* Move r1cs and ccs to standalone folders
* Simplify type bounds of SparseMatrixVar
* Implement `EquivalenceGadget` trait for `FpVar` and `NonNativeUintVar`.
Together with the existing `MatrixGadget` and `VectorGadget`, we can now use the same logic for checking R1CS satisfiability of `R1CSVar` both natively and non-natively.
* Simplify trait bounds
* Implement `ArithGadget` for `R1CSMatricesVar` and `CCSMatricesVar`
* `PedersenGadget::commit` now takes slices as input
* Structs for proofs and auxiliary values in protogalaxy
* `u` in LCCCS should be `z[0]`
* `Inputize` trait
* Generic decider circuits
* Verifier should check the commitments in committed instances
* Update the comments according to the new docs
* Fix examples
* Add `DeciderEnabledNIFS::fold_group_elements_native` to wrap code for folding commitments
* Fix incorrect endian
* Format
* Get rid of `unwrap` when possible
* Adding Mova
Co-Authored-By: Togzhan Barakbayeva <45527668+btogzhan2000@users.noreply.github.com>
Co-Authored-By: Ilia Vlasov <5365540+elijahvlasov@users.noreply.github.com>
Co-Authored-By: matthew-a-klein <96837318+matthew-a-klein@users.noreply.github.com>
* Fix CLI
* Updated from main
* Solution to stop the CLI from complaining about deadcode
PR comment
Co-authored-by: arnaucube <root@arnaucube.com>
* Requested changes and update from main
* Refactor NIFSTrait & port Mova impl to it
* refactor NIFSTrait interface to fit Nova variants (Nova,Mova,Ova)
Refactor NIFSTrait interface to fit Nova variants (Nova,Mova,Ova). The relevant
change is instead of passing the challenge as input, now it passes the
transcript and computes the challenges internally (Nova & Ova still compute a
single challenge, but Mova computes multiple while absorbing at different
steps).
* port Mova impl to the NIFSTrait
* remove unnecessary wrappers in the nova/zk.rs
* remove Nova NIFS methods that are no longer needed after the refactor
* put together the different NIFS implementations (Nova, Mova, Ova) so
that they can interchanged at usage.
The idea is that Nova and its variants (Ova & Mova) share most of the
logic for the circuits & IVC & Deciders, so with the abstracted NIFS
interface we will be able to reuse most of the already existing Nova
code for having the Mova & Ova circuits, IVC, and Decider.
* adapt Nova's DeciderEth prepare_calldata & update examples to it
* small update to fix solidity tests
---------
Co-authored-by: Togzhan Barakbayeva <45527668+btogzhan2000@users.noreply.github.com>
Co-authored-by: Ilia Vlasov <5365540+elijahvlasov@users.noreply.github.com>
Co-authored-by: matthew-a-klein <96837318+matthew-a-klein@users.noreply.github.com>
Co-authored-by: arnaucube <root@arnaucube.com>
Co-authored-by: arnaucube <git@arnaucube.com>
This saves several minutes (and MBs of data) on compilation time both
when running tests in this repo, but also when using the sonobe lib as a
dependency in external repos.
* feat: enable hiding commitments in nova and hypernova
* fix: set blinding values for witness vector
* fix: remove cloning of the cyclefold running instance
* fix: do not re-use blinding values between prove steps
* fix: specify whether the witness should use blinding values using a
const generic
* feat: create a `dummy` method for nova witnesses as well
* chore: clippy - removed unused imports
- Adds the logic to support multi-instances folding in HyperNova's
AugmentedFCircuit & IVC.
- Adds also methods to generate new LCCCS & CCCS instances that don't
depend on the main folding chain, to be folded in in the next step
- Updates CycleFold circuit & methods to work other folding schemes than
Nova, adapting it to fold multiple points per circuit (instead of
2-to-1 as till now)
- Handle multi-instances folding in the FoldingScheme trait
interface, which expects 'None' in Nova, and 'Some' in HyperNova &
other multi-folding schemes.
