From 36de5b94acfda3c5f5cfecc576a037362ac23d8d Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:49:58 +0000 Subject: [PATCH 01/21] feat: ecdsa sig verification in aztec packages --- .../solidity_helpers/CMakeLists.txt | 2 +- .../circuits/ecdsa_circuit.hpp | 96 ++++++++++++++++ .../barretenberg/solidity_helpers/key_gen.cpp | 28 +++-- .../solidity_helpers/proof_gen.cpp | 25 +++-- barretenberg/sol/scripts/init.sh | 1 + .../sol/src/ultra/BaseUltraVerifier.sol | 30 +---- .../src/ultra/instance/Add2UltraVerifier.sol | 2 +- .../src/ultra/instance/BlakeUltraVerifier.sol | 2 +- .../src/ultra/instance/EcdsaUltraVerifier.sol | 16 +++ .../ultra/instance/RecursiveUltraVerifier.sol | 2 +- .../ultra/keys/Add2UltraVerificationKey.sol | 10 +- .../ultra/keys/BlakeUltraVerificationKey.sol | 10 +- .../ultra/keys/EcdsaUltraVerificationKey.sol | 72 ++++++++++++ .../keys/RecursiveUltraVerificationKey.sol | 106 +++++++++--------- .../sol/test/base/DifferentialFuzzer.sol | 3 + barretenberg/sol/test/ultra/ECDSA.t.sol | 52 +++++++++ 16 files changed, 341 insertions(+), 116 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp create mode 100644 barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol create mode 100644 barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol create mode 100644 barretenberg/sol/test/ultra/ECDSA.t.sol diff --git a/barretenberg/cpp/src/barretenberg/solidity_helpers/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/solidity_helpers/CMakeLists.txt index d0281e4e1a29..76bbe00dc571 100644 --- a/barretenberg/cpp/src/barretenberg/solidity_helpers/CMakeLists.txt +++ b/barretenberg/cpp/src/barretenberg/solidity_helpers/CMakeLists.txt @@ -1,4 +1,4 @@ -barretenberg_module(stdlib_solidity_helpers plonk proof_system transcript crypto_pedersen_commitment polynomials crypto_sha256 ecc crypto_blake3s stdlib_primitives stdlib_pedersen_commitment stdlib_blake3s stdlib_blake2s srs) +barretenberg_module(stdlib_solidity_helpers plonk proof_system transcript crypto_pedersen_commitment polynomials crypto_sha256 ecc crypto_blake3s stdlib_primitives stdlib_pedersen_commitment stdlib_blake3s stdlib_blake2s stdlib_sha256 srs) if (NOT(FUZZING)) add_executable(solidity_key_gen key_gen.cpp) diff --git a/barretenberg/cpp/src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp b/barretenberg/cpp/src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp new file mode 100644 index 000000000000..23e0a3a71838 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp @@ -0,0 +1,96 @@ + +#pragma once +#include "barretenberg/crypto/ecdsa/ecdsa.hpp" +#include "barretenberg/crypto/hashers/hashers.hpp" +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp" +#include "barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp" +#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" +#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp" +#include "barretenberg/stdlib/primitives/bool/bool.hpp" +#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp" +#include "barretenberg/stdlib/primitives/field/field.hpp" +#include "barretenberg/stdlib/primitives/witness/witness.hpp" + +using namespace proof_system::plonk; +using namespace stdlib; +using numeric::uint256_t; + +template class EcdsaCircuit { + public: + using field_ct = stdlib::field_t; + using bool_ct = stdlib::bool_t; + using public_witness_ct = stdlib::public_witness_t; + using byte_array_ct = stdlib::byte_array; + using curve = stdlib::secp256k1; + + static constexpr size_t NUM_PUBLIC_INPUTS = 6; + + static Builder generate(uint256_t public_inputs[]) + { + Builder builder; + + // IN CIRCUIT + // Create an input buffer the same size as our inputs + typename curve::byte_array_ct input_buffer(&builder, NUM_PUBLIC_INPUTS); + for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) { + input_buffer.set_byte(i, public_witness_ct(&builder, public_inputs[i])); + } + + // This is the message that we would like to confirm + std::string message_string = "goblin"; + auto message = typename curve::byte_array_ct(&builder, message_string); + + // Assert that the public inputs buffer matches the message we want + for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) { + input_buffer[i].assert_equal(message[i]); + } + + // UNCONSTRAINED: create a random keypair to sign with + crypto::ecdsa::key_pair account; + account.private_key = curve::fr::random_element(); + account.public_key = curve::g1::one * account.private_key; + + // UNCONSTRAINED: create a sig + crypto::ecdsa::signature signature = crypto::ecdsa:: + construct_signature( + message_string, account); + + // UNCONSTRAINED: verify the created signature + bool dry_run = + crypto::ecdsa::verify_signature( + message_string, account.public_key, signature); + if (!dry_run) { + throw_or_abort("[non circuit]: Sig verification failed"); + } + + // IN CIRCUIT: create a witness with the pub key in our circuit + typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key); + + std::vector rr(signature.r.begin(), signature.r.end()); + std::vector ss(signature.s.begin(), signature.s.end()); + uint8_t vv = signature.v; + + // IN CIRCUIT: create a witness with the sig in our circuit + stdlib::ecdsa::signature sig{ typename curve::byte_array_ct(&builder, rr), + typename curve::byte_array_ct(&builder, ss), + stdlib::uint8(&builder, vv) }; + + // IN CIRCUIT: verify the signature + typename curve::bool_ct signature_result = stdlib::ecdsa::verify_signature( + // input_buffer, public_key, sig); + input_buffer, + public_key, + sig); + + // Assert the signature is true, we hash the message inside the verify sig stdlib call + bool_ct is_true = bool_ct(1); + signature_result.must_imply(is_true, "signature verification failed"); + + return builder; + } +}; \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp b/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp index b62198ed9164..5532dcac07f3 100644 --- a/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp +++ b/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp @@ -6,6 +6,7 @@ #include "circuits/add_2_circuit.hpp" #include "circuits/blake_circuit.hpp" +#include "circuits/ecdsa_circuit.hpp" #include "circuits/recursive_circuit.hpp" #include "utils/instance_sol_gen.hpp" @@ -69,18 +70,21 @@ int main(int argc, char** argv) if (plonk_flavour != "ultra") { info("Only ultra plonk flavour is supported at the moment"); return 1; + } + + info("Generating ultra plonk keys for ", circuit_flavour, " circuit"); + + if (circuit_flavour == "blake") { + generate_keys(output_path, plonk_flavour, circuit_flavour); + } else if (circuit_flavour == "add2") { + generate_keys(output_path, plonk_flavour, circuit_flavour); + } else if (circuit_flavour == "recursive") { + generate_keys(output_path, plonk_flavour, circuit_flavour); + } else if (circuit_flavour == "ecdsa") { + generate_keys(output_path, plonk_flavour, circuit_flavour); } else { - info("Generating ultra plonk keys for ", circuit_flavour, " circuit"); - - if (circuit_flavour == "blake") { - generate_keys(output_path, plonk_flavour, circuit_flavour); - } else if (circuit_flavour == "add2") { - generate_keys(output_path, plonk_flavour, circuit_flavour); - } else if (circuit_flavour == "recursive") { - generate_keys(output_path, plonk_flavour, circuit_flavour); - } else { - info("Only blake, add2 and recursive circuits are supported at the moment"); - return 1; - } + info("Only blake, add2 and recursive circuits are supported at the moment"); + return 1; } + return 0; } \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp b/barretenberg/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp index d052b1b7f07a..8bd33bb6560d 100644 --- a/barretenberg/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp +++ b/barretenberg/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp @@ -7,6 +7,7 @@ #include "circuits/add_2_circuit.hpp" #include "circuits/blake_circuit.hpp" +#include "circuits/ecdsa_circuit.hpp" #include "circuits/recursive_circuit.hpp" #include "utils/utils.hpp" @@ -64,7 +65,7 @@ int main(int argc, char** argv) barretenberg::srs::init_crs_factory(srs_path); // @todo dynamically allocate this - uint256_t inputs[] = { 0, 0, 0, 0, 0 }; + uint256_t inputs[] = { 0, 0, 0, 0, 0, 0 }; size_t count = 0; std::stringstream s_stream(string_input); @@ -81,16 +82,18 @@ int main(int argc, char** argv) if (plonk_flavour != "ultra") { info("Only ultra plonk flavour is supported at the moment"); return 1; + } + + if (circuit_flavour == "blake") { + generate_proof(inputs); + } else if (circuit_flavour == "add2") { + generate_proof(inputs); + } else if (circuit_flavour == "ecdsa") { + generate_proof(inputs); + } else if (circuit_flavour == "recursive") { + generate_proof(inputs); } else { - if (circuit_flavour == "blake") { - generate_proof(inputs); - } else if (circuit_flavour == "add2") { - generate_proof(inputs); - } else if (circuit_flavour == "recursive") { - generate_proof(inputs); - } else { - info("Invalid circuit flavour: " + circuit_flavour); - return 1; - } + info("Invalid circuit flavour: " + circuit_flavour); + return 1; } } \ No newline at end of file diff --git a/barretenberg/sol/scripts/init.sh b/barretenberg/sol/scripts/init.sh index fa00f288bd2f..147adc9ae219 100755 --- a/barretenberg/sol/scripts/init.sh +++ b/barretenberg/sol/scripts/init.sh @@ -7,4 +7,5 @@ OUTPUT_PATH="./src/ultra" ../cpp/build/bin/solidity_key_gen $PLONK_FLAVOUR add2 $OUTPUT_PATH $SRS_PATH ../cpp/build/bin/solidity_key_gen $PLONK_FLAVOUR blake $OUTPUT_PATH $SRS_PATH +../cpp/build/bin/solidity_key_gen $PLONK_FLAVOUR ecdsa $OUTPUT_PATH $SRS_PATH ../cpp/build/bin/solidity_key_gen $PLONK_FLAVOUR recursive $OUTPUT_PATH $SRS_PATH \ No newline at end of file diff --git a/barretenberg/sol/src/ultra/BaseUltraVerifier.sol b/barretenberg/sol/src/ultra/BaseUltraVerifier.sol index a907385c1578..e00052d6a8ef 100644 --- a/barretenberg/sol/src/ultra/BaseUltraVerifier.sol +++ b/barretenberg/sol/src/ultra/BaseUltraVerifier.sol @@ -288,6 +288,7 @@ abstract contract BaseUltraVerifier { // y^2 = x^3 + ax + b // for Grumpkin, a = 0 and b = -17. We use b in a custom gate relation that evaluates elliptic curve arithmetic uint256 internal constant GRUMPKIN_CURVE_B_PARAMETER_NEGATED = 17; + error PUBLIC_INPUT_COUNT_INVALID(uint256 expected, uint256 actual); error PUBLIC_INPUT_INVALID_BN128_G1_POINT(); error PUBLIC_INPUT_GE_P(); @@ -1173,37 +1174,14 @@ abstract contract BaseUltraVerifier { mulmod(x_diff, x_diff, p), p ), - addmod( - sub( - p, - addmod(y2_sqr, y1_sqr, p) - ), - addmod(y1y2, y1y2, p), - p - ), + addmod(sub(p, addmod(y2_sqr, y1_sqr, p)), addmod(y1y2, y1y2, p), p), p ) x_add_identity := - mulmod( - mulmod( - x_add_identity, - addmod( - 1, - sub(p, mload(QM_EVAL_LOC)), - p - ), - p - ), - mload(C_ALPHA_BASE_LOC), - p - ) + mulmod(mulmod(x_add_identity, addmod(1, sub(p, mload(QM_EVAL_LOC)), p), p), mload(C_ALPHA_BASE_LOC), p) // q_elliptic * (x3 + x2 + x1)(x2 - x1)(x2 - x1) - y2^2 - y1^2 + 2(y2y1)*q_sign = 0 - let y1_plus_y3 := addmod( - mload(Y1_EVAL_LOC), - mload(Y3_EVAL_LOC), - p - ) + let y1_plus_y3 := addmod(mload(Y1_EVAL_LOC), mload(Y3_EVAL_LOC), p) let y_diff := addmod(mulmod(mload(Y2_EVAL_LOC), mload(QSIGN_LOC), p), sub(p, mload(Y1_EVAL_LOC)), p) let y_add_identity := addmod( diff --git a/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol b/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol index 44894f12f1d8..1bbaed721670 100644 --- a/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol +++ b/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol @@ -11,6 +11,6 @@ contract Add2UltraVerifier is BASE { } function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); + VK.loadVerificationKey(vk, _omegaInverseLoc); } } diff --git a/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol b/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol index c8531be2ff9a..5442c999e16e 100644 --- a/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol +++ b/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol @@ -11,6 +11,6 @@ contract BlakeUltraVerifier is BASE { } function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); + VK.loadVerificationKey(vk, _omegaInverseLoc); } } diff --git a/barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol b/barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol new file mode 100644 index 000000000000..ed7bb8e58de7 --- /dev/null +++ b/barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2023 Aztec +pragma solidity >=0.8.4; + +import {EcdsaUltraVerificationKey as VK} from "../keys/EcdsaUltraVerificationKey.sol"; +import {BaseUltraVerifier as BASE} from "../BaseUltraVerifier.sol"; + +contract EcdsaUltraVerifier is BASE { + function getVerificationKeyHash() public pure override(BASE) returns (bytes32) { + return VK.verificationKeyHash(); + } + + function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { + VK.loadVerificationKey(vk, _omegaInverseLoc); + } +} diff --git a/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol b/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol index 807893dc55f8..f2147aada62d 100644 --- a/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol +++ b/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol @@ -11,6 +11,6 @@ contract RecursiveUltraVerifier is BASE { } function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); + VK.loadVerificationKey(vk, _omegaInverseLoc); } } diff --git a/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol index 51927724a48f..67c3b6080a15 100644 --- a/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol @@ -4,7 +4,7 @@ pragma solidity >=0.8.4; library Add2UltraVerificationKey { - function verificationKeyHash() internal pure returns(bytes32) { + function verificationKeyHash() internal pure returns (bytes32) { return 0xa0e940165bfc708013d5b4f7940f3b07f3bcf3c0f57ee21d8b4bdb78630817a3; } @@ -62,10 +62,10 @@ library Add2UltraVerificationKey { mstore(add(_vk, 0x620), 0x0ab49886c2b94bd0bd3f6ed1dbbe2cb2671d2ae51d31c1210433c3972bb64578) // vk.ID4.y mstore(add(_vk, 0x640), 0x00) // vk.contains_recursive_proof mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 + mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 + mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 + mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 + mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 mstore(_omegaInverseLoc, 0x02e40daf409556c02bfc85eb303402b774954d30aeb0337eb85a71e6373428de) // vk.work_root_inverse } } diff --git a/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol index c35456a75bc7..0b8676e4dabc 100644 --- a/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol @@ -4,7 +4,7 @@ pragma solidity >=0.8.4; library BlakeUltraVerificationKey { - function verificationKeyHash() internal pure returns(bytes32) { + function verificationKeyHash() internal pure returns (bytes32) { return 0xab0e7eca8953a659e04b83b3e1eb0525036ab76b5c6c53b090c8e3e568df3912; } @@ -62,10 +62,10 @@ library BlakeUltraVerificationKey { mstore(add(_vk, 0x620), 0x04f57e846a88c4a0254841cf7b6226e878e7a4ea49c34c3732870f1d8c4f6c18) // vk.ID4.y mstore(add(_vk, 0x640), 0x00) // vk.contains_recursive_proof mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 + mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 + mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 + mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 + mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 mstore(_omegaInverseLoc, 0x05d33766e4590b3722701b6f2fa43d0dc3f028424d384e68c92a742fb2dbc0b4) // vk.work_root_inverse } } diff --git a/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol new file mode 100644 index 000000000000..d226d196bf55 --- /dev/null +++ b/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol @@ -0,0 +1,72 @@ +// Verification Key Hash: e30e949f5160482ce231cd52882ea6e3146c3ef53d7a2e7a1ead236a058d5a78 +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Aztec +pragma solidity >=0.8.4; + +library EcdsaUltraVerificationKey { + function verificationKeyHash() internal pure returns (bytes32) { + return 0xe30e949f5160482ce231cd52882ea6e3146c3ef53d7a2e7a1ead236a058d5a78; + } + + function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { + assembly { + mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000010000) // vk.circuit_size + mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000006) // vk.num_inputs + mstore(add(_vk, 0x40), 0x00eeb2cb5981ed45649abebde081dcff16c8601de4347e7dd1628ba2daac43b7) // vk.work_root + mstore(add(_vk, 0x60), 0x30641e0e92bebef818268d663bcad6dbcfd6c0149170f6d7d350b1b1fa6c1001) // vk.domain_inverse + mstore(add(_vk, 0x80), 0x21e3003d8b8316c4ce71fb5419a9ae911da948bb43cf79b6f77db537b680c442) // vk.Q1.x + mstore(add(_vk, 0xa0), 0x3005267a5059be6fde8f88bbd95321c8ddea179df2a11dc1df2e77f740ca8f1f) // vk.Q1.y + mstore(add(_vk, 0xc0), 0x024526d9500f6edf685a057c97b8cff30a2ed489a002f7f35d1856da3ac42e01) // vk.Q2.x + mstore(add(_vk, 0xe0), 0x016b7763c0fba3bb1e445895adfb07bf26cbd99e202b0d8f93a8f7004a306bbc) // vk.Q2.y + mstore(add(_vk, 0x100), 0x2ff3496186b9586a042939286d9d83596cdd074f6df473613951ce5229fa31bc) // vk.Q3.x + mstore(add(_vk, 0x120), 0x28d41b097e1c8a0863f5593d6cc4a804e5f748b38443cb7909c6cbe2f9d1ab84) // vk.Q3.y + mstore(add(_vk, 0x140), 0x19a9e44ac41213223362bbedd7b6d61adf942a0a5880be9c7c53943b4e280640) // vk.Q4.x + mstore(add(_vk, 0x160), 0x1fa921169505614db374a60d1bbea0a08815b4804542bcbf3309506b8b0507f0) // vk.Q4.y + mstore(add(_vk, 0x180), 0x2035284dbb7544e5a0c1f5b56084267b165b23f541c038979555b82e0f2607ea) // vk.Q_M.x + mstore(add(_vk, 0x1a0), 0x02ff6b514c7fa2c20ba949ea94c08c5f5e146e09336b65de3d5fccfcaaf56b96) // vk.Q_M.y + mstore(add(_vk, 0x1c0), 0x098709b45abc886af6902f48ba0ae3587c9ebd298ceab3183e0aeb6068e96dcb) // vk.Q_C.x + mstore(add(_vk, 0x1e0), 0x2767a84ab297d7757b53fb08492d0a5f657d44b47c944a080c7c42ab890732f1) // vk.Q_C.y + mstore(add(_vk, 0x200), 0x0e5bc77185f9a211ce4dba62562d072d88600ba25fbd13028829cb916af11030) // vk.Q_ARITHMETIC.x + mstore(add(_vk, 0x220), 0x2039506dca5969fc929e7ed9ab162f17294f7e0d7c56959508562d9556357a6e) // vk.Q_ARITHMETIC.y + mstore(add(_vk, 0x240), 0x1d2501b2fa086e00afea57bf974ab9df0e259dc30aebf0021c17b8189c42d50c) // vk.QSORT.x + mstore(add(_vk, 0x260), 0x13cdd55a7fa83f59db568fdc67f4b07e7adddd403b975edcb7b4bf2ad2dcf453) // vk.QSORT.y + mstore(add(_vk, 0x280), 0x21245d6c0a4d2ff12b21a825f39f30e8f8cf9b259448d111183e975828539576) // vk.Q_ELLIPTIC.x + mstore(add(_vk, 0x2a0), 0x16a409532c8a1693536e93b6ce9920bfc2e6796e8dfe404675a0cdf6ee77ee7a) // vk.Q_ELLIPTIC.y + mstore(add(_vk, 0x2c0), 0x2a5e88249e7a11c5011cdca34920359e9442a5ae3aae68e56e8cdfc4062c8b52) // vk.Q_AUX.x + mstore(add(_vk, 0x2e0), 0x12065cc874d23213d1ccbef7087359fa4c75a87d9a25df50a05dce8e635073d5) // vk.Q_AUX.y + mstore(add(_vk, 0x300), 0x2e5b641397b2265450974ac68cdd0f151bd66d9c9854ab6f64e84671f3e0c267) // vk.SIGMA1.x + mstore(add(_vk, 0x320), 0x0fe1186570db78e9d0c24fa2f5582c43d1ca518567caa9e033007612c8245873) // vk.SIGMA1.y + mstore(add(_vk, 0x340), 0x0d5bbea26d87e9fadc9c3b860123ca849abba8e0e41c4e55998022b51d95d8a1) // vk.SIGMA2.x + mstore(add(_vk, 0x360), 0x1b503ef8d777b251c32e63d17a76e9ebd7efb586063bc52d6f75c86d3722efe9) // vk.SIGMA2.y + mstore(add(_vk, 0x380), 0x07c2dae78ad3943d62867423792d1cdaa68df83ebc974863ae3be3f90c490aae) // vk.SIGMA3.x + mstore(add(_vk, 0x3a0), 0x15301e4d92461354d18ac6208dcfea4967feac437435efa613183fb84007c6ae) // vk.SIGMA3.y + mstore(add(_vk, 0x3c0), 0x272d645226dbce24fcbaf241b18ebcd6c745f5f462f4f17b1b0d05deb1b342f0) // vk.SIGMA4.x + mstore(add(_vk, 0x3e0), 0x2a9f2b440f257f3e4619df6f3cb0c0cf1e8026061b4071249ae178447eb51b9e) // vk.SIGMA4.y + mstore(add(_vk, 0x400), 0x18f7cf965339d9c9d190296fa92f915767b0a8da455975f3e03fa98439fd7110) // vk.TABLE1.x + mstore(add(_vk, 0x420), 0x0eecc02f9d44125407adbf00d56b086afd1adc5de536450afe05de382761b32f) // vk.TABLE1.y + mstore(add(_vk, 0x440), 0x0bdfe662ea9f40f125ca5f7e99a8c6ba09b87ba8313864316745df862946c5c4) // vk.TABLE2.x + mstore(add(_vk, 0x460), 0x0c5313c5b17634332920f54081fd46464a5ce9399e507c8fece9df28bff19033) // vk.TABLE2.y + mstore(add(_vk, 0x480), 0x232ab86409f60c50fd5f04e879fbcbe60e358eb0337c5d0db1934277e1d8b1f2) // vk.TABLE3.x + mstore(add(_vk, 0x4a0), 0x1fda66dfb58273345f2471dff55c51b6856241460272e64b4cc67cde65231e89) // vk.TABLE3.y + mstore(add(_vk, 0x4c0), 0x024ccc0fcff3b515cdc97dde2fae5c516bf3c97207891801707142af02538a83) // vk.TABLE4.x + mstore(add(_vk, 0x4e0), 0x27827250d02b7b67d084bfc52b26c722f33f75ae5098c109573bfe92b782e559) // vk.TABLE4.y + mstore(add(_vk, 0x500), 0x1ae2687fae0bfbb8b923aee57fd70697da8239d170e3dd9e903c5d2141073acc) // vk.TABLE_TYPE.x + mstore(add(_vk, 0x520), 0x2bc2419b9c6badd0755da06b3f73fba761bf5fc6708b1d9ebf8024ba7f95a2f6) // vk.TABLE_TYPE.y + mstore(add(_vk, 0x540), 0x1006cbbc3a187f1d286337a2a5851481ad736ddc9708de146b0c16af67af55f5) // vk.ID1.x + mstore(add(_vk, 0x560), 0x11cc4086b8c85a1c1cb633e148743dd35026dcb5d78b2d95c1d82235b4aa3f55) // vk.ID1.y + mstore(add(_vk, 0x580), 0x1280e0e41489a0689eca740eb87c2a956d7e5e01490d4ab8bed22cf702b868f5) // vk.ID2.x + mstore(add(_vk, 0x5a0), 0x1ee6fba2609e79fd8c183a090740d594b31ff64d1fa417d5b257e073d158dded) // vk.ID2.y + mstore(add(_vk, 0x5c0), 0x2b9204f05f51933d2aee0d9b4d6abb90fc8b647d2867191259b6b1180081d75e) // vk.ID3.x + mstore(add(_vk, 0x5e0), 0x0ae99a82bb35dbde21c2930925f571f81f41e1fb7afe103a52c01b830c042449) // vk.ID3.y + mstore(add(_vk, 0x600), 0x12dcf5c41e156844037bb35b2eb4b0b0c0e40c75b8374a1800387dbf399b4bc9) // vk.ID4.x + mstore(add(_vk, 0x620), 0x2c1e133ab13d64c88e3ac0dd7e4c29f4cb517ed81f84053a824608cc5fc3c3b0) // vk.ID4.y + mstore(add(_vk, 0x640), 0x00) // vk.contains_recursive_proof + mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices + mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 + mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 + mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 + mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 + mstore(_omegaInverseLoc, 0x0b5d56b77fe704e8e92338c0082f37e091126414c830e4c6922d5ac802d842d4) // vk.work_root_inverse + } + } +} diff --git a/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol index e64c8e685707..10094d20df73 100644 --- a/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol @@ -1,11 +1,11 @@ -// Verification Key Hash: d25c78098b361876a80895103d19d0586b8ffa8d154cf5b300eda3045a21f200 +// Verification Key Hash: e22392a1f3bddc5d1f000fd4920b5c0e7f8282ee348c68538ea51321fda78a6f // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; library RecursiveUltraVerificationKey { - function verificationKeyHash() internal pure returns(bytes32) { - return 0xd25c78098b361876a80895103d19d0586b8ffa8d154cf5b300eda3045a21f200; + function verificationKeyHash() internal pure returns (bytes32) { + return 0xe22392a1f3bddc5d1f000fd4920b5c0e7f8282ee348c68538ea51321fda78a6f; } function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { @@ -14,58 +14,58 @@ library RecursiveUltraVerificationKey { mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000010) // vk.num_inputs mstore(add(_vk, 0x40), 0x19ddbcaf3a8d46c15c0176fbb5b95e4dc57088ff13f4d1bd84c6bfa57dcdc0e0) // vk.work_root mstore(add(_vk, 0x60), 0x30644259cd94e7dd5045d7a27013b7fcd21c9e3b7fa75222e7bda49b729b0401) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x2e99805b70f3d61c991b8fd84874e57103c7d7ba60cf60cfe871c92ea7cf3248) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x2359a1c894e0f2af06830fb0d9879b974ec6afa1c95cb8f018780238f8b937e9) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x19b500db732e56fd76e45c1608de1a2d10bce43dbac9ee868a578d68c908c332) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x12de1d2b47110c7e547f2c7dbcb1a229e16333a513afea3226cac0e4f4a50157) // vk.Q2.y - mstore(add(_vk, 0x100), 0x258112db8f43fcd49b658d699abf5990b03e09ef7f55063ec0a1ff303aa59734) // vk.Q3.x - mstore(add(_vk, 0x120), 0x2ce5f9e6ce609b428c6b5f17e39dd6947af4073516dd61de721f000bed6b7bc3) // vk.Q3.y - mstore(add(_vk, 0x140), 0x06984f6692d241b7213fe774c3082e54ca2f254cbb5183f5d213ab93eb527541) // vk.Q4.x - mstore(add(_vk, 0x160), 0x224652f2a786bcc81dfeba13da0a3ffc1bce4abb2870e9cd91f4c26215b878a1) // vk.Q4.y - mstore(add(_vk, 0x180), 0x047220d936cff4715b088a0876b290f52a08aedfc88eb111d59cfa88b716a702) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x218375143e04327f9c84e1896dc1eb64cdc13a32aafa1ab7dc9e4c84fbbc61e5) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x0555d41fe3fab5369c4251a1b72b185256fc49fed670153b3aaec40dd7237e38) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x1f83575b2fb33a6e90caedcbd326c1a53ee984eaebd0ec73ebb1a89d2aceb708) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x096c8dfb84e1e95247740d3a2924cef13cb580706db4b1cb242fd883efdb3023) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x056a3687ebe14a74c8529fbb845e86e609a8de9d0b0c92dc838541259dc0f770) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x131e9caa1a0182cacf248327946f2b9bb5a2f13ea7d9195f17b534878a719be2) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x13dc17885405d6756deda93c8d20517dd3a9c93c1ff41a20bf692bbf25696d90) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x1cb14db2c39a1500c4ddb1a75622ca726f2abb263b14245a3fa9804e1530ceac) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x181d870ffe1445d30819a652326e80354eba031560fb2168f75fd59adeaa964e) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x15d25401297c7f1d09ebdedae5140ede85d6a93ffcbdcec78f1d4a94905223bb) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x27f3275e48c07d6a03bb03d5bbc658b7ff658fee03fb7939e45bbcbc1f70cd15) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x193112d61b03cb7a9e4f7af25c3c78a3548a7a64de864168141f21a298a1b872) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x178cdc334092b41699bf1f7cb41965f5089dda63fc10ed5b4b6be111c6064d98) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x1c066e533ca2632e3cb88f56e853b8eb8dfc4f037394aaa2b34fd90b0a52767b) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x0407098851cf2da7d0e0d8ae37ef9e32e6cae22f641ae71bd1dc312be948cd8a) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x1ead1faf379b317c6f778a29ebaa9344f3f2c7aeb42a84a284f32e315b429c63) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x1b49e9a04ab1870e6c25cecb5090f1cf5a39d62b393b0e45ca6c0481483958da) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x0c9d9aadf730ecc1d7deb4ea1ab82744f34fe6c3e8bc5a078aee1829b5e36fda) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x25d36ed174687ce321258b6bdac4ae924ad792a03b9aec923eef6f5093657d1f) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x215a055ec0bf7d7ab5e005b4260258aaadfd8ae9005a09060fdd0cee02dc3fea) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x1841eba177a34b1eb908727fe2e54bf33fc82b6e58dfd044acd4ba05ca80c837) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x018eb037682044ebf9cad76f777bf379b94c4d31d4351ce9677ff146a744555c) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x2bf87d72f0aef257c728503c900516f9274ab06eb54804651218438e40f06c25) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x13b003b384fb50e00994bf62a0057f44344be47383d59a7e9f1319d710ab5263) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x1a5f338a3d05fb46ea46855e6c36dbdb23c5f20a56acc795324fe2958189ec39) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x1365fd683dbad2c4c55b02dd33c4b96fde00e5bb3f52be20ead95484e130aee1) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x2da2ba1d27548e452cc863758acf156eb268f577b7d08ba58e7bbf2d28f6f23c) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x16e9fe7ac7109f057245ceb22e31e1e1b8a8fbf1c6962e926ba5b2505e982d05) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x009a46821fcbdf82b50e323c21ea282115016a12ae0f7f59149cd89eb2357407) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x2066e5c64cb0534e6e825d7852d74375602da9d08c69e11ad65e0ccc194adfd7) // vk.ID1.x - mstore(add(_vk, 0x560), 0x23735d2cb88ddb998c9209a5bd0dc753c3d3bdf908490e7cdb24d053a15558de) // vk.ID1.y - mstore(add(_vk, 0x580), 0x29cf07d995b647c3b4a8dbd458ec65ad20f4b38cb193258938b5164ae9bc31a3) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x16ee1de144c9d73a3827323482c0d6882c6ffdd3f21f485a801218e30cdaf143) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x1eb4743b386c88a74762c47d79e0c6f1aac09dc83797c0ff06aae5e77ca93b72) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x1361f17743eeee4cd094e4663957646a3766880e287cacb7a6a4378f51408520) // vk.ID3.y - mstore(add(_vk, 0x600), 0x1ea01b590a95e3b4d542356cc095198a2710aded8b1b4e58f4de2cb21e82b3e3) // vk.ID4.x - mstore(add(_vk, 0x620), 0x12b17964421b96b6a35f58cf3b88e22ba39765300bd2a7ebd25e19a0ba80664f) // vk.ID4.y + mstore(add(_vk, 0x80), 0x1955384fa963070c967ff2c960277b4e296aae8d72c72e01930356b9e66e82f0) // vk.Q1.x + mstore(add(_vk, 0xa0), 0x1abfdcc530bde7617e8bdacdb27582d2c313b5ac663a9d47075ccd7ea20be189) // vk.Q1.y + mstore(add(_vk, 0xc0), 0x019e10458c6caa9d5be700d9b289766239bef8ef7f9608300f75e4db84014d7b) // vk.Q2.x + mstore(add(_vk, 0xe0), 0x2c8b6fc311eb5850c154e438fc9ffba848c332d3b1f517266751cff56f711890) // vk.Q2.y + mstore(add(_vk, 0x100), 0x16087fc135eeed06f55acc3a59da6eff09599c013fbc397e742e7e7c3e34529a) // vk.Q3.x + mstore(add(_vk, 0x120), 0x025586359ebb3a81602ac1266da2503f320d26b9b18a3835a75f5ea587363d9b) // vk.Q3.y + mstore(add(_vk, 0x140), 0x049008f625581a490bb8fcf4ea3c648c6fd4d802cdffe7866175efd7b5664185) // vk.Q4.x + mstore(add(_vk, 0x160), 0x25e38e7a8cda67d926bdf8db7ebdd535499f4354f1e902ef27aeb79c63d2c233) // vk.Q4.y + mstore(add(_vk, 0x180), 0x113e080e177eeabec67380d0d0ecfdbfd9a8f7cc9e02c8d8445c328abbfeb9a5) // vk.Q_M.x + mstore(add(_vk, 0x1a0), 0x10f95dae13bfe0c0a3efbe10855b52c43269d8aa611525dbbcb1f1d0eb42f848) // vk.Q_M.y + mstore(add(_vk, 0x1c0), 0x23f14dc05ec047d53df22710cdfd3cb4a44963811078a600811aa06d9576b4c0) // vk.Q_C.x + mstore(add(_vk, 0x1e0), 0x0821bba87eb570b4f41b432624bb2bf013a9b129e7bc0c0178bcc2adc1c47606) // vk.Q_C.y + mstore(add(_vk, 0x200), 0x26486dece09dab5a8e4e757625088433f1d8123e8fda3693d4a7993f621f1eed) // vk.Q_ARITHMETIC.x + mstore(add(_vk, 0x220), 0x286019a7e6055aef52b91c449a1c2b9abbcb92595118160efc96ced10ac4b6e4) // vk.Q_ARITHMETIC.y + mstore(add(_vk, 0x240), 0x2ca5a08c8d2cc428aa539aab26c0ae71d28ed89e61fff9ef5c9eb896748e01c0) // vk.QSORT.x + mstore(add(_vk, 0x260), 0x124d0e50734e64db09937d992e57c88c3d82f17786ee7691191da883af81f7cb) // vk.QSORT.y + mstore(add(_vk, 0x280), 0x1ade93a940dab58eb305c26f147e387aa2ce033cd98b3f6d92d440a7ec159d7e) // vk.Q_ELLIPTIC.x + mstore(add(_vk, 0x2a0), 0x0bfe74216774dc130b6219ffd3ca3d716dde56532ef454e002b5e7cc1a714f06) // vk.Q_ELLIPTIC.y + mstore(add(_vk, 0x2c0), 0x11aa3c2e6abd71b46496cc7258ffb26e454779dd7a861c9b170df7b6d19866bb) // vk.Q_AUX.x + mstore(add(_vk, 0x2e0), 0x078a7416251f2354b81f7f23674a442733beaa73928c52482e09af67e4266630) // vk.Q_AUX.y + mstore(add(_vk, 0x300), 0x18b0d041e64959a1b4c8aec2988ed0781a8e71e3b399e9e6f1519553e7d4b844) // vk.SIGMA1.x + mstore(add(_vk, 0x320), 0x051faec8bc66561eb3dd53d7e9f062a69726ee92df29f337c1152b4838a6ecb5) // vk.SIGMA1.y + mstore(add(_vk, 0x340), 0x1b3db046a836a946d73153637681ae12a3747e76100a973ba3e57a60bf05f8b8) // vk.SIGMA2.x + mstore(add(_vk, 0x360), 0x2a0d1cb0659525e3e515020d4728b9deb1aac70c1286eb565e2589da5700caac) // vk.SIGMA2.y + mstore(add(_vk, 0x380), 0x2da060ec79d4280499b69fde005a3712a9b694118f9332af6e1611659ea05d10) // vk.SIGMA3.x + mstore(add(_vk, 0x3a0), 0x0de556d12e70d90ed705a5542c16a55a44910532e1f24c2252649f0b061af019) // vk.SIGMA3.y + mstore(add(_vk, 0x3c0), 0x101702660aecee7905d290afb56978ff8756662cb0589bf1260b7aa0feb8e044) // vk.SIGMA4.x + mstore(add(_vk, 0x3e0), 0x29d27af726556b6b97d2998f0ed57fecbb2fa27cefc51fee5a96a4ada07c0d2d) // vk.SIGMA4.y + mstore(add(_vk, 0x400), 0x09796190fd3ba909c6530c89811df9b5b4f5f2fe6501ec21dd864b20673fc02c) // vk.TABLE1.x + mstore(add(_vk, 0x420), 0x00b9c2423e310caa43e1eb83b55f53977fccbed85422df8935635d77d146bf39) // vk.TABLE1.y + mstore(add(_vk, 0x440), 0x217dad26ccc0c543ec5750513e9365a5cae8164b08d364efcf4b5890ff05f334) // vk.TABLE2.x + mstore(add(_vk, 0x460), 0x1db28433f6bde424423f3587787f81c48101d2dc6e54b431332cb275f8518c62) // vk.TABLE2.y + mstore(add(_vk, 0x480), 0x2cc2d90f2da7f4ec16b7fe61babd4fb9b580ecff03c471764dd67a8c433afab5) // vk.TABLE3.x + mstore(add(_vk, 0x4a0), 0x3032b9ff096a43ce326cc63ffc6a86dcb913fb1f7700939f5304f6c6beb24574) // vk.TABLE3.y + mstore(add(_vk, 0x4c0), 0x1f4c58502ca713ed0bffb4ff31ed55e557e83a37d31b8e703aa9219d6158e2d2) // vk.TABLE4.x + mstore(add(_vk, 0x4e0), 0x0b0d5ed5432c5e7b56344c1d26ce0d9f632e8f8aa52505d6c89f6da89f357fa8) // vk.TABLE4.y + mstore(add(_vk, 0x500), 0x1ec56cfb03ca703e6c5b12bc25735a6277ba8e195789f871273e0ab6108c69dc) // vk.TABLE_TYPE.x + mstore(add(_vk, 0x520), 0x15dd65957a13632642739159f99cb0bc793a3e9fd3317b11de1887305b1f0ba0) // vk.TABLE_TYPE.y + mstore(add(_vk, 0x540), 0x1132be2c2fba72cd6196c25c3f9e4a2607225e1dd9b1df156278bc70eaef9833) // vk.ID1.x + mstore(add(_vk, 0x560), 0x15ac1cf6f0d69580d63e3cef0fbe784daddf5d89cd0532e6c3bac8110f713739) // vk.ID1.y + mstore(add(_vk, 0x580), 0x0a54083d0241492b018ff651dd4a94f694ac29815be96788bbcc1f6731da2c2f) // vk.ID2.x + mstore(add(_vk, 0x5a0), 0x1ac60ad10f90e6a3dae7fc97aa1e86be376a8e477e320ce1a2c5c667587414b0) // vk.ID2.y + mstore(add(_vk, 0x5c0), 0x1499c048e87fea28057e1ec5c3a23c11556bdc658626b07edfedf2739ef2eae2) // vk.ID3.x + mstore(add(_vk, 0x5e0), 0x280fec47ce5e775c01ebfb880fed2fa60ae7c7434d5de1d54dfe3f66cf7e1186) // vk.ID3.y + mstore(add(_vk, 0x600), 0x2daba5e0c0a440cc134049635e97d3f4fdbe0709c73f0480fad500f51542c5ae) // vk.ID4.x + mstore(add(_vk, 0x620), 0x064089effdda7af9ea5de9407b5e96f826001c7d7cef054877ff0203e7ad229e) // vk.ID4.y mstore(add(_vk, 0x640), 0x01) // vk.contains_recursive_proof mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 + mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 + mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 + mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 + mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 mstore(_omegaInverseLoc, 0x036853f083780e87f8d7c71d111119c57dbe118c22d5ad707a82317466c5174c) // vk.work_root_inverse } } diff --git a/barretenberg/sol/test/base/DifferentialFuzzer.sol b/barretenberg/sol/test/base/DifferentialFuzzer.sol index 451fc8ee21b2..c23d9ceb9685 100644 --- a/barretenberg/sol/test/base/DifferentialFuzzer.sol +++ b/barretenberg/sol/test/base/DifferentialFuzzer.sol @@ -17,6 +17,7 @@ contract DifferentialFuzzer is TestBase { Invalid, Blake, Add2, + Ecdsa, Recursive } @@ -63,6 +64,8 @@ contract DifferentialFuzzer is TestBase { return "add2"; } else if (circuitFlavour == CircuitFlavour.Recursive) { return "recursive"; + } else if (circuitFlavour == CircuitFlavour.Ecdsa) { + return "ecdsa"; } else { revert("Invalid circuit flavour"); } diff --git a/barretenberg/sol/test/ultra/ECDSA.t.sol b/barretenberg/sol/test/ultra/ECDSA.t.sol new file mode 100644 index 000000000000..98e2a20d4f41 --- /dev/null +++ b/barretenberg/sol/test/ultra/ECDSA.t.sol @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Aztec +pragma solidity >=0.8.4; + +import {TestBaseUltra} from "./TestBaseUltra.sol"; +import {EcdsaUltraVerifier} from "../../src/ultra/instance/EcdsaUltraVerifier.sol"; +import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; +import {IVerifier} from "../../src/interfaces/IVerifier.sol"; + +contract EcdsaUltraTest is TestBaseUltra { + function setUp() public override(TestBaseUltra) { + super.setUp(); + + verifier = IVerifier(address(new EcdsaUltraVerifier())); + fuzzer = fuzzer.with_circuit_flavour(DifferentialFuzzer.CircuitFlavour.Ecdsa); + + // Does the noir code do this? + // NOTE Seems here for the recursive public input count the inptus amount is always 16, this is not true all of the time + PUBLIC_INPUT_COUNT = 6; + + // // Add default inputs to the fuzzer (we will override these in fuzz test) + uint256[] memory inputs = new uint256[](6); + inputs[0] = uint256(0x67); + inputs[1] = uint256(0x6f); + inputs[2] = uint256(0x62); + inputs[3] = uint256(0x6c); + inputs[4] = uint256(0x69); + inputs[5] = uint256(0x6e); + + fuzzer = fuzzer.with_inputs(inputs); + } + + // Nothing to fuzz for now, we could fuzz a string input up to a give size? + function testFuzzProof() public { + // NOTE we do not fuzz here yet + // "goblin" + // 67 6f 62 6c 69 6e + uint256[] memory inputs = new uint256[](6); + inputs[0] = uint256(0x67); + inputs[1] = uint256(0x6f); + inputs[2] = uint256(0x62); + inputs[3] = uint256(0x6c); + inputs[4] = uint256(0x69); + inputs[5] = uint256(0x6e); + + // Construct Ecdsa siganture + bytes memory proofData = fuzzer.with_inputs(inputs).generate_proof(); + (bytes32[] memory publicInputs, bytes memory proof) = splitProof(proofData, PUBLIC_INPUT_COUNT); + + assertTrue(verifier.verify(proof, publicInputs), "The proof is not valid"); + } +} From f1de40cd0607b7187755b320a04723d172eaa62f Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Thu, 2 Nov 2023 12:42:36 +0000 Subject: [PATCH 02/21] temp --- barretenberg/acir_tests/run_acir_tests_sol.sh | 6 ++++++ barretenberg/build-system | 1 + .../src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp | 5 +++-- .../acir-simulator/src/client/client_execution_context.ts | 1 + 4 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 barretenberg/acir_tests/run_acir_tests_sol.sh create mode 160000 barretenberg/build-system diff --git a/barretenberg/acir_tests/run_acir_tests_sol.sh b/barretenberg/acir_tests/run_acir_tests_sol.sh new file mode 100644 index 000000000000..8d19bca082a8 --- /dev/null +++ b/barretenberg/acir_tests/run_acir_tests_sol.sh @@ -0,0 +1,6 @@ +## Generate the solidity verifier with bb, then run a test through it + + +## Issue here, work out where the public inputs are included in the witness +## If they are included in the proof output, then we can get away with just extracting them +## Maybe worth making something that can extract the public inputs from the .tz \ No newline at end of file diff --git a/barretenberg/build-system b/barretenberg/build-system new file mode 160000 index 000000000000..a109f3aef28c --- /dev/null +++ b/barretenberg/build-system @@ -0,0 +1 @@ +Subproject commit a109f3aef28cea4a50481cdf2d74fc3909212c0b diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index e1975a514235..ff0929711bd1 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -1,7 +1,8 @@ #pragma once -#include "../../hash/sha256/sha256.hpp" -#include "../../primitives/bit_array/bit_array.hpp" +#include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp" +#include "barretenberg/stdlib/hash/sha256/sha256.hpp" +#include "barretenberg/stdlib/primitives//bit_array/bit_array.