricesVar` and `CCSMatricesVar` * `PedersenGadget::commit` now takes slices as input * Structs for proofs and auxiliary values in protogalaxy * `u` in LCCCS should be `z[0]` * `Inputize` trait * Generic decider circuits * Verifier should check the commitments in committed instances * Update the comments according to the new docs * Fix examples * Add `DeciderEnabledNIFS::fold_group_elements_native` to wrap code for folding commitments * Fix incorrect endian * Format * Get rid of `unwrap` when possible
2026-01-10 16:01:35 +01:00 · 2024-11-04 17:34:50 +08:00
parent 6d8f297f11
commit b812dd66df
46 changed files with 2735 additions and 2408 deletions
--- a/solidity-verifiers/src/utils/mod.rs
+++ b/solidity-verifiers/src/utils/mod.rs
@@ -22,7 +22,7 @@ pub fn get_function_selector_for_nova_cyclefold_verifier(
    first_param_array_length: usize,
 ) -> [u8; 4] {
    let mut hasher = Sha3::keccak256();
-    let fn_sig = format!("verifyNovaProof(uint256[{}],uint256[4],uint256[3],uint256[4],uint256[4],uint256[2],uint256[2][2],uint256[2],uint256[4],uint256[2][2])", first_param_array_length);
+    let fn_sig = format!("verifyNovaProof(uint256[{}],uint256[4],uint256[2],uint256[3],uint256[2],uint256[2][2],uint256[2],uint256[4],uint256[2][2])", first_param_array_length);
    hasher.input_str(&fn_sig);
    let hash = &mut [0u8; 32];
    hasher.result(hash);
--- a/solidity-verifiers/src/verifiers/nova_cyclefold.rs
+++ b/solidity-verifiers/src/verifiers/nova_cyclefold.rs
@@ -153,9 +153,12 @@ mod tests {

    use folding_schemes::{
        commitment::{kzg::KZG, pedersen::Pedersen},
-        folding::nova::{
-            decider_eth::{prepare_calldata, Decider as DeciderEth},
-            Nova, PreprocessorParam,
+        folding::{
+            nova::{
+                decider_eth::{prepare_calldata, Decider as DeciderEth},
+                Nova, PreprocessorParam,
+            },
+            traits::CommittedInstanceOps,
        },
        frontend::FCircuit,
        transcript::poseidon::poseidon_canonical_config,
@@ -366,7 +369,6 @@ mod tests {
        n_steps: usize,
    ) {
        let (decider_pp, decider_vp) = decider_params;
-        let pp_hash = fs_params.1.pp_hash().unwrap();

        let f_circuit = FC::new(()).unwrap();

@@ -389,8 +391,8 @@ mod tests {
            nova.i,
            nova.z_0.clone(),
            nova.z_i.clone(),
-            &nova.U_i,
-            &nova.u_i,
+            &nova.U_i.get_commitments(),
+            &nova.u_i.get_commitments(),
            &proof,
        )
        .unwrap();
@@ -401,7 +403,6 @@ mod tests {

        let calldata: Vec<u8> = prepare_calldata(
            function_selector,
-            pp_hash,
            nova.i,
            nova.z_0,
            nova.z_i,