* change: CircomWrapper constructor to use raw bytes
* chore: tmp update to latest circom-compat
* feat: Introduce PathOrBin to support in-browser CircomWrapper usage
This changes the associated type `Params` of the `CircomFCircuit` to use
the newly created `PathOrBin` type.
This allows the user of the lib to directly send the binary of the files
already read or instead, provide a path to it and let `sonobe` do the
work.
With this, Circom should be already usable from the browser if we allow
JS to take care of reading the `.wasm` and `.r1cs` files.
* feat: Introduce PathOrBin to support in-browser NoirFCircuit usage
This commit temporarilly stands on top of
https://github.com/dmpierre/arkworks_backend/pull/1 referenced as `rev`.
This changes the associated type `Params` of the `CircomFCircuit` to use
the newly created `PathOrBin` type.
This allows the user of the lib to directly send the binary of the files
already read or instead, provide a path to it and let `sonobe` do the
work.
With this, Noir should be already usable from the browser if we allow
JS to take care of reading the `circuit.json` files
* chore: Update deps to branch instead of `rev`
* fix: use PathOrBin in examples
* fix: clippy
* fix: read file length for initializing vec size
---------
Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
* fix: Use `target_pointer_size` conditional compilation
There are some parts of the code where is needed to de/serialze
`usize`s. These, have sizes that vary depending on the target
achitecture the code is compiled for.
Hence, this adapts the de/serialization to the specific pointer size for
which the crate is being compiled to.
* change: Support WASM-compatibility and polish Cargo.toml
In order to support Wasm-compat and to simplify and improve `Cargo.toml`
readability, the follwing changes have been made:
- All the deps that can use `parallel` feature, do so. As `rayon`
supports non-threaded targets with a fallback option. See: https://docs.rs/rayon-core/1.12.1/rayon_core/index.html#global-fallback-when-threading-is-unsupported
- `ark-grumpking` has been brought to `0.5.0-alpha.0` as `0.4.0` appears
to not be in `crates.io` anymore. See: https://crates.io/crates/ark-grumpkin/versions
- By default, the crate uses `"ark-circom/default"` which selects the
`wasmer/sys` feature such that it knows where wasmer is
suposed to be run`.
- Added a `wasm` feature which forces `ark-circom/wasm` to be used
instead. Which internally selects the `wasmer/js` backend to be used
such that in-browser execution is possible.
- Added `getrandom` with `js` feature as dependency when `wasm32-unknown-unknown` target is selected such
that compilation of the crate for testing or simply building is possible. Notice that with `wasi` and other wasm targets,
this is not the case as they're automatically supported.
For more info, please check: https://docs.rs/getrandom/latest/getrandom/#webassembly-support
* feat: Support WASM-compatibility tests in CI
Add support for both testing the build of `sonobe/folding-schemes` for
WASM-targets and also, it's build as a dependency for a WASM-crate.
This includes a build job for the three main supported rust-WASM targets
and the same but for a thrid crate creted on-the-fly which uses
`sonobe/folding-schemes` as a dependency.
* chore: Add README docs about WASM-compat & feats
* ci: don't run WASM-compat job if PR is draft
* chore: depend on `arnaucube/circom-compat` fork.
Since https://github.com/arnaucube/circom-compat/pull/2 was merged, we
can already switch to it as we were depending before.
* chore: minimal build/test instructions
* fix: CI typos
* fix: Update CI to use correct feature sets
* fix: `ark-grumpkin` versioning issues
As mentioned in
https://github.com/privacy-scaling-explorations/sonobe/issues/146
there's a big issue that involves some dependencies of the crate.
As a temporary fix, this forces the workspace to rely on a
"non-existing" version of `ark-grumpkin` which is immediately patched at
workspace-level for a custom version that @arnaucube owns with some
cherry-picked commits.
While this allows the CI to pass and crate to build, a better solution
is needed.