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/yarn-project/acir-simulator/src/client/client_execution_context.ts b/yarn-project/acir-simulator/src/client/client_execution_context.ts index 5236304a716c..9675f07a78a5 100644 --- a/yarn-project/acir-simulator/src/client/client_execution_context.ts +++ b/yarn-project/acir-simulator/src/client/client_execution_context.ts @@ -217,6 +217,7 @@ export class ClientExecutionContext extends ViewDataOracle { offset, }); + // TODO: PHIL issue starts here this.log( `Returning ${notes.length} notes for ${this.contractAddress} at ${storageSlot}: ${notes .map(n => `${n.nonce.toString()}:[${n.note.items.map(i => i.toString()).join(',')}]`) From 267cea23640f0adcc56fe5c12caf8cb5b9e4c2a1 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Thu, 2 Nov 2023 17:48:14 +0000 Subject: [PATCH 03/21] chore: forge init --- barretenberg/acir_tests/flows/all_cmds.sh | 1 + .../contracts/.github/workflows/test.yml | 34 +++ .../acir_tests/sol-test /contracts/.gitignore | 14 ++ .../sol-test /contracts/Foundry.toml | 0 .../acir_tests/sol-test /contracts/README.md | 66 ++++++ .../sol-test /contracts/foundry.toml | 6 + .../sol-test /contracts/script/Counter.s.sol | 12 + .../sol-test /contracts/src/Counter.sol | 14 ++ .../sol-test /contracts/test/Counter.t.sol | 24 ++ .../acir_tests/sol-test /package.json | 16 ++ .../acir_tests/sol-test /src/index.ts | 80 +++++++ .../acir_tests/sol-test /tsconfig.json | 19 ++ barretenberg/acir_tests/sol-test /yarn.lock | 124 +++++++++++ .../acir_tests/solidity_tests/TODO.md | 8 + .../acir_tests/solidity_tests/temp.js | 2 + barretenberg/cpp/src/barretenberg/bb/main.cpp | 3 + barretenberg/temp/Nargo.toml | 7 + barretenberg/temp/Prover.toml | 209 ++++++++++++++++++ barretenberg/temp/Verifier.toml | 2 + barretenberg/temp/proofs/temp.proof | 1 + barretenberg/temp/src/main.nr | 5 + barretenberg/temp/target/acir | 1 + barretenberg/temp/target/debug_temp.json | 1 + barretenberg/temp/target/temp.json | 1 + 24 files changed, 650 insertions(+) create mode 100644 barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml create mode 100644 barretenberg/acir_tests/sol-test /contracts/.gitignore create mode 100644 barretenberg/acir_tests/sol-test /contracts/Foundry.toml create mode 100644 barretenberg/acir_tests/sol-test /contracts/README.md create mode 100644 barretenberg/acir_tests/sol-test /contracts/foundry.toml create mode 100644 barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol create mode 100644 barretenberg/acir_tests/sol-test /contracts/src/Counter.sol create mode 100644 barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol create mode 100644 barretenberg/acir_tests/sol-test /package.json create mode 100644 barretenberg/acir_tests/sol-test /src/index.ts create mode 100644 barretenberg/acir_tests/sol-test /tsconfig.json create mode 100644 barretenberg/acir_tests/sol-test /yarn.lock create mode 100644 barretenberg/acir_tests/solidity_tests/TODO.md create mode 100644 barretenberg/acir_tests/solidity_tests/temp.js create mode 100644 barretenberg/temp/Nargo.toml create mode 100644 barretenberg/temp/Prover.toml create mode 100644 barretenberg/temp/Verifier.toml create mode 100644 barretenberg/temp/proofs/temp.proof create mode 100644 barretenberg/temp/src/main.nr create mode 100644 barretenberg/temp/target/acir create mode 100644 barretenberg/temp/target/debug_temp.json create mode 100644 barretenberg/temp/target/temp.json diff --git a/barretenberg/acir_tests/flows/all_cmds.sh b/barretenberg/acir_tests/flows/all_cmds.sh index c7ee147f6203..68d9bbbc0c62 100755 --- a/barretenberg/acir_tests/flows/all_cmds.sh +++ b/barretenberg/acir_tests/flows/all_cmds.sh @@ -15,6 +15,7 @@ $BIN gates $FLAGS $BFLAG > /dev/null $BIN prove -o proof $FLAGS $BFLAG $BIN write_vk -o vk $FLAGS $BFLAG $BIN verify -k vk -p proof $FLAGS +$BIN contract -k vk $FLAGS # Check supplemental functions. # Grep to determine success. diff --git a/barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml b/barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml new file mode 100644 index 000000000000..09880b1d79a7 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml @@ -0,0 +1,34 @@ +name: test + +on: workflow_dispatch + +env: + FOUNDRY_PROFILE: ci + +jobs: + check: + strategy: + fail-fast: true + + name: Foundry project + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + with: + version: nightly + + - name: Run Forge build + run: | + forge --version + forge build --sizes + id: build + + - name: Run Forge tests + run: | + forge test -vvv + id: test diff --git a/barretenberg/acir_tests/sol-test /contracts/.gitignore b/barretenberg/acir_tests/sol-test /contracts/.gitignore new file mode 100644 index 000000000000..85198aaa55b8 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/.gitignore @@ -0,0 +1,14 @@ +# Compiler files +cache/ +out/ + +# Ignores development broadcast logs +!/broadcast +/broadcast/*/31337/ +/broadcast/**/dry-run/ + +# Docs +docs/ + +# Dotenv file +.env diff --git a/barretenberg/acir_tests/sol-test /contracts/Foundry.toml b/barretenberg/acir_tests/sol-test /contracts/Foundry.toml new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/barretenberg/acir_tests/sol-test /contracts/README.md b/barretenberg/acir_tests/sol-test /contracts/README.md new file mode 100644 index 000000000000..9265b4558406 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/README.md @@ -0,0 +1,66 @@ +## Foundry + +**Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.** + +Foundry consists of: + +- **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools). +- **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data. +- **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network. +- **Chisel**: Fast, utilitarian, and verbose solidity REPL. + +## Documentation + +https://book.getfoundry.sh/ + +## Usage + +### Build + +```shell +$ forge build +``` + +### Test + +```shell +$ forge test +``` + +### Format + +```shell +$ forge fmt +``` + +### Gas Snapshots + +```shell +$ forge snapshot +``` + +### Anvil + +```shell +$ anvil +``` + +### Deploy + +```shell +$ forge script script/Counter.s.sol:CounterScript --rpc-url --private-key +``` + +### Cast + +```shell +$ cast +``` + +### Help + +```shell +$ forge --help +$ anvil --help +$ cast --help +``` diff --git a/barretenberg/acir_tests/sol-test /contracts/foundry.toml b/barretenberg/acir_tests/sol-test /contracts/foundry.toml new file mode 100644 index 000000000000..e883058fb294 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/foundry.toml @@ -0,0 +1,6 @@ +[profile.default] +src = "src" +out = "out" +libs = ["lib"] + +# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol b/barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol new file mode 100644 index 000000000000..1a47b40b82aa --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +import {Script, console2} from "forge-std/Script.sol"; + +contract CounterScript is Script { + function setUp() public {} + + function run() public { + vm.broadcast(); + } +} diff --git a/barretenberg/acir_tests/sol-test /contracts/src/Counter.sol b/barretenberg/acir_tests/sol-test /contracts/src/Counter.sol new file mode 100644 index 000000000000..aded7997b0c3 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/src/Counter.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +contract Counter { + uint256 public number; + + function setNumber(uint256 newNumber) public { + number = newNumber; + } + + function increment() public { + number++; + } +} diff --git a/barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol b/barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol new file mode 100644 index 000000000000..c0dfa7d75473 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +import {Test, console2} from "forge-std/Test.sol"; +import {Counter} from "../src/Counter.sol"; + +contract CounterTest is Test { + Counter public counter; + + function setUp() public { + counter = new Counter(); + counter.setNumber(0); + } + + function testIncrement() public { + counter.increment(); + assertEq(counter.number(), 1); + } + + function testSetNumber(uint256 x) public { + counter.setNumber(x); + assertEq(counter.number(), x); + } +} diff --git a/barretenberg/acir_tests/sol-test /package.json b/barretenberg/acir_tests/sol-test /package.json new file mode 100644 index 000000000000..50ee3a80f628 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /package.json @@ -0,0 +1,16 @@ +{ + "name": "headless-test", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "type": "module", + "scripts": { + "start": "ts-node-esm ./src/index.ts" + }, + "dependencies": {}, + "devDependencies": { + "@types/node": "^20.8.10", + "ts-node": "^10.9.1", + "typescript": "^5.2.2" + } +} diff --git a/barretenberg/acir_tests/sol-test /src/index.ts b/barretenberg/acir_tests/sol-test /src/index.ts new file mode 100644 index 000000000000..84a2ef984a75 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /src/index.ts @@ -0,0 +1,80 @@ +import fs from "fs"; +import { gunzipSync } from "zlib"; +import os from "os"; +import {spawn} from "child_process"; + + +const readBytecodeFile = (path: string): Uint8Array => { + const data = fs.readFileSync(path); + const buffer = gunzipSync(data); + return buffer; +}; + +const readWitnessFile = (path: string): Uint8Array => { + const buffer = fs.readFileSync(path); + return gunzipSync(buffer); +}; + + +const launchAnvil = async () => { + const handle = spawn("anvil"); + console.log("Anvil Launched"); + handle.on("close", (code) => { + console.log(`anvil exited with code ${code}`) + }); + + // wait until the anvil instance is ready on port 8545 + await new Promise((resolve) => { + handle.stdout.on("data", (data) => { + const str = data.toString(); + if (str.includes("Listening on")) { + console.log("Anvil Ready"); + resolve(undefined); + } + }); + }); + + return handle; +} + +// start anvil +async function main() { + const anvil = await launchAnvil(); + const killAnvil = () => { + anvil.kill(); + } + + // Get the contract artifact + + + + + // Kill anvil at the end of running + killAnvil(); +} + + + + +// Create a proof for the given ACIR + + +// Deploy the solidity contract + +// Run the test + + +// Set up the command-line interface +// const acir = readBytecodeFile(bytecodePath); +// const witness = readWitnessFile(witnessPath); +// const threads = Math.min(os.cpus().length, 16); + + +// // Convert the input data to Uint8Arrays within the browser context +// const acirUint8Array = new Uint8Array(acirData as number[]); +// const witnessUint8Array = new Uint8Array(witnessData as number[]); + + + +main() + diff --git a/barretenberg/acir_tests/sol-test /tsconfig.json b/barretenberg/acir_tests/sol-test /tsconfig.json new file mode 100644 index 000000000000..13c452bfd97d --- /dev/null +++ b/barretenberg/acir_tests/sol-test /tsconfig.json @@ -0,0 +1,19 @@ +{ + "compilerOptions": { + "target": "es2020", + "lib": ["dom", "esnext", "es2017.object"], + "module": "NodeNext", + "strict": true, + "declaration": true, + "allowSyntheticDefaultImports": true, + "esModuleInterop": true, + "downlevelIteration": true, + "inlineSourceMap": true, + "declarationMap": true, + "importHelpers": true, + "resolveJsonModule": true, + "outDir": "dest", + "rootDir": "src" + }, + "include": ["src"] +} diff --git a/barretenberg/acir_tests/sol-test /yarn.lock b/barretenberg/acir_tests/sol-test /yarn.lock new file mode 100644 index 000000000000..27da3a023eb2 --- /dev/null +++ b/barretenberg/acir_tests/sol-test /yarn.lock @@ -0,0 +1,124 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@cspotcode/source-map-support@^0.8.0": + version "0.8.1" + resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" + integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== + dependencies: + "@jridgewell/trace-mapping" "0.3.9" + +"@jridgewell/resolve-uri@^3.0.3": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" + integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== + +"@jridgewell/sourcemap-codec@^1.4.10": + version "1.4.15" + resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" + integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== + +"@jridgewell/trace-mapping@0.3.9": + version "0.3.9" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" + integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== + dependencies: + "@jridgewell/resolve-uri" "^3.0.3" + "@jridgewell/sourcemap-codec" "^1.4.10" + +"@tsconfig/node10@^1.0.7": + version "1.0.9" + resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2" + integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA== + +"@tsconfig/node12@^1.0.7": + version "1.0.11" + resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d" + integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag== + +"@tsconfig/node14@^1.0.0": + version "1.0.3" + resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1" + integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow== + +"@tsconfig/node16@^1.0.2": + version "1.0.4" + resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9" + integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA== + +"@types/node@^20.8.10": + version "20.8.10" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.8.10.tgz#a5448b895c753ae929c26ce85cab557c6d4a365e" + integrity sha512-TlgT8JntpcbmKUFzjhsyhGfP2fsiz1Mv56im6enJ905xG1DAYesxJaeSbGqQmAw8OWPdhyJGhGSQGKRNJ45u9w== + dependencies: + undici-types "~5.26.4" + +acorn-walk@^8.1.1: + version "8.2.0" + resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1" + integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA== + +acorn@^8.4.1: + version "8.10.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.10.0.tgz#8be5b3907a67221a81ab23c7889c4c5526b62ec5" + integrity sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw== + +arg@^4.1.0: + version "4.1.3" + resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" + integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA== + +create-require@^1.1.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" + integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== + +diff@^4.0.1: + version "4.0.2" + resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" + integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== + +make-error@^1.1.1: + version "1.3.6" + resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2" + integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== + +ts-node@^10.9.1: + version "10.9.1" + resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b" + integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== + dependencies: + "@cspotcode/source-map-support" "^0.8.0" + "@tsconfig/node10" "^1.0.7" + "@tsconfig/node12" "^1.0.7" + "@tsconfig/node14" "^1.0.0" + "@tsconfig/node16" "^1.0.2" + acorn "^8.4.1" + acorn-walk "^8.1.1" + arg "^4.1.0" + create-require "^1.1.0" + diff "^4.0.1" + make-error "^1.1.1" + v8-compile-cache-lib "^3.0.1" + yn "3.1.1" + +typescript@^5.2.2: + version "5.2.2" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.2.2.tgz#5ebb5e5a5b75f085f22bc3f8460fba308310fa78" + integrity sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w== + +undici-types@~5.26.4: + version "5.26.5" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== + +v8-compile-cache-lib@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" + integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== + +yn@3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50" + integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q== diff --git a/barretenberg/acir_tests/solidity_tests/TODO.md b/barretenberg/acir_tests/solidity_tests/TODO.md new file mode 100644 index 000000000000..91110b52f84b --- /dev/null +++ b/barretenberg/acir_tests/solidity_tests/TODO.md @@ -0,0 +1,8 @@ + +Path forward, can we +- run an anvil in process on a random port +- code gen the verifier +- deploy the verifier +- work out what public inputs we need +- add them to the proof +- profit? \ No newline at end of file diff --git a/barretenberg/acir_tests/solidity_tests/temp.js b/barretenberg/acir_tests/solidity_tests/temp.js new file mode 100644 index 000000000000..139597f9cb07 --- /dev/null +++ b/barretenberg/acir_tests/solidity_tests/temp.js @@ -0,0 +1,2 @@ + + diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 61c15c7f3721..f09387923fc0 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -74,6 +74,9 @@ bool proveAndVerify(const std::string& bytecodePath, const std::string& witnessP { auto constraint_system = get_constraint_system(bytecodePath); auto witness = get_witness(witnessPath); + + info("witness"); + info(witness); auto acir_composer = init(constraint_system); Timer pk_timer; diff --git a/barretenberg/temp/Nargo.toml b/barretenberg/temp/Nargo.toml new file mode 100644 index 000000000000..4db02f45bf0e --- /dev/null +++ b/barretenberg/temp/Nargo.toml @@ -0,0 +1,7 @@ +[package] +name = "temp" +type = "bin" +authors = [""] +compiler_version = "0.18.0" + +[dependencies] \ No newline at end of file diff --git a/barretenberg/temp/Prover.toml b/barretenberg/temp/Prover.toml new file mode 100644 index 000000000000..96c2814b4dd7 --- /dev/null +++ b/barretenberg/temp/Prover.toml @@ -0,0 +1,209 @@ + +hashed_message = [ + 0x3a, + 0x73, + 0xf4, + 0x12, + 0x3a, + 0x5c, + 0xd2, + 0x12, + 0x1f, + 0x21, + 0xcd, + 0x7e, + 0x8d, + 0x35, + 0x88, + 0x35, + 0x47, + 0x69, + 0x49, + 0xd0, + 0x35, + 0xd9, + 0xc2, + 0xda, + 0x68, + 0x06, + 0xb4, + 0x63, + 0x3a, + 0xc8, + 0xc1, + 0xe2, +] +message = [ + 0x49, + 0x6e, + 0x73, + 0x74, + 0x72, + 0x75, + 0x63, + 0x74, + 0x69, + 0x6f, + 0x6e, + 0x73, + 0x20, + 0x75, + 0x6e, + 0x63, + 0x6c, + 0x65, + 0x61, + 0x72, + 0x2c, + 0x20, + 0x61, + 0x73, + 0x6b, + 0x20, + 0x61, + 0x67, + 0x61, + 0x69, + 0x6e, + 0x20, + 0x6c, + 0x61, + 0x74, + 0x65, + 0x72, + 0x2e, +] +pub_key_x = [ + 0xa0, + 0x43, + 0x4d, + 0x9e, + 0x47, + 0xf3, + 0xc8, + 0x62, + 0x35, + 0x47, + 0x7c, + 0x7b, + 0x1a, + 0xe6, + 0xae, + 0x5d, + 0x34, + 0x42, + 0xd4, + 0x9b, + 0x19, + 0x43, + 0xc2, + 0xb7, + 0x52, + 0xa6, + 0x8e, + 0x2a, + 0x47, + 0xe2, + 0x47, + 0xc7, +] +pub_key_y = [ + 0x89, + 0x3a, + 0xba, + 0x42, + 0x54, + 0x19, + 0xbc, + 0x27, + 0xa3, + 0xb6, + 0xc7, + 0xe6, + 0x93, + 0xa2, + 0x4c, + 0x69, + 0x6f, + 0x79, + 0x4c, + 0x2e, + 0xd8, + 0x77, + 0xa1, + 0x59, + 0x3c, + 0xbe, + 0xe5, + 0x3b, + 0x03, + 0x73, + 0x68, + 0xd7, +] +signature = [ + 0xe5, + 0x08, + 0x1c, + 0x80, + 0xab, + 0x42, + 0x7d, + 0xc3, + 0x70, + 0x34, + 0x6f, + 0x4a, + 0x0e, + 0x31, + 0xaa, + 0x2b, + 0xad, + 0x8d, + 0x97, + 0x98, + 0xc3, + 0x80, + 0x61, + 0xdb, + 0x9a, + 0xe5, + 0x5a, + 0x4e, + 0x8d, + 0xf4, + 0x54, + 0xfd, + 0x28, + 0x11, + 0x98, + 0x94, + 0x34, + 0x4e, + 0x71, + 0xb7, + 0x87, + 0x70, + 0xcc, + 0x93, + 0x1d, + 0x61, + 0xf4, + 0x80, + 0xec, + 0xbb, + 0x0b, + 0x89, + 0xd6, + 0xeb, + 0x69, + 0x69, + 0x01, + 0x61, + 0xe4, + 0x9a, + 0x71, + 0x5f, + 0xcd, + 0x55, +] \ No newline at end of file diff --git a/barretenberg/temp/Verifier.toml b/barretenberg/temp/Verifier.toml new file mode 100644 index 000000000000..ec123a8479fc --- /dev/null +++ b/barretenberg/temp/Verifier.toml @@ -0,0 +1,2 @@ +pub_key_x = ["0x00000000000000000000000000000000000000000000000000000000000000a0", "0x0000000000000000000000000000000000000000000000000000000000000043", "0x000000000000000000000000000000000000000000000000000000000000004d", "0x000000000000000000000000000000000000000000000000000000000000009e", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x00000000000000000000000000000000000000000000000000000000000000f3", "0x00000000000000000000000000000000000000000000000000000000000000c8", "0x0000000000000000000000000000000000000000000000000000000000000062", "0x0000000000000000000000000000000000000000000000000000000000000035", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x000000000000000000000000000000000000000000000000000000000000007c", "0x000000000000000000000000000000000000000000000000000000000000007b", "0x000000000000000000000000000000000000000000000000000000000000001a", "0x00000000000000000000000000000000000000000000000000000000000000e6", "0x00000000000000000000000000000000000000000000000000000000000000ae", "0x000000000000000000000000000000000000000000000000000000000000005d", "0x0000000000000000000000000000000000000000000000000000000000000034", "0x0000000000000000000000000000000000000000000000000000000000000042", "0x00000000000000000000000000000000000000000000000000000000000000d4", "0x000000000000000000000000000000000000000000000000000000000000009b", "0x0000000000000000000000000000000000000000000000000000000000000019", "0x0000000000000000000000000000000000000000000000000000000000000043", "0x00000000000000000000000000000000000000000000000000000000000000c2", "0x00000000000000000000000000000000000000000000000000000000000000b7", "0x0000000000000000000000000000000000000000000000000000000000000052", "0x00000000000000000000000000000000000000000000000000000000000000a6", "0x000000000000000000000000000000000000000000000000000000000000008e", "0x000000000000000000000000000000000000000000000000000000000000002a", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x00000000000000000000000000000000000000000000000000000000000000e2", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x00000000000000000000000000000000000000000000000000000000000000c7"] +pub_key_y = ["0x0000000000000000000000000000000000000000000000000000000000000089", "0x000000000000000000000000000000000000000000000000000000000000003a", "0x00000000000000000000000000000000000000000000000000000000000000ba", "0x0000000000000000000000000000000000000000000000000000000000000042", "0x0000000000000000000000000000000000000000000000000000000000000054", "0x0000000000000000000000000000000000000000000000000000000000000019", "0x00000000000000000000000000000000000000000000000000000000000000bc", "0x0000000000000000000000000000000000000000000000000000000000000027", "0x00000000000000000000000000000000000000000000000000000000000000a3", "0x00000000000000000000000000000000000000000000000000000000000000b6", "0x00000000000000000000000000000000000000000000000000000000000000c7", "0x00000000000000000000000000000000000000000000000000000000000000e6", "0x0000000000000000000000000000000000000000000000000000000000000093", "0x00000000000000000000000000000000000000000000000000000000000000a2", "0x000000000000000000000000000000000000000000000000000000000000004c", "0x0000000000000000000000000000000000000000000000000000000000000069", "0x000000000000000000000000000000000000000000000000000000000000006f", "0x0000000000000000000000000000000000000000000000000000000000000079", "0x000000000000000000000000000000000000000000000000000000000000004c", "0x000000000000000000000000000000000000000000000000000000000000002e", "0x00000000000000000000000000000000000000000000000000000000000000d8", "0x0000000000000000000000000000000000000000000000000000000000000077", "0x00000000000000000000000000000000000000000000000000000000000000a1", "0x0000000000000000000000000000000000000000000000000000000000000059", "0x000000000000000000000000000000000000000000000000000000000000003c", "0x00000000000000000000000000000000000000000000000000000000000000be", "0x00000000000000000000000000000000000000000000000000000000000000e5", "0x000000000000000000000000000000000000000000000000000000000000003b", "0x0000000000000000000000000000000000000000000000000000000000000003", "0x0000000000000000000000000000000000000000000000000000000000000073", "0x0000000000000000000000000000000000000000000000000000000000000068", "0x00000000000000000000000000000000000000000000000000000000000000d7"] diff --git a/barretenberg/temp/proofs/temp.proof b/barretenberg/temp/proofs/temp.proof new file mode 100644 index 000000000000..a6079311490e --- /dev/null +++ b/barretenberg/temp/proofs/temp.proof @@ -0,0 +1 @@ +12927b4a9e22618fbdac3efaef752c4a9d3f2fec90d12715ce917daef5f8c5420c9ab980612121d3795d30add9ab0728f34b78ff1084efe468719fe9b64ad7932f4cb40e03732c6bc36b6167fa11772f13acfd301157add1b27e8fdc9cf1b5e70cb323046df8144798855b766f3531b4afc19f51af744ca25cdc893ae6996e7e117296206433ad80196193312e3e7f8e1fcb5f725a1acbf274ff409cee61405d30284fcd31c992f503983887bfcd1f387dbed8da9d8a0a5785922255052dafa42b8aea4d81033f7dcae79dad4441f8bd6ccb57d882e64cf9fba4d262d9f63d600e6b106c36588e07c490cbcae09540c33a7a7b5e90e7a429f956c1a1082f55391f514b585c80ed1321798286ce62c3d569a2d70097d78ead80ceb3c0248427fe02dddcdb39700e599a7e8decfa5d269f246889bab706b727a144a8d2289591fc22848e5fb4212e83d3835bf50691ef2d679a19a841212384f5d488215a052d4626f6cfca9a1915c8906f4eaa20e3f0b0c5638c86faa44e8b936c58b86f1e7427199156be92958284153a42086848f3eaa2a7851a97a1ed47f30abc4737c5a1f625b55590af34ca0cebe674c2bc47650cd1407e1cceaaca8426869717d19277601f533448a796fe5673e87726248e410e83f28f770e24e0f0a2ec5c7dc80b818d139b15a9a73d593630869f355db803b290af919a8fc6683879c901995429e8011fea147da8f1805b203d19835830f1a9f879821d9a937eb1fbf0b8417d1c8a9819a4c828cdeb021e336d6cf5606bd6a69609479dac33e3463a9999f3e96925e30178d52f09fa8d6839de29e55b53f7a3e2cb2c97d769f0da1d080e599fdba7bf2515945d35e63fdf768d9c7917270ca4527560e5639cf5860dbe7fca6a6758b42184812fdfc9207f3f7d241fb0a03f3f885d1ac704631e88bc38126f40752b871299fb2b68813dbd3e6b52506dd19c3af9071c70a80602193aa380aaab180e5e0d76c2530d3d0b504affaef803b2325aa25e5f41f68f8a2b789924c2f77408f82ffb6dfc1c1e3f6945bceeedcb281ddd1ee3d3c629d10651a82154e9d7d7f9fb2e49800c81524f2b000e002c875d3760c388fee505ccee4cacdd50203ff3074704b5851dba6cae1d2467f083714b2c6e72685227351446e686064036275171552680325a439a3cbc5f6464dc0093088556052ff3184dcd26c00c33573e4768d807aef99bec514c11a2d399e675e2c70620810de8fc2a2bbb6c1dc9ef4fe9a72a22f745697b953580222e9610c1f6f7fd32550f2d6aad007ad873ce6ea475d44f0da85217cd38b01293b2ce2a6513a5e26cc39a880576245f09aeac6075260f911c28663cc56d487952b457dc91a6c4f588cd96735ad6a2d80c7c6b8e7640ba4321073bed7e16c7a7842f3e5838f6c5ab3ff880d398971b597bd6b8469305e11c0f523d166359c70eded3750674a40ca4155446b2b69a02f72db8fd09a77c219710ac900dc6626af6d115596246c4bc4ce85e1933edc440687768127dae7a117d15786e49c52bd4dea6fe2df4398347962de3b1b9e8382aeaeec4374142eb0a171a663e6b9068a3877cdc1edab704696e70c15f0dbdeb24c1e5e568c476cc6df2220f4c8c4ee95ce39bcad02240656461fdd0f3802d8cc728468ca09d7da5c22b024af340742bdcda51d51f34ff3e822f934ae9ca1eef1323e6ce68fbb246e6881107d2a1911c8e9bc0e699bdb411de4b9f3205669e8521dda3d4ccaaefb1f29d3062d77591e5c34f52af68880bfa30fb48e81d8eaafc018e3842ae9b16b97aa004cf35db0d7e57bb3c93f5f311550d7787b27976642878642ee0d8990b51e6bd0a1eed331ef38594d0a9235d80b8486bd39708b6c377cc9af4998cff37c7c2b2234827391abb4e2b2fa71162e661b094fd3d251b36790877697b30175060e7421148d84c5e84c92ab3e097dc5f2edd88e11c1f7dcab05cbb953960dcb1df5c38220940241bfd76ac2764e5052057cb9e31b213b3e58ba76b0cb7d93101fd26f11154fc4feda96234b20658e18f684ceecd8760edce94f4826c3857860ef6f3aa08ff171878fc48ca3c32eab2bd217cd45a6ff80f8c9b2c2ffc7a29fe839dd14003de550f3974e339f2594a37c95c0b145e13f68363ec45a2804ef81095ed845a08b47d7f2a42641b2cf61e4686f7f88386d68b563ccc8695def8a557c9e34b1a2bdf664c64cc5226c347ffc35cef734bd8e305a43ff182b7f56e4ee4caeb07cf2c2e7bd1ee2054c8f05c8855fcc33922d5e9142cab6e9920c6708dc4b6928cff0d07d4a0e75d8439e215d83b71b0f9c60823e6664b42d3bff13050e5774ce7ca17c102fee371b13a8b6670a14ce07d4b802035dc62eb03c12dd4749d90982a2c13a7c4b52bdd4353cdb847951930b0140e8fac8383629ed51774bc3ceebc0d53200031a24f71973c443170b2666fb8e8df0cfc7d769e08301119cd49e0f8b11308fd1d172fe58dfdf701cd22a27693c1b2a5dfe975e7dc1ea72a2cb2b6c7eace2bad8181f94a0481be9ad90f95c6df046ef87e40d0339be2192937c3b4abbd5e0576a15ebff1d3f357fd565331bce4ce432a8e94cb53079bbb585aeba450a8c4232c31e6f2f42795ec9b3d14cb70d23dd53f8b9a881af40ef0f0d2ca0eac421d0d5b7f04a8c58d6028dc812cdd22c59f73cc09227766c0667da2fa69084d2735208a335ecd6fecc25b38f80337fa495cc17ecbab966857efa9caaba85b45cb1c2dde514298ae7007d7b59367770f45a3489c3b45bafe273bce6415f5d44481662cb1085c230cbac243a017ac9fd4751d5af04e5b0d01f040f88f3634397dc6cd17f083e1c975c7465120506edc1d4513ed302bf3d0c5432a7ad8d5b5b2b3fc97136a39ae798e1add0376f6ad4dc2ef608e7adbc7c388eeefee3fc0da67e4033c051130407a05239f0dfdbb892def3167115469b90ca3efd143bd002df25dd5a81ccf9ed8200eb4c9fa744b3f8c0469927a253185fc9d009a79d6409a336da130 \ No newline at end of file diff --git a/barretenberg/temp/src/main.nr b/barretenberg/temp/src/main.nr new file mode 100644 index 000000000000..a2c8f5c4bfd0 --- /dev/null +++ b/barretenberg/temp/src/main.nr @@ -0,0 +1,5 @@ +use dep::std; + +fn main(pub_key_x : pub [u8; 32], pub_key_y : pub [u8; 32], signature : [u8; 64], hashed_message : [u8; 32]) { + assert(true == std::ecdsa_secp256k1::verify_signature(pub_key_x, pub_key_y, signature, hashed_message)); +} \ No newline at end of file diff --git a/barretenberg/temp/target/acir b/barretenberg/temp/target/acir new file mode 100644 index 000000000000..3e34e3fad20d --- /dev/null +++ b/barretenberg/temp/target/acir @@ -0,0 +1 @@ +H4sIAAAAAAAA/6WW5W+bZxxF32TUMTOlHWVsx3Zij5p2lDEzJV6dZcxMKTMzJ/1L2yM/V3LP175S9Oj0Q1S19/7OXayq6lTV/4bO/AyXd8kAD4vPE58vvkB8ofgi8RLxxeJLxJeKLxNfLr5CfKX4KvHV4mvE14qvE18vvkF8o/gm8c3iW8S3im8T3y6+Q3yneES8VLxMfJf4bvE94nvF94lHxfeLHxA/KH5I/LD4EfGj4pq4Lh4TN8RNcUs8Lp4Qt8Ud8WPix8VPiJ8UPyVeLp4UrxCvFD8tfkb8rPg58fPiKfEL4hfFL4lfFr8iflX8mvh18RviN8Vvid8WvyN+V/ye+H3xB+IPxR+JPxZ/Iv5U/Jl4Wjwj7oo/F68S98Sz4i/Ec+IvxV+JvxZ/I/5W/J34e/EP4h/FP4l/Fv8i/lX8m/h38R/iP8V/if8W/yP+V/yf+H/xvHi1eI14rXideL14g3ijeJN4s3iLeKt4m3i7eId4p3iXeLd4j3iveJ94v/iA+KD4kPiw+Ij4qPiY+Lj4hPikeGGA2V4jVf8bKn8+XN7svuy97Lzsu+y6/GTHZb9lt2WvZadln2WXZY9lh2V/ZXdlb2VnZV9lV2VPZUdlP2U3ZS9lJ2UfZReNDLx8SwsvK2/2T3ZP9k52TvbNaHmzZ7Jjsl+yW7JXslOyT7JLskeyQ7I/sjuyN7Izsi+yK7InsiOyH7IbsheyE7IPJgdevhWFV5Y3OyD+j/fj+3h+qrzxenwej8ff8XZ8HU/Hz/FyfBwPx7/xbnwbz8av8Wp8Go/Gn/FmfBlPTpd3przd8saD8V+8F9/Fc3Pljdfis3gs/oq34qt4Kn6Kl+KjeCj+iXfim3gmfolX4pN4JP6IN+KLeGK+OrsP8UO8EB/EA7n/ufu595vKm/ueu557njue+527nXudO537nLuce5w7nPubu5t7mzub+5q7mnuaO5r7mbuZe7lQ3sXq7G+ovJPlbdTGm83exFiv3qjP1MY63Xar1mx1x9v1dr3Vbq0aazcavXazPdHpdiZqnXqz0avPtjqN2Vr/Wxz4XbVz++rT5ffQXXpLZ+krXaWndHSq6neTXtJJ+kgX6SEdpH90j97ROfpG1+gZHaNfdIte0Sn6RJfoER3i70B36A2doS90hZ7Qkbmq3w16QSfoA12gB3SA/JN9ck/myTtZJ+dknHyTbXJNpskzWSbHZHi+6meWvJJVckpGySfZJJdkkjySRXJIBskf2SN3ZI68kTVyRsbIF9kiV2SKPJElckSGyA/ZWRj4/4xzcSkexaH4M+7EmfgSV+JJHIkfcSNexIn4EBfiQRyI/3Af3sN5+A7X4Tkch99w20jVdxkew2H4C3fhLZw1WvVdhadwFH7CTXgJJ+EjXISHcBD+wT14B+fgG1yDZ3AMfsEteGX5wL/B4HcagYvq9oASAAA= \ No newline at end of file diff --git a/barretenberg/temp/target/debug_temp.json b/barretenberg/temp/target/debug_temp.json new file mode 100644 index 000000000000..85393a80a8ad --- /dev/null +++ b/barretenberg/temp/target/debug_temp.json @@ -0,0 +1 @@ +{"debug_symbols":[{"locations":{"160":[{"span":{"start":145,"end":232},"file":1}],"161":[{"span":{"start":137,"end":232},"file":1}]}}],"file_map":{"1":{"source":"use dep::std;\n\nfn main(pub_key_x : pub [u8; 32], pub_key_y : pub [u8; 32], signature : [u8; 64], hashed_message : [u8; 32]) {\n assert(true == std::ecdsa_secp256k1::verify_signature(pub_key_x, pub_key_y, signature, hashed_message));\n}","path":"/mnt/user-data/sean/docs/aztec3-packages/barretenberg/temp/src/main.nr"}},"warnings":[]} \ No newline at end of file diff --git a/barretenberg/temp/target/temp.json b/barretenberg/temp/target/temp.json new file mode 100644 index 000000000000..11efa40e9071 --- /dev/null +++ b/barretenberg/temp/target/temp.json @@ -0,0 +1 @@ +{"noir_version":"0.18.0+e89f364c4de05070eb341faa5d6d4b117802b375","hash":4461216965720842693,"backend":"acvm-backend-barretenberg","abi":{"parameters":[{"name":"pub_key_x","type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"public"},{"name":"pub_key_y","type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"public"},{"name":"signature","type":{"kind":"array","length":64,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"private"},{"name":"hashed_message","type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"private"}],"param_witnesses":{"hashed_message":[129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160],"pub_key_x":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],"pub_key_y":[33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64],"signature":[65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128]},"return_type":null,"return_witnesses":[]},"bytecode":"H4sIAAAAAAAA/6WW5W+bZxxF32TUMTOlHWVsx3Zij5p2lDEzJV6dZcxMKTMzJ/1L2yM/V3LP175S9Oj0Q1S19/7OXayq6lTV/4bO/AyXd8kAD4vPE58vvkB8ofgi8RLxxeJLxJeKLxNfLr5CfKX4KvHV4mvE14qvE18vvkF8o/gm8c3iW8S3im8T3y6+Q3yneES8VLxMfJf4bvE94nvF94lHxfeLHxA/KH5I/LD4EfGj4pq4Lh4TN8RNcUs8Lp4Qt8Ud8WPix8VPiJ8UPyVeLp4UrxCvFD8tfkb8rPg58fPiKfEL4hfFL4lfFr8iflX8mvh18RviN8Vvid8WvyN+V/ye+H3xB+IPxR+JPxZ/Iv5U/Jl4Wjwj7oo/F68S98Sz4i/Ec+IvxV+JvxZ/I/5W/J34e/EP4h/FP4l/Fv8i/lX8m/h38R/iP8V/if8W/yP+V/yf+H/xvHi1eI14rXideL14g3ijeJN4s3iLeKt4m3i7eId4p3iXeLd4j3iveJ94v/iA+KD4kPiw+Ij4qPiY+Lj4hPikeGGA2V4jVf8bKn8+XN7svuy97Lzsu+y6/GTHZb9lt2WvZadln2WXZY9lh2V/ZXdlb2VnZV9lV2VPZUdlP2U3ZS9lJ2UfZReNDLx8SwsvK2/2T3ZP9k52TvbNaHmzZ7Jjsl+yW7JXslOyT7JLskeyQ7I/sjuyN7Izsi+yK7InsiOyH7IbsheyE7IPJgdevhWFV5Y3OyD+j/fj+3h+qrzxenwej8ff8XZ8HU/Hz/FyfBwPx7/xbnwbz8av8Wp8Go/Gn/FmfBlPTpd3przd8saD8V+8F9/Fc3Pljdfis3gs/oq34qt4Kn6Kl+KjeCj+iXfim3gmfolX4pN4JP6IN+KLeGK+OrsP8UO8EB/EA7n/ufu595vKm/ueu557njue+527nXudO537nLuce5w7nPubu5t7mzub+5q7mnuaO5r7mbuZe7lQ3sXq7G+ovJPlbdTGm83exFiv3qjP1MY63Xar1mx1x9v1dr3Vbq0aazcavXazPdHpdiZqnXqz0avPtjqN2Vr/Wxz4XbVz++rT5ffQXXpLZ+krXaWndHSq6neTXtJJ+kgX6SEdpH90j97ROfpG1+gZHaNfdIte0Sn6RJfoER3i70B36A2doS90hZ7Qkbmq3w16QSfoA12gB3SA/JN9ck/myTtZJ+dknHyTbXJNpskzWSbHZHi+6meWvJJVckpGySfZJJdkkjySRXJIBskf2SN3ZI68kTVyRsbIF9kiV2SKPJElckSGyA/ZWRj4/4xzcSkexaH4M+7EmfgSV+JJHIkfcSNexIn4EBfiQRyI/3Af3sN5+A7X4Tkch99w20jVdxkew2H4C3fhLZw1WvVdhadwFH7CTXgJJ+EjXISHcBD+wT14B+fgG1yDZ3AMfsEteGX5wL/B4HcagYvq9oASAAA="} \ No newline at end of file From 2a452face42ba799ad2b4f6922feaf07b5d7d23c Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Thu, 2 Nov 2023 17:48:15 +0000 Subject: [PATCH 04/21] forge install: forge-std v1.7.1 --- .gitmodules | 3 +++ barretenberg/acir_tests/sol-test /contracts/lib/forge-std | 1 + 2 files changed, 4 insertions(+) create mode 160000 barretenberg/acir_tests/sol-test /contracts/lib/forge-std diff --git a/.gitmodules b/.gitmodules index f643e34f4ca5..bdb34041e58a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -13,3 +13,6 @@ [submodule "barretenberg/sol/lib/openzeppelin-contracts"] path = barretenberg/sol/lib/openzeppelin-contracts url = https://github.com/OpenZeppelin/openzeppelin-contracts +[submodule "barretenberg/acir_tests/sol-test /contracts/lib/forge-std"] + path = barretenberg/acir_tests/sol-test /contracts/lib/forge-std + url = https://github.com/foundry-rs/forge-std diff --git a/barretenberg/acir_tests/sol-test /contracts/lib/forge-std b/barretenberg/acir_tests/sol-test /contracts/lib/forge-std new file mode 160000 index 000000000000..f73c73d2018e --- /dev/null +++ b/barretenberg/acir_tests/sol-test /contracts/lib/forge-std @@ -0,0 +1 @@ +Subproject commit f73c73d2018eb6a111f35e4dae7b4f27401e9421 From de859eeadb168b25e79eea828d36d606b59f1e21 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Thu, 2 Nov 2023 22:14:19 +0000 Subject: [PATCH 05/21] fix: sol cleanup --- .../contracts/.github/workflows/test.yml | 34 ----- .../acir_tests/sol-test /contracts/.gitignore | 14 -- .../sol-test /contracts/Foundry.toml | 0 .../acir_tests/sol-test /contracts/README.md | 66 ---------- .../sol-test /contracts/foundry.toml | 6 - .../sol-test /contracts/script/Counter.s.sol | 12 -- .../sol-test /contracts/src/Counter.sol | 14 -- .../sol-test /contracts/test/Counter.t.sol | 24 ---- .../acir_tests/sol-test /package.json | 16 --- .../acir_tests/sol-test /tsconfig.json | 19 --- barretenberg/acir_tests/sol-test /yarn.lock | 124 ------------------ 11 files changed, 329 deletions(-) delete mode 100644 barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml delete mode 100644 barretenberg/acir_tests/sol-test /contracts/.gitignore delete mode 100644 barretenberg/acir_tests/sol-test /contracts/Foundry.toml delete mode 100644 barretenberg/acir_tests/sol-test /contracts/README.md delete mode 100644 barretenberg/acir_tests/sol-test /contracts/foundry.toml delete mode 100644 barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol delete mode 100644 barretenberg/acir_tests/sol-test /contracts/src/Counter.sol delete mode 100644 barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol delete mode 100644 barretenberg/acir_tests/sol-test /package.json delete mode 100644 barretenberg/acir_tests/sol-test /tsconfig.json delete mode 100644 barretenberg/acir_tests/sol-test /yarn.lock diff --git a/barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml b/barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml deleted file mode 100644 index 09880b1d79a7..