* feat: add noname as a frontend to sonobe
fix: remove extra `rng` usage
Co-authored-by: Carlos Pérez <37264926+CPerezz@users.noreply.github.com>
* Update README.md
Co-authored-by: arnaucube <root@arnaucube.com>
* chore: move ark-noname to dev dependencies in solidity-verifiers cargo
---------
Co-authored-by: Carlos Pérez <37264926+CPerezz@users.noreply.github.com>
Co-authored-by: arnaucube <root@arnaucube.com>
* Remove the trait bound `C::BaseField: PrimeField` for better DX
* Methods in `TranscriptVar` now exactly matches the ones in `Transcript`
* Add `ProtoGalaxyTranscriptVar` and `CommittedInstanceVar` for protogalaxy
* betas are unnecessary in "plain" (incoming) instances
* Absorb the result of `get_challenge_nbits` as well
* `ProtoGalaxyTranscript` now allows absorbing mulitple instances
* Always return `Result<(), SynthesisError>` in `ProtoGalaxyTranscriptVar`
* Impl `Transcript{Var}` for `PoseidonSponge{Var}` directly and remove `PoseidonTranscript{Var}`
* `Transcript::absorb_point` doesn't need to return `Error`
* Add `AbsorbNonNative` trait for hashing non-native values
Note that now `absorb_point` only supports hashing points whose BaseField is equal to the sponge's field
* More efficient `TranscriptVar::absorb_point` by securely removing `is_inf`
* Use `sponge` and `transcript` consistently
* Clarify the usage of `AbsorbNonNative{Gadget}`
* Generic `sponge` and `transcript` params
* Avoid unstable `associated_type_bounds`
* Reuse `sponge` in hypernova
* Clean up redundant imports
* Remove unstable code
* Clarify the usage of `absorb_point` and `absorb_nonnative`
- implement hash of public params for Nova & HyperNova
- abstract pp_hash computation for folding schemes
- add pp_hash to solidity contract generator to verify the decider proof
- implement the IVC `FoldingScheme` trait for HyperNova
- refactor Nova's preprocess logic to make it simplier to use
- add to Decider trait (& Nova's DeciderEth) a preprocess method
- get rid of the `init_nova_ivc_params` and `init_ivc_and_decider_params` methods in `examples` since this is achieved with the `FS::preprocess` & `Decider::preprocess` methods
- (update the examples code to the simplified interface using
FS::preprocess & Decider::preprocess)
* circom: add external_inputs
* adapt new external_inputs interface to the FoldingScheme trait and Nova impl
* adapt examples to new FCircuit external_inputs interface
* add state_len & external_inputs_len params to CircomFCircuit
* add examples/circom_full_flow.rs
* merge the params initializer functions, clippy
* circom: move r1cs reading to FCircuit::new instead of each step
* CI/examples: add circom so it can run the circom_full_flow example
* Add solidity verifier of the nova+cyclefold, and add method to prepare the calldata from Decider's proof. Missing conversion of the point coordinates into limbs (ark compatible)
* chore: adding comments linking to the contract's signature
* chore: update .gitignore
* chore: add num-bigint as dev dependency
* fix: work with abs path for storing generated sol code
* chore: update comment
* feat: solidity verifier working on single and multi-input circuits
* feat: multi-input folding verification working + fixing encoding of additive identity in calldata
* chore: make bigint a dependency
* refactor: import utils functions from utils.rs and make them available from anywhere
* chore: make utils and evm available publicly
* fix: pub mod instead
* chore: make relevant method public and add `get_decider_template_for_cyclefold_decider` to exported objects
* solidity-verifiers: move tests to their corresponding files
* small update: Cyclefold -> CycleFold at the missing places
* abstract nova-cyclefold solidity verifiers tests to avoid code duplication, and abstract also the computed setup params (FS & Decider) to compute them only once for all related tests to save test time
* small polish after rebase to last main branch changes
* rm unneeded Option for KZGData::g1_crs_batch_points
* add checks modifying z_0 & z_i to nova_cyclefold_solidity_verifier test
* add light-test feature to decider_eth_circuit to use it in solidity-verifier tests without the big circuit
* solidity-verifiers: groth16 template: port the fix from https://github.com/iden3/snarkjs/pull/480 & https://github.com/iden3/snarkjs/issues/479
* add print warning msg for light-test in DeciderEthCircuit
* solidity-verifiers: update limbs logic to nonnative last version, parametrize limbs params
solidity-verifiers:
* update solidity limbs logic to last nonnative impl version, and to
last u_i.x impl
* parametrize limbs params
* add light-test feature: replace the '#[cfg(not(test))]' by the
'light-test' feature that by default is not enabled, so when running
the github actions we enable the feature 'light-tests', and then we can
have a full-test that runs the test without the 'light-tests' flag, but
we don't run this big test every time. The choice of a feature is to
allow us to control this from other-crates tests (for example for the
solidity-verifier separated crate tests, to avoid running the full heavy
circuit in the solidity tests)
* move solidity constants into template constants for auto compute of params
* polishing
* revm use only needed feature
This is to avoid c depencency for c-kzg which is behind the c-kzg flag
and not needed.