* fix: Clippy CI avoiding --all-targets
* fix: use `wasm` feat only with folding-schemes
* feat: add noname as a frontend to sonobe
fix: remove extra `rng` usage
Co-authored-by: Carlos Pérez <37264926+CPerezz@users.noreply.github.com>
* Update README.md
Co-authored-by: arnaucube <root@arnaucube.com>
* chore: move ark-noname to dev dependencies in solidity-verifiers cargo
---------
Co-authored-by: Carlos Pérez <37264926+CPerezz@users.noreply.github.com>
Co-authored-by: arnaucube <root@arnaucube.com>
- implement hash of public params for Nova & HyperNova
- abstract pp_hash computation for folding schemes
- add pp_hash to solidity contract generator to verify the decider proof
* refactor test of compute_c circuit to use multiple lcccs&cccs instances
* refactor hypernova's compute_c circuit to reduce from `110635` to `553` constraints
* fix: change circom fcircuit to extract indexes of inputs and add keccak satisfaction test
* fix: disable wire mapping when loading r1cs
* chore: update .gitignore and compile.sh
* fix: use fixed circom-compat branch
* fix: use slice rather than vec ref
* chore: add keccak-chain circom
* chore: trigger checks
* fix: make typos check circom files names but not their content
* chore: remove keccak, add tests with more lightweight circom templates, test that circom circuits correctly result in Ok and Err when needed
* chore: trigger checks
* fix: re-add circuit for full flow example, change naming
* chore: comment with link to issue 104, disable constraints check
* chore: remove `full_flow_example` from the examples and its
corresponding circom circuit
* chore: update `circom-compat` repo
* chore: clippy
* chore: stop excluding circom files from typos checker
* chore: remove changes on `typos.toml`
---------
Co-authored-by: arnaucube <root@arnaucube.com>
* Add solidity verifier of the nova+cyclefold, and add method to prepare the calldata from Decider's proof. Missing conversion of the point coordinates into limbs (ark compatible)
* chore: adding comments linking to the contract's signature
* chore: update .gitignore
* chore: add num-bigint as dev dependency
* fix: work with abs path for storing generated sol code
* chore: update comment
* feat: solidity verifier working on single and multi-input circuits
* feat: multi-input folding verification working + fixing encoding of additive identity in calldata
* chore: make bigint a dependency
* refactor: import utils functions from utils.rs and make them available from anywhere
* chore: make utils and evm available publicly
* fix: pub mod instead
* chore: make relevant method public and add `get_decider_template_for_cyclefold_decider` to exported objects
* solidity-verifiers: move tests to their corresponding files
* small update: Cyclefold -> CycleFold at the missing places
* abstract nova-cyclefold solidity verifiers tests to avoid code duplication, and abstract also the computed setup params (FS & Decider) to compute them only once for all related tests to save test time
* small polish after rebase to last main branch changes
* rm unneeded Option for KZGData::g1_crs_batch_points
* add checks modifying z_0 & z_i to nova_cyclefold_solidity_verifier test
* add light-test feature to decider_eth_circuit to use it in solidity-verifier tests without the big circuit
* solidity-verifiers: groth16 template: port the fix from https://github.com/iden3/snarkjs/pull/480 & https://github.com/iden3/snarkjs/issues/479
* add print warning msg for light-test in DeciderEthCircuit
* solidity-verifiers: update limbs logic to nonnative last version, parametrize limbs params
solidity-verifiers:
* update solidity limbs logic to last nonnative impl version, and to
last u_i.x impl
* parametrize limbs params
* add light-test feature: replace the '#[cfg(not(test))]' by the
'light-test' feature that by default is not enabled, so when running
the github actions we enable the feature 'light-tests', and then we can
have a full-test that runs the test without the 'light-tests' flag, but
we don't run this big test every time. The choice of a feature is to
allow us to control this from other-crates tests (for example for the
solidity-verifier separated crate tests, to avoid running the full heavy
circuit in the solidity tests)
* move solidity constants into template constants for auto compute of params
* polishing
* revm use only needed feature
This is to avoid c depencency for c-kzg which is behind the c-kzg flag
and not needed.