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/.github/workflows/test.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: test - -on: workflow_dispatch - -env: - FOUNDRY_PROFILE: ci - -jobs: - check: - strategy: - fail-fast: true - - name: Foundry project - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 - with: - version: nightly - - - name: Run Forge build - run: | - forge --version - forge build --sizes - id: build - - - name: Run Forge tests - run: | - forge test -vvv - id: test diff --git a/barretenberg/acir_tests/sol-test /contracts/.gitignore b/barretenberg/acir_tests/sol-test /contracts/.gitignore deleted file mode 100644 index 85198aaa55b8..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -# Compiler files -cache/ -out/ - -# Ignores development broadcast logs -!/broadcast -/broadcast/*/31337/ -/broadcast/**/dry-run/ - -# Docs -docs/ - -# Dotenv file -.env diff --git a/barretenberg/acir_tests/sol-test /contracts/Foundry.toml b/barretenberg/acir_tests/sol-test /contracts/Foundry.toml deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/barretenberg/acir_tests/sol-test /contracts/README.md b/barretenberg/acir_tests/sol-test /contracts/README.md deleted file mode 100644 index 9265b4558406..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/README.md +++ /dev/null @@ -1,66 +0,0 @@ -## Foundry - -**Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.** - -Foundry consists of: - -- **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools). -- **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data. -- **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network. -- **Chisel**: Fast, utilitarian, and verbose solidity REPL. - -## Documentation - -https://book.getfoundry.sh/ - -## Usage - -### Build - -```shell -$ forge build -``` - -### Test - -```shell -$ forge test -``` - -### Format - -```shell -$ forge fmt -``` - -### Gas Snapshots - -```shell -$ forge snapshot -``` - -### Anvil - -```shell -$ anvil -``` - -### Deploy - -```shell -$ forge script script/Counter.s.sol:CounterScript --rpc-url --private-key -``` - -### Cast - -```shell -$ cast -``` - -### Help - -```shell -$ forge --help -$ anvil --help -$ cast --help -``` diff --git a/barretenberg/acir_tests/sol-test /contracts/foundry.toml b/barretenberg/acir_tests/sol-test /contracts/foundry.toml deleted file mode 100644 index e883058fb294..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/foundry.toml +++ /dev/null @@ -1,6 +0,0 @@ -[profile.default] -src = "src" -out = "out" -libs = ["lib"] - -# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol b/barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol deleted file mode 100644 index 1a47b40b82aa..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/script/Counter.s.sol +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: UNLICENSED -pragma solidity ^0.8.13; - -import {Script, console2} from "forge-std/Script.sol"; - -contract CounterScript is Script { - function setUp() public {} - - function run() public { - vm.broadcast(); - } -} diff --git a/barretenberg/acir_tests/sol-test /contracts/src/Counter.sol b/barretenberg/acir_tests/sol-test /contracts/src/Counter.sol deleted file mode 100644 index aded7997b0c3..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/src/Counter.sol +++ /dev/null @@ -1,14 +0,0 @@ -// SPDX-License-Identifier: UNLICENSED -pragma solidity ^0.8.13; - -contract Counter { - uint256 public number; - - function setNumber(uint256 newNumber) public { - number = newNumber; - } - - function increment() public { - number++; - } -} diff --git a/barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol b/barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol deleted file mode 100644 index c0dfa7d75473..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/test/Counter.t.sol +++ /dev/null @@ -1,24 +0,0 @@ -// SPDX-License-Identifier: UNLICENSED -pragma solidity ^0.8.13; - -import {Test, console2} from "forge-std/Test.sol"; -import {Counter} from "../src/Counter.sol"; - -contract CounterTest is Test { - Counter public counter; - - function setUp() public { - counter = new Counter(); - counter.setNumber(0); - } - - function testIncrement() public { - counter.increment(); - assertEq(counter.number(), 1); - } - - function testSetNumber(uint256 x) public { - counter.setNumber(x); - assertEq(counter.number(), x); - } -} diff --git a/barretenberg/acir_tests/sol-test /package.json b/barretenberg/acir_tests/sol-test /package.json deleted file mode 100644 index 50ee3a80f628..000000000000 --- a/barretenberg/acir_tests/sol-test /package.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "headless-test", - "version": "1.0.0", - "main": "index.js", - "license": "MIT", - "type": "module", - "scripts": { - "start": "ts-node-esm ./src/index.ts" - }, - "dependencies": {}, - "devDependencies": { - "@types/node": "^20.8.10", - "ts-node": "^10.9.1", - "typescript": "^5.2.2" - } -} diff --git a/barretenberg/acir_tests/sol-test /tsconfig.json b/barretenberg/acir_tests/sol-test /tsconfig.json deleted file mode 100644 index 13c452bfd97d..000000000000 --- a/barretenberg/acir_tests/sol-test /tsconfig.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "compilerOptions": { - "target": "es2020", - "lib": ["dom", "esnext", "es2017.object"], - "module": "NodeNext", - "strict": true, - "declaration": true, - "allowSyntheticDefaultImports": true, - "esModuleInterop": true, - "downlevelIteration": true, - "inlineSourceMap": true, - "declarationMap": true, - "importHelpers": true, - "resolveJsonModule": true, - "outDir": "dest", - "rootDir": "src" - }, - "include": ["src"] -} diff --git a/barretenberg/acir_tests/sol-test /yarn.lock b/barretenberg/acir_tests/sol-test /yarn.lock deleted file mode 100644 index 27da3a023eb2..000000000000 --- a/barretenberg/acir_tests/sol-test /yarn.lock +++ /dev/null @@ -1,124 +0,0 @@ -# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. -# yarn lockfile v1 - - -"@cspotcode/source-map-support@^0.8.0": - version "0.8.1" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" - integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== - dependencies: - "@jridgewell/trace-mapping" "0.3.9" - -"@jridgewell/resolve-uri@^3.0.3": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" - integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== - -"@jridgewell/sourcemap-codec@^1.4.10": - version "1.4.15" - resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" - integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== - -"@jridgewell/trace-mapping@0.3.9": - version "0.3.9" - resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" - integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== - dependencies: - "@jridgewell/resolve-uri" "^3.0.3" - "@jridgewell/sourcemap-codec" "^1.4.10" - -"@tsconfig/node10@^1.0.7": - version "1.0.9" - resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2" - integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA== - -"@tsconfig/node12@^1.0.7": - version "1.0.11" - resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d" - integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag== - -"@tsconfig/node14@^1.0.0": - version "1.0.3" - resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1" - integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow== - -"@tsconfig/node16@^1.0.2": - version "1.0.4" - resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9" - integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA== - -"@types/node@^20.8.10": - version "20.8.10" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.8.10.tgz#a5448b895c753ae929c26ce85cab557c6d4a365e" - integrity sha512-TlgT8JntpcbmKUFzjhsyhGfP2fsiz1Mv56im6enJ905xG1DAYesxJaeSbGqQmAw8OWPdhyJGhGSQGKRNJ45u9w== - dependencies: - undici-types "~5.26.4" - -acorn-walk@^8.1.1: - version "8.2.0" - resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1" - integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA== - -acorn@^8.4.1: - version "8.10.0" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.10.0.tgz#8be5b3907a67221a81ab23c7889c4c5526b62ec5" - integrity sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw== - -arg@^4.1.0: - version "4.1.3" - resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" - integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA== - -create-require@^1.1.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" - integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== - -diff@^4.0.1: - version "4.0.2" - resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" - integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== - -make-error@^1.1.1: - version "1.3.6" - resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2" - integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== - -ts-node@^10.9.1: - version "10.9.1" - resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b" - integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== - dependencies: - "@cspotcode/source-map-support" "^0.8.0" - "@tsconfig/node10" "^1.0.7" - "@tsconfig/node12" "^1.0.7" - "@tsconfig/node14" "^1.0.0" - "@tsconfig/node16" "^1.0.2" - acorn "^8.4.1" - acorn-walk "^8.1.1" - arg "^4.1.0" - create-require "^1.1.0" - diff "^4.0.1" - make-error "^1.1.1" - v8-compile-cache-lib "^3.0.1" - yn "3.1.1" - -typescript@^5.2.2: - version "5.2.2" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.2.2.tgz#5ebb5e5a5b75f085f22bc3f8460fba308310fa78" - integrity sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w== - -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== - -v8-compile-cache-lib@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" - integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== - -yn@3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50" - integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q== From b2ab76bd6b8fc6258990c6a35b9e49231db1e40f Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Thu, 2 Nov 2023 22:14:57 +0000 Subject: [PATCH 06/21] fix: more cleanup --- barretenberg/acir_tests/flows/all_cmds.sh | 6 +- barretenberg/acir_tests/flows/gates.sh | 4 + barretenberg/acir_tests/flows/sol.sh | 52 + barretenberg/acir_tests/run_acir_tests.sh | 3 +- .../sol-test /contracts/lib/forge-std | 1 - .../acir_tests/sol-test /src/index.ts | 80 - barretenberg/acir_tests/sol-test/package.json | 13 + barretenberg/acir_tests/sol-test/proof | Bin 0 -> 2144 bytes .../sol-test/src/contracts/.gitignore | 14 + .../sol-test/src/contracts/foundry.toml | 6 + .../sol-test/src/contracts/src/Key.sol | 72 + .../sol-test/src/contracts/src/Test.sol | 16 + .../sol-test/src/contracts/src/Verifier.sol | 2560 +++++++++++++++++ barretenberg/acir_tests/sol-test/src/index.js | 153 + barretenberg/acir_tests/sol-test/yarn.lock | 174 ++ .../acir_tests/solidity_tests/TODO.md | 8 - .../acir_tests/solidity_tests/temp.js | 2 - barretenberg/cpp/src/barretenberg/bb/main.cpp | 6 +- .../acir_format/acir_to_constraint_buf.hpp | 4 + .../dsl/acir_proofs/acir_composer.cpp | 1 + .../dsl/acir_proofs/acir_composer.hpp | 2 + .../plonk/proof_system/prover/prover.cpp | 8 +- .../permutation_widget_impl.hpp | 2 +- .../random_widgets/plookup_widget_impl.hpp | 4 +- .../circuit_builder/ultra_circuit_builder.hpp | 2 + .../barretenberg/transcript/transcript.cpp | 6 +- barretenberg/cpp/yarn.lock | 4 + barretenberg/temp/Nargo.toml | 7 - barretenberg/temp/Prover.toml | 209 -- barretenberg/temp/Verifier.toml | 2 - barretenberg/temp/proofs/temp.proof | 1 - barretenberg/temp/src/main.nr | 5 - barretenberg/temp/target/acir | 1 - barretenberg/temp/target/debug_temp.json | 1 - barretenberg/temp/target/temp.json | 1 - 35 files changed, 3094 insertions(+), 336 deletions(-) create mode 100755 barretenberg/acir_tests/flows/gates.sh create mode 100755 barretenberg/acir_tests/flows/sol.sh delete mode 160000 barretenberg/acir_tests/sol-test /contracts/lib/forge-std delete mode 100644 barretenberg/acir_tests/sol-test /src/index.ts create mode 100644 barretenberg/acir_tests/sol-test/package.json create mode 100644 barretenberg/acir_tests/sol-test/proof create mode 100644 barretenberg/acir_tests/sol-test/src/contracts/.gitignore create mode 100644 barretenberg/acir_tests/sol-test/src/contracts/foundry.toml create mode 100644 barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol create mode 100644 barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol create mode 100644 barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol create mode 100644 barretenberg/acir_tests/sol-test/src/index.js create mode 100644 barretenberg/acir_tests/sol-test/yarn.lock delete mode 100644 barretenberg/acir_tests/solidity_tests/TODO.md delete mode 100644 barretenberg/acir_tests/solidity_tests/temp.js create mode 100644 barretenberg/cpp/yarn.lock delete mode 100644 barretenberg/temp/Nargo.toml delete mode 100644 barretenberg/temp/Prover.toml delete mode 100644 barretenberg/temp/Verifier.toml delete mode 100644 barretenberg/temp/proofs/temp.proof delete mode 100644 barretenberg/temp/src/main.nr delete mode 100644 barretenberg/temp/target/acir delete mode 100644 barretenberg/temp/target/debug_temp.json delete mode 100644 barretenberg/temp/target/temp.json diff --git a/barretenberg/acir_tests/flows/all_cmds.sh b/barretenberg/acir_tests/flows/all_cmds.sh index 68d9bbbc0c62..29c1c4cec6f4 100755 --- a/barretenberg/acir_tests/flows/all_cmds.sh +++ b/barretenberg/acir_tests/flows/all_cmds.sh @@ -11,11 +11,10 @@ BFLAG="-b ./target/acir.gz" FLAGS="-c $CRS_PATH $VFLAG" # Test we can perform the proof/verify flow. -$BIN gates $FLAGS $BFLAG > /dev/null +# $BIN gates $FLAGS $BFLAG > /dev/null $BIN prove -o proof $FLAGS $BFLAG $BIN write_vk -o vk $FLAGS $BFLAG $BIN verify -k vk -p proof $FLAGS -$BIN contract -k vk $FLAGS # Check supplemental functions. # Grep to determine success. @@ -24,4 +23,5 @@ $BIN contract -k vk $BFLAG -o - | grep "Verification Key Hash" > /dev/null OUTPUT=$($BIN proof_as_fields -k vk -p proof -o - | jq .) [ -n "$OUTPUT" ] || exit 1 OUTPUT=$($BIN vk_as_fields -k vk -o - | jq .) -[ -n "$OUTPUT" ] || exit 1 \ No newline at end of file +[ -n "$OUTPUT" ] || exit 1 + diff --git a/barretenberg/acir_tests/flows/gates.sh b/barretenberg/acir_tests/flows/gates.sh new file mode 100755 index 000000000000..46be382e1dc0 --- /dev/null +++ b/barretenberg/acir_tests/flows/gates.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +$BIN gates -k vk -b ./target/acir.gz \ No newline at end of file diff --git a/barretenberg/acir_tests/flows/sol.sh b/barretenberg/acir_tests/flows/sol.sh new file mode 100755 index 000000000000..1c1fedb228db --- /dev/null +++ b/barretenberg/acir_tests/flows/sol.sh @@ -0,0 +1,52 @@ + +#!/bin/sh +set -eu + +# anvil & + +TEST_PATH="../../sol-test" +CONTRACTS_PATH="$TEST_PATH/src/contracts" +WITNESS_PATH="$(pwd)/target/witness.gz" +PROOF_PATH="$(pwd)/proof" +PROOF_AS_FIELDS_PATH="$(pwd)/proof_fields.json" + +# if [ -n "$VERBOSE" ]; then + + gates=$($BIN gates -v 2>&1 | tr -d '\0') + NUM_PUBLIC_INPUTS=$(echo "$gates" | grep -o 'public inputs: [0-9]*' | awk '{print $3}') + + $BIN prove -o proof + $BIN write_vk -o vk + $BIN proof_as_fields -k vk -c $CRS_PATH -p $PROOF_PATH + $BIN contract -k vk -c $CRS_PATH -b ./target/acir.gz -o $CONTRACTS_PATH/src/Key.sol + + # $BIN prove -v -o proof + # $BIN write_vk -v -o vk + # $BIN contract -k vk -v -c $CRS_PATH -b ./target/acir.gz + +(cd $CONTRACTS_PATH; forge build --silent) > /dev/null + +export PROOF=$PROOF_PATH +export PROOF_AS_FIELDS=$PROOF_AS_FIELDS_PATH +export WITNESS=$WITNESS_PATH +export NUM_PUBLIC_INPUTS=$NUM_PUBLIC_INPUTS +# (cd ../../sol-test; node src/index.js > /dev/null 2>&1) +(cd ../../sol-test; node src/index.js) + + + + + + + +# else +# gates=$($BIN gates -v) +# echo "$gates" +# NUM_PUBLIC_INPUTS=$(echo "$gates" | grep -o 'public inputs: [0-9]*' | awk '{print $3}') +# echo "NUM_PUBLIC_INPUTS: $NUM_PUBLIC_INPUTS" + +# $BIN gates +# $BIN prove -o proof +# $BIN write_vk -o vk +# $BIN contract -k vk -c $CRS_PATH -b ./target/acir.gz -o $CONTRACTS_PATH/src/Key.sol +# fi \ No newline at end of file diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index 6121588d3919..1866df5e16d0 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -66,7 +66,8 @@ function test() { if [ "${#TEST_NAMES[@]}" -ne 0 ]; then for NAMED_TEST in "${TEST_NAMES[@]}"; do - echo -n "Testing $NAMED_TEST... " + # echo -n "Testing $NAMED_TEST... " + echo "Testing $NAMED_TEST... " test $NAMED_TEST done else diff --git a/barretenberg/acir_tests/sol-test /contracts/lib/forge-std b/barretenberg/acir_tests/sol-test /contracts/lib/forge-std deleted file mode 160000 index f73c73d2018e..000000000000 --- a/barretenberg/acir_tests/sol-test /contracts/lib/forge-std +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f73c73d2018eb6a111f35e4dae7b4f27401e9421 diff --git a/barretenberg/acir_tests/sol-test /src/index.ts b/barretenberg/acir_tests/sol-test /src/index.ts deleted file mode 100644 index 84a2ef984a75..000000000000 --- a/barretenberg/acir_tests/sol-test /src/index.ts +++ /dev/null @@ -1,80 +0,0 @@ -import fs from "fs"; -import { gunzipSync } from "zlib"; -import os from "os"; -import {spawn} from "child_process"; - - -const readBytecodeFile = (path: string): Uint8Array => { - const data = fs.readFileSync(path); - const buffer = gunzipSync(data); - return buffer; -}; - -const readWitnessFile = (path: string): Uint8Array => { - const buffer = fs.readFileSync(path); - return gunzipSync(buffer); -}; - - -const launchAnvil = async () => { - const handle = spawn("anvil"); - console.log("Anvil Launched"); - handle.on("close", (code) => { - console.log(`anvil exited with code ${code}`) - }); - - // wait until the anvil instance is ready on port 8545 - await new Promise((resolve) => { - handle.stdout.on("data", (data) => { - const str = data.toString(); - if (str.includes("Listening on")) { - console.log("Anvil Ready"); - resolve(undefined); - } - }); - }); - - return handle; -} - -// start anvil -async function main() { - const anvil = await launchAnvil(); - const killAnvil = () => { - anvil.kill(); - } - - // Get the contract artifact - - - - - // Kill anvil at the end of running - killAnvil(); -} - - - - -// Create a proof for the given ACIR - - -// Deploy the solidity contract - -// Run the test - - -// Set up the command-line interface -// const acir = readBytecodeFile(bytecodePath); -// const witness = readWitnessFile(witnessPath); -// const threads = Math.min(os.cpus().length, 16); - - -// // Convert the input data to Uint8Arrays within the browser context -// const acirUint8Array = new Uint8Array(acirData as number[]); -// const witnessUint8Array = new Uint8Array(witnessData as number[]); - - - -main() - diff --git a/barretenberg/acir_tests/sol-test/package.json b/barretenberg/acir_tests/sol-test/package.json new file mode 100644 index 000000000000..38b5d87ae884 --- /dev/null +++ b/barretenberg/acir_tests/sol-test/package.json @@ -0,0 +1,13 @@ +{ + "name": "headless-test", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "type": "module", + "scripts": { + "start": "node ./src/index.js" + }, + "dependencies": { + "ethers": "^6.8.1" + } +} diff --git a/barretenberg/acir_tests/sol-test/proof b/barretenberg/acir_tests/sol-test/proof new file mode 100644 index 0000000000000000000000000000000000000000..fbbc62094e5f989389309c952583b821d51b8a1c GIT binary patch literal 2144 zcmV-m2%q;E4h*6h0Jc!raBQk!Ap@Z7&@J>dm}Mierx7KmT8QE!suT9cLe2~3SMG9% zym8o0+`vqS5s^JEW6%zUx229CiT2@GrQ?CqueK9Apu_JM z@G=y#Xjg%y!(HSn)(xa9GU&9PMAS1DI)RKrnTOg1mS~kWsQ>pU&elBnmsO|y&4q~s z2k7go29!(;nse?WvH875hi9y?W`!H)K4M1cfAa_SwlA*A5|%!zA6AD2hBkGzVym6b zd5rJiBCH0x&KaxDIPnCpZ51JF0X8l)8_{-mN2tiGYFMygz9s^8%*iXtgP zM=-nDv4nh(WK>FRmy?YP<&dRH?RSxv%r`3=E(U8bKVDVbNld50UL0vyI0e^<%~EMB zR(a`a1mBenrbk_Zl3MzQz)_#zJtAxUjZFf!pMj?2bFl+O)h(P0TpMex@H+cVd*@GRidB5?z+4_}vnkU<6Q=f= zkKukAQvT3#6iS>Ei~L(iq}}OF>CXFrc6zdthCL?HP79wP%r0fc0pl z^07W8TEiYO2C)`O>!mU6Ge`4L29N_J=hL?a&+<^t^YczMEKjZ}k@nvGpwRL4m4Lsg zu!k9+}GBI@pN5F2qyx#-mgeD9|6uc7-V&m_%(z(V9}es-x5e-z}w@ZeDJ zroW8L-MCb^UVy11GD71wbLYKv$^88?P0xM}`b=o4V`~*g|6k9s-fWx&^VI4m7SG`t zTVG|y91@!OqY!88m2cdrq7|RRX(~i7U>U#MDPQKD3hoBRs4v1L{RDR4;=Dj=GAB&X zEAn6v1NU+AA*X?8x2Bg=w}w5bdE6UDLbIc`BlCa&n+Jv>j!D=#I3-!=n${-{<6`;$n_S@a_QR97wh$L{H7{>X=gnfoifG z51tE8`tVL&0m-h4PgEfNTJzf=f*7U$AFffBHWK!|$1sw5PxMVR6g|&b=rx3dXr#*y z*Gy3|Ggk1=F^s||kP|Ym8yHHbMfxb+akA@E;OG`FCcrodR+dctX*iiR^`ds>z(wNJ zXNUO>FFipC;_`?TjI4w@Zr=hc&L`O%&Or$q48N&QfLWy~l5KpXy;wmIKKOE0>op;j z{rpG`TN-7i&`r~FCPtyNQ03!tg(nm$Ag8}&#lZ<2?9ss7g$4GmEsjA~UO=)f>iu?s3;O>5S zom&t0NBIF{&AQUDFNcR}F#_sHgPJO;!glQr!$3O}dGP$43UC2|z<^8`!;qt|jVQZ1 zP+*~4&NK}jsUa`^XMOgaNs?#D^+l2|qbh?8G)O=#h?m(wWSm+i7G3$v&-V`#6N+yu z*2_4arhKAB?ef#Q&mub2jMx8$)!*6s4u!(cesUBWsgbE%M zP56%e>fUe$Z0IW#DpL&$EyH^!FRbLO1qM!}E4@onVJeVfG*3f3kMu%_6X;n5=U`OJ z?nYW(LAJSURUPa=gJ;_s>WAcgey2I04BhJl72H$$sbRc!Pd}`1w_z=cvSiVu)nx(3u`W!Op+MYdA6nol;#!EF~0-<;hye WVZoz~eD)XFB(D!b>`jsW6dKBkp(Bj| literal 0 HcmV?d00001 diff --git a/barretenberg/acir_tests/sol-test/src/contracts/.gitignore b/barretenberg/acir_tests/sol-test/src/contracts/.gitignore new file mode 100644 index 000000000000..85198aaa55b8 --- /dev/null +++ b/barretenberg/acir_tests/sol-test/src/contracts/.gitignore @@ -0,0 +1,14 @@ +# Compiler files +cache/ +out/ + +# Ignores development broadcast logs +!/broadcast +/broadcast/*/31337/ +/broadcast/**/dry-run/ + +# Docs +docs/ + +# Dotenv file +.env diff --git a/barretenberg/acir_tests/sol-test/src/contracts/foundry.toml b/barretenberg/acir_tests/sol-test/src/contracts/foundry.toml new file mode 100644 index 000000000000..e883058fb294 --- /dev/null +++ b/barretenberg/acir_tests/sol-test/src/contracts/foundry.toml @@ -0,0 +1,6 @@ +[profile.default] +src = "src" +out = "out" +libs = ["lib"] + +# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol b/barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol new file mode 100644 index 000000000000..97977402a9b4 --- /dev/null +++ b/barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol @@ -0,0 +1,72 @@ +// Verification Key Hash: 08cb50f133d8799beba0350f03b7d0e56fe1ecabaa5dd3140d1078fa30182619 +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Aztec +pragma solidity >=0.8.4; + +library UltraVerificationKey { + function verificationKeyHash() internal pure returns(bytes32) { + return 0x08cb50f133d8799beba0350f03b7d0e56fe1ecabaa5dd3140d1078fa30182619; + } + + function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { + assembly { + mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000080000) // vk.circuit_size + mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000010) // vk.num_inputs + mstore(add(_vk, 0x40), 0x2260e724844bca5251829353968e4915305258418357473a5c1d597f613f6cbd) // vk.work_root + mstore(add(_vk, 0x60), 0x3064486657634403844b0eac78ca882cfd284341fcb0615a15cfcd17b14d8201) // vk.domain_inverse + mstore(add(_vk, 0x80), 0x12a0f5ff7d26c3826ac79b850f8ba31d24e07505751f1e4c70c8ed5919af08e1) // vk.Q1.x + mstore(add(_vk, 0xa0), 0x161d4940c71cc45f179665eb090af82a9ba911b6736a2eea9d6cd966662205ff) // vk.Q1.y + mstore(add(_vk, 0xc0), 0x159f7f8fbd9d64c5681c04aec9d3bf7997d899fa1f39485f1042f3ead3a105ca) // vk.Q2.x + mstore(add(_vk, 0xe0), 0x0851200583ba0caae80442a2dd47358c6ab2bbed7b18f2225fd393d1426f0591) // vk.Q2.y + mstore(add(_vk, 0x100), 0x18530c1f86d2cf6024fe31ca984ff8c062052499c08f3ba3b95e51adccfeec52) // vk.Q3.x + mstore(add(_vk, 0x120), 0x1e5b70b70c84124466cea7a7caf88ee09a6b522d6066009422d0df4a2acdbd5d) // vk.Q3.y + mstore(add(_vk, 0x140), 0x2062f85a4fbea66c0ac70fe0238a5b7d075050ff0dc53b46161d4364766e633a) // vk.Q4.x + mstore(add(_vk, 0x160), 0x1e00321717ce90f481718f0a7e7a09769cb12ef948de1dccbb097b8d861696d1) // vk.Q4.y + mstore(add(_vk, 0x180), 0x1b39889163aa4d888198d41c19a01494c55d3dc58e14308f212edc3e5ce4ecfc) // vk.Q_M.x + mstore(add(_vk, 0x1a0), 0x29e99aa96ca6fa664d61f4dda17c908c364ede89c4c2e1492ef74f7d9a4c3946) // vk.Q_M.y + mstore(add(_vk, 0x1c0), 0x2cd3d1930c3093ca25d7b6c0def3d80d2184cad58da3b94938bc5776b45c0899) // vk.Q_C.x + mstore(add(_vk, 0x1e0), 0x2d7850284634606b54d9204c6a45fae05ce5ff7080e116237f97505f029f3728) // vk.Q_C.y + mstore(add(_vk, 0x200), 0x0d818ab043ebe7c76f961eeb9dbc685456376e074c3cd22446e2361fc9d1e643) // vk.Q_ARITHMETIC.x + mstore(add(_vk, 0x220), 0x20b6b3509ddbda7baebb9769923ca6046e3c7e816123aac254667d9a964908c5) // vk.Q_ARITHMETIC.y + mstore(add(_vk, 0x240), 0x0e4d1f25873b71b1d3684fcd72f92ca43f0cae896706bedc7be7546cf3914372) // vk.QSORT.x + mstore(add(_vk, 0x260), 0x20cca69394f8f64c8414dd1c93c76cf7fe1fa95200e64f6e239ab35dca89fb4e) // vk.QSORT.y + mstore(add(_vk, 0x280), 0x303587022a3705d1918aec6b23296bc4631493b8f67844170c461ede54edf455) // vk.Q_ELLIPTIC.x + mstore(add(_vk, 0x2a0), 0x1f184b6844676c182112a60ca447810251bb4a5b0f6acd975f66aca66e8bc54c) // vk.Q_ELLIPTIC.y + mstore(add(_vk, 0x2c0), 0x1bbc5f8a33374772ae5af40f3d17cc07387e36d0feac1a6274421d24796e16be) // vk.Q_AUX.x + mstore(add(_vk, 0x2e0), 0x0e9bc4472e9491328673c2118574c538fff863973449a6eca42b8285a3695002) // vk.Q_AUX.y + mstore(add(_vk, 0x300), 0x0193ff19eca736a81fcd13b7822a7bda04e3ec791bba453a7678dca0a0e83418) // vk.SIGMA1.x + mstore(add(_vk, 0x320), 0x11f8b1580d61fce65ac87d234e167bf2c1340d404905bb203c0853683dbc8ae4) // vk.SIGMA1.y + mstore(add(_vk, 0x340), 0x24a473ad1cfd6dea405398e9d25999a03316e53ccdd39f47ce7fe8eb2aa56d7d) // vk.SIGMA2.x + mstore(add(_vk, 0x360), 0x1ed15290b19173ab60dc6b961f0196bb6de6b6e0c9a0b61fedccb84f98807fc1) // vk.SIGMA2.y + mstore(add(_vk, 0x380), 0x080ffc991b8c35f19951c8c717524213b416fdf5f603ff123b29771ccd78b325) // vk.SIGMA3.x + mstore(add(_vk, 0x3a0), 0x09d3a6849ada0c8b666a9b3a6184560c7eadb5c8db92d630f6974e1d903f0446) // vk.SIGMA3.y + mstore(add(_vk, 0x3c0), 0x0b65b24709ace712e4a67da7e2c7b6e05efc4847cfb6187a29d6b86a16db9982) // vk.SIGMA4.x + mstore(add(_vk, 0x3e0), 0x2f5fea687f63d33de847a3cad2dbe3bbe4545089846e917120a2a10f4d5aa538) // vk.SIGMA4.y + mstore(add(_vk, 0x400), 0x0ddc3b6d8e59cf0996ca71ad4132ca9d618ffd933cf58a8a0953dc76f97cf108) // vk.TABLE1.x + mstore(add(_vk, 0x420), 0x153193287060386695f4f2d0d3525dec4c6a253f431d3f3fc06aa0e5b0448b8c) // vk.TABLE1.y + mstore(add(_vk, 0x440), 0x1170f0ece62f8c572bca96b141d27f4bd25585edb9319128045c005d48491b1e) // vk.TABLE2.x + mstore(add(_vk, 0x460), 0x246cd041690f653f88ed0c56ad282a3dd2e37b8edb1f56b785809d7710bf1c88) // vk.TABLE2.y + mstore(add(_vk, 0x480), 0x26153c937447356a0c6d6be09d85eb34bc8a00ce9d452888e5fc2b5a7e14fed7) // vk.TABLE3.x + mstore(add(_vk, 0x4a0), 0x189da022421fbd8dfd7973084d978e555388ad9364679246b07992f84b4e91b2) // vk.TABLE3.y + mstore(add(_vk, 0x4c0), 0x285311c5e9a4cbb56a3f04f29d5443e8c0f9753e2a5a35acec051fafe2cecce5) // vk.TABLE4.x + mstore(add(_vk, 0x4e0), 0x2436400260c9d3180beedd0bf49fec92d2d0ac76a1be7f1fad96cbd997175312) // vk.TABLE4.y + mstore(add(_vk, 0x500), 0x2fc4d853b4c27e7e786acbdcf923f480b6319b64010387b20567a2a77c0af526) // vk.TABLE_TYPE.x + mstore(add(_vk, 0x520), 0x2b622e477101c5031408649f94dca70af298e2674a43c0510732b8ecd497168b) // vk.TABLE_TYPE.y + mstore(add(_vk, 0x540), 0x045773114cf89e3a78d27c460766f93348c6a41a91cfead506356b479bbf11f5) // vk.ID1.x + mstore(add(_vk, 0x560), 0x144f66362e3d2c0358a1d9133b11c78c81755727c9596e527b794989481f5745) // vk.ID1.y + mstore(add(_vk, 0x580), 0x0faf560e0a7b195a8438ce3752ff10b3aa25ef949b12058696ad41d3b5892c52) // vk.ID2.x + mstore(add(_vk, 0x5a0), 0x1ccbcd7fc0e505b2b9fc826a909f0d5d96be17141fa7f7bb9c26ce80d4a216cc) // vk.ID2.y + mstore(add(_vk, 0x5c0), 0x084785e3d73b6963b15b2dad4ee12c15a23e84837dc95d1ad8a93cdaf92a4eec) // vk.ID3.x + mstore(add(_vk, 0x5e0), 0x2a26e01d253617b778db8ba08b9bc3f19f7ca9c514f6ee7bd39a0784e790e76a) // vk.ID3.y + mstore(add(_vk, 0x600), 0x2c44a0d9719d3df20016b9475ba90e0e82cabbd6e00e14bb1fdc099199a67be3) // vk.ID4.x + mstore(add(_vk, 0x620), 0x0b2cab5b56a3772a6eaf946d5a94bf85cef356d42e71db12960bba7848e5297b) // vk.ID4.y + mstore(add(_vk, 0x640), 0x01) // vk.contains_recursive_proof + mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices + mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 + mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 + mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 + mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 + mstore(_omegaInverseLoc, 0x06e402c0a314fb67a15cf806664ae1b722dbc0efe66e6c81d98f9924ca535321) // vk.work_root_inverse + } + } +} diff --git a/barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol b/barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol new file mode 100644 index 000000000000..0ee39f166882 --- /dev/null +++ b/barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol @@ -0,0 +1,16 @@ +pragma solidity >=0.8.4; + +import {Verifier} from "./Verifier.sol"; + +contract Test { + Verifier verifier; + + constructor() { + verifier = new Verifier(); + } + + function test(bytes calldata proof, bytes32[] calldata publicInputs) view public returns(bool) { + return verifier.verify(proof, publicInputs); + } +} + diff --git a/barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol b/barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol new file mode 100644 index 000000000000..7a422ce148eb --- /dev/null +++ b/barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol @@ -0,0 +1,2560 @@ + +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Aztec +pragma solidity >=0.8.4; + +import {UltraVerificationKey} from "./Key.sol"; + +/** + * @title Ultra Plonk proof verification contract + * @dev Top level Plonk proof verification contract, which allows Plonk proof to be verified + */ +abstract contract BaseUltraVerifier { + // VERIFICATION KEY MEMORY LOCATIONS + uint256 internal constant N_LOC = 0x380; + uint256 internal constant NUM_INPUTS_LOC = 0x3a0; + uint256 internal constant OMEGA_LOC = 0x3c0; + uint256 internal constant DOMAIN_INVERSE_LOC = 0x3e0; + uint256 internal constant Q1_X_LOC = 0x400; + uint256 internal constant Q1_Y_LOC = 0x420; + uint256 internal constant Q2_X_LOC = 0x440; + uint256 internal constant Q2_Y_LOC = 0x460; + uint256 internal constant Q3_X_LOC = 0x480; + uint256 internal constant Q3_Y_LOC = 0x4a0; + uint256 internal constant Q4_X_LOC = 0x4c0; + uint256 internal constant Q4_Y_LOC = 0x4e0; + uint256 internal constant QM_X_LOC = 0x500; + uint256 internal constant QM_Y_LOC = 0x520; + uint256 internal constant QC_X_LOC = 0x540; + uint256 internal constant QC_Y_LOC = 0x560; + uint256 internal constant QARITH_X_LOC = 0x580; + uint256 internal constant QARITH_Y_LOC = 0x5a0; + uint256 internal constant QSORT_X_LOC = 0x5c0; + uint256 internal constant QSORT_Y_LOC = 0x5e0; + uint256 internal constant QELLIPTIC_X_LOC = 0x600; + uint256 internal constant QELLIPTIC_Y_LOC = 0x620; + uint256 internal constant QAUX_X_LOC = 0x640; + uint256 internal constant QAUX_Y_LOC = 0x660; + uint256 internal constant SIGMA1_X_LOC = 0x680; + uint256 internal constant SIGMA1_Y_LOC = 0x6a0; + uint256 internal constant SIGMA2_X_LOC = 0x6c0; + uint256 internal constant SIGMA2_Y_LOC = 0x6e0; + uint256 internal constant SIGMA3_X_LOC = 0x700; + uint256 internal constant SIGMA3_Y_LOC = 0x720; + uint256 internal constant SIGMA4_X_LOC = 0x740; + uint256 internal constant SIGMA4_Y_LOC = 0x760; + uint256 internal constant TABLE1_X_LOC = 0x780; + uint256 internal constant TABLE1_Y_LOC = 0x7a0; + uint256 internal constant TABLE2_X_LOC = 0x7c0; + uint256 internal constant TABLE2_Y_LOC = 0x7e0; + uint256 internal constant TABLE3_X_LOC = 0x800; + uint256 internal constant TABLE3_Y_LOC = 0x820; + uint256 internal constant TABLE4_X_LOC = 0x840; + uint256 internal constant TABLE4_Y_LOC = 0x860; + uint256 internal constant TABLE_TYPE_X_LOC = 0x880; + uint256 internal constant TABLE_TYPE_Y_LOC = 0x8a0; + uint256 internal constant ID1_X_LOC = 0x8c0; + uint256 internal constant ID1_Y_LOC = 0x8e0; + uint256 internal constant ID2_X_LOC = 0x900; + uint256 internal constant ID2_Y_LOC = 0x920; + uint256 internal constant ID3_X_LOC = 0x940; + uint256 internal constant ID3_Y_LOC = 0x960; + uint256 internal constant ID4_X_LOC = 0x980; + uint256 internal constant ID4_Y_LOC = 0x9a0; + uint256 internal constant CONTAINS_RECURSIVE_PROOF_LOC = 0x9c0; + uint256 internal constant RECURSIVE_PROOF_PUBLIC_INPUT_INDICES_LOC = 0x9e0; + uint256 internal constant G2X_X0_LOC = 0xa00; + uint256 internal constant G2X_X1_LOC = 0xa20; + uint256 internal constant G2X_Y0_LOC = 0xa40; + uint256 internal constant G2X_Y1_LOC = 0xa60; + + // ### PROOF DATA MEMORY LOCATIONS + uint256 internal constant W1_X_LOC = 0x1200; + uint256 internal constant W1_Y_LOC = 0x1220; + uint256 internal constant W2_X_LOC = 0x1240; + uint256 internal constant W2_Y_LOC = 0x1260; + uint256 internal constant W3_X_LOC = 0x1280; + uint256 internal constant W3_Y_LOC = 0x12a0; + uint256 internal constant W4_X_LOC = 0x12c0; + uint256 internal constant W4_Y_LOC = 0x12e0; + uint256 internal constant S_X_LOC = 0x1300; + uint256 internal constant S_Y_LOC = 0x1320; + uint256 internal constant Z_X_LOC = 0x1340; + uint256 internal constant Z_Y_LOC = 0x1360; + uint256 internal constant Z_LOOKUP_X_LOC = 0x1380; + uint256 internal constant Z_LOOKUP_Y_LOC = 0x13a0; + uint256 internal constant T1_X_LOC = 0x13c0; + uint256 internal constant T1_Y_LOC = 0x13e0; + uint256 internal constant T2_X_LOC = 0x1400; + uint256 internal constant T2_Y_LOC = 0x1420; + uint256 internal constant T3_X_LOC = 0x1440; + uint256 internal constant T3_Y_LOC = 0x1460; + uint256 internal constant T4_X_LOC = 0x1480; + uint256 internal constant T4_Y_LOC = 0x14a0; + + uint256 internal constant W1_EVAL_LOC = 0x1600; + uint256 internal constant W2_EVAL_LOC = 0x1620; + uint256 internal constant W3_EVAL_LOC = 0x1640; + uint256 internal constant W4_EVAL_LOC = 0x1660; + uint256 internal constant S_EVAL_LOC = 0x1680; + uint256 internal constant Z_EVAL_LOC = 0x16a0; + uint256 internal constant Z_LOOKUP_EVAL_LOC = 0x16c0; + uint256 internal constant Q1_EVAL_LOC = 0x16e0; + uint256 internal constant Q2_EVAL_LOC = 0x1700; + uint256 internal constant Q3_EVAL_LOC = 0x1720; + uint256 internal constant Q4_EVAL_LOC = 0x1740; + uint256 internal constant QM_EVAL_LOC = 0x1760; + uint256 internal constant QC_EVAL_LOC = 0x1780; + uint256 internal constant QARITH_EVAL_LOC = 0x17a0; + uint256 internal constant QSORT_EVAL_LOC = 0x17c0; + uint256 internal constant QELLIPTIC_EVAL_LOC = 0x17e0; + uint256 internal constant QAUX_EVAL_LOC = 0x1800; + uint256 internal constant TABLE1_EVAL_LOC = 0x1840; + uint256 internal constant TABLE2_EVAL_LOC = 0x1860; + uint256 internal constant TABLE3_EVAL_LOC = 0x1880; + uint256 internal constant TABLE4_EVAL_LOC = 0x18a0; + uint256 internal constant TABLE_TYPE_EVAL_LOC = 0x18c0; + uint256 internal constant ID1_EVAL_LOC = 0x18e0; + uint256 internal constant ID2_EVAL_LOC = 0x1900; + uint256 internal constant ID3_EVAL_LOC = 0x1920; + uint256 internal constant ID4_EVAL_LOC = 0x1940; + uint256 internal constant SIGMA1_EVAL_LOC = 0x1960; + uint256 internal constant SIGMA2_EVAL_LOC = 0x1980; + uint256 internal constant SIGMA3_EVAL_LOC = 0x19a0; + uint256 internal constant SIGMA4_EVAL_LOC = 0x19c0; + uint256 internal constant W1_OMEGA_EVAL_LOC = 0x19e0; + uint256 internal constant W2_OMEGA_EVAL_LOC = 0x2000; + uint256 internal constant W3_OMEGA_EVAL_LOC = 0x2020; + uint256 internal constant W4_OMEGA_EVAL_LOC = 0x2040; + uint256 internal constant S_OMEGA_EVAL_LOC = 0x2060; + uint256 internal constant Z_OMEGA_EVAL_LOC = 0x2080; + uint256 internal constant Z_LOOKUP_OMEGA_EVAL_LOC = 0x20a0; + uint256 internal constant TABLE1_OMEGA_EVAL_LOC = 0x20c0; + uint256 internal constant TABLE2_OMEGA_EVAL_LOC = 0x20e0; + uint256 internal constant TABLE3_OMEGA_EVAL_LOC = 0x2100; + uint256 internal constant TABLE4_OMEGA_EVAL_LOC = 0x2120; + + uint256 internal constant PI_Z_X_LOC = 0x2300; + uint256 internal constant PI_Z_Y_LOC = 0x2320; + uint256 internal constant PI_Z_OMEGA_X_LOC = 0x2340; + uint256 internal constant PI_Z_OMEGA_Y_LOC = 0x2360; + + // Used for elliptic widget. These are alias names for wire + shifted wire evaluations + uint256 internal constant X1_EVAL_LOC = W2_EVAL_LOC; + uint256 internal constant X2_EVAL_LOC = W1_OMEGA_EVAL_LOC; + uint256 internal constant X3_EVAL_LOC = W2_OMEGA_EVAL_LOC; + uint256 internal constant Y1_EVAL_LOC = W3_EVAL_LOC; + uint256 internal constant Y2_EVAL_LOC = W4_OMEGA_EVAL_LOC; + uint256 internal constant Y3_EVAL_LOC = W3_OMEGA_EVAL_LOC; + uint256 internal constant QBETA_LOC = Q3_EVAL_LOC; + uint256 internal constant QBETA_SQR_LOC = Q4_EVAL_LOC; + uint256 internal constant QSIGN_LOC = Q1_EVAL_LOC; + + // ### CHALLENGES MEMORY OFFSETS + + uint256 internal constant C_BETA_LOC = 0x2600; + uint256 internal constant C_GAMMA_LOC = 0x2620; + uint256 internal constant C_ALPHA_LOC = 0x2640; + uint256 internal constant C_ETA_LOC = 0x2660; + uint256 internal constant C_ETA_SQR_LOC = 0x2680; + uint256 internal constant C_ETA_CUBE_LOC = 0x26a0; + + uint256 internal constant C_ZETA_LOC = 0x26c0; + uint256 internal constant C_CURRENT_LOC = 0x26e0; + uint256 internal constant C_V0_LOC = 0x2700; + uint256 internal constant C_V1_LOC = 0x2720; + uint256 internal constant C_V2_LOC = 0x2740; + uint256 internal constant C_V3_LOC = 0x2760; + uint256 internal constant C_V4_LOC = 0x2780; + uint256 internal constant C_V5_LOC = 0x27a0; + uint256 internal constant C_V6_LOC = 0x27c0; + uint256 internal constant C_V7_LOC = 0x27e0; + uint256 internal constant C_V8_LOC = 0x2800; + uint256 internal constant C_V9_LOC = 0x2820; + uint256 internal constant C_V10_LOC = 0x2840; + uint256 internal constant C_V11_LOC = 0x2860; + uint256 internal constant C_V12_LOC = 0x2880; + uint256 internal constant C_V13_LOC = 0x28a0; + uint256 internal constant C_V14_LOC = 0x28c0; + uint256 internal constant C_V15_LOC = 0x28e0; + uint256 internal constant C_V16_LOC = 0x2900; + uint256 internal constant C_V17_LOC = 0x2920; + uint256 internal constant C_V18_LOC = 0x2940; + uint256 internal constant C_V19_LOC = 0x2960; + uint256 internal constant C_V20_LOC = 0x2980; + uint256 internal constant C_V21_LOC = 0x29a0; + uint256 internal constant C_V22_LOC = 0x29c0; + uint256 internal constant C_V23_LOC = 0x29e0; + uint256 internal constant C_V24_LOC = 0x2a00; + uint256 internal constant C_V25_LOC = 0x2a20; + uint256 internal constant C_V26_LOC = 0x2a40; + uint256 internal constant C_V27_LOC = 0x2a60; + uint256 internal constant C_V28_LOC = 0x2a80; + uint256 internal constant C_V29_LOC = 0x2aa0; + uint256 internal constant C_V30_LOC = 0x2ac0; + + uint256 internal constant C_U_LOC = 0x2b00; + + // ### LOCAL VARIABLES MEMORY OFFSETS + uint256 internal constant DELTA_NUMERATOR_LOC = 0x3000; + uint256 internal constant DELTA_DENOMINATOR_LOC = 0x3020; + uint256 internal constant ZETA_POW_N_LOC = 0x3040; + uint256 internal constant PUBLIC_INPUT_DELTA_LOC = 0x3060; + uint256 internal constant ZERO_POLY_LOC = 0x3080; + uint256 internal constant L_START_LOC = 0x30a0; + uint256 internal constant L_END_LOC = 0x30c0; + uint256 internal constant R_ZERO_EVAL_LOC = 0x30e0; + + uint256 internal constant PLOOKUP_DELTA_NUMERATOR_LOC = 0x3100; + uint256 internal constant PLOOKUP_DELTA_DENOMINATOR_LOC = 0x3120; + uint256 internal constant PLOOKUP_DELTA_LOC = 0x3140; + + uint256 internal constant ACCUMULATOR_X_LOC = 0x3160; + uint256 internal constant ACCUMULATOR_Y_LOC = 0x3180; + uint256 internal constant ACCUMULATOR2_X_LOC = 0x31a0; + uint256 internal constant ACCUMULATOR2_Y_LOC = 0x31c0; + uint256 internal constant PAIRING_LHS_X_LOC = 0x31e0; + uint256 internal constant PAIRING_LHS_Y_LOC = 0x3200; + uint256 internal constant PAIRING_RHS_X_LOC = 0x3220; + uint256 internal constant PAIRING_RHS_Y_LOC = 0x3240; + + // ### SUCCESS FLAG MEMORY LOCATIONS + uint256 internal constant GRAND_PRODUCT_SUCCESS_FLAG = 0x3300; + uint256 internal constant ARITHMETIC_TERM_SUCCESS_FLAG = 0x3020; + uint256 internal constant BATCH_OPENING_SUCCESS_FLAG = 0x3340; + uint256 internal constant OPENING_COMMITMENT_SUCCESS_FLAG = 0x3360; + uint256 internal constant PAIRING_PREAMBLE_SUCCESS_FLAG = 0x3380; + uint256 internal constant PAIRING_SUCCESS_FLAG = 0x33a0; + uint256 internal constant RESULT_FLAG = 0x33c0; + + // misc stuff + uint256 internal constant OMEGA_INVERSE_LOC = 0x3400; + uint256 internal constant C_ALPHA_SQR_LOC = 0x3420; + uint256 internal constant C_ALPHA_CUBE_LOC = 0x3440; + uint256 internal constant C_ALPHA_QUAD_LOC = 0x3460; + uint256 internal constant C_ALPHA_BASE_LOC = 0x3480; + + // ### RECURSION VARIABLE MEMORY LOCATIONS + uint256 internal constant RECURSIVE_P1_X_LOC = 0x3500; + uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3520; + uint256 internal constant RECURSIVE_P2_X_LOC = 0x3540; + uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3560; + + uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3580; + + // sub-identity storage + uint256 internal constant PERMUTATION_IDENTITY = 0x3600; + uint256 internal constant PLOOKUP_IDENTITY = 0x3620; + uint256 internal constant ARITHMETIC_IDENTITY = 0x3640; + uint256 internal constant SORT_IDENTITY = 0x3660; + uint256 internal constant ELLIPTIC_IDENTITY = 0x3680; + uint256 internal constant AUX_IDENTITY = 0x36a0; + uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x36c0; + uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x36e0; + uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3700; + uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3720; + uint256 internal constant AUX_MEMORY_EVALUATION = 0x3740; + + uint256 internal constant QUOTIENT_EVAL_LOC = 0x3760; + uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3780; + + // when hashing public inputs we use memory at NU_CHALLENGE_INPUT_LOC_A, as the hash input size is unknown at compile time + uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x37a0; + uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x37c0; + uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x37e0; + + bytes4 internal constant PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR = 0xeba9f4a6; + bytes4 internal constant PUBLIC_INPUT_GE_P_SELECTOR = 0x374a972f; + bytes4 internal constant MOD_EXP_FAILURE_SELECTOR = 0xf894a7bc; + bytes4 internal constant EC_SCALAR_MUL_FAILURE_SELECTOR = 0xf755f369; + bytes4 internal constant PROOF_FAILURE_SELECTOR = 0x0711fcec; + + uint256 internal constant ETA_INPUT_LENGTH = 0xc0; // W1, W2, W3 = 6 * 0x20 bytes + + // We need to hash 41 field elements when generating the NU challenge + // w1, w2, w3, w4, s, z, z_lookup, q1, q2, q3, q4, qm, qc, qarith (14) + // qsort, qelliptic, qaux, sigma1, sigma2, sigma, sigma4, (7) + // table1, table2, table3, table4, tabletype, id1, id2, id3, id4, (9) + // w1_omega, w2_omega, w3_omega, w4_omega, s_omega, z_omega, z_lookup_omega, (7) + // table1_omega, table2_omega, table3_omega, table4_omega (4) + uint256 internal constant NU_INPUT_LENGTH = 0x520; // 0x520 = 41 * 0x20 + + // There are ELEVEN G1 group elements added into the transcript in the `beta` round, that we need to skip over + // W1, W2, W3, W4, S, Z, Z_LOOKUP, T1, T2, T3, T4 + uint256 internal constant NU_CALLDATA_SKIP_LENGTH = 0x2c0; // 11 * 0x40 = 0x2c0 + + uint256 internal constant NEGATIVE_INVERSE_OF_2_MODULO_P = + 0x183227397098d014dc2822db40c0ac2e9419f4243cdcb848a1f0fac9f8000000; + uint256 internal constant LIMB_SIZE = 0x100000000000000000; // 2<<68 + uint256 internal constant SUBLIMB_SHIFT = 0x4000; // 2<<14 + + // y^2 = x^3 + ax + b + // for Grumpkin, a = 0 and b = -17. We use b in a custom gate relation that evaluates elliptic curve arithmetic + uint256 internal constant GRUMPKIN_CURVE_B_PARAMETER_NEGATED = 17; + + error PUBLIC_INPUT_COUNT_INVALID(uint256 expected, uint256 actual); + error PUBLIC_INPUT_INVALID_BN128_G1_POINT(); + error PUBLIC_INPUT_GE_P(); + error MOD_EXP_FAILURE(); + error EC_SCALAR_MUL_FAILURE(); + error PROOF_FAILURE(); + + function getVerificationKeyHash() public pure virtual returns (bytes32); + + function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure virtual; + + /** + * @notice Verify a Ultra Plonk proof + * @param _proof - The serialized proof + * @param _publicInputs - An array of the public inputs + * @return True if proof is valid, reverts otherwise + */ + function verify(bytes calldata _proof, bytes32[] calldata _publicInputs) external view returns (bool) { + loadVerificationKey(N_LOC, OMEGA_INVERSE_LOC); + + uint256 requiredPublicInputCount; + assembly { + requiredPublicInputCount := mload(NUM_INPUTS_LOC) + } + if (requiredPublicInputCount != _publicInputs.length) { + revert PUBLIC_INPUT_COUNT_INVALID(requiredPublicInputCount, _publicInputs.length); + } + + assembly { + let q := 21888242871839275222246405745257275088696311157297823662689037894645226208583 // EC group order + let p := 21888242871839275222246405745257275088548364400416034343698204186575808495617 // Prime field order + + /** + * LOAD PROOF FROM CALLDATA + */ + { + let data_ptr := add(calldataload(0x04), 0x24) + + mstore(W1_Y_LOC, mod(calldataload(data_ptr), q)) + mstore(W1_X_LOC, mod(calldataload(add(data_ptr, 0x20)), q)) + + mstore(W2_Y_LOC, mod(calldataload(add(data_ptr, 0x40)), q)) + mstore(W2_X_LOC, mod(calldataload(add(data_ptr, 0x60)), q)) + + mstore(W3_Y_LOC, mod(calldataload(add(data_ptr, 0x80)), q)) + mstore(W3_X_LOC, mod(calldataload(add(data_ptr, 0xa0)), q)) + + mstore(W4_Y_LOC, mod(calldataload(add(data_ptr, 0xc0)), q)) + mstore(W4_X_LOC, mod(calldataload(add(data_ptr, 0xe0)), q)) + + mstore(S_Y_LOC, mod(calldataload(add(data_ptr, 0x100)), q)) + mstore(S_X_LOC, mod(calldataload(add(data_ptr, 0x120)), q)) + mstore(Z_Y_LOC, mod(calldataload(add(data_ptr, 0x140)), q)) + mstore(Z_X_LOC, mod(calldataload(add(data_ptr, 0x160)), q)) + mstore(Z_LOOKUP_Y_LOC, mod(calldataload(add(data_ptr, 0x180)), q)) + mstore(Z_LOOKUP_X_LOC, mod(calldataload(add(data_ptr, 0x1a0)), q)) + mstore(T1_Y_LOC, mod(calldataload(add(data_ptr, 0x1c0)), q)) + mstore(T1_X_LOC, mod(calldataload(add(data_ptr, 0x1e0)), q)) + + mstore(T2_Y_LOC, mod(calldataload(add(data_ptr, 0x200)), q)) + mstore(T2_X_LOC, mod(calldataload(add(data_ptr, 0x220)), q)) + + mstore(T3_Y_LOC, mod(calldataload(add(data_ptr, 0x240)), q)) + mstore(T3_X_LOC, mod(calldataload(add(data_ptr, 0x260)), q)) + + mstore(T4_Y_LOC, mod(calldataload(add(data_ptr, 0x280)), q)) + mstore(T4_X_LOC, mod(calldataload(add(data_ptr, 0x2a0)), q)) + + mstore(W1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x2c0)), p)) + mstore(W2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x2e0)), p)) + mstore(W3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x300)), p)) + mstore(W4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x320)), p)) + mstore(S_EVAL_LOC, mod(calldataload(add(data_ptr, 0x340)), p)) + mstore(Z_EVAL_LOC, mod(calldataload(add(data_ptr, 0x360)), p)) + mstore(Z_LOOKUP_EVAL_LOC, mod(calldataload(add(data_ptr, 0x380)), p)) + mstore(Q1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x3a0)), p)) + mstore(Q2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x3c0)), p)) + mstore(Q3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x3e0)), p)) + mstore(Q4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x400)), p)) + mstore(QM_EVAL_LOC, mod(calldataload(add(data_ptr, 0x420)), p)) + mstore(QC_EVAL_LOC, mod(calldataload(add(data_ptr, 0x440)), p)) + mstore(QARITH_EVAL_LOC, mod(calldataload(add(data_ptr, 0x460)), p)) + mstore(QSORT_EVAL_LOC, mod(calldataload(add(data_ptr, 0x480)), p)) + mstore(QELLIPTIC_EVAL_LOC, mod(calldataload(add(data_ptr, 0x4a0)), p)) + mstore(QAUX_EVAL_LOC, mod(calldataload(add(data_ptr, 0x4c0)), p)) + + mstore(SIGMA1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x4e0)), p)) + mstore(SIGMA2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x500)), p)) + + mstore(SIGMA3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x520)), p)) + mstore(SIGMA4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x540)), p)) + + mstore(TABLE1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x560)), p)) + mstore(TABLE2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x580)), p)) + mstore(TABLE3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x5a0)), p)) + mstore(TABLE4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x5c0)), p)) + mstore(TABLE_TYPE_EVAL_LOC, mod(calldataload(add(data_ptr, 0x5e0)), p)) + + mstore(ID1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x600)), p)) + mstore(ID2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x620)), p)) + mstore(ID3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x640)), p)) + mstore(ID4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x660)), p)) + + mstore(W1_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x680)), p)) + mstore(W2_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x6a0)), p)) + mstore(W3_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x6c0)), p)) + mstore(W4_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x6e0)), p)) + mstore(S_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x700)), p)) + + mstore(Z_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x720)), p)) + + mstore(Z_LOOKUP_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x740)), p)) + mstore(TABLE1_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x760)), p)) + mstore(TABLE2_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x780)), p)) + mstore(TABLE3_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x7a0)), p)) + mstore(TABLE4_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x7c0)), p)) + + mstore(PI_Z_Y_LOC, mod(calldataload(add(data_ptr, 0x7e0)), q)) + mstore(PI_Z_X_LOC, mod(calldataload(add(data_ptr, 0x800)), q)) + + mstore(PI_Z_OMEGA_Y_LOC, mod(calldataload(add(data_ptr, 0x820)), q)) + mstore(PI_Z_OMEGA_X_LOC, mod(calldataload(add(data_ptr, 0x840)), q)) + } + + /** + * LOAD RECURSIVE PROOF INTO MEMORY + */ + { + if mload(CONTAINS_RECURSIVE_PROOF_LOC) { + let public_inputs_ptr := add(calldataload(0x24), 0x24) + let index_counter := add(shl(5, mload(RECURSIVE_PROOF_PUBLIC_INPUT_INDICES_LOC)), public_inputs_ptr) + + let x0 := calldataload(index_counter) + x0 := add(x0, shl(68, calldataload(add(index_counter, 0x20)))) + x0 := add(x0, shl(136, calldataload(add(index_counter, 0x40)))) + x0 := add(x0, shl(204, calldataload(add(index_counter, 0x60)))) + let y0 := calldataload(add(index_counter, 0x80)) + y0 := add(y0, shl(68, calldataload(add(index_counter, 0xa0)))) + y0 := add(y0, shl(136, calldataload(add(index_counter, 0xc0)))) + y0 := add(y0, shl(204, calldataload(add(index_counter, 0xe0)))) + let x1 := calldataload(add(index_counter, 0x100)) + x1 := add(x1, shl(68, calldataload(add(index_counter, 0x120)))) + x1 := add(x1, shl(136, calldataload(add(index_counter, 0x140)))) + x1 := add(x1, shl(204, calldataload(add(index_counter, 0x160)))) + let y1 := calldataload(add(index_counter, 0x180)) + y1 := add(y1, shl(68, calldataload(add(index_counter, 0x1a0)))) + y1 := add(y1, shl(136, calldataload(add(index_counter, 0x1c0)))) + y1 := add(y1, shl(204, calldataload(add(index_counter, 0x1e0)))) + mstore(RECURSIVE_P1_X_LOC, x0) + mstore(RECURSIVE_P1_Y_LOC, y0) + mstore(RECURSIVE_P2_X_LOC, x1) + mstore(RECURSIVE_P2_Y_LOC, y1) + + // validate these are valid bn128 G1 points + if iszero(and(and(lt(x0, q), lt(x1, q)), and(lt(y0, q), lt(y1, q)))) { + mstore(0x00, PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR) + revert(0x00, 0x04) + } + } + } + + { + /** + * Generate initial challenge + */ + mstore(0x00, shl(224, mload(N_LOC))) + mstore(0x04, shl(224, mload(NUM_INPUTS_LOC))) + let challenge := keccak256(0x00, 0x08) + + /** + * Generate eta challenge + */ + mstore(PUBLIC_INPUTS_HASH_LOCATION, challenge) + // The public input location is stored at 0x24, we then add 0x24 to skip selector and the length of public inputs + let public_inputs_start := add(calldataload(0x24), 0x24) + // copy the public inputs over + let public_input_size := mul(mload(NUM_INPUTS_LOC), 0x20) + calldatacopy(add(PUBLIC_INPUTS_HASH_LOCATION, 0x20), public_inputs_start, public_input_size) + + // copy W1, W2, W3 into challenge. Each point is 0x40 bytes, so load 0xc0 = 3 * 0x40 bytes (ETA input length) + let w_start := add(calldataload(0x04), 0x24) + calldatacopy(add(add(PUBLIC_INPUTS_HASH_LOCATION, 0x20), public_input_size), w_start, ETA_INPUT_LENGTH) + + // Challenge is the old challenge + public inputs + W1, W2, W3 (0x20 + public_input_size + 0xc0) + let challenge_bytes_size := add(0x20, add(public_input_size, ETA_INPUT_LENGTH)) + + challenge := keccak256(PUBLIC_INPUTS_HASH_LOCATION, challenge_bytes_size) + { + let eta := mod(challenge, p) + mstore(C_ETA_LOC, eta) + mstore(C_ETA_SQR_LOC, mulmod(eta, eta, p)) + mstore(C_ETA_CUBE_LOC, mulmod(mload(C_ETA_SQR_LOC), eta, p)) + } + + /** + * Generate beta challenge + */ + mstore(0x00, challenge) + mstore(0x20, mload(W4_Y_LOC)) + mstore(0x40, mload(W4_X_LOC)) + mstore(0x60, mload(S_Y_LOC)) + mstore(0x80, mload(S_X_LOC)) + challenge := keccak256(0x00, 0xa0) + mstore(C_BETA_LOC, mod(challenge, p)) + + /** + * Generate gamma challenge + */ + mstore(0x00, challenge) + mstore8(0x20, 0x01) + challenge := keccak256(0x00, 0x21) + mstore(C_GAMMA_LOC, mod(challenge, p)) + + /** + * Generate alpha challenge + */ + mstore(0x00, challenge) + mstore(0x20, mload(Z_Y_LOC)) + mstore(0x40, mload(Z_X_LOC)) + mstore(0x60, mload(Z_LOOKUP_Y_LOC)) + mstore(0x80, mload(Z_LOOKUP_X_LOC)) + challenge := keccak256(0x00, 0xa0) + mstore(C_ALPHA_LOC, mod(challenge, p)) + + /** + * Compute and store some powers of alpha for future computations + */ + let alpha := mload(C_ALPHA_LOC) + mstore(C_ALPHA_SQR_LOC, mulmod(alpha, alpha, p)) + mstore(C_ALPHA_CUBE_LOC, mulmod(mload(C_ALPHA_SQR_LOC), alpha, p)) + mstore(C_ALPHA_QUAD_LOC, mulmod(mload(C_ALPHA_CUBE_LOC), alpha, p)) + mstore(C_ALPHA_BASE_LOC, alpha) + + /** + * Generate zeta challenge + */ + mstore(0x00, challenge) + mstore(0x20, mload(T1_Y_LOC)) + mstore(0x40, mload(T1_X_LOC)) + mstore(0x60, mload(T2_Y_LOC)) + mstore(0x80, mload(T2_X_LOC)) + mstore(0xa0, mload(T3_Y_LOC)) + mstore(0xc0, mload(T3_X_LOC)) + mstore(0xe0, mload(T4_Y_LOC)) + mstore(0x100, mload(T4_X_LOC)) + + challenge := keccak256(0x00, 0x120) + + mstore(C_ZETA_LOC, mod(challenge, p)) + mstore(C_CURRENT_LOC, challenge) + } + + /** + * EVALUATE FIELD OPERATIONS + */ + + /** + * COMPUTE PUBLIC INPUT DELTA + * ΔPI = ∏ᵢ∈ℓ(wᵢ + β σ(i) + γ) / ∏ᵢ∈ℓ(wᵢ + β σ'(i) + γ) + */ + { + let beta := mload(C_BETA_LOC) // β + let gamma := mload(C_GAMMA_LOC) // γ + let work_root := mload(OMEGA_LOC) // ω + let numerator_value := 1 + let denominator_value := 1 + + let p_clone := p // move p to the front of the stack + let valid_inputs := true + + // Load the starting point of the public inputs (jump over the selector and the length of public inputs [0x24]) + let public_inputs_ptr := add(calldataload(0x24), 0x24) + + // endpoint_ptr = public_inputs_ptr + num_inputs * 0x20. // every public input is 0x20 bytes + let endpoint_ptr := add(public_inputs_ptr, mul(mload(NUM_INPUTS_LOC), 0x20)) + + // root_1 = β * 0x05 + let root_1 := mulmod(beta, 0x05, p_clone) // k1.β + // root_2 = β * 0x0c + let root_2 := mulmod(beta, 0x0c, p_clone) + // @note 0x05 + 0x07 == 0x0c == external coset generator + + for {} lt(public_inputs_ptr, endpoint_ptr) { public_inputs_ptr := add(public_inputs_ptr, 0x20) } { + /** + * input = public_input[i] + * valid_inputs &= input < p + * temp = input + gamma + * numerator_value *= (β.σ(i) + wᵢ + γ) // σ(i) = 0x05.ωⁱ + * denominator_value *= (β.σ'(i) + wᵢ + γ) // σ'(i) = 0x0c.ωⁱ + * root_1 *= ω + * root_2 *= ω + */ + + let input := calldataload(public_inputs_ptr) + valid_inputs := and(valid_inputs, lt(input, p_clone)) + let temp := addmod(input, gamma, p_clone) + + numerator_value := mulmod(numerator_value, add(root_1, temp), p_clone) + denominator_value := mulmod(denominator_value, add(root_2, temp), p_clone) + + root_1 := mulmod(root_1, work_root, p_clone) + root_2 := mulmod(root_2, work_root, p_clone) + } + + // Revert if not all public inputs are field elements (i.e. < p) + if iszero(valid_inputs) { + mstore(0x00, PUBLIC_INPUT_GE_P_SELECTOR) + revert(0x00, 0x04) + } + + mstore(DELTA_NUMERATOR_LOC, numerator_value) + mstore(DELTA_DENOMINATOR_LOC, denominator_value) + } + + /** + * Compute Plookup delta factor [γ(1 + β)]^{n-k} + * k = num roots cut out of Z_H = 4 + */ + { + let delta_base := mulmod(mload(C_GAMMA_LOC), addmod(mload(C_BETA_LOC), 1, p), p) + let delta_numerator := delta_base + { + let exponent := mload(N_LOC) + let count := 1 + for {} lt(count, exponent) { count := add(count, count) } { + delta_numerator := mulmod(delta_numerator, delta_numerator, p) + } + } + mstore(PLOOKUP_DELTA_NUMERATOR_LOC, delta_numerator) + + let delta_denominator := mulmod(delta_base, delta_base, p) + delta_denominator := mulmod(delta_denominator, delta_denominator, p) + mstore(PLOOKUP_DELTA_DENOMINATOR_LOC, delta_denominator) + } + /** + * Compute lagrange poly and vanishing poly fractions + */ + { + /** + * vanishing_numerator = zeta + * ZETA_POW_N = zeta^n + * vanishing_numerator -= 1 + * accumulating_root = omega_inverse + * work_root = p - accumulating_root + * domain_inverse = domain_inverse + * vanishing_denominator = zeta + work_root + * work_root *= accumulating_root + * vanishing_denominator *= (zeta + work_root) + * work_root *= accumulating_root + * vanishing_denominator *= (zeta + work_root) + * vanishing_denominator *= (zeta + (zeta + accumulating_root)) + * work_root = omega + * lagrange_numerator = vanishing_numerator * domain_inverse + * l_start_denominator = zeta - 1 + * accumulating_root = work_root^2 + * l_end_denominator = accumulating_root^2 * work_root * zeta - 1 + * Note: l_end_denominator term contains a term \omega^5 to cut out 5 roots of unity from vanishing poly + */ + + let zeta := mload(C_ZETA_LOC) + + // compute zeta^n, where n is a power of 2 + let vanishing_numerator := zeta + { + // pow_small + let exponent := mload(N_LOC) + let count := 1 + for {} lt(count, exponent) { count := add(count, count) } { + vanishing_numerator := mulmod(vanishing_numerator, vanishing_numerator, p) + } + } + mstore(ZETA_POW_N_LOC, vanishing_numerator) + vanishing_numerator := addmod(vanishing_numerator, sub(p, 1), p) + + let accumulating_root := mload(OMEGA_INVERSE_LOC) + let work_root := sub(p, accumulating_root) + let domain_inverse := mload(DOMAIN_INVERSE_LOC) + + let vanishing_denominator := addmod(zeta, work_root, p) + work_root := mulmod(work_root, accumulating_root, p) + vanishing_denominator := mulmod(vanishing_denominator, addmod(zeta, work_root, p), p) + work_root := mulmod(work_root, accumulating_root, p) + vanishing_denominator := mulmod(vanishing_denominator, addmod(zeta, work_root, p), p) + vanishing_denominator := + mulmod(vanishing_denominator, addmod(zeta, mulmod(work_root, accumulating_root, p), p), p) + + work_root := mload(OMEGA_LOC) + + let lagrange_numerator := mulmod(vanishing_numerator, domain_inverse, p) + let l_start_denominator := addmod(zeta, sub(p, 1), p) + + accumulating_root := mulmod(work_root, work_root, p) + + let l_end_denominator := + addmod( + mulmod(mulmod(mulmod(accumulating_root, accumulating_root, p), work_root, p), zeta, p), sub(p, 1), p + ) + + /** + * Compute inversions using Montgomery's batch inversion trick + */ + let accumulator := mload(DELTA_DENOMINATOR_LOC) + let t0 := accumulator + accumulator := mulmod(accumulator, vanishing_denominator, p) + let t1 := accumulator + accumulator := mulmod(accumulator, vanishing_numerator, p) + let t2 := accumulator + accumulator := mulmod(accumulator, l_start_denominator, p) + let t3 := accumulator + accumulator := mulmod(accumulator, mload(PLOOKUP_DELTA_DENOMINATOR_LOC), p) + let t4 := accumulator + { + mstore(0, 0x20) + mstore(0x20, 0x20) + mstore(0x40, 0x20) + mstore(0x60, mulmod(accumulator, l_end_denominator, p)) + mstore(0x80, sub(p, 2)) + mstore(0xa0, p) + if iszero(staticcall(gas(), 0x05, 0x00, 0xc0, 0x00, 0x20)) { + mstore(0x0, MOD_EXP_FAILURE_SELECTOR) + revert(0x00, 0x04) + } + accumulator := mload(0x00) + } + + t4 := mulmod(accumulator, t4, p) + accumulator := mulmod(accumulator, l_end_denominator, p) + + t3 := mulmod(accumulator, t3, p) + accumulator := mulmod(accumulator, mload(PLOOKUP_DELTA_DENOMINATOR_LOC), p) + + t2 := mulmod(accumulator, t2, p) + accumulator := mulmod(accumulator, l_start_denominator, p) + + t1 := mulmod(accumulator, t1, p) + accumulator := mulmod(accumulator, vanishing_numerator, p) + + t0 := mulmod(accumulator, t0, p) + accumulator := mulmod(accumulator, vanishing_denominator, p) + + accumulator := mulmod(mulmod(accumulator, accumulator, p), mload(DELTA_DENOMINATOR_LOC), p) + + mstore(PUBLIC_INPUT_DELTA_LOC, mulmod(mload(DELTA_NUMERATOR_LOC), accumulator, p)) + mstore(ZERO_POLY_LOC, mulmod(vanishing_numerator, t0, p)) + mstore(ZERO_POLY_INVERSE_LOC, mulmod(vanishing_denominator, t1, p)) + mstore(L_START_LOC, mulmod(lagrange_numerator, t2, p)) + mstore(PLOOKUP_DELTA_LOC, mulmod(mload(PLOOKUP_DELTA_NUMERATOR_LOC), t3, p)) + mstore(L_END_LOC, mulmod(lagrange_numerator, t4, p)) + } + + /** + * UltraPlonk Widget Ordering: + * + * 1. Permutation widget + * 2. Plookup widget + * 3. Arithmetic widget + * 4. Fixed base widget (?) + * 5. GenPermSort widget + * 6. Elliptic widget + * 7. Auxiliary widget + */ + + /** + * COMPUTE PERMUTATION WIDGET EVALUATION + */ + { + let alpha := mload(C_ALPHA_LOC) + let beta := mload(C_BETA_LOC) + let gamma := mload(C_GAMMA_LOC) + + /** + * t1 = (W1 + gamma + beta * ID1) * (W2 + gamma + beta * ID2) + * t2 = (W3 + gamma + beta * ID3) * (W4 + gamma + beta * ID4) + * result = alpha_base * z_eval * t1 * t2 + * t1 = (W1 + gamma + beta * sigma_1_eval) * (W2 + gamma + beta * sigma_2_eval) + * t2 = (W2 + gamma + beta * sigma_3_eval) * (W3 + gamma + beta * sigma_4_eval) + * result -= (alpha_base * z_omega_eval * t1 * t2) + */ + let t1 := + mulmod( + add(add(mload(W1_EVAL_LOC), gamma), mulmod(beta, mload(ID1_EVAL_LOC), p)), + add(add(mload(W2_EVAL_LOC), gamma), mulmod(beta, mload(ID2_EVAL_LOC), p)), + p + ) + let t2 := + mulmod( + add(add(mload(W3_EVAL_LOC), gamma), mulmod(beta, mload(ID3_EVAL_LOC), p)), + add(add(mload(W4_EVAL_LOC), gamma), mulmod(beta, mload(ID4_EVAL_LOC), p)), + p + ) + let result := mulmod(mload(C_ALPHA_BASE_LOC), mulmod(mload(Z_EVAL_LOC), mulmod(t1, t2, p), p), p) + t1 := + mulmod( + add(add(mload(W1_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA1_EVAL_LOC), p)), + add(add(mload(W2_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA2_EVAL_LOC), p)), + p + ) + t2 := + mulmod( + add(add(mload(W3_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA3_EVAL_LOC), p)), + add(add(mload(W4_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA4_EVAL_LOC), p)), + p + ) + result := + addmod( + result, + sub(p, mulmod(mload(C_ALPHA_BASE_LOC), mulmod(mload(Z_OMEGA_EVAL_LOC), mulmod(t1, t2, p), p), p)), + p + ) + + /** + * alpha_base *= alpha + * result += alpha_base . (L_{n-k}(ʓ) . (z(ʓ.ω) - ∆_{PI})) + * alpha_base *= alpha + * result += alpha_base . (L_1(ʓ)(Z(ʓ) - 1)) + * alpha_Base *= alpha + */ + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p)) + result := + addmod( + result, + mulmod( + mload(C_ALPHA_BASE_LOC), + mulmod( + mload(L_END_LOC), + addmod(mload(Z_OMEGA_EVAL_LOC), sub(p, mload(PUBLIC_INPUT_DELTA_LOC)), p), + p + ), + p + ), + p + ) + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p)) + mstore( + PERMUTATION_IDENTITY, + addmod( + result, + mulmod( + mload(C_ALPHA_BASE_LOC), + mulmod(mload(L_START_LOC), addmod(mload(Z_EVAL_LOC), sub(p, 1), p), p), + p + ), + p + ) + ) + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p)) + } + + /** + * COMPUTE PLOOKUP WIDGET EVALUATION + */ + { + /** + * Goal: f = (w1(z) + q2.w1(zω)) + η(w2(z) + qm.w2(zω)) + η²(w3(z) + qc.w_3(zω)) + q3(z).η³ + * f = η.q3(z) + * f += (w3(z) + qc.w_3(zω)) + * f *= η + * f += (w2(z) + qm.w2(zω)) + * f *= η + * f += (w1(z) + q2.w1(zω)) + */ + let f := mulmod(mload(C_ETA_LOC), mload(Q3_EVAL_LOC), p) + f := + addmod(f, addmod(mload(W3_EVAL_LOC), mulmod(mload(QC_EVAL_LOC), mload(W3_OMEGA_EVAL_LOC), p), p), p) + f := mulmod(f, mload(C_ETA_LOC), p) + f := + addmod(f, addmod(mload(W2_EVAL_LOC), mulmod(mload(QM_EVAL_LOC), mload(W2_OMEGA_EVAL_LOC), p), p), p) + f := mulmod(f, mload(C_ETA_LOC), p) + f := + addmod(f, addmod(mload(W1_EVAL_LOC), mulmod(mload(Q2_EVAL_LOC), mload(W1_OMEGA_EVAL_LOC), p), p), p) + + // t(z) = table4(z).η³ + table3(z).η² + table2(z).η + table1(z) + let t := + addmod( + addmod( + addmod( + mulmod(mload(TABLE4_EVAL_LOC), mload(C_ETA_CUBE_LOC), p), + mulmod(mload(TABLE3_EVAL_LOC), mload(C_ETA_SQR_LOC), p), + p + ), + mulmod(mload(TABLE2_EVAL_LOC), mload(C_ETA_LOC), p), + p + ), + mload(TABLE1_EVAL_LOC), + p + ) + + // t(zw) = table4(zw).η³ + table3(zw).η² + table2(zw).η + table1(zw) + let t_omega := + addmod( + addmod( + addmod( + mulmod(mload(TABLE4_OMEGA_EVAL_LOC), mload(C_ETA_CUBE_LOC), p), + mulmod(mload(TABLE3_OMEGA_EVAL_LOC), mload(C_ETA_SQR_LOC), p), + p + ), + mulmod(mload(TABLE2_OMEGA_EVAL_LOC), mload(C_ETA_LOC), p), + p + ), + mload(TABLE1_OMEGA_EVAL_LOC), + p + ) + + /** + * Goal: numerator = (TABLE_TYPE_EVAL * f(z) + γ) * (t(z) + βt(zω) + γ(β + 1)) * (β + 1) + * gamma_beta_constant = γ(β + 1) + * numerator = f * TABLE_TYPE_EVAL + gamma + * temp0 = t(z) + t(zω) * β + gamma_beta_constant + * numerator *= temp0 + * numerator *= (β + 1) + * temp0 = alpha * l_1 + * numerator += temp0 + * numerator *= z_lookup(z) + * numerator -= temp0 + */ + let gamma_beta_constant := mulmod(mload(C_GAMMA_LOC), addmod(mload(C_BETA_LOC), 1, p), p) + let numerator := addmod(mulmod(f, mload(TABLE_TYPE_EVAL_LOC), p), mload(C_GAMMA_LOC), p) + let temp0 := addmod(addmod(t, mulmod(t_omega, mload(C_BETA_LOC), p), p), gamma_beta_constant, p) + numerator := mulmod(numerator, temp0, p) + numerator := mulmod(numerator, addmod(mload(C_BETA_LOC), 1, p), p) + temp0 := mulmod(mload(C_ALPHA_LOC), mload(L_START_LOC), p) + numerator := addmod(numerator, temp0, p) + numerator := mulmod(numerator, mload(Z_LOOKUP_EVAL_LOC), p) + numerator := addmod(numerator, sub(p, temp0), p) + + /** + * Goal: denominator = z_lookup(zω)*[s(z) + βs(zω) + γ(1 + β)] - [z_lookup(zω) - [γ(1 + β)]^{n-k}]*α²L_end(z) + * note: delta_factor = [γ(1 + β)]^{n-k} + * denominator = s(z) + βs(zω) + γ(β + 1) + * temp1 = α²L_end(z) + * denominator -= temp1 + * denominator *= z_lookup(zω) + * denominator += temp1 * delta_factor + * PLOOKUP_IDENTITY = (numerator - denominator).alpha_base + * alpha_base *= alpha^3 + */ + let denominator := + addmod( + addmod(mload(S_EVAL_LOC), mulmod(mload(S_OMEGA_EVAL_LOC), mload(C_BETA_LOC), p), p), + gamma_beta_constant, + p + ) + let temp1 := mulmod(mload(C_ALPHA_SQR_LOC), mload(L_END_LOC), p) + denominator := addmod(denominator, sub(p, temp1), p) + denominator := mulmod(denominator, mload(Z_LOOKUP_OMEGA_EVAL_LOC), p) + denominator := addmod(denominator, mulmod(temp1, mload(PLOOKUP_DELTA_LOC), p), p) + + mstore(PLOOKUP_IDENTITY, mulmod(addmod(numerator, sub(p, denominator), p), mload(C_ALPHA_BASE_LOC), p)) + + // update alpha + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_CUBE_LOC), p)) + } + + /** + * COMPUTE ARITHMETIC WIDGET EVALUATION + */ + { + /** + * The basic arithmetic gate identity in standard plonk is as follows. + * (w_1 . w_2 . q_m) + (w_1 . q_1) + (w_2 . q_2) + (w_3 . q_3) + (w_4 . q_4) + q_c = 0 + * However, for Ultraplonk, we extend this to support "passing" wires between rows (shown without alpha scaling below): + * q_arith * ( ( (-1/2) * (q_arith - 3) * q_m * w_1 * w_2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c ) + + * (q_arith - 1)*( α * (q_arith - 2) * (w_1 + w_4 - w_1_omega + q_m) + w_4_omega) ) = 0 + * + * This formula results in several cases depending on q_arith: + * 1. q_arith == 0: Arithmetic gate is completely disabled + * + * 2. q_arith == 1: Everything in the minigate on the right is disabled. The equation is just a standard plonk equation + * with extra wires: q_m * w_1 * w_2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c = 0 + * + * 3. q_arith == 2: The (w_1 + w_4 - ...) term is disabled. THe equation is: + * (1/2) * q_m * w_1 * w_2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c + w_4_omega = 0 + * It allows defining w_4 at next index (w_4_omega) in terms of current wire values + * + * 4. q_arith == 3: The product of w_1 and w_2 is disabled, but a mini addition gate is enabled. α allows us to split + * the equation into two: + * + * q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c + 2 * w_4_omega = 0 + * and + * w_1 + w_4 - w_1_omega + q_m = 0 (we are reusing q_m here) + * + * 5. q_arith > 3: The product of w_1 and w_2 is scaled by (q_arith - 3), while the w_4_omega term is scaled by (q_arith - 1). + * The equation can be split into two: + * + * (q_arith - 3)* q_m * w_1 * w_ 2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c + (q_arith - 1) * w_4_omega = 0 + * and + * w_1 + w_4 - w_1_omega + q_m = 0 + * + * The problem that q_m is used both in both equations can be dealt with by appropriately changing selector values at + * the next gate. Then we can treat (q_arith - 1) as a simulated q_6 selector and scale q_m to handle (q_arith - 3) at + * product. + */ + + let w1q1 := mulmod(mload(W1_EVAL_LOC), mload(Q1_EVAL_LOC), p) + let w2q2 := mulmod(mload(W2_EVAL_LOC), mload(Q2_EVAL_LOC), p) + let w3q3 := mulmod(mload(W3_EVAL_LOC), mload(Q3_EVAL_LOC), p) + let w4q3 := mulmod(mload(W4_EVAL_LOC), mload(Q4_EVAL_LOC), p) + + // @todo - Add a explicit test that hits QARITH == 3 + // w1w2qm := (w_1 . w_2 . q_m . (QARITH_EVAL_LOC - 3)) / 2 + let w1w2qm := + mulmod( + mulmod( + mulmod(mulmod(mload(W1_EVAL_LOC), mload(W2_EVAL_LOC), p), mload(QM_EVAL_LOC), p), + addmod(mload(QARITH_EVAL_LOC), sub(p, 3), p), + p + ), + NEGATIVE_INVERSE_OF_2_MODULO_P, + p + ) + + // (w_1 . w_2 . q_m . (q_arith - 3)) / -2) + (w_1 . q_1) + (w_2 . q_2) + (w_3 . q_3) + (w_4 . q_4) + q_c + let identity := + addmod( + mload(QC_EVAL_LOC), addmod(w4q3, addmod(w3q3, addmod(w2q2, addmod(w1q1, w1w2qm, p), p), p), p), p + ) + + // if q_arith == 3 we evaluate an additional mini addition gate (on top of the regular one), where: + // w_1 + w_4 - w_1_omega + q_m = 0 + // we use this gate to save an addition gate when adding or subtracting non-native field elements + // α * (q_arith - 2) * (w_1 + w_4 - w_1_omega + q_m) + let extra_small_addition_gate_identity := + mulmod( + mload(C_ALPHA_LOC), + mulmod( + addmod(mload(QARITH_EVAL_LOC), sub(p, 2), p), + addmod( + mload(QM_EVAL_LOC), + addmod( + sub(p, mload(W1_OMEGA_EVAL_LOC)), addmod(mload(W1_EVAL_LOC), mload(W4_EVAL_LOC), p), p + ), + p + ), + p + ), + p + ) + + // if q_arith == 2 OR q_arith == 3 we add the 4th wire of the NEXT gate into the arithmetic identity + // N.B. if q_arith > 2, this wire value will be scaled by (q_arith - 1) relative to the other gate wires! + // alpha_base * q_arith * (identity + (q_arith - 1) * (w_4_omega + extra_small_addition_gate_identity)) + mstore( + ARITHMETIC_IDENTITY, + mulmod( + mload(C_ALPHA_BASE_LOC), + mulmod( + mload(QARITH_EVAL_LOC), + addmod( + identity, + mulmod( + addmod(mload(QARITH_EVAL_LOC), sub(p, 1), p), + addmod(mload(W4_OMEGA_EVAL_LOC), extra_small_addition_gate_identity, p), + p + ), + p + ), + p + ), + p + ) + ) + + // update alpha + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_SQR_LOC), p)) + } + + /** + * COMPUTE GENPERMSORT WIDGET EVALUATION + */ + { + /** + * D1 = (w2 - w1) + * D2 = (w3 - w2) + * D3 = (w4 - w3) + * D4 = (w1_omega - w4) + * + * α_a = alpha_base + * α_b = alpha_base * α + * α_c = alpha_base * α^2 + * α_d = alpha_base * α^3 + * + * range_accumulator = ( + * D1(D1 - 1)(D1 - 2)(D1 - 3).