* nova_cyclefold_decider.sol header
* rearrange test helpers position, add error for min number of steps
* in solidity-verifiers: 'data'->'vk/verifier key'
* add From for NovaCycleFoldVerifierKey from original vks to simplify dev flow, also conditionally template the batchCheck related structs and methods from the KZG10 solidity template
---------
Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
* Initialize the README.md with a sketch of the structure
* add warning and draft diagram
* add authors & years to schemes, add a pre-sketch of the 'development' section
* Readme: add link to Carlos talk on folding schemes
* readme: sketch sections: offchain & onchain decider, add todo for references
* readme: add example of FCircuit & folding
* Readme: add lib pipeline diagram, add decider code example
* add cyclefold-nova-diagram.png, decider-onchain-flow-diagram.png
* polish cli descriptions
* small update in the Warning box
* add sonobe naming
* add folding-main-idea-diagram.png
* missing sonobe renaming
* migrate part of the README.md to sonobe-docs
* rm imgs/, load them from sonobe-docs
* tiny update
* chore: start update README
* add acknolwedgments links and text, small polishing of the overall text
* extend folding introduction & sonobe overview
* img text alignment
* chore: update readme
* chore: typos, bits of reformulation, centering images
* chore: remove btc example since can not be used as is
* rm .vscode dir
* readme: merge the duplicated sections into a single one adapting the texts
* add Docs badge with link, update acknowledgments
* add ci & license badges
* fix cli link, add solc mention in solidity-verifiers/readme
* small polishing
* fix img alignment
* rm badges, the reasoning is:
- The License badge is not needed since there are already many links to
the license both in the readme and in the GitHub UI
- The CI checks badge, already appears in the GitHub UI in the last
commit preview at the main repo page. Furthermore, after some months
of inactivity, the badge would be 'gray' as 'inactive'.
- The only badge that I was trying to get there is the 'docs' badge, to
make it very clear that the docs page exists, but it was a bit to hard
visually to have a single badge there, and furthermore the docs link
already appears in the readme twice, and also in the GitHub UI
right-panel.
---------
Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
* Compute Decider's CM challenges in Groth16 circuit, link G16 & KZG proofs in Onchain Decider, refactor CommitmentScheme trait
- Refactor commitment package
- Refactor `Commitment` trait and the kzg, ipa, pedersen impls
- Add methods to prove & verify given challenges (not computing them in-method)
- Add KZG challenges computation in decider_eth_circuit
- Add cmE & cmW KZG proving & verification in DeciderEth
- Link Decider's Groth16 proof & KZG proofs data
- Fix point to bytes arkworks inconsistency
- Patch ark_curves to use a cherry-picked version with bn254::constraints & grumpkin for v0.4.0 (once arkworks v0.5.0 is released this will no longer be needed)
* DeciderEthCircuit: Add check eval=p(c) for E & W
The check is temporary disabled due
https://github.com/privacy-scaling-explorations/folding-schemes/issues/80,
but the public inputs and logic are there, to be able to continue the
other parts development while issue #80 is solved.