* nova_cyclefold_decider.sol header
* rearrange test helpers position, add error for min number of steps
* in solidity-verifiers: 'data'->'vk/verifier key'
* add From for NovaCycleFoldVerifierKey from original vks to simplify dev flow, also conditionally template the batchCheck related structs and methods from the KZG10 solidity template
---------
Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
* Add a dedicated variant of `mat_vec_mul_sparse` for `NonNativeFieldVar`
* Switch to a customized in-circuit nonnative implementation for efficiency
* Comments and tests for `NonNativeUintVar`
* Make `CycleFoldCircuit` a bit smaller
* Faster trusted setup and proof generation by avoiding some nested LCs
* Check the remaining limbs in a more safe way
* Format
* Disable the non-native checks in tests again
* Clarify the group operation in `enforce_equal_unaligned`
* Explain the rationale behind non-native mat-vec multiplication
* Explain the difference with some other impls of `enforce_equal_unaligned`
* Format
* initial
* improved z_i
* improved
* Redefined the .circom and the test code for CircomWrapper
* added test function for wrapper_circuit which has circom_fcircuit, but incompatibility error of Pairing and Pallas
* changed the path in the gitignore
* Remove circom generated path
* improved variable vector
* Pallas::Fr
* improved to the primefield
* mentioned the issues:1. extract z_i1(only public output) 2.constraintsSystem and its Ref
* modified
* public input in circom
* generalized; removed the hardcorded value
* Generalization using FpVar::<Fr>::new_input
* initial
* improved z_i
* improved
* Redefined the .circom and the test code for CircomWrapper
* added test function for wrapper_circuit which has circom_fcircuit, but incompatibility error of Pairing and Pallas
* Remove circom generated path
* improved variable vector
* Pallas::Fr
* improved to the primefield
* mentioned the issues:1. extract z_i1(only public output) 2.constraintsSystem and its Ref
* modified
* Small updates:
- update cubic_circuit.circom: remove extra constraint, remove public
inputs
- remove allocations of inputs in arkworks
- add return of z_{i+1} at the end of CircomtoFCircuit::generate_step_constraints
With this tmp fix the `test_circom_step_constraints` passes, but needs to be iterated and polished.
* Update circom-compat to re-allocate inputs
* update after rebase to latest main: add usage of self.state_len() to circom frontend
* move circom frontend related structs into frontend/circom dir
* clippy lints
* extract_witness
* add comments
* clean
* fmt, lint, and spell
* CI Check trigger
* fmt
* applied the feedback
---------
Co-authored-by: Y5 <76672645+yugonsan@users.noreply.github.com>
Co-authored-by: arnaucube <root@arnaucube.com>
* Compute Decider's CM challenges in Groth16 circuit, link G16 & KZG proofs in Onchain Decider, refactor CommitmentScheme trait
- Refactor commitment package
- Refactor `Commitment` trait and the kzg, ipa, pedersen impls
- Add methods to prove & verify given challenges (not computing them in-method)
- Add KZG challenges computation in decider_eth_circuit
- Add cmE & cmW KZG proving & verification in DeciderEth
- Link Decider's Groth16 proof & KZG proofs data
- Fix point to bytes arkworks inconsistency
- Patch ark_curves to use a cherry-picked version with bn254::constraints & grumpkin for v0.4.0 (once arkworks v0.5.0 is released this will no longer be needed)
* DeciderEthCircuit: Add check eval=p(c) for E & W
The check is temporary disabled due
https://github.com/privacy-scaling-explorations/folding-schemes/issues/80,
but the public inputs and logic are there, to be able to continue the
other parts development while issue #80 is solved.