α_a + + * D2(D2 - 1)(D2 - 2)(D2 - 3).α_b + + * D3(D3 - 1)(D3 - 2)(D3 - 3).α_c + + * D4(D4 - 1)(D4 - 2)(D4 - 3).α_d + + * ) . q_sort + */ + let minus_two := sub(p, 2) + let minus_three := sub(p, 3) + let d1 := addmod(mload(W2_EVAL_LOC), sub(p, mload(W1_EVAL_LOC)), p) + let d2 := addmod(mload(W3_EVAL_LOC), sub(p, mload(W2_EVAL_LOC)), p) + let d3 := addmod(mload(W4_EVAL_LOC), sub(p, mload(W3_EVAL_LOC)), p) + let d4 := addmod(mload(W1_OMEGA_EVAL_LOC), sub(p, mload(W4_EVAL_LOC)), p) + + let range_accumulator := + mulmod( + mulmod( + mulmod(addmod(mulmod(d1, d1, p), sub(p, d1), p), addmod(d1, minus_two, p), p), + addmod(d1, minus_three, p), + p + ), + mload(C_ALPHA_BASE_LOC), + p + ) + range_accumulator := + addmod( + range_accumulator, + mulmod( + mulmod( + mulmod(addmod(mulmod(d2, d2, p), sub(p, d2), p), addmod(d2, minus_two, p), p), + addmod(d2, minus_three, p), + p + ), + mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p), + p + ), + p + ) + range_accumulator := + addmod( + range_accumulator, + mulmod( + mulmod( + mulmod(addmod(mulmod(d3, d3, p), sub(p, d3), p), addmod(d3, minus_two, p), p), + addmod(d3, minus_three, p), + p + ), + mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_SQR_LOC), p), + p + ), + p + ) + range_accumulator := + addmod( + range_accumulator, + mulmod( + mulmod( + mulmod(addmod(mulmod(d4, d4, p), sub(p, d4), p), addmod(d4, minus_two, p), p), + addmod(d4, minus_three, p), + p + ), + mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_CUBE_LOC), p), + p + ), + p + ) + range_accumulator := mulmod(range_accumulator, mload(QSORT_EVAL_LOC), p) + + mstore(SORT_IDENTITY, range_accumulator) + + // update alpha + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_QUAD_LOC), p)) + } + + /** + * COMPUTE ELLIPTIC WIDGET EVALUATION + */ + { + /** + * endo_term = (-x_2) * x_1 * (x_3 * 2 + x_1) * q_beta + * endo_sqr_term = x_2^2 + * endo_sqr_term *= (x_3 - x_1) + * endo_sqr_term *= q_beta^2 + * leftovers = x_2^2 + * leftovers *= x_2 + * leftovers += x_1^2 * (x_3 + x_1) @follow-up Invalid comment in BB widget + * leftovers -= (y_2^2 + y_1^2) + * sign_term = y_2 * y_1 + * sign_term += sign_term + * sign_term *= q_sign + */ + // q_elliptic * (x3 + x2 + x1)(x2 - x1)(x2 - x1) - y2^2 - y1^2 + 2(y2y1)*q_sign = 0 + let x_diff := addmod(mload(X2_EVAL_LOC), sub(p, mload(X1_EVAL_LOC)), p) + let y2_sqr := mulmod(mload(Y2_EVAL_LOC), mload(Y2_EVAL_LOC), p) + let y1_sqr := mulmod(mload(Y1_EVAL_LOC), mload(Y1_EVAL_LOC), p) + let y1y2 := mulmod(mulmod(mload(Y1_EVAL_LOC), mload(Y2_EVAL_LOC), p), mload(QSIGN_LOC), p) + + let x_add_identity := + addmod( + mulmod( + addmod(mload(X3_EVAL_LOC), addmod(mload(X2_EVAL_LOC), mload(X1_EVAL_LOC), p), p), + mulmod(x_diff, x_diff, p), + p + ), + addmod(sub(p, addmod(y2_sqr, y1_sqr, p)), addmod(y1y2, y1y2, p), p), + p + ) + x_add_identity := + mulmod(mulmod(x_add_identity, addmod(1, sub(p, mload(QM_EVAL_LOC)), p), p), mload(C_ALPHA_BASE_LOC), p) + + // q_elliptic * (x3 + x2 + x1)(x2 - x1)(x2 - x1) - y2^2 - y1^2 + 2(y2y1)*q_sign = 0 + let y1_plus_y3 := addmod(mload(Y1_EVAL_LOC), mload(Y3_EVAL_LOC), p) + let y_diff := addmod(mulmod(mload(Y2_EVAL_LOC), mload(QSIGN_LOC), p), sub(p, mload(Y1_EVAL_LOC)), p) + let y_add_identity := + addmod( + mulmod(y1_plus_y3, x_diff, p), + mulmod(addmod(mload(X3_EVAL_LOC), sub(p, mload(X1_EVAL_LOC)), p), y_diff, p), + p + ) + y_add_identity := + mulmod( + mulmod(y_add_identity, addmod(1, sub(p, mload(QM_EVAL_LOC)), p), p), + mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p), + p + ) + + // ELLIPTIC_IDENTITY = (x_identity + y_identity) * Q_ELLIPTIC_EVAL + mstore( + ELLIPTIC_IDENTITY, mulmod(addmod(x_add_identity, y_add_identity, p), mload(QELLIPTIC_EVAL_LOC), p) + ) + } + { + /** + * x_pow_4 = (y_1_sqr - curve_b) * x_1; + * y_1_sqr_mul_4 = y_1_sqr + y_1_sqr; + * y_1_sqr_mul_4 += y_1_sqr_mul_4; + * x_1_pow_4_mul_9 = x_pow_4; + * x_1_pow_4_mul_9 += x_1_pow_4_mul_9; + * x_1_pow_4_mul_9 += x_1_pow_4_mul_9; + * x_1_pow_4_mul_9 += x_1_pow_4_mul_9; + * x_1_pow_4_mul_9 += x_pow_4; + * x_1_sqr_mul_3 = x_1_sqr + x_1_sqr + x_1_sqr; + * x_double_identity = (x_3 + x_1 + x_1) * y_1_sqr_mul_4 - x_1_pow_4_mul_9; + * y_double_identity = x_1_sqr_mul_3 * (x_1 - x_3) - (y_1 + y_1) * (y_1 + y_3); + */ + // (x3 + x1 + x1) (4y1*y1) - 9 * x1 * x1 * x1 * x1 = 0 + let x1_sqr := mulmod(mload(X1_EVAL_LOC), mload(X1_EVAL_LOC), p) + let y1_sqr := mulmod(mload(Y1_EVAL_LOC), mload(Y1_EVAL_LOC), p) + let x_pow_4 := mulmod(addmod(y1_sqr, GRUMPKIN_CURVE_B_PARAMETER_NEGATED, p), mload(X1_EVAL_LOC), p) + let y1_sqr_mul_4 := mulmod(y1_sqr, 4, p) + let x1_pow_4_mul_9 := mulmod(x_pow_4, 9, p) + let x1_sqr_mul_3 := mulmod(x1_sqr, 3, p) + let x_double_identity := + addmod( + mulmod( + addmod(mload(X3_EVAL_LOC), addmod(mload(X1_EVAL_LOC), mload(X1_EVAL_LOC), p), p), + y1_sqr_mul_4, + p + ), + sub(p, x1_pow_4_mul_9), + p + ) + // (y1 + y1) (2y1) - (3 * x1 * x1)(x1 - x3) = 0 + let y_double_identity := + addmod( + mulmod(x1_sqr_mul_3, addmod(mload(X1_EVAL_LOC), sub(p, mload(X3_EVAL_LOC)), p), p), + sub( + p, + mulmod( + addmod(mload(Y1_EVAL_LOC), mload(Y1_EVAL_LOC), p), + addmod(mload(Y1_EVAL_LOC), mload(Y3_EVAL_LOC), p), + p + ) + ), + p + ) + x_double_identity := mulmod(x_double_identity, mload(C_ALPHA_BASE_LOC), p) + y_double_identity := + mulmod(y_double_identity, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p), p) + x_double_identity := mulmod(x_double_identity, mload(QM_EVAL_LOC), p) + y_double_identity := mulmod(y_double_identity, mload(QM_EVAL_LOC), p) + // ELLIPTIC_IDENTITY += (x_double_identity + y_double_identity) * Q_DOUBLE_EVAL + mstore( + ELLIPTIC_IDENTITY, + addmod( + mload(ELLIPTIC_IDENTITY), + mulmod(addmod(x_double_identity, y_double_identity, p), mload(QELLIPTIC_EVAL_LOC), p), + p + ) + ) + + // update alpha + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_QUAD_LOC), p)) + } + + /** + * COMPUTE AUXILIARY WIDGET EVALUATION + */ + { + { + /** + * Non native field arithmetic gate 2 + * _ _ + * / _ _ _ 14 \ + * q_2 . q_4 | (w_1 . w_2) + (w_1 . w_2) + (w_1 . w_4 + w_2 . w_3 - w_3) . 2 - w_3 - w_4 | + * \_ _/ + * + * limb_subproduct = w_1 . w_2_omega + w_1_omega . w_2 + * non_native_field_gate_2 = w_1 * w_4 + w_4 * w_3 - w_3_omega + * non_native_field_gate_2 = non_native_field_gate_2 * limb_size + * non_native_field_gate_2 -= w_4_omega + * non_native_field_gate_2 += limb_subproduct + * non_native_field_gate_2 *= q_4 + * limb_subproduct *= limb_size + * limb_subproduct += w_1_omega * w_2_omega + * non_native_field_gate_1 = (limb_subproduct + w_3 + w_4) * q_3 + * non_native_field_gate_3 = (limb_subproduct + w_4 - (w_3_omega + w_4_omega)) * q_m + * non_native_field_identity = (non_native_field_gate_1 + non_native_field_gate_2 + non_native_field_gate_3) * q_2 + */ + + let limb_subproduct := + addmod( + mulmod(mload(W1_EVAL_LOC), mload(W2_OMEGA_EVAL_LOC), p), + mulmod(mload(W1_OMEGA_EVAL_LOC), mload(W2_EVAL_LOC), p), + p + ) + + let non_native_field_gate_2 := + addmod( + addmod( + mulmod(mload(W1_EVAL_LOC), mload(W4_EVAL_LOC), p), + mulmod(mload(W2_EVAL_LOC), mload(W3_EVAL_LOC), p), + p + ), + sub(p, mload(W3_OMEGA_EVAL_LOC)), + p + ) + non_native_field_gate_2 := mulmod(non_native_field_gate_2, LIMB_SIZE, p) + non_native_field_gate_2 := addmod(non_native_field_gate_2, sub(p, mload(W4_OMEGA_EVAL_LOC)), p) + non_native_field_gate_2 := addmod(non_native_field_gate_2, limb_subproduct, p) + non_native_field_gate_2 := mulmod(non_native_field_gate_2, mload(Q4_EVAL_LOC), p) + limb_subproduct := mulmod(limb_subproduct, LIMB_SIZE, p) + limb_subproduct := + addmod(limb_subproduct, mulmod(mload(W1_OMEGA_EVAL_LOC), mload(W2_OMEGA_EVAL_LOC), p), p) + let non_native_field_gate_1 := + mulmod( + addmod(limb_subproduct, sub(p, addmod(mload(W3_EVAL_LOC), mload(W4_EVAL_LOC), p)), p), + mload(Q3_EVAL_LOC), + p + ) + let non_native_field_gate_3 := + mulmod( + addmod( + addmod(limb_subproduct, mload(W4_EVAL_LOC), p), + sub(p, addmod(mload(W3_OMEGA_EVAL_LOC), mload(W4_OMEGA_EVAL_LOC), p)), + p + ), + mload(QM_EVAL_LOC), + p + ) + let non_native_field_identity := + mulmod( + addmod(addmod(non_native_field_gate_1, non_native_field_gate_2, p), non_native_field_gate_3, p), + mload(Q2_EVAL_LOC), + p + ) + + mstore(AUX_NON_NATIVE_FIELD_EVALUATION, non_native_field_identity) + } + + { + /** + * limb_accumulator_1 = w_2_omega; + * limb_accumulator_1 *= SUBLIMB_SHIFT; + * limb_accumulator_1 += w_1_omega; + * limb_accumulator_1 *= SUBLIMB_SHIFT; + * limb_accumulator_1 += w_3; + * limb_accumulator_1 *= SUBLIMB_SHIFT; + * limb_accumulator_1 += w_2; + * limb_accumulator_1 *= SUBLIMB_SHIFT; + * limb_accumulator_1 += w_1; + * limb_accumulator_1 -= w_4; + * limb_accumulator_1 *= q_4; + */ + let limb_accumulator_1 := mulmod(mload(W2_OMEGA_EVAL_LOC), SUBLIMB_SHIFT, p) + limb_accumulator_1 := addmod(limb_accumulator_1, mload(W1_OMEGA_EVAL_LOC), p) + limb_accumulator_1 := mulmod(limb_accumulator_1, SUBLIMB_SHIFT, p) + limb_accumulator_1 := addmod(limb_accumulator_1, mload(W3_EVAL_LOC), p) + limb_accumulator_1 := mulmod(limb_accumulator_1, SUBLIMB_SHIFT, p) + limb_accumulator_1 := addmod(limb_accumulator_1, mload(W2_EVAL_LOC), p) + limb_accumulator_1 := mulmod(limb_accumulator_1, SUBLIMB_SHIFT, p) + limb_accumulator_1 := addmod(limb_accumulator_1, mload(W1_EVAL_LOC), p) + limb_accumulator_1 := addmod(limb_accumulator_1, sub(p, mload(W4_EVAL_LOC)), p) + limb_accumulator_1 := mulmod(limb_accumulator_1, mload(Q4_EVAL_LOC), p) + + /** + * limb_accumulator_2 = w_3_omega; + * limb_accumulator_2 *= SUBLIMB_SHIFT; + * limb_accumulator_2 += w_2_omega; + * limb_accumulator_2 *= SUBLIMB_SHIFT; + * limb_accumulator_2 += w_1_omega; + * limb_accumulator_2 *= SUBLIMB_SHIFT; + * limb_accumulator_2 += w_4; + * limb_accumulator_2 *= SUBLIMB_SHIFT; + * limb_accumulator_2 += w_3; + * limb_accumulator_2 -= w_4_omega; + * limb_accumulator_2 *= q_m; + */ + let limb_accumulator_2 := mulmod(mload(W3_OMEGA_EVAL_LOC), SUBLIMB_SHIFT, p) + limb_accumulator_2 := addmod(limb_accumulator_2, mload(W2_OMEGA_EVAL_LOC), p) + limb_accumulator_2 := mulmod(limb_accumulator_2, SUBLIMB_SHIFT, p) + limb_accumulator_2 := addmod(limb_accumulator_2, mload(W1_OMEGA_EVAL_LOC), p) + limb_accumulator_2 := mulmod(limb_accumulator_2, SUBLIMB_SHIFT, p) + limb_accumulator_2 := addmod(limb_accumulator_2, mload(W4_EVAL_LOC), p) + limb_accumulator_2 := mulmod(limb_accumulator_2, SUBLIMB_SHIFT, p) + limb_accumulator_2 := addmod(limb_accumulator_2, mload(W3_EVAL_LOC), p) + limb_accumulator_2 := addmod(limb_accumulator_2, sub(p, mload(W4_OMEGA_EVAL_LOC)), p) + limb_accumulator_2 := mulmod(limb_accumulator_2, mload(QM_EVAL_LOC), p) + + mstore( + AUX_LIMB_ACCUMULATOR_EVALUATION, + mulmod(addmod(limb_accumulator_1, limb_accumulator_2, p), mload(Q3_EVAL_LOC), p) + ) + } + + { + /** + * memory_record_check = w_3; + * memory_record_check *= eta; + * memory_record_check += w_2; + * memory_record_check *= eta; + * memory_record_check += w_1; + * memory_record_check *= eta; + * memory_record_check += q_c; + * + * partial_record_check = memory_record_check; + * + * memory_record_check -= w_4; + */ + + let memory_record_check := mulmod(mload(W3_EVAL_LOC), mload(C_ETA_LOC), p) + memory_record_check := addmod(memory_record_check, mload(W2_EVAL_LOC), p) + memory_record_check := mulmod(memory_record_check, mload(C_ETA_LOC), p) + memory_record_check := addmod(memory_record_check, mload(W1_EVAL_LOC), p) + memory_record_check := mulmod(memory_record_check, mload(C_ETA_LOC), p) + memory_record_check := addmod(memory_record_check, mload(QC_EVAL_LOC), p) + + let partial_record_check := memory_record_check + memory_record_check := addmod(memory_record_check, sub(p, mload(W4_EVAL_LOC)), p) + + mstore(AUX_MEMORY_EVALUATION, memory_record_check) + + // index_delta = w_1_omega - w_1 + let index_delta := addmod(mload(W1_OMEGA_EVAL_LOC), sub(p, mload(W1_EVAL_LOC)), p) + // record_delta = w_4_omega - w_4 + let record_delta := addmod(mload(W4_OMEGA_EVAL_LOC), sub(p, mload(W4_EVAL_LOC)), p) + // index_is_monotonically_increasing = index_delta * (index_delta - 1) + let index_is_monotonically_increasing := mulmod(index_delta, addmod(index_delta, sub(p, 1), p), p) + + // adjacent_values_match_if_adjacent_indices_match = record_delta * (1 - index_delta) + let adjacent_values_match_if_adjacent_indices_match := + mulmod(record_delta, addmod(1, sub(p, index_delta), p), p) + + // AUX_ROM_CONSISTENCY_EVALUATION = ((adjacent_values_match_if_adjacent_indices_match * alpha) + index_is_monotonically_increasing) * alpha + partial_record_check + mstore( + AUX_ROM_CONSISTENCY_EVALUATION, + addmod( + mulmod( + addmod( + mulmod(adjacent_values_match_if_adjacent_indices_match, mload(C_ALPHA_LOC), p), + index_is_monotonically_increasing, + p + ), + mload(C_ALPHA_LOC), + p + ), + memory_record_check, + p + ) + ) + + { + /** + * next_gate_access_type = w_3_omega; + * next_gate_access_type *= eta; + * next_gate_access_type += w_2_omega; + * next_gate_access_type *= eta; + * next_gate_access_type += w_1_omega; + * next_gate_access_type *= eta; + * next_gate_access_type = w_4_omega - next_gate_access_type; + */ + let next_gate_access_type := mulmod(mload(W3_OMEGA_EVAL_LOC), mload(C_ETA_LOC), p) + next_gate_access_type := addmod(next_gate_access_type, mload(W2_OMEGA_EVAL_LOC), p) + next_gate_access_type := mulmod(next_gate_access_type, mload(C_ETA_LOC), p) + next_gate_access_type := addmod(next_gate_access_type, mload(W1_OMEGA_EVAL_LOC), p) + next_gate_access_type := mulmod(next_gate_access_type, mload(C_ETA_LOC), p) + next_gate_access_type := addmod(mload(W4_OMEGA_EVAL_LOC), sub(p, next_gate_access_type), p) + + // value_delta = w_3_omega - w_3 + let value_delta := addmod(mload(W3_OMEGA_EVAL_LOC), sub(p, mload(W3_EVAL_LOC)), p) + // adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation = (1 - index_delta) * value_delta * (1 - next_gate_access_type); + + let adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation := + mulmod( + addmod(1, sub(p, index_delta), p), + mulmod(value_delta, addmod(1, sub(p, next_gate_access_type), p), p), + p + ) + + // AUX_RAM_CONSISTENCY_EVALUATION + + /** + * access_type = w_4 - partial_record_check + * access_check = access_type^2 - access_type + * next_gate_access_type_is_boolean = next_gate_access_type^2 - next_gate_access_type + * RAM_consistency_check_identity = adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation; + * RAM_consistency_check_identity *= alpha; + * RAM_consistency_check_identity += index_is_monotonically_increasing; + * RAM_consistency_check_identity *= alpha; + * RAM_consistency_check_identity += next_gate_access_type_is_boolean; + * RAM_consistency_check_identity *= alpha; + * RAM_consistency_check_identity += access_check; + */ + + let access_type := addmod(mload(W4_EVAL_LOC), sub(p, partial_record_check), p) + let access_check := mulmod(access_type, addmod(access_type, sub(p, 1), p), p) + let next_gate_access_type_is_boolean := + mulmod(next_gate_access_type, addmod(next_gate_access_type, sub(p, 1), p), p) + let RAM_cci := + mulmod( + adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation, + mload(C_ALPHA_LOC), + p + ) + RAM_cci := addmod(RAM_cci, index_is_monotonically_increasing, p) + RAM_cci := mulmod(RAM_cci, mload(C_ALPHA_LOC), p) + RAM_cci := addmod(RAM_cci, next_gate_access_type_is_boolean, p) + RAM_cci := mulmod(RAM_cci, mload(C_ALPHA_LOC), p) + RAM_cci := addmod(RAM_cci, access_check, p) + + mstore(AUX_RAM_CONSISTENCY_EVALUATION, RAM_cci) + } + + { + // timestamp_delta = w_2_omega - w_2 + let timestamp_delta := addmod(mload(W2_OMEGA_EVAL_LOC), sub(p, mload(W2_EVAL_LOC)), p) + + // RAM_timestamp_check_identity = (1 - index_delta) * timestamp_delta - w_3 + let RAM_timestamp_check_identity := + addmod( + mulmod(timestamp_delta, addmod(1, sub(p, index_delta), p), p), sub(p, mload(W3_EVAL_LOC)), p + ) + + /** + * memory_identity = ROM_consistency_check_identity * q_2; + * memory_identity += RAM_timestamp_check_identity * q_4; + * memory_identity += memory_record_check * q_m; + * memory_identity *= q_1; + * memory_identity += (RAM_consistency_check_identity * q_arith); + * + * auxiliary_identity = memory_identity + non_native_field_identity + limb_accumulator_identity; + * auxiliary_identity *= q_aux; + * auxiliary_identity *= alpha_base; + */ + let memory_identity := mulmod(mload(AUX_ROM_CONSISTENCY_EVALUATION), mload(Q2_EVAL_LOC), p) + memory_identity := + addmod(memory_identity, mulmod(RAM_timestamp_check_identity, mload(Q4_EVAL_LOC), p), p) + memory_identity := + addmod(memory_identity, mulmod(mload(AUX_MEMORY_EVALUATION), mload(QM_EVAL_LOC), p), p) + memory_identity := mulmod(memory_identity, mload(Q1_EVAL_LOC), p) + memory_identity := + addmod( + memory_identity, mulmod(mload(AUX_RAM_CONSISTENCY_EVALUATION), mload(QARITH_EVAL_LOC), p), p + ) + + let auxiliary_identity := addmod(memory_identity, mload(AUX_NON_NATIVE_FIELD_EVALUATION), p) + auxiliary_identity := addmod(auxiliary_identity, mload(AUX_LIMB_ACCUMULATOR_EVALUATION), p) + auxiliary_identity := mulmod(auxiliary_identity, mload(QAUX_EVAL_LOC), p) + auxiliary_identity := mulmod(auxiliary_identity, mload(C_ALPHA_BASE_LOC), p) + + mstore(AUX_IDENTITY, auxiliary_identity) + + // update alpha + mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_CUBE_LOC), p)) + } + } + } + + { + /** + * quotient = ARITHMETIC_IDENTITY + * quotient += PERMUTATION_IDENTITY + * quotient += PLOOKUP_IDENTITY + * quotient += SORT_IDENTITY + * quotient += ELLIPTIC_IDENTITY + * quotient += AUX_IDENTITY + * quotient *= ZERO_POLY_INVERSE + */ + mstore( + QUOTIENT_EVAL_LOC, + mulmod( + addmod( + addmod( + addmod( + addmod( + addmod(mload(PERMUTATION_IDENTITY), mload(PLOOKUP_IDENTITY), p), + mload(ARITHMETIC_IDENTITY), + p + ), + mload(SORT_IDENTITY), + p + ), + mload(ELLIPTIC_IDENTITY), + p + ), + mload(AUX_IDENTITY), + p + ), + mload(ZERO_POLY_INVERSE_LOC), + p + ) + ) + } + + /** + * GENERATE NU AND SEPARATOR CHALLENGES + */ + { + let current_challenge := mload(C_CURRENT_LOC) + // get a calldata pointer that points to the start of the data we want to copy + let calldata_ptr := add(calldataload(0x04), 0x24) + + calldata_ptr := add(calldata_ptr, NU_CALLDATA_SKIP_LENGTH) + + mstore(NU_CHALLENGE_INPUT_LOC_A, current_challenge) + mstore(NU_CHALLENGE_INPUT_LOC_B, mload(QUOTIENT_EVAL_LOC)) + calldatacopy(NU_CHALLENGE_INPUT_LOC_C, calldata_ptr, NU_INPUT_LENGTH) + + // hash length = (0x20 + num field elements), we include the previous challenge in the hash + let challenge := keccak256(NU_CHALLENGE_INPUT_LOC_A, add(NU_INPUT_LENGTH, 0x40)) + + mstore(C_V0_LOC, mod(challenge, p)) + // We need THIRTY-ONE independent nu challenges! + mstore(0x00, challenge) + mstore8(0x20, 0x01) + mstore(C_V1_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x02) + mstore(C_V2_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x03) + mstore(C_V3_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x04) + mstore(C_V4_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x05) + mstore(C_V5_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x06) + mstore(C_V6_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x07) + mstore(C_V7_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x08) + mstore(C_V8_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x09) + mstore(C_V9_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x0a) + mstore(C_V10_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x0b) + mstore(C_V11_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x0c) + mstore(C_V12_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x0d) + mstore(C_V13_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x0e) + mstore(C_V14_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x0f) + mstore(C_V15_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x10) + mstore(C_V16_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x11) + mstore(C_V17_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x12) + mstore(C_V18_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x13) + mstore(C_V19_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x14) + mstore(C_V20_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x15) + mstore(C_V21_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x16) + mstore(C_V22_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x17) + mstore(C_V23_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x18) + mstore(C_V24_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x19) + mstore(C_V25_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x1a) + mstore(C_V26_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x1b) + mstore(C_V27_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x1c) + mstore(C_V28_LOC, mod(keccak256(0x00, 0x21), p)) + mstore8(0x20, 0x1d) + mstore(C_V29_LOC, mod(keccak256(0x00, 0x21), p)) + + // @follow-up - Why are both v29 and v30 using appending 0x1d to the prior challenge and hashing, should it not change? + mstore8(0x20, 0x1d) + challenge := keccak256(0x00, 0x21) + mstore(C_V30_LOC, mod(challenge, p)) + + // separator + mstore(0x00, challenge) + mstore(0x20, mload(PI_Z_Y_LOC)) + mstore(0x40, mload(PI_Z_X_LOC)) + mstore(0x60, mload(PI_Z_OMEGA_Y_LOC)) + mstore(0x80, mload(PI_Z_OMEGA_X_LOC)) + + mstore(C_U_LOC, mod(keccak256(0x00, 0xa0), p)) + } + + let success := 0 + // VALIDATE T1 + { + let x := mload(T1_X_LOC) + let y := mload(T1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q)) + mstore(ACCUMULATOR_X_LOC, x) + mstore(add(ACCUMULATOR_X_LOC, 0x20), y) + } + // VALIDATE T2 + { + let x := mload(T2_X_LOC) // 0x1400 + let y := mload(T2_Y_LOC) // 0x1420 + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(ZETA_POW_N_LOC)) + // accumulator_2 = [T2].zeta^n + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = [T1] + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE T3 + { + let x := mload(T3_X_LOC) + let y := mload(T3_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(mload(ZETA_POW_N_LOC), mload(ZETA_POW_N_LOC), p)) + // accumulator_2 = [T3].zeta^{2n} + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE T4 + { + let x := mload(T4_X_LOC) + let y := mload(T4_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(mulmod(mload(ZETA_POW_N_LOC), mload(ZETA_POW_N_LOC), p), mload(ZETA_POW_N_LOC), p)) + // accumulator_2 = [T4].zeta^{3n} + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE W1 + { + let x := mload(W1_X_LOC) + let y := mload(W1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V0_LOC), p)) + // accumulator_2 = v0.(u + 1).[W1] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE W2 + { + let x := mload(W2_X_LOC) + let y := mload(W2_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V1_LOC), p)) + // accumulator_2 = v1.(u + 1).[W2] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE W3 + { + let x := mload(W3_X_LOC) + let y := mload(W3_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V2_LOC), p)) + // accumulator_2 = v2.(u + 1).[W3] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE W4 + { + let x := mload(W4_X_LOC) + let y := mload(W4_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V3_LOC), p)) + // accumulator_2 = v3.(u + 1).[W4] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE S + { + let x := mload(S_X_LOC) + let y := mload(S_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V4_LOC), p)) + // accumulator_2 = v4.(u + 1).[S] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE Z + { + let x := mload(Z_X_LOC) + let y := mload(Z_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V5_LOC), p)) + // accumulator_2 = v5.(u + 1).[Z] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE Z_LOOKUP + { + let x := mload(Z_LOOKUP_X_LOC) + let y := mload(Z_LOOKUP_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V6_LOC), p)) + // accumulator_2 = v6.(u + 1).[Z_LOOKUP] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE Q1 + { + let x := mload(Q1_X_LOC) + let y := mload(Q1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V7_LOC)) + // accumulator_2 = v7.[Q1] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE Q2 + { + let x := mload(Q2_X_LOC) + let y := mload(Q2_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V8_LOC)) + // accumulator_2 = v8.[Q2] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE Q3 + { + let x := mload(Q3_X_LOC) + let y := mload(Q3_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V9_LOC)) + // accumulator_2 = v9.[Q3] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE Q4 + { + let x := mload(Q4_X_LOC) + let y := mload(Q4_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V10_LOC)) + // accumulator_2 = v10.[Q4] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE QM + { + let x := mload(QM_X_LOC) + let y := mload(QM_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V11_LOC)) + // accumulator_2 = v11.[Q;] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE QC + { + let x := mload(QC_X_LOC) + let y := mload(QC_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V12_LOC)) + // accumulator_2 = v12.[QC] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE QARITH + { + let x := mload(QARITH_X_LOC) + let y := mload(QARITH_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V13_LOC)) + // accumulator_2 = v13.[QARITH] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE QSORT + { + let x := mload(QSORT_X_LOC) + let y := mload(QSORT_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V14_LOC)) + // accumulator_2 = v14.[QSORT] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE QELLIPTIC + { + let x := mload(QELLIPTIC_X_LOC) + let y := mload(QELLIPTIC_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V15_LOC)) + // accumulator_2 = v15.[QELLIPTIC] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE QAUX + { + let x := mload(QAUX_X_LOC) + let y := mload(QAUX_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V16_LOC)) + // accumulator_2 = v15.[Q_AUX] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE SIGMA1 + { + let x := mload(SIGMA1_X_LOC) + let y := mload(SIGMA1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V17_LOC)) + // accumulator_2 = v17.[sigma1] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE SIGMA2 + { + let x := mload(SIGMA2_X_LOC) + let y := mload(SIGMA2_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V18_LOC)) + // accumulator_2 = v18.[sigma2] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE SIGMA3 + { + let x := mload(SIGMA3_X_LOC) + let y := mload(SIGMA3_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V19_LOC)) + // accumulator_2 = v19.[sigma3] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE SIGMA4 + { + let x := mload(SIGMA4_X_LOC) + let y := mload(SIGMA4_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V20_LOC)) + // accumulator_2 = v20.[sigma4] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE TABLE1 + { + let x := mload(TABLE1_X_LOC) + let y := mload(TABLE1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V21_LOC), p)) + // accumulator_2 = u.[table1] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE TABLE2 + { + let x := mload(TABLE2_X_LOC) + let y := mload(TABLE2_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V22_LOC), p)) + // accumulator_2 = u.[table2] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE TABLE3 + { + let x := mload(TABLE3_X_LOC) + let y := mload(TABLE3_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V23_LOC), p)) + // accumulator_2 = u.[table3] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE TABLE4 + { + let x := mload(TABLE4_X_LOC) + let y := mload(TABLE4_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V24_LOC), p)) + // accumulator_2 = u.[table4] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE TABLE_TYPE + { + let x := mload(TABLE_TYPE_X_LOC) + let y := mload(TABLE_TYPE_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V25_LOC)) + // accumulator_2 = v25.[TableType] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE ID1 + { + let x := mload(ID1_X_LOC) + let y := mload(ID1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V26_LOC)) + // accumulator_2 = v26.[ID1] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE ID2 + { + let x := mload(ID2_X_LOC) + let y := mload(ID2_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V27_LOC)) + // accumulator_2 = v27.[ID2] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE ID3 + { + let x := mload(ID3_X_LOC) + let y := mload(ID3_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V28_LOC)) + // accumulator_2 = v28.[ID3] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE ID4 + { + let x := mload(ID4_X_LOC) + let y := mload(ID4_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mload(C_V29_LOC)) + // accumulator_2 = v29.[ID4] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + /** + * COMPUTE BATCH EVALUATION SCALAR MULTIPLIER + */ + { + /** + * batch_evaluation = v0 * (w_1_omega * u + w_1_eval) + * batch_evaluation += v1 * (w_2_omega * u + w_2_eval) + * batch_evaluation += v2 * (w_3_omega * u + w_3_eval) + * batch_evaluation += v3 * (w_4_omega * u + w_4_eval) + * batch_evaluation += v4 * (s_omega_eval * u + s_eval) + * batch_evaluation += v5 * (z_omega_eval * u + z_eval) + * batch_evaluation += v6 * (z_lookup_omega_eval * u + z_lookup_eval) + */ + let batch_evaluation := + mulmod( + mload(C_V0_LOC), + addmod(mulmod(mload(W1_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W1_EVAL_LOC), p), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V1_LOC), + addmod(mulmod(mload(W2_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W2_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V2_LOC), + addmod(mulmod(mload(W3_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W3_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V3_LOC), + addmod(mulmod(mload(W4_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W4_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V4_LOC), + addmod(mulmod(mload(S_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(S_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V5_LOC), + addmod(mulmod(mload(Z_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(Z_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V6_LOC), + addmod(mulmod(mload(Z_LOOKUP_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(Z_LOOKUP_EVAL_LOC), p), + p + ), + p + ) + + /** + * batch_evaluation += v7 * Q1_EVAL + * batch_evaluation += v8 * Q2_EVAL + * batch_evaluation += v9 * Q3_EVAL + * batch_evaluation += v10 * Q4_EVAL + * batch_evaluation += v11 * QM_EVAL + * batch_evaluation += v12 * QC_EVAL + * batch_evaluation += v13 * QARITH_EVAL + * batch_evaluation += v14 * QSORT_EVAL_LOC + * batch_evaluation += v15 * QELLIPTIC_EVAL_LOC + * batch_evaluation += v16 * QAUX_EVAL_LOC + * batch_evaluation += v17 * SIGMA1_EVAL_LOC + * batch_evaluation += v18 * SIGMA2_EVAL_LOC + * batch_evaluation += v19 * SIGMA3_EVAL_LOC + * batch_evaluation += v20 * SIGMA4_EVAL_LOC + */ + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V7_LOC), mload(Q1_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V8_LOC), mload(Q2_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V9_LOC), mload(Q3_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V10_LOC), mload(Q4_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V11_LOC), mload(QM_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V12_LOC), mload(QC_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V13_LOC), mload(QARITH_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V14_LOC), mload(QSORT_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V15_LOC), mload(QELLIPTIC_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V16_LOC), mload(QAUX_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V17_LOC), mload(SIGMA1_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V18_LOC), mload(SIGMA2_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V19_LOC), mload(SIGMA3_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V20_LOC), mload(SIGMA4_EVAL_LOC), p), p) + + /** + * batch_evaluation += v21 * (table1(zw) * u + table1(z)) + * batch_evaluation += v22 * (table2(zw) * u + table2(z)) + * batch_evaluation += v23 * (table3(zw) * u + table3(z)) + * batch_evaluation += v24 * (table4(zw) * u + table4(z)) + * batch_evaluation += v25 * table_type_eval + * batch_evaluation += v26 * id1_eval + * batch_evaluation += v27 * id2_eval + * batch_evaluation += v28 * id3_eval + * batch_evaluation += v29 * id4_eval + * batch_evaluation += quotient_eval + */ + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V21_LOC), + addmod(mulmod(mload(TABLE1_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE1_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V22_LOC), + addmod(mulmod(mload(TABLE2_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE2_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V23_LOC), + addmod(mulmod(mload(TABLE3_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE3_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := + addmod( + batch_evaluation, + mulmod( + mload(C_V24_LOC), + addmod(mulmod(mload(TABLE4_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE4_EVAL_LOC), p), + p + ), + p + ) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V25_LOC), mload(TABLE_TYPE_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V26_LOC), mload(ID1_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V27_LOC), mload(ID2_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V28_LOC), mload(ID3_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V29_LOC), mload(ID4_EVAL_LOC), p), p) + batch_evaluation := addmod(batch_evaluation, mload(QUOTIENT_EVAL_LOC), p) + + mstore(0x00, 0x01) // [1].x + mstore(0x20, 0x02) // [1].y + mstore(0x40, sub(p, batch_evaluation)) + // accumulator_2 = -[1].