* add: solidity-verifier workspace member
* chore: Update toolchain to 1.74
* feat: Add basic clap cli interface for solidity verifier
This includes a cli parser that serves as a way to the user to generate the desired Solidity contracts.
* chore: Expose SoldityVerifier template struct
* feat: Finish first working version
* change: Modify some settings
* fix: Fix rebase conflicts
* chore: Leave resolver 2 for workspace
* chore: Rename KZG+G16 template
Now the template refers to Nova + Cyclefold and has a Warning attached to it
* fixup
* chore: Rename to NovaCyclefoldDecider the template
* chore: Change constructors to `new` instead of `from`
* add: ProtocolData trait helper
This trait helps to treat the serialized data required by the Template
as a single element while still allowing a flexible usage.
This is specially interesting as allows the cli to operate considering a
single path of input data where all the data for the selected protocol
co-exists. Reducing the amount of parsing and arguments the user needs
to pass to the cli.
* chore: Create `From` impls formally
Previously we had functions called `from` which had nothing to do with
the trait `From`. This addresses this issue and fixes it.
Now both `new` and `from` are avaliable. But `from` follows the `From`
trait.
* add: Support G16, KZG and Nova+Cyclefold in cli
This adds a `render` fn for `Protocol` which makes it easier to add new
protocols to the CLI as is mainly based in the `ProtocolData` impl
behind the scenes of the selected protocol.
Aside from that, this commit reworks some minor parts of the CLI config
as shorteners for commands or adding `pragma` as an optional parameter.
* chore: Adapt `main.rs` to new cli changes
As seen, this allows to have a much easier `main.rs` which doesn't have
to do any `match` over the selected protocol.
* chore: Make solidity helper fns `cfg(test)`
* chore: Rework folding-schemes-solidity structure
* chore: Remove g1_crs_batch_points_len from KZGData
* add: Serde tests for all template targets
* tmp: Add NovaCyclefold testing
* add: HeaderInclusion template
When we use templates that are composed by others (as happens with
`NovaCyclefold` one) we sadly see that the License and the `pragma`
attributes are rendered once per sub-template.
This generic structure solves this issue by being actually the only item
rendered which has a sub-template the template we indeed want to render
at the end.
* chore: Add tests for NovaCyclefold contract
This also includes small changes to the lib architecture such as adding
constants for GPL3_SDPX_IDENTIFIER or move the default pragma versions
used to `mod.rs`
* chore: Update g16 to use HeaderInclusion template rendering
Now the `ProtocolData` impl falls back to the usage of `HeaderInclusion`
it is easier to handle complex templates like `NovaCyclefold`.
* add: Small builder-pattern to construct HeaderInclusion Templates
As mentioned in previous commits, the idea is that the header is set on
an automatic wrapper template applied to the one that we actually want
to render.
This builder pattern makes it less complex to do such a thing. Specially
avoiding unidiomatic `From` implementations.
* remove: sdpx & pragma from KZG template
Those are externalized and handled by HeaderInclusion template utility
* chore: Update templates to use HeaderInclusion builder
* chore: Update tests to use HeaderInclusion builderPattern
* remove: fixed pragma version in novacyclefold template
* chore: Accept Into<Template> in builder
* tmp: Only KZG return passes. Fix Groth
* fix: Prevent `revert` from paniking for negative tests
* feat: Merge G16 and KZG contract results in NovaCyclefold
* chore: Add assets for quicker/easier testing
Now instead of generating the protocoldata & proofs on each test, we just deserialize
* fix: Address clippy & warnings
* fix: Spelling to prevent PR farmers LOL
* chore: Add about and long_about to CLI tool
* add: README.md
* chore: Revert asset-based testing approach
* remove: Assets folder
* fix: Rebase issues
* fix: use &mut for Reader
* fix: rebase error with Contract name
* chore: Reduce tests LOC with setup fn
* chore: Set MIT license indentifier for CLI & KZG
* chore: Add extra usage example
* chore: Update novacyclefold contract comments on soundess
* chore: Typo
* chore: Allow type complexity clippy for setup fn
* chore: Address Pierre's comments
* chore: Rename workspace members
- folding-schemes-solidity -> soliity-verifiers