* change: Refactor structure into workspace
* chore: Add empty readme
* change: Transform repo into workspace
* add: Create folding-verifier-solidity crate
* add: Include askama.toml for `sol` extension escaper
* add: Jordi's old Groth16 verifier .sol template and adapt it
* tmp: create simple template struct to test
* Update FoldingSchemes trait, fit Nova+CycleFold
- update lib.rs's `FoldingScheme` trait interface
- fit Nova+CycleFold into the `FoldingScheme` trait
- refactor `src/nova/*`
* chore: add serialization assets for testing
Now we include an `assets` folder with a serialized proof & vk for tests
* Add `examples` dir, with Nova's `FoldingScheme` example
* polishing
* expose poseidon_test_config outside tests
* change: Refactor structure into workspace
* chore: Add empty readme
* change: Transform repo into workspace
* add: Create folding-verifier-solidity crate
* add: Include askama.toml for `sol` extension escaper
* add: Jordi's old Groth16 verifier .sol template and adapt it
* tmp: create simple template struct to test
* feat: templating kzg working
* chore: add emv and revm
* feat: start evm file
* chore: add ark-poly-commit
* chore: move `commitment` to `folding-schemes`
* chore: update `.gitignore` to ignore generated contracts
* chore: update template with bn254 lib on it (avoids import), update for loop to account for whitespaces
* refactor: update template with no lib
* feat: add evm deploy code, compile and create kzg verifier
* chore: update `Cargo.toml` to have `folding-schemes` available with verifiers
* feat: start kzg prove and verify with sol
* chore: compute crs from kzg prover
* feat: evm kzg verification passing
* tmp
* change: Swap order of G2 coordinates within the template
* Update way to serialize proof with correct order
* chore: update `Cargo.toml`
* chore: add revm
* chore: add `save_solidity`
* refactor: verifiers in dedicated mod
* refactor: have dedicated `utils` module
* chore: expose modules
* chore: update verifier for kzg
* chore: rename templates
* fix: look for binary using also name of contract
* refactor: generate groth16 proof for sha256 pre-image, generate groth16 template with verifying key
* chore: template renaming
* fix: switch circuit for circuit that simply adds
* feat: generates test data on the fly
* feat: update to latest groth16 verifier
* refactor: rename folder, update `.gitignore`
* chore: update `Cargo.toml`
* chore: update templates extension to indicate that they are templates
* chore: rename templates, both files and structs
* fix: template inheritance working
* feat: template spdx and pragma statements
* feat: decider verifier compiles, update test for kzg10 and groth16 templates
* feat: parameterize which size of the crs should be stored on the contract
* chore: add comment on how the groth16 and kzg10 proofs will be linked together
* chore: cargo clippy run
* chore: cargo clippy tests
* chore: cargo fmt
* refactor: remove unused lifetime parameter
* chore: end merge
* chore: move examples to `folding-schemes` workspace
* get latest main changes
* fix: temp fix clippy warnings, will remove lints once not used in tests only
* fix: cargo clippy lint added on `code_size`
* fix: update path to test circuit and add step for installing solc
* chore: remove `save_solidity` steps
* fix: the borrowed expression implements the required traits
* chore: update `Cargo.toml`
* chore: remove extra `[patch.crates-io]`
* fix: update to patch at the workspace level and add comment explaining this
* refactor: correct `staticcall` with valid input/output sizes and change return syntax for pairing
* refactor: expose modules and remove `dead_code` calls
* chore: update `README.md`, add additional comments on `kzg10` template and update `groth16` template comments
* chore: be clearer on attributions on `kzg10`
---------
Co-authored-by: CPerezz <c.perezbaro@gmail.com>
Co-authored-by: arnaucube <root@arnaucube.com>
* Add Decider impl for Nova onchain
Add Decider impl for Nova onchain.
Update also the Decider trait.
Nova onchain decider: (compressed SNARK / final proof), in order to
later verify the Nova+CycleFold proofs onchain (in Ethereum’s EVM).
* PR review updates and few other changes
* Add KZG commitment scheme adapted to vector commitment
Add KZG commitment scheme adapted to vector commitment
Also move the `src/pedersen.rs` into `src/commitment/pedersen.rs` where
it will coexist with `kzg.rs` and the trait defined in
`src/commitment/mod.rs`.
* Adapt Pedersen into the new CommitmentProver trait
* add CommitmentProver (Pedersen&KZG) homomorphic property test
* polishing
* Use divide_with_q_and_r, rename skip_first_zero_coeffs
Co-authored-by: han0110 <tinghan0110@gmail.com>
---------
Co-authored-by: han0110 <tinghan0110@gmail.com>
Port ProtoGalaxy initial version from
https://github.com/arnaucube/protogalaxy-poc adapting it to the current
folding-schemes lib, which is a first iteration that implements the
Lagrange-basis version from
[ProtoGalaxy](https://eprint.iacr.org/2023/1106) folding scheme. There
are some pending optimizations, but is a first step towards integrating
ProtoGalaxy in the library.