(batch_evaluation) + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + mstore(OPENING_COMMITMENT_SUCCESS_FLAG, success) + } + + /** + * PERFORM PAIRING PREAMBLE + */ + { + let u := mload(C_U_LOC) + let zeta := mload(C_ZETA_LOC) + // VALIDATE PI_Z + { + let x := mload(PI_Z_X_LOC) + let y := mload(PI_Z_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q)) + mstore(0x00, x) + mstore(0x20, y) + } + // compute zeta.[PI_Z] and add into accumulator + mstore(0x40, zeta) + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // accumulator = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) + + // VALIDATE PI_Z_OMEGA + { + let x := mload(PI_Z_OMEGA_X_LOC) + let y := mload(PI_Z_OMEGA_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + mstore(0x40, mulmod(mulmod(u, zeta, p), mload(OMEGA_LOC), p)) + // accumulator_2 = u.zeta.omega.[PI_Z_OMEGA] + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) + // PAIRING_RHS = accumulator + accumulator_2 + success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, PAIRING_RHS_X_LOC, 0x40)) + + mstore(0x00, mload(PI_Z_X_LOC)) + mstore(0x20, mload(PI_Z_Y_LOC)) + mstore(0x40, mload(PI_Z_OMEGA_X_LOC)) + mstore(0x60, mload(PI_Z_OMEGA_Y_LOC)) + mstore(0x80, u) + success := and(success, staticcall(gas(), 7, 0x40, 0x60, 0x40, 0x40)) + // PAIRING_LHS = [PI_Z] + [PI_Z_OMEGA] * u + success := and(success, staticcall(gas(), 6, 0x00, 0x80, PAIRING_LHS_X_LOC, 0x40)) + // negate lhs y-coordinate + mstore(PAIRING_LHS_Y_LOC, sub(q, mload(PAIRING_LHS_Y_LOC))) + + if mload(CONTAINS_RECURSIVE_PROOF_LOC) { + // VALIDATE RECURSIVE P1 + { + let x := mload(RECURSIVE_P1_X_LOC) + let y := mload(RECURSIVE_P1_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + + // compute u.u.[recursive_p1] and write into 0x60 + mstore(0x40, mulmod(u, u, p)) + success := and(success, staticcall(gas(), 7, 0x00, 0x60, 0x60, 0x40)) + // VALIDATE RECURSIVE P2 + { + let x := mload(RECURSIVE_P2_X_LOC) + let y := mload(RECURSIVE_P2_Y_LOC) + let xx := mulmod(x, x, q) + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) + mstore(0x00, x) + mstore(0x20, y) + } + // compute u.u.[recursive_p2] and write into 0x00 + // 0x40 still contains u*u + success := and(success, staticcall(gas(), 7, 0x00, 0x60, 0x00, 0x40)) + + // compute u.u.[recursiveP1] + rhs and write into rhs + mstore(0xa0, mload(PAIRING_RHS_X_LOC)) + mstore(0xc0, mload(PAIRING_RHS_Y_LOC)) + success := and(success, staticcall(gas(), 6, 0x60, 0x80, PAIRING_RHS_X_LOC, 0x40)) + + // compute u.u.[recursiveP2] + lhs and write into lhs + mstore(0x40, mload(PAIRING_LHS_X_LOC)) + mstore(0x60, mload(PAIRING_LHS_Y_LOC)) + success := and(success, staticcall(gas(), 6, 0x00, 0x80, PAIRING_LHS_X_LOC, 0x40)) + } + + if iszero(success) { + mstore(0x0, EC_SCALAR_MUL_FAILURE_SELECTOR) + revert(0x00, 0x04) + } + mstore(PAIRING_PREAMBLE_SUCCESS_FLAG, success) + } + + /** + * PERFORM PAIRING + */ + { + // rhs paired with [1]_2 + // lhs paired with [x]_2 + + mstore(0x00, mload(PAIRING_RHS_X_LOC)) + mstore(0x20, mload(PAIRING_RHS_Y_LOC)) + mstore(0x40, 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) // this is [1]_2 + mstore(0x60, 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed) + mstore(0x80, 0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b) + mstore(0xa0, 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa) + + mstore(0xc0, mload(PAIRING_LHS_X_LOC)) + mstore(0xe0, mload(PAIRING_LHS_Y_LOC)) + mstore(0x100, mload(G2X_X0_LOC)) + mstore(0x120, mload(G2X_X1_LOC)) + mstore(0x140, mload(G2X_Y0_LOC)) + mstore(0x160, mload(G2X_Y1_LOC)) + + success := staticcall(gas(), 8, 0x00, 0x180, 0x00, 0x20) + mstore(PAIRING_SUCCESS_FLAG, success) + mstore(RESULT_FLAG, mload(0x00)) + } + if iszero( + and( + and(and(mload(PAIRING_SUCCESS_FLAG), mload(RESULT_FLAG)), mload(PAIRING_PREAMBLE_SUCCESS_FLAG)), + mload(OPENING_COMMITMENT_SUCCESS_FLAG) + ) + ) { + mstore(0x0, PROOF_FAILURE_SELECTOR) + revert(0x00, 0x04) + } + { + mstore(0x00, 0x01) + return(0x00, 0x20) // Proof succeeded! + } + } + } +} + +contract Verifier is BaseUltraVerifier { + function getVerificationKeyHash() public pure override(BaseUltraVerifier) returns (bytes32) { + return UltraVerificationKey.verificationKeyHash(); + } + + function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BaseUltraVerifier) { + UltraVerificationKey.loadVerificationKey(vk, _omegaInverseLoc); + } +} \ No newline at end of file diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js new file mode 100644 index 000000000000..7cfacc78544b --- /dev/null +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -0,0 +1,153 @@ +import fs, { readFileSync } from "fs"; +import {spawn} from "child_process"; +import {ethers} from "ethers"; + +import ABI from "./contracts/out/Test.sol/Test.json" assert { type: "json" }; +import { gunzipSync } from "zlib"; + +const readWitnessFile = (path) => { + const buffer = fs.readFileSync(path); + return gunzipSync(buffer); +}; + +const getEnvVar = (envvar) => { + const varVal = process.env[envvar]; + if (!varVal) { + throw new Error(`${envvar} not set`); + } + return varVal; +} + +const launchAnvil = async () => { + const handle = spawn("anvil"); + // console.log("Anvil Launched"); + handle.on("close", (code) => { + console.log(`anvil exited with code ${code}`) + }); + + // wait until the anvil instance is ready on port 8545 + await new Promise((resolve) => { + handle.stdout.on("data", (data) => { + const str = data.toString(); + if (str.includes("Listening on")) { + // console.log("Anvil Ready"); + resolve(undefined); + } + }); + }); + + return handle; +} + +const deploy = async (abi, signer) => { + const factory = new ethers.ContractFactory(abi.abi, abi.bytecode.object, signer); + // console.log("Deploying Contract..."); + const deployment = await factory.deploy(); + const deployed = await deployment.waitForDeployment(); + return await deployed.getAddress(); +} + +/** + * + * @param {number} numPublicInputs + * @param {Array} proofAsFields + * @returns {Array} + */ +const readPublicInputs = (numPublicInputs, proofAsFields) => { + // console.log("numPublicInputs: ", numPublicInputs); + const publicInputs = []; + for (let i = 0; i < numPublicInputs; i++) { + publicInputs.push(proofAsFields[i]); + } + return publicInputs; +} + +// start anvil +async function main() { + // const anvil = await launchAnvil(); + // const killAnvil = () => { + // anvil.kill(); + // } + + try { + // console.log("getting witness"); + const witnessPath = getEnvVar("WITNESS"); + const witness = readWitnessFile(witnessPath); + // console.log(witness.toString()); + + const proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS"); + const proofAsFields = readFileSync(proofAsFieldsPath); + const numPublicInputs = +getEnvVar("NUM_PUBLIC_INPUTS"); + const publicInputs = readPublicInputs(numPublicInputs, JSON.parse(proofAsFields.toString())); + + // console.log("getting proof"); + const proofPath = getEnvVar("PROOF"); + // console.log(proofPath) + const proof = readFileSync(proofPath); + + // Cut the number of public inputs off of the proof string + const proofStr = `0x${proof.toString("hex").substring(64*numPublicInputs)}`; + // console.log(proofStr) + + // Get the contract artifact + const key = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"; + const provider = new ethers.JsonRpcProvider("http://localhost:8545"); + const signer = new ethers.Wallet(key, provider); + + // deploy + const address = await deploy(ABI, signer); + const contract = new ethers.Contract(address, ABI.abi, signer); + + // Run the test + console.log(publicInputs) + const result = await contract.test(proofStr, publicInputs); + console.log(result); + } + catch (e) { + console.log(e) + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + console.log("FAILED") + // console.log(e); + throw e; + } + finally { + // Kill anvil at the end of running + // killAnvil(); + } +} + + + + +// Create a proof for the given ACIR + + +// Deploy the solidity contract + +// Run the test + + +// Set up the command-line interface +// const acir = readBytecodeFile(bytecodePath); +// const witness = readWitnessFile(witnessPath); +// const threads = Math.min(os.cpus().length, 16); + + +// // Convert the input data to Uint8Arrays within the browser context +// const acirUint8Array = new Uint8Array(acirData as number[]); +// const witnessUint8Array = new Uint8Array(witnessData as number[]); + + + +main() + diff --git a/barretenberg/acir_tests/sol-test/yarn.lock b/barretenberg/acir_tests/sol-test/yarn.lock new file mode 100644 index 000000000000..8b2c68df602d --- /dev/null +++ b/barretenberg/acir_tests/sol-test/yarn.lock @@ -0,0 +1,174 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@adraffy/ens-normalize@1.10.0": + version "1.10.0" + resolved "https://registry.yarnpkg.com/@adraffy/ens-normalize/-/ens-normalize-1.10.0.tgz#d2a39395c587e092d77cbbc80acf956a54f38bf7" + integrity sha512-nA9XHtlAkYfJxY7bce8DcN7eKxWWCWkU+1GR9d+U6MbNpfwQp8TI7vqOsBsMcHoT4mBu2kypKoSKnghEzOOq5Q== + +"@cspotcode/source-map-support@^0.8.0": + version "0.8.1" + resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" + integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== + dependencies: + "@jridgewell/trace-mapping" "0.3.9" + +"@jridgewell/resolve-uri@^3.0.3": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" + integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== + +"@jridgewell/sourcemap-codec@^1.4.10": + version "1.4.15" + resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" + integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== + +"@jridgewell/trace-mapping@0.3.9": + version "0.3.9" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" + integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== + dependencies: + "@jridgewell/resolve-uri" "^3.0.3" + "@jridgewell/sourcemap-codec" "^1.4.10" + +"@noble/curves@1.2.0": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@noble/curves/-/curves-1.2.0.tgz#92d7e12e4e49b23105a2555c6984d41733d65c35" + integrity sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw== + dependencies: + "@noble/hashes" "1.3.2" + +"@noble/hashes@1.3.2": + version "1.3.2" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.2.tgz#6f26dbc8fbc7205873ce3cee2f690eba0d421b39" + integrity sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ== + +"@tsconfig/node10@^1.0.7": + version "1.0.9" + resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2" + integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA== + +"@tsconfig/node12@^1.0.7": + version "1.0.11" + resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d" + integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag== + +"@tsconfig/node14@^1.0.0": + version "1.0.3" + resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1" + integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow== + +"@tsconfig/node16@^1.0.2": + version "1.0.4" + resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9" + integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA== + +"@types/node@18.15.13": + version "18.15.13" + resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.13.tgz#f64277c341150c979e42b00e4ac289290c9df469" + integrity sha512-N+0kuo9KgrUQ1Sn/ifDXsvg0TTleP7rIy4zOBGECxAljqvqfqpTfzx0Q1NUedOixRMBfe2Whhb056a42cWs26Q== + +"@types/node@^20.8.10": + version "20.8.10" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.8.10.tgz#a5448b895c753ae929c26ce85cab557c6d4a365e" + integrity sha512-TlgT8JntpcbmKUFzjhsyhGfP2fsiz1Mv56im6enJ905xG1DAYesxJaeSbGqQmAw8OWPdhyJGhGSQGKRNJ45u9w== + dependencies: + undici-types "~5.26.4" + +acorn-walk@^8.1.1: + version "8.2.0" + resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1" + integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA== + +acorn@^8.4.1: + version "8.10.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.10.0.tgz#8be5b3907a67221a81ab23c7889c4c5526b62ec5" + integrity sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw== + +aes-js@4.0.0-beta.5: + version "4.0.0-beta.5" + resolved "https://registry.yarnpkg.com/aes-js/-/aes-js-4.0.0-beta.5.tgz#8d2452c52adedebc3a3e28465d858c11ca315873" + integrity sha512-G965FqalsNyrPqgEGON7nIx1e/OVENSgiEIzyC63haUMuvNnwIgIjMs52hlTCKhkBny7A2ORNlfY9Zu+jmGk1Q== + +arg@^4.1.0: + version "4.1.3" + resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" + integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA== + +create-require@^1.1.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" + integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== + +diff@^4.0.1: + version "4.0.2" + resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" + integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== + +ethers@^6.8.1: + version "6.8.1" + resolved "https://registry.yarnpkg.com/ethers/-/ethers-6.8.1.tgz#ee2a1a39b5f62a13678f90ccd879175391d0a2b4" + integrity sha512-iEKm6zox5h1lDn6scuRWdIdFJUCGg3+/aQWu0F4K0GVyEZiktFkqrJbRjTn1FlYEPz7RKA707D6g5Kdk6j7Ljg== + dependencies: + "@adraffy/ens-normalize" "1.10.0" + "@noble/curves" "1.2.0" + "@noble/hashes" "1.3.2" + "@types/node" "18.15.13" + aes-js "4.0.0-beta.5" + tslib "2.4.0" + ws "8.5.0" + +make-error@^1.1.1: + version "1.3.6" + resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2" + integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== + +ts-node@^10.9.1: + version "10.9.1" + resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b" + integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== + dependencies: + "@cspotcode/source-map-support" "^0.8.0" + "@tsconfig/node10" "^1.0.7" + "@tsconfig/node12" "^1.0.7" + "@tsconfig/node14" "^1.0.0" + "@tsconfig/node16" "^1.0.2" + acorn "^8.4.1" + acorn-walk "^8.1.1" + arg "^4.1.0" + create-require "^1.1.0" + diff "^4.0.1" + make-error "^1.1.1" + v8-compile-cache-lib "^3.0.1" + yn "3.1.1" + +tslib@2.4.0: + version "2.4.0" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.4.0.tgz#7cecaa7f073ce680a05847aa77be941098f36dc3" + integrity sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ== + +typescript@^5.2.2: + version "5.2.2" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.2.2.tgz#5ebb5e5a5b75f085f22bc3f8460fba308310fa78" + integrity sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w== + +undici-types@~5.26.4: + version "5.26.5" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== + +v8-compile-cache-lib@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" + integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== + +ws@8.5.0: + version "8.5.0" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.5.0.tgz#bfb4be96600757fe5382de12c670dab984a1ed4f" + integrity sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg== + +yn@3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50" + integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q== diff --git a/barretenberg/acir_tests/solidity_tests/TODO.md b/barretenberg/acir_tests/solidity_tests/TODO.md deleted file mode 100644 index 91110b52f84b..000000000000 --- a/barretenberg/acir_tests/solidity_tests/TODO.md +++ /dev/null @@ -1,8 +0,0 @@ - -Path forward, can we -- run an anvil in process on a random port -- code gen the verifier -- deploy the verifier -- work out what public inputs we need -- add them to the proof -- profit? \ No newline at end of file diff --git a/barretenberg/acir_tests/solidity_tests/temp.js b/barretenberg/acir_tests/solidity_tests/temp.js deleted file mode 100644 index 139597f9cb07..000000000000 --- a/barretenberg/acir_tests/solidity_tests/temp.js +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index f09387923fc0..a7de3b8f289d 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -75,8 +75,6 @@ bool proveAndVerify(const std::string& bytecodePath, const std::string& witnessP auto constraint_system = get_constraint_system(bytecodePath); auto witness = get_witness(witnessPath); - info("witness"); - info(witness); auto acir_composer = init(constraint_system); Timer pk_timer; @@ -119,6 +117,7 @@ void prove(const std::string& bytecodePath, auto constraint_system = get_constraint_system(bytecodePath); auto witness = get_witness(witnessPath); auto acir_composer = init(constraint_system); + acir_composer.init_proving_key(constraint_system); auto proof = acir_composer.create_proof(constraint_system, witness, recursive); if (outputPath == "-") { @@ -142,9 +141,11 @@ void gateCount(const std::string& bytecodePath) { auto constraint_system = get_constraint_system(bytecodePath); auto acir_composer = init(constraint_system); + auto num_public_inputs = acir_composer.get_num_public_inputs(); auto gate_count = acir_composer.get_total_circuit_size(); writeUint64AsRawBytesToStdout(static_cast(gate_count)); + vinfo("public inputs: ", num_public_inputs); vinfo("gate count: ", gate_count); } @@ -172,7 +173,6 @@ bool verify(const std::string& proof_path, bool recursive, const std::string& vk auto verified = acir_composer.verify_proof(read_file(proof_path), recursive); vinfo("verified: ", verified); - return verified; } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp index 0c2f63a18170..b48fee9e1d91 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp @@ -305,10 +305,14 @@ WitnessVector witness_buf_to_witness_data(std::vector const& buf) WitnessVector wv; size_t index = 1; for (auto& e : w.value) { + // // first is index + // info("first ", e.first.value); while (index < e.first.value) { + // info("index < first ", e.first.value); wv.push_back(barretenberg::fr(0)); index++; } + // info("second ", e.second); wv.push_back(barretenberg::fr(uint256_t(e.second))); index++; } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp index 5f7cee439c62..8464d9e3f0cf 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp @@ -24,6 +24,7 @@ void AcirComposer::create_circuit(acir_format::acir_format& constraint_system) vinfo("building circuit..."); builder_ = acir_format::create_circuit(constraint_system, size_hint_); exact_circuit_size_ = builder_.get_num_gates(); + num_public_inputs_ = builder_.get_num_public_inputs(); total_circuit_size_ = builder_.get_total_circuit_size(); circuit_subgroup_size_ = builder_.get_circuit_subgroup_size(total_circuit_size_); size_hint_ = circuit_subgroup_size_; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp index 32b678268e38..6986661b6270 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp @@ -27,6 +27,7 @@ class AcirComposer { bool verify_proof(std::vector const& proof, bool is_recursive); std::string get_solidity_verifier(); + size_t get_num_public_inputs() { return num_public_inputs_; }; size_t get_exact_circuit_size() { return exact_circuit_size_; }; size_t get_total_circuit_size() { return total_circuit_size_; }; size_t get_circuit_subgroup_size() { return circuit_subgroup_size_; }; @@ -40,6 +41,7 @@ class AcirComposer { acir_format::Builder builder_; size_t size_hint_; size_t exact_circuit_size_; + size_t num_public_inputs_; size_t total_circuit_size_; size_t circuit_subgroup_size_; std::shared_ptr proving_key_; diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp index 227a06791977..05dc749d255a 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp @@ -204,8 +204,7 @@ template void ProverBase::execute_preamble_round() const size_t w_randomness = 3; ASSERT(w_randomness < settings::num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < w_randomness; ++k) { - wire_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = - fr::random_element(); + wire_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = fr::one(); } key->polynomial_store.put(wire_tag + "_lagrange", std::move(wire_lagrange)); @@ -298,8 +297,7 @@ template void ProverBase::execute_second_round() ASSERT(w_randomness < settings::num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < w_randomness; ++k) { // Blinding - w_4_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = - fr::random_element(); + w_4_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = fr::one(); } // compute poly w_4 from w_4_lagrange and add it to the cache @@ -466,7 +464,7 @@ template void ProverBase::add_blinding_to_quotient // For details, please head to: https://hackmd.io/JiyexiqRQJW55TMRrBqp1g. for (size_t i = 0; i < settings::program_width - 1; i++) { // Note that only program_width-1 random elements are required for full blinding - fr quotient_randomness = fr::random_element(); + fr quotient_randomness = fr::one(); key->quotient_polynomial_parts[i][key->circuit_size] += quotient_randomness; // update coefficient of X^n'th term diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp index 0209756a25ff..8290ab4c1166 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp @@ -310,7 +310,7 @@ void ProverPermutationWidgetcircuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k] = fr::random_element(); + z_perm[(key->circuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k] = fr::one(); } z_perm.ifft(key->small_domain); diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp index c88e641fc967..10a7a3df20ba 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp @@ -90,7 +90,7 @@ void ProverPlookupWidget::compute_sor const size_t s_randomness = 3; ASSERT(s_randomness < num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < s_randomness; ++k) { - s_accum[((key->circuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::random_element(); + s_accum[((key->circuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::one(); } // Save the lagrange base representation of s @@ -324,7 +324,7 @@ void ProverPlookupWidget::compute_gra ASSERT(z_randomness < num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < z_randomness; ++k) { // Blinding: - z_lookup[((n - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::random_element(); + z_lookup[((n - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::one(); } // Compute and add monomial form of z_lookup to the polynomial store diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp index 9c3f25ee6090..e0335fd7d5b5 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp @@ -834,6 +834,8 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBasepublic_inputs.size(); } + /**x * @brief Print the number and composition of gates in the circuit * diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.cpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.cpp index 5447a0480a6f..a8f4175929b7 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.cpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.cpp @@ -431,11 +431,11 @@ std::vector Transcript::export_transcript() const ASSERT(manifest_element.num_bytes == element_data.size()); } if (!manifest_element.derived_by_verifier) { - // printf("writing element %s ", manifest_element.name.c_str()); + // info("writing element %s ", manifest_element.name.c_str()); // for (size_t j = 0; j < element_data.size(); ++j) { - // printf("%x", element_data[j]); + // info("%x", element_data[j]); // } - // printf("\n"); + // info("\n"); buffer.insert(buffer.end(), element_data.begin(), element_data.end()); } } diff --git a/barretenberg/cpp/yarn.lock b/barretenberg/cpp/yarn.lock new file mode 100644 index 000000000000..fb57ccd13afb --- /dev/null +++ b/barretenberg/cpp/yarn.lock @@ -0,0 +1,4 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + diff --git a/barretenberg/temp/Nargo.toml b/barretenberg/temp/Nargo.toml deleted file mode 100644 index 4db02f45bf0e..000000000000 --- a/barretenberg/temp/Nargo.toml +++ /dev/null @@ -1,7 +0,0 @@ -[package] -name = "temp" -type = "bin" -authors = [""] -compiler_version = "0.18.0" - -[dependencies] \ No newline at end of file diff --git a/barretenberg/temp/Prover.toml b/barretenberg/temp/Prover.toml deleted file mode 100644 index 96c2814b4dd7..000000000000 --- a/barretenberg/temp/Prover.toml +++ /dev/null @@ -1,209 +0,0 @@ - -hashed_message = [ - 0x3a, - 0x73, - 0xf4, - 0x12, - 0x3a, - 0x5c, - 0xd2, - 0x12, - 0x1f, - 0x21, - 0xcd, - 0x7e, - 0x8d, - 0x35, - 0x88, - 0x35, - 0x47, - 0x69, - 0x49, - 0xd0, - 0x35, - 0xd9, - 0xc2, - 0xda, - 0x68, - 0x06, - 0xb4, - 0x63, - 0x3a, - 0xc8, - 0xc1, - 0xe2, -] -message = [ - 0x49, - 0x6e, - 0x73, - 0x74, - 0x72, - 0x75, - 0x63, - 0x74, - 0x69, - 0x6f, - 0x6e, - 0x73, - 0x20, - 0x75, - 0x6e, - 0x63, - 0x6c, - 0x65, - 0x61, - 0x72, - 0x2c, - 0x20, - 0x61, - 0x73, - 0x6b, - 0x20, - 0x61, - 0x67, - 0x61, - 0x69, - 0x6e, - 0x20, - 0x6c, - 0x61, - 0x74, - 0x65, - 0x72, - 0x2e, -] -pub_key_x = [ - 0xa0, - 0x43, - 0x4d, - 0x9e, - 0x47, - 0xf3, - 0xc8, - 0x62, - 0x35, - 0x47, - 0x7c, - 0x7b, - 0x1a, - 0xe6, - 0xae, - 0x5d, - 0x34, - 0x42, - 0xd4, - 0x9b, - 0x19, - 0x43, - 0xc2, - 0xb7, - 0x52, - 0xa6, - 0x8e, - 0x2a, - 0x47, - 0xe2, - 0x47, - 0xc7, -] -pub_key_y = [ - 0x89, - 0x3a, - 0xba, - 0x42, - 0x54, - 0x19, - 0xbc, - 0x27, - 0xa3, - 0xb6, - 0xc7, - 0xe6, - 0x93, - 0xa2, - 0x4c, - 0x69, - 0x6f, - 0x79, - 0x4c, - 0x2e, - 0xd8, - 0x77, - 0xa1, - 0x59, - 0x3c, - 0xbe, - 0xe5, - 0x3b, - 0x03, - 0x73, - 0x68, - 0xd7, -] -signature = [ - 0xe5, - 0x08, - 0x1c, - 0x80, - 0xab, - 0x42, - 0x7d, - 0xc3, - 0x70, - 0x34, - 0x6f, - 0x4a, - 0x0e, - 0x31, - 0xaa, - 0x2b, - 0xad, - 0x8d, - 0x97, - 0x98, - 0xc3, - 0x80, - 0x61, - 0xdb, - 0x9a, - 0xe5, - 0x5a, - 0x4e, - 0x8d, - 0xf4, - 0x54, - 0xfd, - 0x28, - 0x11, - 0x98, - 0x94, - 0x34, - 0x4e, - 0x71, - 0xb7, - 0x87, - 0x70, - 0xcc, - 0x93, - 0x1d, - 0x61, - 0xf4, - 0x80, - 0xec, - 0xbb, - 0x0b, - 0x89, - 0xd6, - 0xeb, - 0x69, - 0x69, - 0x01, - 0x61, - 0xe4, - 0x9a, - 0x71, - 0x5f, - 0xcd, - 0x55, -] \ No newline at end of file diff --git a/barretenberg/temp/Verifier.toml b/barretenberg/temp/Verifier.toml deleted file mode 100644 index ec123a8479fc..000000000000 --- a/barretenberg/temp/Verifier.toml +++ /dev/null @@ -1,2 +0,0 @@ -pub_key_x = ["0x00000000000000000000000000000000000000000000000000000000000000a0", "0x0000000000000000000000000000000000000000000000000000000000000043", "0x000000000000000000000000000000000000000000000000000000000000004d", "0x000000000000000000000000000000000000000000000000000000000000009e", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x00000000000000000000000000000000000000000000000000000000000000f3", "0x00000000000000000000000000000000000000000000000000000000000000c8", "0x0000000000000000000000000000000000000000000000000000000000000062", "0x0000000000000000000000000000000000000000000000000000000000000035", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x000000000000000000000000000000000000000000000000000000000000007c", "0x000000000000000000000000000000000000000000000000000000000000007b", "0x000000000000000000000000000000000000000000000000000000000000001a", "0x00000000000000000000000000000000000000000000000000000000000000e6", "0x00000000000000000000000000000000000000000000000000000000000000ae", "0x000000000000000000000000000000000000000000000000000000000000005d", "0x0000000000000000000000000000000000000000000000000000000000000034", "0x0000000000000000000000000000000000000000000000000000000000000042", "0x00000000000000000000000000000000000000000000000000000000000000d4", "0x000000000000000000000000000000000000000000000000000000000000009b", "0x0000000000000000000000000000000000000000000000000000000000000019", "0x0000000000000000000000000000000000000000000000000000000000000043", "0x00000000000000000000000000000000000000000000000000000000000000c2", "0x00000000000000000000000000000000000000000000000000000000000000b7", "0x0000000000000000000000000000000000000000000000000000000000000052", "0x00000000000000000000000000000000000000000000000000000000000000a6", "0x000000000000000000000000000000000000000000000000000000000000008e", "0x000000000000000000000000000000000000000000000000000000000000002a", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x00000000000000000000000000000000000000000000000000000000000000e2", "0x0000000000000000000000000000000000000000000000000000000000000047", "0x00000000000000000000000000000000000000000000000000000000000000c7"] -pub_key_y = ["0x0000000000000000000000000000000000000000000000000000000000000089", "0x000000000000000000000000000000000000000000000000000000000000003a", "0x00000000000000000000000000000000000000000000000000000000000000ba", "0x0000000000000000000000000000000000000000000000000000000000000042", "0x0000000000000000000000000000000000000000000000000000000000000054", "0x0000000000000000000000000000000000000000000000000000000000000019", "0x00000000000000000000000000000000000000000000000000000000000000bc", "0x0000000000000000000000000000000000000000000000000000000000000027", "0x00000000000000000000000000000000000000000000000000000000000000a3", "0x00000000000000000000000000000000000000000000000000000000000000b6", "0x00000000000000000000000000000000000000000000000000000000000000c7", "0x00000000000000000000000000000000000000000000000000000000000000e6", "0x0000000000000000000000000000000000000000000000000000000000000093", "0x00000000000000000000000000000000000000000000000000000000000000a2", "0x000000000000000000000000000000000000000000000000000000000000004c", "0x0000000000000000000000000000000000000000000000000000000000000069", "0x000000000000000000000000000000000000000000000000000000000000006f", "0x0000000000000000000000000000000000000000000000000000000000000079", "0x000000000000000000000000000000000000000000000000000000000000004c", "0x000000000000000000000000000000000000000000000000000000000000002e", "0x00000000000000000000000000000000000000000000000000000000000000d8", "0x0000000000000000000000000000000000000000000000000000000000000077", "0x00000000000000000000000000000000000000000000000000000000000000a1", "0x0000000000000000000000000000000000000000000000000000000000000059", "0x000000000000000000000000000000000000000000000000000000000000003c", "0x00000000000000000000000000000000000000000000000000000000000000be", "0x00000000000000000000000000000000000000000000000000000000000000e5", "0x000000000000000000000000000000000000000000000000000000000000003b", "0x0000000000000000000000000000000000000000000000000000000000000003", "0x0000000000000000000000000000000000000000000000000000000000000073", "0x0000000000000000000000000000000000000000000000000000000000000068", "0x00000000000000000000000000000000000000000000000000000000000000d7"] diff --git a/barretenberg/temp/proofs/temp.proof b/barretenberg/temp/proofs/temp.proof deleted file mode 100644 index a6079311490e..000000000000 --- a/barretenberg/temp/proofs/temp.proof +++ /dev/null @@ -1 +0,0 @@ -12927b4a9e22618fbdac3efaef752c4a9d3f2fec90d12715ce917daef5f8c5420c9ab980612121d3795d30add9ab0728f34b78ff1084efe468719fe9b64ad7932f4cb40e03732c6bc36b6167fa11772f13acfd301157add1b27e8fdc9cf1b5e70cb323046df8144798855b766f3531b4afc19f51af744ca25cdc893ae6996e7e117296206433ad80196193312e3e7f8e1fcb5f725a1acbf274ff409cee61405d30284fcd31c992f503983887bfcd1f387dbed8da9d8a0a5785922255052dafa42b8aea4d81033f7dcae79dad4441f8bd6ccb57d882e64cf9fba4d262d9f63d600e6b106c36588e07c490cbcae09540c33a7a7b5e90e7a429f956c1a1082f55391f514b585c80ed1321798286ce62c3d569a2d70097d78ead80ceb3c0248427fe02dddcdb39700e599a7e8decfa5d269f246889bab706b727a144a8d2289591fc22848e5fb4212e83d3835bf50691ef2d679a19a841212384f5d488215a052d4626f6cfca9a1915c8906f4eaa20e3f0b0c5638c86faa44e8b936c58b86f1e7427199156be92958284153a42086848f3eaa2a7851a97a1ed47f30abc4737c5a1f625b55590af34ca0cebe674c2bc47650cd1407e1cceaaca8426869717d19277601f533448a796fe5673e87726248e410e83f28f770e24e0f0a2ec5c7dc80b818d139b15a9a73d593630869f355db803b290af919a8fc6683879c901995429e8011fea147da8f1805b203d19835830f1a9f879821d9a937eb1fbf0b8417d1c8a9819a4c828cdeb021e336d6cf5606bd6a69609479dac33e3463a9999f3e96925e30178d52f09fa8d6839de29e55b53f7a3e2cb2c97d769f0da1d080e599fdba7bf2515945d35e63fdf768d9c7917270ca4527560e5639cf5860dbe7fca6a6758b42184812fdfc9207f3f7d241fb0a03f3f885d1ac704631e88bc38126f40752b871299fb2b68813dbd3e6b52506dd19c3af9071c70a80602193aa380aaab180e5e0d76c2530d3d0b504affaef803b2325aa25e5f41f68f8a2b789924c2f77408f82ffb6dfc1c1e3f6945bceeedcb281ddd1ee3d3c629d10651a82154e9d7d7f9fb2e49800c81524f2b000e002c875d3760c388fee505ccee4cacdd50203ff3074704b5851dba6cae1d2467f083714b2c6e72685227351446e686064036275171552680325a439a3cbc5f6464dc0093088556052ff3184dcd26c00c33573e4768d807aef99bec514c11a2d399e675e2c70620810de8fc2a2bbb6c1dc9ef4fe9a72a22f745697b953580222e9610c1f6f7fd32550f2d6aad007ad873ce6ea475d44f0da85217cd38b01293b2ce2a6513a5e26cc39a880576245f09aeac6075260f911c28663cc56d487952b457dc91a6c4f588cd96735ad6a2d80c7c6b8e7640ba4321073bed7e16c7a7842f3e5838f6c5ab3ff880d398971b597bd6b8469305e11c0f523d166359c70eded3750674a40ca4155446b2b69a02f72db8fd09a77c219710ac900dc6626af6d115596246c4bc4ce85e1933edc440687768127dae7a117d15786e49c52bd4dea6fe2df4398347962de3b1b9e8382aeaeec4374142eb0a171a663e6b9068a3877cdc1edab704696e70c15f0dbdeb24c1e5e568c476cc6df2220f4c8c4ee95ce39bcad02240656461fdd0f3802d8cc728468ca09d7da5c22b024af340742bdcda51d51f34ff3e822f934ae9ca1eef1323e6ce68fbb246e6881107d2a1911c8e9bc0e699bdb411de4b9f3205669e8521dda3d4ccaaefb1f29d3062d77591e5c34f52af68880bfa30fb48e81d8eaafc018e3842ae9b16b97aa004cf35db0d7e57bb3c93f5f311550d7787b27976642878642ee0d8990b51e6bd0a1eed331ef38594d0a9235d80b8486bd39708b6c377cc9af4998cff37c7c2b2234827391abb4e2b2fa71162e661b094fd3d251b36790877697b30175060e7421148d84c5e84c92ab3e097dc5f2edd88e11c1f7dcab05cbb953960dcb1df5c38220940241bfd76ac2764e5052057cb9e31b213b3e58ba76b0cb7d93101fd26f11154fc4feda96234b20658e18f684ceecd8760edce94f4826c3857860ef6f3aa08ff171878fc48ca3c32eab2bd217cd45a6ff80f8c9b2c2ffc7a29fe839dd14003de550f3974e339f2594a37c95c0b145e13f68363ec45a2804ef81095ed845a08b47d7f2a42641b2cf61e4686f7f88386d68b563ccc8695def8a557c9e34b1a2bdf664c64cc5226c347ffc35cef734bd8e305a43ff182b7f56e4ee4caeb07cf2c2e7bd1ee2054c8f05c8855fcc33922d5e9142cab6e9920c6708dc4b6928cff0d07d4a0e75d8439e215d83b71b0f9c60823e6664b42d3bff13050e5774ce7ca17c102fee371b13a8b6670a14ce07d4b802035dc62eb03c12dd4749d90982a2c13a7c4b52bdd4353cdb847951930b0140e8fac8383629ed51774bc3ceebc0d53200031a24f71973c443170b2666fb8e8df0cfc7d769e08301119cd49e0f8b11308fd1d172fe58dfdf701cd22a27693c1b2a5dfe975e7dc1ea72a2cb2b6c7eace2bad8181f94a0481be9ad90f95c6df046ef87e40d0339be2192937c3b4abbd5e0576a15ebff1d3f357fd565331bce4ce432a8e94cb53079bbb585aeba450a8c4232c31e6f2f42795ec9b3d14cb70d23dd53f8b9a881af40ef0f0d2ca0eac421d0d5b7f04a8c58d6028dc812cdd22c59f73cc09227766c0667da2fa69084d2735208a335ecd6fecc25b38f80337fa495cc17ecbab966857efa9caaba85b45cb1c2dde514298ae7007d7b59367770f45a3489c3b45bafe273bce6415f5d44481662cb1085c230cbac243a017ac9fd4751d5af04e5b0d01f040f88f3634397dc6cd17f083e1c975c7465120506edc1d4513ed302bf3d0c5432a7ad8d5b5b2b3fc97136a39ae798e1add0376f6ad4dc2ef608e7adbc7c388eeefee3fc0da67e4033c051130407a05239f0dfdbb892def3167115469b90ca3efd143bd002df25dd5a81ccf9ed8200eb4c9fa744b3f8c0469927a253185fc9d009a79d6409a336da130 \ No newline at end of file diff --git a/barretenberg/temp/src/main.nr b/barretenberg/temp/src/main.nr deleted file mode 100644 index a2c8f5c4bfd0..000000000000 --- a/barretenberg/temp/src/main.nr +++ /dev/null @@ -1,5 +0,0 @@ -use dep::std; - -fn main(pub_key_x : pub [u8; 32], pub_key_y : pub [u8; 32], signature : [u8; 64], hashed_message : [u8; 32]) { - assert(true == std::ecdsa_secp256k1::verify_signature(pub_key_x, pub_key_y, signature, hashed_message)); -} \ No newline at end of file diff --git a/barretenberg/temp/target/acir b/barretenberg/temp/target/acir deleted file mode 100644 index 3e34e3fad20d..000000000000 --- a/barretenberg/temp/target/acir +++ /dev/null @@ -1 +0,0 @@ -H4sIAAAAAAAA/6WW5W+bZxxF32TUMTOlHWVsx3Zij5p2lDEzJV6dZcxMKTMzJ/1L2yM/V3LP175S9Oj0Q1S19/7OXayq6lTV/4bO/AyXd8kAD4vPE58vvkB8ofgi8RLxxeJLxJeKLxNfLr5CfKX4KvHV4mvE14qvE18vvkF8o/gm8c3iW8S3im8T3y6+Q3yneES8VLxMfJf4bvE94nvF94lHxfeLHxA/KH5I/LD4EfGj4pq4Lh4TN8RNcUs8Lp4Qt8Ud8WPix8VPiJ8UPyVeLp4UrxCvFD8tfkb8rPg58fPiKfEL4hfFL4lfFr8iflX8mvh18RviN8Vvid8WvyN+V/ye+H3xB+IPxR+JPxZ/Iv5U/Jl4Wjwj7oo/F68S98Sz4i/Ec+IvxV+JvxZ/I/5W/J34e/EP4h/FP4l/Fv8i/lX8m/h38R/iP8V/if8W/yP+V/yf+H/xvHi1eI14rXideL14g3ijeJN4s3iLeKt4m3i7eId4p3iXeLd4j3iveJ94v/iA+KD4kPiw+Ij4qPiY+Lj4hPikeGGA2V4jVf8bKn8+XN7svuy97Lzsu+y6/GTHZb9lt2WvZadln2WXZY9lh2V/ZXdlb2VnZV9lV2VPZUdlP2U3ZS9lJ2UfZReNDLx8SwsvK2/2T3ZP9k52TvbNaHmzZ7Jjsl+yW7JXslOyT7JLskeyQ7I/sjuyN7Izsi+yK7InsiOyH7IbsheyE7IPJgdevhWFV5Y3OyD+j/fj+3h+qrzxenwej8ff8XZ8HU/Hz/FyfBwPx7/xbnwbz8av8Wp8Go/Gn/FmfBlPTpd3przd8saD8V+8F9/Fc3Pljdfis3gs/oq34qt4Kn6Kl+KjeCj+iXfim3gmfolX4pN4JP6IN+KLeGK+OrsP8UO8EB/EA7n/ufu595vKm/ueu557njue+527nXudO537nLuce5w7nPubu5t7mzub+5q7mnuaO5r7mbuZe7lQ3sXq7G+ovJPlbdTGm83exFiv3qjP1MY63Xar1mx1x9v1dr3Vbq0aazcavXazPdHpdiZqnXqz0avPtjqN2Vr/Wxz4XbVz++rT5ffQXXpLZ+krXaWndHSq6neTXtJJ+kgX6SEdpH90j97ROfpG1+gZHaNfdIte0Sn6RJfoER3i70B36A2doS90hZ7Qkbmq3w16QSfoA12gB3SA/JN9ck/myTtZJ+dknHyTbXJNpskzWSbHZHi+6meWvJJVckpGySfZJJdkkjySRXJIBskf2SN3ZI68kTVyRsbIF9kiV2SKPJElckSGyA/ZWRj4/4xzcSkexaH4M+7EmfgSV+JJHIkfcSNexIn4EBfiQRyI/3Af3sN5+A7X4Tkch99w20jVdxkew2H4C3fhLZw1WvVdhadwFH7CTXgJJ+EjXISHcBD+wT14B+fgG1yDZ3AMfsEteGX5wL/B4HcagYvq9oASAAA= \ No newline at end of file diff --git a/barretenberg/temp/target/debug_temp.json b/barretenberg/temp/target/debug_temp.json deleted file mode 100644 index 85393a80a8ad..000000000000 --- a/barretenberg/temp/target/debug_temp.json +++ /dev/null @@ -1 +0,0 @@ -{"debug_symbols":[{"locations":{"160":[{"span":{"start":145,"end":232},"file":1}],"161":[{"span":{"start":137,"end":232},"file":1}]}}],"file_map":{"1":{"source":"use dep::std;\n\nfn main(pub_key_x : pub [u8; 32], pub_key_y : pub [u8; 32], signature : [u8; 64], hashed_message : [u8; 32]) {\n assert(true == std::ecdsa_secp256k1::verify_signature(pub_key_x, pub_key_y, signature, hashed_message));\n}","path":"/mnt/user-data/sean/docs/aztec3-packages/barretenberg/temp/src/main.nr"}},"warnings":[]} \ No newline at end of file diff --git a/barretenberg/temp/target/temp.json b/barretenberg/temp/target/temp.json deleted file mode 100644 index 11efa40e9071..000000000000 --- a/barretenberg/temp/target/temp.json +++ /dev/null @@ -1 +0,0 @@ -{"noir_version":"0.18.0+e89f364c4de05070eb341faa5d6d4b117802b375","hash":4461216965720842693,"backend":"acvm-backend-barretenberg","abi":{"parameters":[{"name":"pub_key_x","type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"public"},{"name":"pub_key_y","type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"public"},{"name":"signature","type":{"kind":"array","length":64,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"private"},{"name":"hashed_message","type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"private"}],"param_witnesses":{"hashed_message":[129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160],"pub_key_x":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],"pub_key_y":[33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64],"signature":[65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128]},"return_type":null,"return_witnesses":[]},"bytecode":"H4sIAAAAAAAA/6WW5W+bZxxF32TUMTOlHWVsx3Zij5p2lDEzJV6dZcxMKTMzJ/1L2yM/V3LP175S9Oj0Q1S19/7OXayq6lTV/4bO/AyXd8kAD4vPE58vvkB8ofgi8RLxxeJLxJeKLxNfLr5CfKX4KvHV4mvE14qvE18vvkF8o/gm8c3iW8S3im8T3y6+Q3yneES8VLxMfJf4bvE94nvF94lHxfeLHxA/KH5I/LD4EfGj4pq4Lh4TN8RNcUs8Lp4Qt8Ud8WPix8VPiJ8UPyVeLp4UrxCvFD8tfkb8rPg58fPiKfEL4hfFL4lfFr8iflX8mvh18RviN8Vvid8WvyN+V/ye+H3xB+IPxR+JPxZ/Iv5U/Jl4Wjwj7oo/F68S98Sz4i/Ec+IvxV+JvxZ/I/5W/J34e/EP4h/FP4l/Fv8i/lX8m/h38R/iP8V/if8W/yP+V/yf+H/xvHi1eI14rXideL14g3ijeJN4s3iLeKt4m3i7eId4p3iXeLd4j3iveJ94v/iA+KD4kPiw+Ij4qPiY+Lj4hPikeGGA2V4jVf8bKn8+XN7svuy97Lzsu+y6/GTHZb9lt2WvZadln2WXZY9lh2V/ZXdlb2VnZV9lV2VPZUdlP2U3ZS9lJ2UfZReNDLx8SwsvK2/2T3ZP9k52TvbNaHmzZ7Jjsl+yW7JXslOyT7JLskeyQ7I/sjuyN7Izsi+yK7InsiOyH7IbsheyE7IPJgdevhWFV5Y3OyD+j/fj+3h+qrzxenwej8ff8XZ8HU/Hz/FyfBwPx7/xbnwbz8av8Wp8Go/Gn/FmfBlPTpd3przd8saD8V+8F9/Fc3Pljdfis3gs/oq34qt4Kn6Kl+KjeCj+iXfim3gmfolX4pN4JP6IN+KLeGK+OrsP8UO8EB/EA7n/ufu595vKm/ueu557njue+527nXudO537nLuce5w7nPubu5t7mzub+5q7mnuaO5r7mbuZe7lQ3sXq7G+ovJPlbdTGm83exFiv3qjP1MY63Xar1mx1x9v1dr3Vbq0aazcavXazPdHpdiZqnXqz0avPtjqN2Vr/Wxz4XbVz++rT5ffQXXpLZ+krXaWndHSq6neTXtJJ+kgX6SEdpH90j97ROfpG1+gZHaNfdIte0Sn6RJfoER3i70B36A2doS90hZ7Qkbmq3w16QSfoA12gB3SA/JN9ck/myTtZJ+dknHyTbXJNpskzWSbHZHi+6meWvJJVckpGySfZJJdkkjySRXJIBskf2SN3ZI68kTVyRsbIF9kiV2SKPJElckSGyA/ZWRj4/4xzcSkexaH4M+7EmfgSV+JJHIkfcSNexIn4EBfiQRyI/3Af3sN5+A7X4Tkch99w20jVdxkew2H4C3fhLZw1WvVdhadwFH7CTXgJJ+EjXISHcBD+wT14B+fgG1yDZ3AMfsEteGX5wL/B4HcagYvq9oASAAA="} \ No newline at end of file From 66aa9c1718ef6cb03c2de789ef193c3d029211ed Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 00:17:42 +0000 Subject: [PATCH 07/21] feat: add solidity testing pipeline --- barretenberg/acir_tests/bash_helpers/catch.sh | 28 +++ barretenberg/acir_tests/flows/sol.sh | 72 +++----- .../sol-test/{src/contracts/src => }/Test.sol | 1 + .../{src/contracts/src => }/Verifier.sol | 2 +- barretenberg/acir_tests/sol-test/package.json | 3 +- barretenberg/acir_tests/sol-test/proof | Bin 2144 -> 0 bytes .../sol-test/src/contracts/.gitignore | 14 -- .../sol-test/src/contracts/foundry.toml | 6 - .../sol-test/src/contracts/src/Key.sol | 72 -------- barretenberg/acir_tests/sol-test/src/index.js | 145 ++++++++------- barretenberg/acir_tests/sol-test/yarn.lock | 168 ++++++------------ 11 files changed, 177 insertions(+), 334 deletions(-) create mode 100644 barretenberg/acir_tests/bash_helpers/catch.sh rename barretenberg/acir_tests/sol-test/{src/contracts/src => }/Test.sol (92%) rename barretenberg/acir_tests/sol-test/{src/contracts/src => }/Verifier.sol (99%) delete mode 100644 barretenberg/acir_tests/sol-test/proof delete mode 100644 barretenberg/acir_tests/sol-test/src/contracts/.gitignore delete mode 100644 barretenberg/acir_tests/sol-test/src/contracts/foundry.toml delete mode 100644 barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol diff --git a/barretenberg/acir_tests/bash_helpers/catch.sh b/barretenberg/acir_tests/bash_helpers/catch.sh new file mode 100644 index 000000000000..888af3cbb44e --- /dev/null +++ b/barretenberg/acir_tests/bash_helpers/catch.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# Handler for SIGCHLD, cleanup if child exit with error +handle_sigchild() { + for pid in "${pids[@]}"; do + # If process is no longer running + if ! kill -0 "$pid" 2>/dev/null; then + # Wait for the process and get exit status + wait "$pid" + status=$? + + # If exit status is error + if [ $status -ne 0 ]; then + # Create error file + touch "$error_file" + fi + fi + done +} + +check_error_file() { + # If error file exists, exit with error + if [ -f "$error_file" ]; then + rm "$error_file" + echo "Error occurred in one or more child processes. Exiting..." + exit 1 + fi +} \ No newline at end of file diff --git a/barretenberg/acir_tests/flows/sol.sh b/barretenberg/acir_tests/flows/sol.sh index 1c1fedb228db..e06bbd727fec 100755 --- a/barretenberg/acir_tests/flows/sol.sh +++ b/barretenberg/acir_tests/flows/sol.sh @@ -1,52 +1,26 @@ - #!/bin/sh set -eu -# anvil & - -TEST_PATH="../../sol-test" -CONTRACTS_PATH="$TEST_PATH/src/contracts" -WITNESS_PATH="$(pwd)/target/witness.gz" -PROOF_PATH="$(pwd)/proof" -PROOF_AS_FIELDS_PATH="$(pwd)/proof_fields.json" - -# if [ -n "$VERBOSE" ]; then - - gates=$($BIN gates -v 2>&1 | tr -d '\0') - NUM_PUBLIC_INPUTS=$(echo "$gates" | grep -o 'public inputs: [0-9]*' | awk '{print $3}') - - $BIN prove -o proof - $BIN write_vk -o vk - $BIN proof_as_fields -k vk -c $CRS_PATH -p $PROOF_PATH - $BIN contract -k vk -c $CRS_PATH -b ./target/acir.gz -o $CONTRACTS_PATH/src/Key.sol - - # $BIN prove -v -o proof - # $BIN write_vk -v -o vk - # $BIN contract -k vk -v -c $CRS_PATH -b ./target/acir.gz - -(cd $CONTRACTS_PATH; forge build --silent) > /dev/null - -export PROOF=$PROOF_PATH -export PROOF_AS_FIELDS=$PROOF_AS_FIELDS_PATH -export WITNESS=$WITNESS_PATH -export NUM_PUBLIC_INPUTS=$NUM_PUBLIC_INPUTS -# (cd ../../sol-test; node src/index.js > /dev/null 2>&1) -(cd ../../sol-test; node src/index.js) - - - - - - - -# else -# gates=$($BIN gates -v) -# echo "$gates" -# NUM_PUBLIC_INPUTS=$(echo "$gates" | grep -o 'public inputs: [0-9]*' | awk '{print $3}') -# echo "NUM_PUBLIC_INPUTS: $NUM_PUBLIC_INPUTS" - -# $BIN gates -# $BIN prove -o proof -# $BIN write_vk -o vk -# $BIN contract -k vk -c $CRS_PATH -b ./target/acir.gz -o $CONTRACTS_PATH/src/Key.sol -# fi \ No newline at end of file +export PROOF="$(pwd)/proof" +export PROOF_AS_FIELDS="$(pwd)/proof_fields.json" + +# Get the number of public inputs in the circuit +gates=$($BIN gates -v 2>&1 | tr -d '\0') +export NUM_PUBLIC_INPUTS=$(echo "$gates" | grep -o 'public inputs: [0-9]*' | awk '{print $3}') + +# Create a proof, write the solidity contract, write the proof as fields in order to extract the public inputs +$BIN prove -o proof +$BIN write_vk -o vk +$BIN proof_as_fields -k vk -c $CRS_PATH -p $PROOF +$BIN contract -k vk -c $CRS_PATH -b ./target/acir.gz -o Key.sol + +# Export the paths to the environment variables for the js test runner +export KEY_PATH="$(pwd)/Key.sol" +export VERIFIER_PATH=$(realpath "../../sol-test/Verifier.sol") +export TEST_PATH=$(realpath "../../sol-test/Test.sol") + +# Use solcjs to compile the generated key contract with the template verifier and test contract +# index.js will start an anvil, on a random port +# Deploy the verifier then send a test transaction +export TEST_NAME=$(basename $(pwd)) +node ../../sol-test/src/index.js \ No newline at end of file diff --git a/barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol b/barretenberg/acir_tests/sol-test/Test.sol similarity index 92% rename from barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol rename to barretenberg/acir_tests/sol-test/Test.sol index 0ee39f166882..3b7535b595e7 100644 --- a/barretenberg/acir_tests/sol-test/src/contracts/src/Test.sol +++ b/barretenberg/acir_tests/sol-test/Test.sol @@ -1,3 +1,4 @@ +// THIS FILE WILL BE COPIED pragma solidity >=0.8.4; import {Verifier} from "./Verifier.sol"; diff --git a/barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol b/barretenberg/acir_tests/sol-test/Verifier.sol similarity index 99% rename from barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol rename to barretenberg/acir_tests/sol-test/Verifier.sol index 7a422ce148eb..a1c7a79a8f4e 100644 --- a/barretenberg/acir_tests/sol-test/src/contracts/src/Verifier.sol +++ b/barretenberg/acir_tests/sol-test/Verifier.sol @@ -1,4 +1,4 @@ - +// THIS FILE WILL BE COPIED // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; diff --git a/barretenberg/acir_tests/sol-test/package.json b/barretenberg/acir_tests/sol-test/package.json index 38b5d87ae884..f346b9e42f6a 100644 --- a/barretenberg/acir_tests/sol-test/package.json +++ b/barretenberg/acir_tests/sol-test/package.json @@ -8,6 +8,7 @@ "start": "node ./src/index.js" }, "dependencies": { - "ethers": "^6.8.1" + "ethers": "^6.8.1", + "solc": "^0.8.22" } } diff --git a/barretenberg/acir_tests/sol-test/proof b/barretenberg/acir_tests/sol-test/proof deleted file mode 100644 index fbbc62094e5f989389309c952583b821d51b8a1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2144 zcmV-m2%q;E4h*6h0Jc!raBQk!Ap@Z7&@J>dm}Mierx7KmT8QE!suT9cLe2~3SMG9% zym8o0+`vqS5s^JEW6%zUx229CiT2@GrQ?CqueK9Apu_JM z@G=y#Xjg%y!(HSn)(xa9GU&9PMAS1DI)RKrnTOg1mS~kWsQ>pU&elBnmsO|y&4q~s z2k7go29!(;nse?WvH875hi9y?W`!H)K4M1cfAa_SwlA*A5|%!zA6AD2hBkGzVym6b zd5rJiBCH0x&KaxDIPnCpZ51JF0X8l)8_{-mN2tiGYFMygz9s^8%*iXtgP zM=-nDv4nh(WK>FRmy?YP<&dRH?RSxv%r`3=E(U8bKVDVbNld50UL0vyI0e^<%~EMB zR(a`a1mBenrbk_Zl3MzQz)_#zJtAxUjZFf!pMj?2bFl+O)h(P0TpMex@H+cVd*@GRidB5?z+4_}vnkU<6Q=f= zkKukAQvT3#6iS>Ei~L(iq}}OF>CXFrc6zdthCL?HP79wP%r0fc0pl z^07W8TEiYO2C)`O>!mU6Ge`4L29N_J=hL?a&+<^t^YczMEKjZ}k@nvGpwRL4m4Lsg zu!k9+}GBI@pN5F2qyx#-mgeD9|6uc7-V&m_%(z(V9}es-x5e-z}w@ZeDJ zroW8L-MCb^UVy11GD71wbLYKv$^88?P0xM}`b=o4V`~*g|6k9s-fWx&^VI4m7SG`t zTVG|y91@!OqY!88m2cdrq7|RRX(~i7U>U#MDPQKD3hoBRs4v1L{RDR4;=Dj=GAB&X zEAn6v1NU+AA*X?8x2Bg=w}w5bdE6UDLbIc`BlCa&n+Jv>j!D=#I3-!=n${-{<6`;$n_S@a_QR97wh$L{H7{>X=gnfoifG z51tE8`tVL&0m-h4PgEfNTJzf=f*7U$AFffBHWK!|$1sw5PxMVR6g|&b=rx3dXr#*y z*Gy3|Ggk1=F^s||kP|Ym8yHHbMfxb+akA@E;OG`FCcrodR+dctX*iiR^`ds>z(wNJ zXNUO>FFipC;_`?TjI4w@Zr=hc&L`O%&Or$q48N&QfLWy~l5KpXy;wmIKKOE0>op;j z{rpG`TN-7i&`r~FCPtyNQ03!tg(nm$Ag8}&#lZ<2?9ss7g$4GmEsjA~UO=)f>iu?s3;O>5S zom&t0NBIF{&AQUDFNcR}F#_sHgPJO;!glQr!$3O}dGP$43UC2|z<^8`!;qt|jVQZ1 zP+*~4&NK}jsUa`^XMOgaNs?#D^+l2|qbh?8G)O=#h?m(wWSm+i7G3$v&-V`#6N+yu z*2_4arhKAB?ef#Q&mub2jMx8$)!*6s4u!(cesUBWsgbE%M zP56%e>fUe$Z0IW#DpL&$EyH^!FRbLO1qM!}E4@onVJeVfG*3f3kMu%_6X;n5=U`OJ z?nYW(LAJSURUPa=gJ;_s>WAcgey2I04BhJl72H$$sbRc!Pd}`1w_z=cvSiVu)nx(3u`W!Op+MYdA6nol;#!EF~0-<;hye WVZoz~eD)XFB(D!b>`jsW6dKBkp(Bj| diff --git a/barretenberg/acir_tests/sol-test/src/contracts/.gitignore b/barretenberg/acir_tests/sol-test/src/contracts/.gitignore deleted file mode 100644 index 85198aaa55b8..000000000000 --- a/barretenberg/acir_tests/sol-test/src/contracts/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -# Compiler files -cache/ -out/ - -# Ignores development broadcast logs -!/broadcast -/broadcast/*/31337/ -/broadcast/**/dry-run/ - -# Docs -docs/ - -# Dotenv file -.env diff --git a/barretenberg/acir_tests/sol-test/src/contracts/foundry.toml b/barretenberg/acir_tests/sol-test/src/contracts/foundry.toml deleted file mode 100644 index e883058fb294..000000000000 --- a/barretenberg/acir_tests/sol-test/src/contracts/foundry.toml +++ /dev/null @@ -1,6 +0,0 @@ -[profile.default] -src = "src" -out = "out" -libs = ["lib"] - -# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol b/barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol deleted file mode 100644 index 97977402a9b4..000000000000 --- a/barretenberg/acir_tests/sol-test/src/contracts/src/Key.sol +++ /dev/null @@ -1,72 +0,0 @@ -// Verification Key Hash: 08cb50f133d8799beba0350f03b7d0e56fe1ecabaa5dd3140d1078fa30182619 -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -library UltraVerificationKey { - function verificationKeyHash() internal pure returns(bytes32) { - return 0x08cb50f133d8799beba0350f03b7d0e56fe1ecabaa5dd3140d1078fa30182619; - } - - function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { - assembly { - mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000080000) // vk.circuit_size - mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000010) // vk.num_inputs - mstore(add(_vk, 0x40), 0x2260e724844bca5251829353968e4915305258418357473a5c1d597f613f6cbd) // vk.work_root - mstore(add(_vk, 0x60), 0x3064486657634403844b0eac78ca882cfd284341fcb0615a15cfcd17b14d8201) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x12a0f5ff7d26c3826ac79b850f8ba31d24e07505751f1e4c70c8ed5919af08e1) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x161d4940c71cc45f179665eb090af82a9ba911b6736a2eea9d6cd966662205ff) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x159f7f8fbd9d64c5681c04aec9d3bf7997d899fa1f39485f1042f3ead3a105ca) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x0851200583ba0caae80442a2dd47358c6ab2bbed7b18f2225fd393d1426f0591) // vk.Q2.y - mstore(add(_vk, 0x100), 0x18530c1f86d2cf6024fe31ca984ff8c062052499c08f3ba3b95e51adccfeec52) // vk.Q3.x - mstore(add(_vk, 0x120), 0x1e5b70b70c84124466cea7a7caf88ee09a6b522d6066009422d0df4a2acdbd5d) // vk.Q3.y - mstore(add(_vk, 0x140), 0x2062f85a4fbea66c0ac70fe0238a5b7d075050ff0dc53b46161d4364766e633a) // vk.Q4.x - mstore(add(_vk, 0x160), 0x1e00321717ce90f481718f0a7e7a09769cb12ef948de1dccbb097b8d861696d1) // vk.Q4.y - mstore(add(_vk, 0x180), 0x1b39889163aa4d888198d41c19a01494c55d3dc58e14308f212edc3e5ce4ecfc) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x29e99aa96ca6fa664d61f4dda17c908c364ede89c4c2e1492ef74f7d9a4c3946) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x2cd3d1930c3093ca25d7b6c0def3d80d2184cad58da3b94938bc5776b45c0899) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x2d7850284634606b54d9204c6a45fae05ce5ff7080e116237f97505f029f3728) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x0d818ab043ebe7c76f961eeb9dbc685456376e074c3cd22446e2361fc9d1e643) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x20b6b3509ddbda7baebb9769923ca6046e3c7e816123aac254667d9a964908c5) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x0e4d1f25873b71b1d3684fcd72f92ca43f0cae896706bedc7be7546cf3914372) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x20cca69394f8f64c8414dd1c93c76cf7fe1fa95200e64f6e239ab35dca89fb4e) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x303587022a3705d1918aec6b23296bc4631493b8f67844170c461ede54edf455) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x1f184b6844676c182112a60ca447810251bb4a5b0f6acd975f66aca66e8bc54c) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x1bbc5f8a33374772ae5af40f3d17cc07387e36d0feac1a6274421d24796e16be) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x0e9bc4472e9491328673c2118574c538fff863973449a6eca42b8285a3695002) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x0193ff19eca736a81fcd13b7822a7bda04e3ec791bba453a7678dca0a0e83418) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x11f8b1580d61fce65ac87d234e167bf2c1340d404905bb203c0853683dbc8ae4) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x24a473ad1cfd6dea405398e9d25999a03316e53ccdd39f47ce7fe8eb2aa56d7d) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x1ed15290b19173ab60dc6b961f0196bb6de6b6e0c9a0b61fedccb84f98807fc1) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x080ffc991b8c35f19951c8c717524213b416fdf5f603ff123b29771ccd78b325) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x09d3a6849ada0c8b666a9b3a6184560c7eadb5c8db92d630f6974e1d903f0446) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x0b65b24709ace712e4a67da7e2c7b6e05efc4847cfb6187a29d6b86a16db9982) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x2f5fea687f63d33de847a3cad2dbe3bbe4545089846e917120a2a10f4d5aa538) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x0ddc3b6d8e59cf0996ca71ad4132ca9d618ffd933cf58a8a0953dc76f97cf108) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x153193287060386695f4f2d0d3525dec4c6a253f431d3f3fc06aa0e5b0448b8c) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x1170f0ece62f8c572bca96b141d27f4bd25585edb9319128045c005d48491b1e) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x246cd041690f653f88ed0c56ad282a3dd2e37b8edb1f56b785809d7710bf1c88) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x26153c937447356a0c6d6be09d85eb34bc8a00ce9d452888e5fc2b5a7e14fed7) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x189da022421fbd8dfd7973084d978e555388ad9364679246b07992f84b4e91b2) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x285311c5e9a4cbb56a3f04f29d5443e8c0f9753e2a5a35acec051fafe2cecce5) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x2436400260c9d3180beedd0bf49fec92d2d0ac76a1be7f1fad96cbd997175312) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x2fc4d853b4c27e7e786acbdcf923f480b6319b64010387b20567a2a77c0af526) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x2b622e477101c5031408649f94dca70af298e2674a43c0510732b8ecd497168b) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x045773114cf89e3a78d27c460766f93348c6a41a91cfead506356b479bbf11f5) // vk.ID1.x - mstore(add(_vk, 0x560), 0x144f66362e3d2c0358a1d9133b11c78c81755727c9596e527b794989481f5745) // vk.ID1.y - mstore(add(_vk, 0x580), 0x0faf560e0a7b195a8438ce3752ff10b3aa25ef949b12058696ad41d3b5892c52) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x1ccbcd7fc0e505b2b9fc826a909f0d5d96be17141fa7f7bb9c26ce80d4a216cc) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x084785e3d73b6963b15b2dad4ee12c15a23e84837dc95d1ad8a93cdaf92a4eec) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x2a26e01d253617b778db8ba08b9bc3f19f7ca9c514f6ee7bd39a0784e790e76a) // vk.ID3.y - mstore(add(_vk, 0x600), 0x2c44a0d9719d3df20016b9475ba90e0e82cabbd6e00e14bb1fdc099199a67be3) // vk.ID4.x - mstore(add(_vk, 0x620), 0x0b2cab5b56a3772a6eaf946d5a94bf85cef356d42e71db12960bba7848e5297b) // vk.ID4.y - mstore(add(_vk, 0x640), 0x01) // vk.contains_recursive_proof - mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 - mstore(_omegaInverseLoc, 0x06e402c0a314fb67a15cf806664ae1b722dbc0efe66e6c81d98f9924ca535321) // vk.work_root_inverse - } - } -} diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 7cfacc78544b..6b4846a7973f 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -1,14 +1,13 @@ -import fs, { readFileSync } from "fs"; +import fs from "fs"; +const {readFileSync, promises: fsPromises} = fs; import {spawn} from "child_process"; import {ethers} from "ethers"; +import solc from "solc"; -import ABI from "./contracts/out/Test.sol/Test.json" assert { type: "json" }; -import { gunzipSync } from "zlib"; +// TODO: create temp directories and pass them into here -const readWitnessFile = (path) => { - const buffer = fs.readFileSync(path); - return gunzipSync(buffer); -}; +// We use the solcjs compiler version in this test, although it is slower than foundry, to run the test end to end +// it simplifies of parallelising the test suite const getEnvVar = (envvar) => { const varVal = process.env[envvar]; @@ -18,12 +17,54 @@ const getEnvVar = (envvar) => { return varVal; } -const launchAnvil = async () => { - const handle = spawn("anvil"); - // console.log("Anvil Launched"); - handle.on("close", (code) => { - console.log(`anvil exited with code ${code}`) - }); +const testName = getEnvVar("TEST_NAME"); + +// Get Solidity files from random dir +const keyPath = getEnvVar("KEY_PATH"); +const verifierPath = getEnvVar("VERIFIER_PATH"); +const testPath = getEnvVar("TEST_PATH"); +const encoding = {encoding: "utf8"}; +const [key, test, verifier] = await Promise.all( + [ + fsPromises.readFile(keyPath, encoding), + fsPromises.readFile(testPath, encoding), + fsPromises.readFile(verifierPath, encoding) + ]); + + +var input = { + language: 'Solidity', + sources: { + 'Key.sol': { + content: key + }, + 'Test.sol': { + content: test + }, + 'Verifier.sol': { + content: verifier + } + }, + settings: { + optimizer: { + enabled: true, + runs: 200 + }, + outputSelection: { + '*': { + '*': ['evm.bytecode.object', 'abi'] + } + } + } +}; + +var output = JSON.parse(solc.compile(JSON.stringify(input))); +const contract = output.contracts['Test.sol']['Test']; +const bytecode = contract.evm.bytecode.object; +const abi = contract.abi; + +const launchAnvil = async (port) => { + const handle = spawn("anvil", ["-p", port]); // wait until the anvil instance is ready on port 8545 await new Promise((resolve) => { @@ -39,8 +80,8 @@ const launchAnvil = async () => { return handle; } -const deploy = async (abi, signer) => { - const factory = new ethers.ContractFactory(abi.abi, abi.bytecode.object, signer); +const deploy = async (signer) => { + const factory = new ethers.ContractFactory(abi, bytecode, signer); // console.log("Deploying Contract..."); const deployment = await factory.deploy(); const deployed = await deployment.waitForDeployment(); @@ -54,7 +95,6 @@ const deploy = async (abi, signer) => { * @returns {Array} */ const readPublicInputs = (numPublicInputs, proofAsFields) => { - // console.log("numPublicInputs: ", numPublicInputs); const publicInputs = []; for (let i = 0; i < numPublicInputs; i++) { publicInputs.push(proofAsFields[i]); @@ -62,92 +102,49 @@ const readPublicInputs = (numPublicInputs, proofAsFields) => { return publicInputs; } -// start anvil -async function main() { - // const anvil = await launchAnvil(); - // const killAnvil = () => { - // anvil.kill(); - // } +const main = async () => { + // start anvil + const randomPort = Math.floor(Math.random() * 10000) + 10000; + const anvil = await launchAnvil(randomPort); + const killAnvil = () => { + anvil.kill(); + console.log(testName, " complete") + } try { - // console.log("getting witness"); - const witnessPath = getEnvVar("WITNESS"); - const witness = readWitnessFile(witnessPath); - // console.log(witness.toString()); - const proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS"); const proofAsFields = readFileSync(proofAsFieldsPath); const numPublicInputs = +getEnvVar("NUM_PUBLIC_INPUTS"); const publicInputs = readPublicInputs(numPublicInputs, JSON.parse(proofAsFields.toString())); - // console.log("getting proof"); const proofPath = getEnvVar("PROOF"); - // console.log(proofPath) const proof = readFileSync(proofPath); // Cut the number of public inputs off of the proof string const proofStr = `0x${proof.toString("hex").substring(64*numPublicInputs)}`; - // console.log(proofStr) // Get the contract artifact const key = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"; - const provider = new ethers.JsonRpcProvider("http://localhost:8545"); + const provider = new ethers.JsonRpcProvider(`http://localhost:${randomPort}`); const signer = new ethers.Wallet(key, provider); // deploy - const address = await deploy(ABI, signer); - const contract = new ethers.Contract(address, ABI.abi, signer); + const address = await deploy(signer); + const contract = new ethers.Contract(address, abi, signer); // Run the test - console.log(publicInputs) const result = await contract.test(proofStr, publicInputs); - console.log(result); + if (!result) throw new Error("Test failed"); } catch (e) { + console.error(testName, " failed") console.log(e) - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - console.log("FAILED") - // console.log(e); throw e; } finally { // Kill anvil at the end of running - // killAnvil(); + killAnvil(); } } - - - - -// Create a proof for the given ACIR - - -// Deploy the solidity contract - -// Run the test - - -// Set up the command-line interface -// const acir = readBytecodeFile(bytecodePath); -// const witness = readWitnessFile(witnessPath); -// const threads = Math.min(os.cpus().length, 16); - - -// // Convert the input data to Uint8Arrays within the browser context -// const acirUint8Array = new Uint8Array(acirData as number[]); -// const witnessUint8Array = new Uint8Array(witnessData as number[]); - - - -main() +main(); diff --git a/barretenberg/acir_tests/sol-test/yarn.lock b/barretenberg/acir_tests/sol-test/yarn.lock index 8b2c68df602d..af80282ea956 100644 --- a/barretenberg/acir_tests/sol-test/yarn.lock +++ b/barretenberg/acir_tests/sol-test/yarn.lock @@ -7,31 +7,6 @@ resolved "https://registry.yarnpkg.com/@adraffy/ens-normalize/-/ens-normalize-1.10.0.tgz#d2a39395c587e092d77cbbc80acf956a54f38bf7" integrity sha512-nA9XHtlAkYfJxY7bce8DcN7eKxWWCWkU+1GR9d+U6MbNpfwQp8TI7vqOsBsMcHoT4mBu2kypKoSKnghEzOOq5Q== -"@cspotcode/source-map-support@^0.8.0": - version "0.8.1" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" - integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== - dependencies: - "@jridgewell/trace-mapping" "0.3.9" - -"@jridgewell/resolve-uri@^3.0.3": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" - integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== - -"@jridgewell/sourcemap-codec@^1.4.10": - version "1.4.15" - resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" - integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== - -"@jridgewell/trace-mapping@0.3.9": - version "0.3.9" - resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" - integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== - dependencies: - "@jridgewell/resolve-uri" "^3.0.3" - "@jridgewell/sourcemap-codec" "^1.4.10" - "@noble/curves@1.2.0": version "1.2.0" resolved "https://registry.yarnpkg.com/@noble/curves/-/curves-1.2.0.tgz#92d7e12e4e49b23105a2555c6984d41733d65c35" @@ -44,67 +19,25 @@ resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.2.tgz#6f26dbc8fbc7205873ce3cee2f690eba0d421b39" integrity sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ== -"@tsconfig/node10@^1.0.7": - version "1.0.9" - resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2" - integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA== - -"@tsconfig/node12@^1.0.7": - version "1.0.11" - resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d" - integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag== - -"@tsconfig/node14@^1.0.0": - version "1.0.3" - resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1" - integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow== - -"@tsconfig/node16@^1.0.2": - version "1.0.4" - resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9" - integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA== - "@types/node@18.15.13": version "18.15.13" resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.13.tgz#f64277c341150c979e42b00e4ac289290c9df469" integrity sha512-N+0kuo9KgrUQ1Sn/ifDXsvg0TTleP7rIy4zOBGECxAljqvqfqpTfzx0Q1NUedOixRMBfe2Whhb056a42cWs26Q== -"@types/node@^20.8.10": - version "20.8.10" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.8.10.tgz#a5448b895c753ae929c26ce85cab557c6d4a365e" - integrity sha512-TlgT8JntpcbmKUFzjhsyhGfP2fsiz1Mv56im6enJ905xG1DAYesxJaeSbGqQmAw8OWPdhyJGhGSQGKRNJ45u9w== - dependencies: - undici-types "~5.26.4" - -acorn-walk@^8.1.1: - version "8.2.0" - resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1" - integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA== - -acorn@^8.4.1: - version "8.10.0" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.10.0.tgz#8be5b3907a67221a81ab23c7889c4c5526b62ec5" - integrity sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw== - aes-js@4.0.0-beta.5: version "4.0.0-beta.5" resolved "https://registry.yarnpkg.com/aes-js/-/aes-js-4.0.0-beta.5.tgz#8d2452c52adedebc3a3e28465d858c11ca315873" integrity sha512-G965FqalsNyrPqgEGON7nIx1e/OVENSgiEIzyC63haUMuvNnwIgIjMs52hlTCKhkBny7A2ORNlfY9Zu+jmGk1Q== -arg@^4.1.0: - version "4.1.3" - resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" - integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA== - -create-require@^1.1.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" - integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== +command-exists@^1.2.8: + version "1.2.9" + resolved "https://registry.yarnpkg.com/command-exists/-/command-exists-1.2.9.tgz#c50725af3808c8ab0260fd60b01fbfa25b954f69" + integrity sha512-LTQ/SGc+s0Xc0Fu5WaKnR0YiygZkm9eKFvyS+fRsU7/ZWFF8ykFM6Pc9aCVf1+xasOOZpO3BAVgVrKvsqKHV7w== -diff@^4.0.1: - version "4.0.2" - resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" - integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== +commander@^8.1.0: + version "8.3.0" + resolved "https://registry.yarnpkg.com/commander/-/commander-8.3.0.tgz#4837ea1b2da67b9c616a67afbb0fafee567bca66" + integrity sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww== ethers@^6.8.1: version "6.8.1" @@ -119,56 +52,57 @@ ethers@^6.8.1: tslib "2.4.0" ws "8.5.0" -make-error@^1.1.1: - version "1.3.6" - resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2" - integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== - -ts-node@^10.9.1: - version "10.9.1" - resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b" - integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== +follow-redirects@^1.12.1: + version "1.15.3" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.3.tgz#fe2f3ef2690afce7e82ed0b44db08165b207123a" + integrity sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q== + +js-sha3@0.8.0: + version "0.8.0" + resolved "https://registry.yarnpkg.com/js-sha3/-/js-sha3-0.8.0.tgz#b9b7a5da73afad7dedd0f8c463954cbde6818840" + integrity sha512-gF1cRrHhIzNfToc802P800N8PpXS+evLLXfsVpowqmAFR9uwbi89WvXg2QspOmXL8QL86J4T1EpFu+yUkwJY3Q== + +memorystream@^0.3.1: + version "0.3.1" + resolved "https://registry.yarnpkg.com/memorystream/-/memorystream-0.3.1.tgz#86d7090b30ce455d63fbae12dda51a47ddcaf9b2" + integrity sha512-S3UwM3yj5mtUSEfP41UZmt/0SCoVYUcU1rkXv+BQ5Ig8ndL4sPoJNBUJERafdPb5jjHJGuMgytgKvKIf58XNBw== + +os-tmpdir@~1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274" + integrity sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g== + +semver@^5.5.0: + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== + +solc@^0.8.22: + version "0.8.22" + resolved "https://registry.yarnpkg.com/solc/-/solc-0.8.22.tgz#6df0bb688b9a58bbf10932730301374a6ccfb862" + integrity sha512-bA2tMZXx93R8L5LUH7TlB/f+QhkVyxrrY6LmgJnFFZlRknrhYVlBK1e3uHIdKybwoFabOFSzeaZjPeL/GIpFGQ== + dependencies: + command-exists "^1.2.8" + commander "^8.1.0" + follow-redirects "^1.12.1" + js-sha3 "0.8.0" + memorystream "^0.3.1" + semver "^5.5.0" + tmp "0.0.33" + +tmp@0.0.33: + version "0.0.33" + resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.0.33.tgz#6d34335889768d21b2bcda0aa277ced3b1bfadf9" + integrity sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw== dependencies: - "@cspotcode/source-map-support" "^0.8.0" - "@tsconfig/node10" "^1.0.7" - "@tsconfig/node12" "^1.0.7" - "@tsconfig/node14" "^1.0.0" - "@tsconfig/node16" "^1.0.2" - acorn "^8.4.1" - acorn-walk "^8.1.1" - arg "^4.1.0" - create-require "^1.1.0" - diff "^4.0.1" - make-error "^1.1.1" - v8-compile-cache-lib "^3.0.1" - yn "3.1.1" + os-tmpdir "~1.0.2" tslib@2.4.0: version "2.4.0" resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.4.0.tgz#7cecaa7f073ce680a05847aa77be941098f36dc3" integrity sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ== -typescript@^5.2.2: - version "5.2.2" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.2.2.tgz#5ebb5e5a5b75f085f22bc3f8460fba308310fa78" - integrity sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w== - -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== - -v8-compile-cache-lib@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" - integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== - ws@8.5.0: version "8.5.0" resolved "https://registry.yarnpkg.com/ws/-/ws-8.5.0.tgz#bfb4be96600757fe5382de12c670dab984a1ed4f" integrity sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg== - -yn@3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50" - integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q== From ea049a00d111b9395ea84434a4174cba827968ed Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 00:17:57 +0000 Subject: [PATCH 08/21] fix: add ci tests --- .circleci/config.yml | 15 +++++++++++++++ barretenberg/acir_tests/Dockerfile.bb.sol | 10 ++++++++++ barretenberg/acir_tests/run_acir_tests.sh | 13 ++++++++++++- build_manifest.yml | 6 ++++++ 4 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 barretenberg/acir_tests/Dockerfile.bb.sol diff --git a/.circleci/config.yml b/.circleci/config.yml index edecd9b086df..e9f67bcfa850 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -250,6 +250,17 @@ jobs: name: "Build and test" command: cond_spot_run_build barretenberg-acir-tests-bb 32 + barretenberg-acir-tests-bb-sol: + docker: + - image: aztecprotocol/alpine-build-image + resource_class: small + steps: + - *checkout + - *setup_env + - run: + name: "Build and test" + command: cond_spot_run_build barretenberg-acir-tests-bb-sol 32 + bb-js: machine: image: ubuntu-2204:2023.07.2 @@ -1166,6 +1177,10 @@ workflows: requires: - barretenberg-x86_64-linux-clang-assert <<: *defaults + - barretenberg-acir-tests-bb-sol: + requires: + - barretenberg-x86_64-linux-clang-assert + <<: *defaults - bb-js: requires: - barretenberg-wasm-linux-clang diff --git a/barretenberg/acir_tests/Dockerfile.bb.sol b/barretenberg/acir_tests/Dockerfile.bb.sol new file mode 100644 index 000000000000..bcdd87d2666b --- /dev/null +++ b/barretenberg/acir_tests/Dockerfile.bb.sol @@ -0,0 +1,10 @@ +FROM 278380418400.dkr.ecr.eu-west-2.amazonaws.com/barretenberg-x86_64-linux-clang-assert + +FROM node:18-alpine +RUN apk update && apk add git bash curl jq +COPY --from=0 /usr/src/barretenberg/cpp/build /usr/src/barretenberg/cpp/build +WORKDIR /usr/src/barretenberg/acir_tests +COPY . . +# Run every acir test through a solidity verifier". +RUN (cd sol-test && yarn) +RUN FLOW=sol ./run_acir_tests.sh diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index 1866df5e16d0..5cfa9f412c14 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -4,6 +4,12 @@ # VERBOSE: to enable logging for each test. set -eu +# Catch when running in parallel +error_file="/tmp/error.