* impl AugmentedFCircuit non-base case
* add multiple iterations to AugmentedFCircuit test
* implement base case on AugmentedFCircuit and test
* Update cmE of E=0-vec to work as zero point
Update cmE of E=0-vec to work as zero point instead of as cm(0-vec)
* patch r1cs-std dep to a cherry-picked version with the zero-scalar-mult fix
* refactor FCircuit to make it more suitable inside the AugmentedFCircuit
* r1cs_parser
* z vector calculation
* test function done
* improved
* Brushuped
* add comment
* Added description of test_circuit
* found mistake
* fixed cargo.toml
* Imported ark-circom as crate
* improved l in R1CS as the number of public I/O
* separate test functions into success/failure and unify variable to pub_io_len
* removed bn254 & abstracted to PrimeField, but still some work
* add comments and clean up code
* move ark-bn254 in dev-dependencies
* abstracted test function
* fixed github action's error
* cargo fmt
* remove convert_constraints_bigint_to_scalar function
* fixed n_cols
* fixed n_cols
* Add functionality to compile Circom files in tests
* Remove test_circuit.r1cs
* Introduce CircomFrontend trait and simplify with CircomWrapper struct
* deleted the CircomFrontend
* improved
* fixed clippy lint checks of github actions
* probably fixed github actions error by changing the github yaml
* fixed github yaml, fmt, and clippy
---------
Co-authored-by: Carlos Pérez <37264926+CPerezz@users.noreply.github.com>
* Port HyperNova's multifolding from https://github.com/privacy-scaling-explorations/multifolding-poc adapting and refactoring some of its methods and structs.
Note: adapted mle.rs methods from dense to sparse repr.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
* HyperNova: move CCS struct outside of LCCCS & CCCS
HyperNova nimfs: move CCS structure outside of LCCCS & CCCS, to avoid
carrying around the whole CCS and duplicating data when is not needed.
Also add feature flags for the folding schemes.
---------
Co-authored-by: George Kadianakis <desnacked@riseup.net>
- Add naive decider circuit `RelaxedR1CSGadget`, which in-circuit checks
that the given z satisfies the given RelaxedR1CS instance
- Add method to relax the R1CS instance
- Add check_relation (for testing only) to R1CS & RelaxedR1CS
- Migrate from own SparseMatrix to use ark_relations::r1cs::Matrix
- Add frontend helper to use arkworks circuits
* Implement Nova's NIFS.Verify circuits (with CycleFold)
- Add circuit for NIFS.Verify on the main curve to check the folded `u`
& `x`
- Add circuit for NIFS.Verify on the CycleFold's auxiliary curve to
check the folded `cm(E)` & `cm(W)`
- Add transcript.get_challenge_nbits
- Add tests for utils::vec.rs
* replace bls12-377 & bw6-761 by pallas & vesta curves (only affects tests)
We will use pallas & vesta curves (for tests only, the non-tests code
uses generics) for the logic that does not require pairings, and while
Grumpkin is not available
(https://github.com/privacy-scaling-explorations/folding-schemes/issues/12).
* update links to papers to markdown style
Port Espresso/hyperplonk's `virtualpolynomial`, `multilinearpolynomial`
and `sum_check` utils from
https://github.com/EspressoSystems/hyperplonk/tree/main
Each file contains the reference to the original file.
Porting it into a subdirectory `src/utils/espresso`, to have it
self-contained. In future iterations we might replace part of it but we
can keep focusing on the folding schemes part for now.
* feat: draft traits `FoldingScheme` and `Decider`
Co-authored-by: arnaucube <root@arnaucube.com>
* Add Transcript trait, with PoseidonTranscript impl (#1)
Add also the PoseidonTranscriptVar (gadget).
* Update FoldingScheme trait to take C1 & C2 as params (#2)
* Update FoldingScheme trait to take C1 & C2 as params
Update FoldingScheme trait to take C1 & C2 as params which are used by
the diverse folding schemes as a cycle of curves.
* Add constraint to FoldingScheme C1,C2 fields swap.
Co-authored-by: Han <tinghan0110@gmail.com>
---------
Co-authored-by: Han <tinghan0110@gmail.com>
* move transcript to it's own mod
---------
Co-authored-by: han0110 <tinghan0110@gmail.com>
arnaucube
Carlos Pérez
Pierre
Ahmad Afuni
winderica
yugocabrio
Y5
arnaucube
Han