$$" +pids=() +source ./bash_helpers/catch.sh +trap handle_sigchild SIGCHLD + BIN=${BIN:-../cpp/build/bin/bb} FLOW=${FLOW:-prove_and_verify} CRS_PATH=~/.bb-crs @@ -84,6 +90,11 @@ else continue fi - test $TEST_NAME + test $TEST_NAME & done fi + +wait + +# Check for parallel errors +check_error_file \ No newline at end of file diff --git a/build_manifest.yml b/build_manifest.yml index 5bf584a3f3ec..ad119338cb71 100644 --- a/build_manifest.yml +++ b/build_manifest.yml @@ -39,6 +39,12 @@ barretenberg-acir-tests-bb: dependencies: - barretenberg-x86_64-linux-clang-assert +barretenberg-acir-tests-bb-sol: + buildDir: barretenberg/acir_tests + dockerfile: Dockerfile.bb.sol + dependencies: + - barretenberg-x86_64-linux-clang-assert + barretenberg-acir-tests-bb.js: buildDir: barretenberg/acir_tests dockerfile: Dockerfile.bb.js From a36de68712614f742dc3e379d523dfbde8463ef4 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 00:30:20 +0000 Subject: [PATCH 09/21] fix: add comments to sol tests --- .gitmodules | 5 +- barretenberg/acir_tests/flows/all_cmds.sh | 5 +- barretenberg/acir_tests/flows/gates.sh | 4 - barretenberg/acir_tests/run_acir_tests.sh | 3 +- barretenberg/acir_tests/run_acir_tests_sol.sh | 6 -- barretenberg/acir_tests/sol-test/src/index.js | 101 +++++++++--------- .../acir_format/acir_to_constraint_buf.hpp | 4 - .../src/client/client_execution_context.ts | 1 - 8 files changed, 56 insertions(+), 73 deletions(-) delete mode 100755 barretenberg/acir_tests/flows/gates.sh delete mode 100644 barretenberg/acir_tests/run_acir_tests_sol.sh diff --git a/.gitmodules b/.gitmodules index bdb34041e58a..32f3fa66dd1a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -12,7 +12,4 @@ url = https://github.com/Arachnid/solidity-stringutils [submodule "barretenberg/sol/lib/openzeppelin-contracts"] path = barretenberg/sol/lib/openzeppelin-contracts - url = https://github.com/OpenZeppelin/openzeppelin-contracts -[submodule "barretenberg/acir_tests/sol-test /contracts/lib/forge-std"] - path = barretenberg/acir_tests/sol-test /contracts/lib/forge-std - url = https://github.com/foundry-rs/forge-std + url = https://github.com/OpenZeppelin/openzeppelin-contracts \ No newline at end of file diff --git a/barretenberg/acir_tests/flows/all_cmds.sh b/barretenberg/acir_tests/flows/all_cmds.sh index 29c1c4cec6f4..c7ee147f6203 100755 --- a/barretenberg/acir_tests/flows/all_cmds.sh +++ b/barretenberg/acir_tests/flows/all_cmds.sh @@ -11,7 +11,7 @@ BFLAG="-b ./target/acir.gz" FLAGS="-c $CRS_PATH $VFLAG" # Test we can perform the proof/verify flow. -# $BIN gates $FLAGS $BFLAG > /dev/null +$BIN gates $FLAGS $BFLAG > /dev/null $BIN prove -o proof $FLAGS $BFLAG $BIN write_vk -o vk $FLAGS $BFLAG $BIN verify -k vk -p proof $FLAGS @@ -23,5 +23,4 @@ $BIN contract -k vk $BFLAG -o - | grep "Verification Key Hash" > /dev/null OUTPUT=$($BIN proof_as_fields -k vk -p proof -o - | jq .) [ -n "$OUTPUT" ] || exit 1 OUTPUT=$($BIN vk_as_fields -k vk -o - | jq .) -[ -n "$OUTPUT" ] || exit 1 - +[ -n "$OUTPUT" ] || exit 1 \ No newline at end of file diff --git a/barretenberg/acir_tests/flows/gates.sh b/barretenberg/acir_tests/flows/gates.sh deleted file mode 100755 index 46be382e1dc0..000000000000 --- a/barretenberg/acir_tests/flows/gates.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -$BIN gates -k vk -b ./target/acir.gz \ No newline at end of file diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index 5cfa9f412c14..5f4cfc29389e 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -72,8 +72,7 @@ function test() { if [ "${#TEST_NAMES[@]}" -ne 0 ]; then for NAMED_TEST in "${TEST_NAMES[@]}"; do - # echo -n "Testing $NAMED_TEST... " - echo "Testing $NAMED_TEST... " + echo -n "Testing $NAMED_TEST... " test $NAMED_TEST done else diff --git a/barretenberg/acir_tests/run_acir_tests_sol.sh b/barretenberg/acir_tests/run_acir_tests_sol.sh deleted file mode 100644 index 8d19bca082a8..000000000000 --- a/barretenberg/acir_tests/run_acir_tests_sol.sh +++ /dev/null @@ -1,6 +0,0 @@ -## Generate the solidity verifier with bb, then run a test through it - - -## Issue here, work out where the public inputs are included in the witness -## If they are included in the proof output, then we can get away with just extracting them -## Maybe worth making something that can extract the public inputs from the .tz \ No newline at end of file diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 6b4846a7973f..95a7a5a8eacd 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -4,11 +4,18 @@ import {spawn} from "child_process"; import {ethers} from "ethers"; import solc from "solc"; -// TODO: create temp directories and pass them into here - // We use the solcjs compiler version in this test, although it is slower than foundry, to run the test end to end // it simplifies of parallelising the test suite +// What does this file do? +// +// 1. Launch an instance of anvil { on a random port, for parallelism } +// 2. Compile the solidity files using solcjs +// 3. Deploy the contract +// 4. Read the previously created proof, and append public inputs +// 5. Run the test against the deployed contract +// 6. Kill the anvil instance + const getEnvVar = (envvar) => { const varVal = process.env[envvar]; if (!varVal) { @@ -17,9 +24,10 @@ const getEnvVar = (envvar) => { return varVal; } +// Test name is passed into environment from `flows/sol.sh` const testName = getEnvVar("TEST_NAME"); -// Get Solidity files from random dir +// Get solidity files, passed into environment from `flows/sol.sh` const keyPath = getEnvVar("KEY_PATH"); const verifierPath = getEnvVar("VERIFIER_PATH"); const testPath = getEnvVar("TEST_PATH"); @@ -45,7 +53,7 @@ var input = { content: verifier } }, - settings: { + settings: { // we require the optimiser optimizer: { enabled: true, runs: 200 @@ -71,7 +79,6 @@ const launchAnvil = async (port) => { handle.stdout.on("data", (data) => { const str = data.toString(); if (str.includes("Listening on")) { - // console.log("Anvil Ready"); resolve(undefined); } }); @@ -82,7 +89,6 @@ const launchAnvil = async (port) => { const deploy = async (signer) => { const factory = new ethers.ContractFactory(abi, bytecode, signer); - // console.log("Deploying Contract..."); const deployment = await factory.deploy(); const deployed = await deployment.waitForDeployment(); return await deployed.getAddress(); @@ -102,49 +108,46 @@ const readPublicInputs = (numPublicInputs, proofAsFields) => { return publicInputs; } -const main = async () => { - // start anvil - const randomPort = Math.floor(Math.random() * 10000) + 10000; - const anvil = await launchAnvil(randomPort); - const killAnvil = () => { - anvil.kill(); - console.log(testName, " complete") - } +// start anvil +const randomPort = Math.floor(Math.random() * 10000) + 10000; +const anvil = await launchAnvil(randomPort); +const killAnvil = () => { + anvil.kill(); + console.log(testName, " complete") +} - try { - const proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS"); - const proofAsFields = readFileSync(proofAsFieldsPath); - const numPublicInputs = +getEnvVar("NUM_PUBLIC_INPUTS"); - const publicInputs = readPublicInputs(numPublicInputs, JSON.parse(proofAsFields.toString())); - - const proofPath = getEnvVar("PROOF"); - const proof = readFileSync(proofPath); - - // Cut the number of public inputs off of the proof string - const proofStr = `0x${proof.toString("hex").substring(64*numPublicInputs)}`; - - // Get the contract artifact - const key = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"; - const provider = new ethers.JsonRpcProvider(`http://localhost:${randomPort}`); - const signer = new ethers.Wallet(key, provider); - - // deploy - const address = await deploy(signer); - const contract = new ethers.Contract(address, abi, signer); - - // Run the test - const result = await contract.test(proofStr, publicInputs); - if (!result) throw new Error("Test failed"); - } - catch (e) { - console.error(testName, " failed") - console.log(e) - throw e; - } - finally { - // Kill anvil at the end of running - killAnvil(); - } +try { + const proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS"); + const proofAsFields = readFileSync(proofAsFieldsPath); + const numPublicInputs = +getEnvVar("NUM_PUBLIC_INPUTS"); + const publicInputs = readPublicInputs(numPublicInputs, JSON.parse(proofAsFields.toString())); + + const proofPath = getEnvVar("PROOF"); + const proof = readFileSync(proofPath); + + // Cut the number of public inputs off of the proof string + const proofStr = `0x${proof.toString("hex").substring(64*numPublicInputs)}`; + + // Get the contract artifact + const key = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"; + const provider = new ethers.JsonRpcProvider(`http://localhost:${randomPort}`); + const signer = new ethers.Wallet(key, provider); + + // deploy + const address = await deploy(signer); + const contract = new ethers.Contract(address, abi, signer); + + // Run the test + const result = await contract.test(proofStr, publicInputs); + if (!result) throw new Error("Test failed"); +} +catch (e) { + console.error(testName, " failed") + console.log(e) + throw e; +} +finally { + // Kill anvil at the end of running + killAnvil(); } -main(); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp index b48fee9e1d91..0c2f63a18170 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp @@ -305,14 +305,10 @@ WitnessVector witness_buf_to_witness_data(std::vector const& buf) WitnessVector wv; size_t index = 1; for (auto& e : w.value) { - // // first is index - // info("first ", e.first.value); while (index < e.first.value) { - // info("index < first ", e.first.value); wv.push_back(barretenberg::fr(0)); index++; } - // info("second ", e.second); wv.push_back(barretenberg::fr(uint256_t(e.second))); index++; } diff --git a/yarn-project/acir-simulator/src/client/client_execution_context.ts b/yarn-project/acir-simulator/src/client/client_execution_context.ts index 9675f07a78a5..5236304a716c 100644 --- a/yarn-project/acir-simulator/src/client/client_execution_context.ts +++ b/yarn-project/acir-simulator/src/client/client_execution_context.ts @@ -217,7 +217,6 @@ export class ClientExecutionContext extends ViewDataOracle { offset, }); - // TODO: PHIL issue starts here this.log( `Returning ${notes.length} notes for ${this.contractAddress} at ${storageSlot}: ${notes .map(n => `${n.nonce.toString()}:[${n.note.items.map(i => i.toString()).join(',')}]`) From 0e669ec445bae6eca915ac27374b32682dcd5e6e Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 00:37:46 +0000 Subject: [PATCH 10/21] fix: reenable randomness --- .../src/barretenberg/plonk/proof_system/prover/prover.cpp | 8 +++++--- .../widgets/random_widgets/permutation_widget_impl.hpp | 2 +- .../widgets/random_widgets/plookup_widget_impl.hpp | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp index 05dc749d255a..227a06791977 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/prover/prover.cpp @@ -204,7 +204,8 @@ template void ProverBase::execute_preamble_round() const size_t w_randomness = 3; ASSERT(w_randomness < settings::num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < w_randomness; ++k) { - wire_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = fr::one(); + wire_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = + fr::random_element(); } key->polynomial_store.put(wire_tag + "_lagrange", std::move(wire_lagrange)); @@ -297,7 +298,8 @@ template void ProverBase::execute_second_round() ASSERT(w_randomness < settings::num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < w_randomness; ++k) { // Blinding - w_4_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = fr::one(); + w_4_lagrange.at(circuit_size - settings::num_roots_cut_out_of_vanishing_polynomial + k) = + fr::random_element(); } // compute poly w_4 from w_4_lagrange and add it to the cache @@ -464,7 +466,7 @@ template void ProverBase::add_blinding_to_quotient // For details, please head to: https://hackmd.io/JiyexiqRQJW55TMRrBqp1g. for (size_t i = 0; i < settings::program_width - 1; i++) { // Note that only program_width-1 random elements are required for full blinding - fr quotient_randomness = fr::one(); + fr quotient_randomness = fr::random_element(); key->quotient_polynomial_parts[i][key->circuit_size] += quotient_randomness; // update coefficient of X^n'th term diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp index 8290ab4c1166..0209756a25ff 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/permutation_widget_impl.hpp @@ -310,7 +310,7 @@ void ProverPermutationWidgetcircuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k] = fr::one(); + z_perm[(key->circuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k] = fr::random_element(); } z_perm.ifft(key->small_domain); diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp index 10a7a3df20ba..c88e641fc967 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp @@ -90,7 +90,7 @@ void ProverPlookupWidget::compute_sor const size_t s_randomness = 3; ASSERT(s_randomness < num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < s_randomness; ++k) { - s_accum[((key->circuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::one(); + s_accum[((key->circuit_size - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::random_element(); } // Save the lagrange base representation of s @@ -324,7 +324,7 @@ void ProverPlookupWidget::compute_gra ASSERT(z_randomness < num_roots_cut_out_of_vanishing_polynomial); for (size_t k = 0; k < z_randomness; ++k) { // Blinding: - z_lookup[((n - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::one(); + z_lookup[((n - num_roots_cut_out_of_vanishing_polynomial) + 1 + k)] = fr::random_element(); } // Compute and add monomial form of z_lookup to the polynomial store From 6666f35d80f89e8b5efcdbf4d6cb6ff50010a3bb Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 00:48:05 +0000 Subject: [PATCH 11/21] fix: remove verifier duplication --- barretenberg/acir_tests/Dockerfile.bb.sol | 2 + barretenberg/acir_tests/flows/sol.sh | 1 + barretenberg/acir_tests/sol-test/Verifier.sol | 2545 +---------------- barretenberg/acir_tests/sol-test/src/index.js | 9 +- 4 files changed, 11 insertions(+), 2546 deletions(-) diff --git a/barretenberg/acir_tests/Dockerfile.bb.sol b/barretenberg/acir_tests/Dockerfile.bb.sol index bcdd87d2666b..125d62750157 100644 --- a/barretenberg/acir_tests/Dockerfile.bb.sol +++ b/barretenberg/acir_tests/Dockerfile.bb.sol @@ -1,8 +1,10 @@ FROM 278380418400.dkr.ecr.eu-west-2.amazonaws.com/barretenberg-x86_64-linux-clang-assert +FROM 278380418400.dkr.ecr.eu-west-2.amazonaws.com/barretenberg-x86_64-linux-clang-sol FROM node:18-alpine RUN apk update && apk add git bash curl jq COPY --from=0 /usr/src/barretenberg/cpp/build /usr/src/barretenberg/cpp/build +COPY --from=1 /usr/src/barretenberg/sol/src/ultra/BaseUltraVerifier.sol /usr/src/barretenberg/sol/src/ultra/BaseUltraVerifier.sol WORKDIR /usr/src/barretenberg/acir_tests COPY . . # Run every acir test through a solidity verifier". diff --git a/barretenberg/acir_tests/flows/sol.sh b/barretenberg/acir_tests/flows/sol.sh index e06bbd727fec..497921fa2b1b 100755 --- a/barretenberg/acir_tests/flows/sol.sh +++ b/barretenberg/acir_tests/flows/sol.sh @@ -18,6 +18,7 @@ $BIN contract -k vk -c $CRS_PATH -b ./target/acir.gz -o Key.sol export KEY_PATH="$(pwd)/Key.sol" export VERIFIER_PATH=$(realpath "../../sol-test/Verifier.sol") export TEST_PATH=$(realpath "../../sol-test/Test.sol") +export BASE_PATH=$(realpath "../../../sol/src/ultra/BaseUltraVerifier.sol") # Use solcjs to compile the generated key contract with the template verifier and test contract # index.js will start an anvil, on a random port diff --git a/barretenberg/acir_tests/sol-test/Verifier.sol b/barretenberg/acir_tests/sol-test/Verifier.sol index a1c7a79a8f4e..e07daf6a3550 100644 --- a/barretenberg/acir_tests/sol-test/Verifier.sol +++ b/barretenberg/acir_tests/sol-test/Verifier.sol @@ -4,2550 +4,7 @@ pragma solidity >=0.8.4; import {UltraVerificationKey} from "./Key.sol"; - -/** - * @title Ultra Plonk proof verification contract - * @dev Top level Plonk proof verification contract, which allows Plonk proof to be verified - */ -abstract contract BaseUltraVerifier { - // VERIFICATION KEY MEMORY LOCATIONS - uint256 internal constant N_LOC = 0x380; - uint256 internal constant NUM_INPUTS_LOC = 0x3a0; - uint256 internal constant OMEGA_LOC = 0x3c0; - uint256 internal constant DOMAIN_INVERSE_LOC = 0x3e0; - uint256 internal constant Q1_X_LOC = 0x400; - uint256 internal constant Q1_Y_LOC = 0x420; - uint256 internal constant Q2_X_LOC = 0x440; - uint256 internal constant Q2_Y_LOC = 0x460; - uint256 internal constant Q3_X_LOC = 0x480; - uint256 internal constant Q3_Y_LOC = 0x4a0; - uint256 internal constant Q4_X_LOC = 0x4c0; - uint256 internal constant Q4_Y_LOC = 0x4e0; - uint256 internal constant QM_X_LOC = 0x500; - uint256 internal constant QM_Y_LOC = 0x520; - uint256 internal constant QC_X_LOC = 0x540; - uint256 internal constant QC_Y_LOC = 0x560; - uint256 internal constant QARITH_X_LOC = 0x580; - uint256 internal constant QARITH_Y_LOC = 0x5a0; - uint256 internal constant QSORT_X_LOC = 0x5c0; - uint256 internal constant QSORT_Y_LOC = 0x5e0; - uint256 internal constant QELLIPTIC_X_LOC = 0x600; - uint256 internal constant QELLIPTIC_Y_LOC = 0x620; - uint256 internal constant QAUX_X_LOC = 0x640; - uint256 internal constant QAUX_Y_LOC = 0x660; - uint256 internal constant SIGMA1_X_LOC = 0x680; - uint256 internal constant SIGMA1_Y_LOC = 0x6a0; - uint256 internal constant SIGMA2_X_LOC = 0x6c0; - uint256 internal constant SIGMA2_Y_LOC = 0x6e0; - uint256 internal constant SIGMA3_X_LOC = 0x700; - uint256 internal constant SIGMA3_Y_LOC = 0x720; - uint256 internal constant SIGMA4_X_LOC = 0x740; - uint256 internal constant SIGMA4_Y_LOC = 0x760; - uint256 internal constant TABLE1_X_LOC = 0x780; - uint256 internal constant TABLE1_Y_LOC = 0x7a0; - uint256 internal constant TABLE2_X_LOC = 0x7c0; - uint256 internal constant TABLE2_Y_LOC = 0x7e0; - uint256 internal constant TABLE3_X_LOC = 0x800; - uint256 internal constant TABLE3_Y_LOC = 0x820; - uint256 internal constant TABLE4_X_LOC = 0x840; - uint256 internal constant TABLE4_Y_LOC = 0x860; - uint256 internal constant TABLE_TYPE_X_LOC = 0x880; - uint256 internal constant TABLE_TYPE_Y_LOC = 0x8a0; - uint256 internal constant ID1_X_LOC = 0x8c0; - uint256 internal constant ID1_Y_LOC = 0x8e0; - uint256 internal constant ID2_X_LOC = 0x900; - uint256 internal constant ID2_Y_LOC = 0x920; - uint256 internal constant ID3_X_LOC = 0x940; - uint256 internal constant ID3_Y_LOC = 0x960; - uint256 internal constant ID4_X_LOC = 0x980; - uint256 internal constant ID4_Y_LOC = 0x9a0; - uint256 internal constant CONTAINS_RECURSIVE_PROOF_LOC = 0x9c0; - uint256 internal constant RECURSIVE_PROOF_PUBLIC_INPUT_INDICES_LOC = 0x9e0; - uint256 internal constant G2X_X0_LOC = 0xa00; - uint256 internal constant G2X_X1_LOC = 0xa20; - uint256 internal constant G2X_Y0_LOC = 0xa40; - uint256 internal constant G2X_Y1_LOC = 0xa60; - - // ### PROOF DATA MEMORY LOCATIONS - uint256 internal constant W1_X_LOC = 0x1200; - uint256 internal constant W1_Y_LOC = 0x1220; - uint256 internal constant W2_X_LOC = 0x1240; - uint256 internal constant W2_Y_LOC = 0x1260; - uint256 internal constant W3_X_LOC = 0x1280; - uint256 internal constant W3_Y_LOC = 0x12a0; - uint256 internal constant W4_X_LOC = 0x12c0; - uint256 internal constant W4_Y_LOC = 0x12e0; - uint256 internal constant S_X_LOC = 0x1300; - uint256 internal constant S_Y_LOC = 0x1320; - uint256 internal constant Z_X_LOC = 0x1340; - uint256 internal constant Z_Y_LOC = 0x1360; - uint256 internal constant Z_LOOKUP_X_LOC = 0x1380; - uint256 internal constant Z_LOOKUP_Y_LOC = 0x13a0; - uint256 internal constant T1_X_LOC = 0x13c0; - uint256 internal constant T1_Y_LOC = 0x13e0; - uint256 internal constant T2_X_LOC = 0x1400; - uint256 internal constant T2_Y_LOC = 0x1420; - uint256 internal constant T3_X_LOC = 0x1440; - uint256 internal constant T3_Y_LOC = 0x1460; - uint256 internal constant T4_X_LOC = 0x1480; - uint256 internal constant T4_Y_LOC = 0x14a0; - - uint256 internal constant W1_EVAL_LOC = 0x1600; - uint256 internal constant W2_EVAL_LOC = 0x1620; - uint256 internal constant W3_EVAL_LOC = 0x1640; - uint256 internal constant W4_EVAL_LOC = 0x1660; - uint256 internal constant S_EVAL_LOC = 0x1680; - uint256 internal constant Z_EVAL_LOC = 0x16a0; - uint256 internal constant Z_LOOKUP_EVAL_LOC = 0x16c0; - uint256 internal constant Q1_EVAL_LOC = 0x16e0; - uint256 internal constant Q2_EVAL_LOC = 0x1700; - uint256 internal constant Q3_EVAL_LOC = 0x1720; - uint256 internal constant Q4_EVAL_LOC = 0x1740; - uint256 internal constant QM_EVAL_LOC = 0x1760; - uint256 internal constant QC_EVAL_LOC = 0x1780; - uint256 internal constant QARITH_EVAL_LOC = 0x17a0; - uint256 internal constant QSORT_EVAL_LOC = 0x17c0; - uint256 internal constant QELLIPTIC_EVAL_LOC = 0x17e0; - uint256 internal constant QAUX_EVAL_LOC = 0x1800; - uint256 internal constant TABLE1_EVAL_LOC = 0x1840; - uint256 internal constant TABLE2_EVAL_LOC = 0x1860; - uint256 internal constant TABLE3_EVAL_LOC = 0x1880; - uint256 internal constant TABLE4_EVAL_LOC = 0x18a0; - uint256 internal constant TABLE_TYPE_EVAL_LOC = 0x18c0; - uint256 internal constant ID1_EVAL_LOC = 0x18e0; - uint256 internal constant ID2_EVAL_LOC = 0x1900; - uint256 internal constant ID3_EVAL_LOC = 0x1920; - uint256 internal constant ID4_EVAL_LOC = 0x1940; - uint256 internal constant SIGMA1_EVAL_LOC = 0x1960; - uint256 internal constant SIGMA2_EVAL_LOC = 0x1980; - uint256 internal constant SIGMA3_EVAL_LOC = 0x19a0; - uint256 internal constant SIGMA4_EVAL_LOC = 0x19c0; - uint256 internal constant W1_OMEGA_EVAL_LOC = 0x19e0; - uint256 internal constant W2_OMEGA_EVAL_LOC = 0x2000; - uint256 internal constant W3_OMEGA_EVAL_LOC = 0x2020; - uint256 internal constant W4_OMEGA_EVAL_LOC = 0x2040; - uint256 internal constant S_OMEGA_EVAL_LOC = 0x2060; - uint256 internal constant Z_OMEGA_EVAL_LOC = 0x2080; - uint256 internal constant Z_LOOKUP_OMEGA_EVAL_LOC = 0x20a0; - uint256 internal constant TABLE1_OMEGA_EVAL_LOC = 0x20c0; - uint256 internal constant TABLE2_OMEGA_EVAL_LOC = 0x20e0; - uint256 internal constant TABLE3_OMEGA_EVAL_LOC = 0x2100; - uint256 internal constant TABLE4_OMEGA_EVAL_LOC = 0x2120; - - uint256 internal constant PI_Z_X_LOC = 0x2300; - uint256 internal constant PI_Z_Y_LOC = 0x2320; - uint256 internal constant PI_Z_OMEGA_X_LOC = 0x2340; - uint256 internal constant PI_Z_OMEGA_Y_LOC = 0x2360; - - // Used for elliptic widget. These are alias names for wire + shifted wire evaluations - uint256 internal constant X1_EVAL_LOC = W2_EVAL_LOC; - uint256 internal constant X2_EVAL_LOC = W1_OMEGA_EVAL_LOC; - uint256 internal constant X3_EVAL_LOC = W2_OMEGA_EVAL_LOC; - uint256 internal constant Y1_EVAL_LOC = W3_EVAL_LOC; - uint256 internal constant Y2_EVAL_LOC = W4_OMEGA_EVAL_LOC; - uint256 internal constant Y3_EVAL_LOC = W3_OMEGA_EVAL_LOC; - uint256 internal constant QBETA_LOC = Q3_EVAL_LOC; - uint256 internal constant QBETA_SQR_LOC = Q4_EVAL_LOC; - uint256 internal constant QSIGN_LOC = Q1_EVAL_LOC; - - // ### CHALLENGES MEMORY OFFSETS - - uint256 internal constant C_BETA_LOC = 0x2600; - uint256 internal constant C_GAMMA_LOC = 0x2620; - uint256 internal constant C_ALPHA_LOC = 0x2640; - uint256 internal constant C_ETA_LOC = 0x2660; - uint256 internal constant C_ETA_SQR_LOC = 0x2680; - uint256 internal constant C_ETA_CUBE_LOC = 0x26a0; - - uint256 internal constant C_ZETA_LOC = 0x26c0; - uint256 internal constant C_CURRENT_LOC = 0x26e0; - uint256 internal constant C_V0_LOC = 0x2700; - uint256 internal constant C_V1_LOC = 0x2720; - uint256 internal constant C_V2_LOC = 0x2740; - uint256 internal constant C_V3_LOC = 0x2760; - uint256 internal constant C_V4_LOC = 0x2780; - uint256 internal constant C_V5_LOC = 0x27a0; - uint256 internal constant C_V6_LOC = 0x27c0; - uint256 internal constant C_V7_LOC = 0x27e0; - uint256 internal constant C_V8_LOC = 0x2800; - uint256 internal constant C_V9_LOC = 0x2820; - uint256 internal constant C_V10_LOC = 0x2840; - uint256 internal constant C_V11_LOC = 0x2860; - uint256 internal constant C_V12_LOC = 0x2880; - uint256 internal constant C_V13_LOC = 0x28a0; - uint256 internal constant C_V14_LOC = 0x28c0; - uint256 internal constant C_V15_LOC = 0x28e0; - uint256 internal constant C_V16_LOC = 0x2900; - uint256 internal constant C_V17_LOC = 0x2920; - uint256 internal constant C_V18_LOC = 0x2940; - uint256 internal constant C_V19_LOC = 0x2960; - uint256 internal constant C_V20_LOC = 0x2980; - uint256 internal constant C_V21_LOC = 0x29a0; - uint256 internal constant C_V22_LOC = 0x29c0; - uint256 internal constant C_V23_LOC = 0x29e0; - uint256 internal constant C_V24_LOC = 0x2a00; - uint256 internal constant C_V25_LOC = 0x2a20; - uint256 internal constant C_V26_LOC = 0x2a40; - uint256 internal constant C_V27_LOC = 0x2a60; - uint256 internal constant C_V28_LOC = 0x2a80; - uint256 internal constant C_V29_LOC = 0x2aa0; - uint256 internal constant C_V30_LOC = 0x2ac0; - - uint256 internal constant C_U_LOC = 0x2b00; - - // ### LOCAL VARIABLES MEMORY OFFSETS - uint256 internal constant DELTA_NUMERATOR_LOC = 0x3000; - uint256 internal constant DELTA_DENOMINATOR_LOC = 0x3020; - uint256 internal constant ZETA_POW_N_LOC = 0x3040; - uint256 internal constant PUBLIC_INPUT_DELTA_LOC = 0x3060; - uint256 internal constant ZERO_POLY_LOC = 0x3080; - uint256 internal constant L_START_LOC = 0x30a0; - uint256 internal constant L_END_LOC = 0x30c0; - uint256 internal constant R_ZERO_EVAL_LOC = 0x30e0; - - uint256 internal constant PLOOKUP_DELTA_NUMERATOR_LOC = 0x3100; - uint256 internal constant PLOOKUP_DELTA_DENOMINATOR_LOC = 0x3120; - uint256 internal constant PLOOKUP_DELTA_LOC = 0x3140; - - uint256 internal constant ACCUMULATOR_X_LOC = 0x3160; - uint256 internal constant ACCUMULATOR_Y_LOC = 0x3180; - uint256 internal constant ACCUMULATOR2_X_LOC = 0x31a0; - uint256 internal constant ACCUMULATOR2_Y_LOC = 0x31c0; - uint256 internal constant PAIRING_LHS_X_LOC = 0x31e0; - uint256 internal constant PAIRING_LHS_Y_LOC = 0x3200; - uint256 internal constant PAIRING_RHS_X_LOC = 0x3220; - uint256 internal constant PAIRING_RHS_Y_LOC = 0x3240; - - // ### SUCCESS FLAG MEMORY LOCATIONS - uint256 internal constant GRAND_PRODUCT_SUCCESS_FLAG = 0x3300; - uint256 internal constant ARITHMETIC_TERM_SUCCESS_FLAG = 0x3020; - uint256 internal constant BATCH_OPENING_SUCCESS_FLAG = 0x3340; - uint256 internal constant OPENING_COMMITMENT_SUCCESS_FLAG = 0x3360; - uint256 internal constant PAIRING_PREAMBLE_SUCCESS_FLAG = 0x3380; - uint256 internal constant PAIRING_SUCCESS_FLAG = 0x33a0; - uint256 internal constant RESULT_FLAG = 0x33c0; - - // misc stuff - uint256 internal constant OMEGA_INVERSE_LOC = 0x3400; - uint256 internal constant C_ALPHA_SQR_LOC = 0x3420; - uint256 internal constant C_ALPHA_CUBE_LOC = 0x3440; - uint256 internal constant C_ALPHA_QUAD_LOC = 0x3460; - uint256 internal constant C_ALPHA_BASE_LOC = 0x3480; - - // ### RECURSION VARIABLE MEMORY LOCATIONS - uint256 internal constant RECURSIVE_P1_X_LOC = 0x3500; - uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3520; - uint256 internal constant RECURSIVE_P2_X_LOC = 0x3540; - uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3560; - - uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3580; - - // sub-identity storage - uint256 internal constant PERMUTATION_IDENTITY = 0x3600; - uint256 internal constant PLOOKUP_IDENTITY = 0x3620; - uint256 internal constant ARITHMETIC_IDENTITY = 0x3640; - uint256 internal constant SORT_IDENTITY = 0x3660; - uint256 internal constant ELLIPTIC_IDENTITY = 0x3680; - uint256 internal constant AUX_IDENTITY = 0x36a0; - uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x36c0; - uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x36e0; - uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3700; - uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3720; - uint256 internal constant AUX_MEMORY_EVALUATION = 0x3740; - - uint256 internal constant QUOTIENT_EVAL_LOC = 0x3760; - uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3780; - - // when hashing public inputs we use memory at NU_CHALLENGE_INPUT_LOC_A, as the hash input size is unknown at compile time - uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x37a0; - uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x37c0; - uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x37e0; - - bytes4 internal constant PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR = 0xeba9f4a6; - bytes4 internal constant PUBLIC_INPUT_GE_P_SELECTOR = 0x374a972f; - bytes4 internal constant MOD_EXP_FAILURE_SELECTOR = 0xf894a7bc; - bytes4 internal constant EC_SCALAR_MUL_FAILURE_SELECTOR = 0xf755f369; - bytes4 internal constant PROOF_FAILURE_SELECTOR = 0x0711fcec; - - uint256 internal constant ETA_INPUT_LENGTH = 0xc0; // W1, W2, W3 = 6 * 0x20 bytes - - // We need to hash 41 field elements when generating the NU challenge - // w1, w2, w3, w4, s, z, z_lookup, q1, q2, q3, q4, qm, qc, qarith (14) - // qsort, qelliptic, qaux, sigma1, sigma2, sigma, sigma4, (7) - // table1, table2, table3, table4, tabletype, id1, id2, id3, id4, (9) - // w1_omega, w2_omega, w3_omega, w4_omega, s_omega, z_omega, z_lookup_omega, (7) - // table1_omega, table2_omega, table3_omega, table4_omega (4) - uint256 internal constant NU_INPUT_LENGTH = 0x520; // 0x520 = 41 * 0x20 - - // There are ELEVEN G1 group elements added into the transcript in the `beta` round, that we need to skip over - // W1, W2, W3, W4, S, Z, Z_LOOKUP, T1, T2, T3, T4 - uint256 internal constant NU_CALLDATA_SKIP_LENGTH = 0x2c0; // 11 * 0x40 = 0x2c0 - - uint256 internal constant NEGATIVE_INVERSE_OF_2_MODULO_P = - 0x183227397098d014dc2822db40c0ac2e9419f4243cdcb848a1f0fac9f8000000; - uint256 internal constant LIMB_SIZE = 0x100000000000000000; // 2<<68 - uint256 internal constant SUBLIMB_SHIFT = 0x4000; // 2<<14 - - // y^2 = x^3 + ax + b - // for Grumpkin, a = 0 and b = -17. We use b in a custom gate relation that evaluates elliptic curve arithmetic - uint256 internal constant GRUMPKIN_CURVE_B_PARAMETER_NEGATED = 17; - - error PUBLIC_INPUT_COUNT_INVALID(uint256 expected, uint256 actual); - error PUBLIC_INPUT_INVALID_BN128_G1_POINT(); - error PUBLIC_INPUT_GE_P(); - error MOD_EXP_FAILURE(); - error EC_SCALAR_MUL_FAILURE(); - error PROOF_FAILURE(); - - function getVerificationKeyHash() public pure virtual returns (bytes32); - - function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure virtual; - - /** - * @notice Verify a Ultra Plonk proof - * @param _proof - The serialized proof - * @param _publicInputs - An array of the public inputs - * @return True if proof is valid, reverts otherwise - */ - function verify(bytes calldata _proof, bytes32[] calldata _publicInputs) external view returns (bool) { - loadVerificationKey(N_LOC, OMEGA_INVERSE_LOC); - - uint256 requiredPublicInputCount; - assembly { - requiredPublicInputCount := mload(NUM_INPUTS_LOC) - } - if (requiredPublicInputCount != _publicInputs.length) { - revert PUBLIC_INPUT_COUNT_INVALID(requiredPublicInputCount, _publicInputs.length); - } - - assembly { - let q := 21888242871839275222246405745257275088696311157297823662689037894645226208583 // EC group order - let p := 21888242871839275222246405745257275088548364400416034343698204186575808495617 // Prime field order - - /** - * LOAD PROOF FROM CALLDATA - */ - { - let data_ptr := add(calldataload(0x04), 0x24) - - mstore(W1_Y_LOC, mod(calldataload(data_ptr), q)) - mstore(W1_X_LOC, mod(calldataload(add(data_ptr, 0x20)), q)) - - mstore(W2_Y_LOC, mod(calldataload(add(data_ptr, 0x40)), q)) - mstore(W2_X_LOC, mod(calldataload(add(data_ptr, 0x60)), q)) - - mstore(W3_Y_LOC, mod(calldataload(add(data_ptr, 0x80)), q)) - mstore(W3_X_LOC, mod(calldataload(add(data_ptr, 0xa0)), q)) - - mstore(W4_Y_LOC, mod(calldataload(add(data_ptr, 0xc0)), q)) - mstore(W4_X_LOC, mod(calldataload(add(data_ptr, 0xe0)), q)) - - mstore(S_Y_LOC, mod(calldataload(add(data_ptr, 0x100)), q)) - mstore(S_X_LOC, mod(calldataload(add(data_ptr, 0x120)), q)) - mstore(Z_Y_LOC, mod(calldataload(add(data_ptr, 0x140)), q)) - mstore(Z_X_LOC, mod(calldataload(add(data_ptr, 0x160)), q)) - mstore(Z_LOOKUP_Y_LOC, mod(calldataload(add(data_ptr, 0x180)), q)) - mstore(Z_LOOKUP_X_LOC, mod(calldataload(add(data_ptr, 0x1a0)), q)) - mstore(T1_Y_LOC, mod(calldataload(add(data_ptr, 0x1c0)), q)) - mstore(T1_X_LOC, mod(calldataload(add(data_ptr, 0x1e0)), q)) - - mstore(T2_Y_LOC, mod(calldataload(add(data_ptr, 0x200)), q)) - mstore(T2_X_LOC, mod(calldataload(add(data_ptr, 0x220)), q)) - - mstore(T3_Y_LOC, mod(calldataload(add(data_ptr, 0x240)), q)) - mstore(T3_X_LOC, mod(calldataload(add(data_ptr, 0x260)), q)) - - mstore(T4_Y_LOC, mod(calldataload(add(data_ptr, 0x280)), q)) - mstore(T4_X_LOC, mod(calldataload(add(data_ptr, 0x2a0)), q)) - - mstore(W1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x2c0)), p)) - mstore(W2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x2e0)), p)) - mstore(W3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x300)), p)) - mstore(W4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x320)), p)) - mstore(S_EVAL_LOC, mod(calldataload(add(data_ptr, 0x340)), p)) - mstore(Z_EVAL_LOC, mod(calldataload(add(data_ptr, 0x360)), p)) - mstore(Z_LOOKUP_EVAL_LOC, mod(calldataload(add(data_ptr, 0x380)), p)) - mstore(Q1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x3a0)), p)) - mstore(Q2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x3c0)), p)) - mstore(Q3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x3e0)), p)) - mstore(Q4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x400)), p)) - mstore(QM_EVAL_LOC, mod(calldataload(add(data_ptr, 0x420)), p)) - mstore(QC_EVAL_LOC, mod(calldataload(add(data_ptr, 0x440)), p)) - mstore(QARITH_EVAL_LOC, mod(calldataload(add(data_ptr, 0x460)), p)) - mstore(QSORT_EVAL_LOC, mod(calldataload(add(data_ptr, 0x480)), p)) - mstore(QELLIPTIC_EVAL_LOC, mod(calldataload(add(data_ptr, 0x4a0)), p)) - mstore(QAUX_EVAL_LOC, mod(calldataload(add(data_ptr, 0x4c0)), p)) - - mstore(SIGMA1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x4e0)), p)) - mstore(SIGMA2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x500)), p)) - - mstore(SIGMA3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x520)), p)) - mstore(SIGMA4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x540)), p)) - - mstore(TABLE1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x560)), p)) - mstore(TABLE2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x580)), p)) - mstore(TABLE3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x5a0)), p)) - mstore(TABLE4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x5c0)), p)) - mstore(TABLE_TYPE_EVAL_LOC, mod(calldataload(add(data_ptr, 0x5e0)), p)) - - mstore(ID1_EVAL_LOC, mod(calldataload(add(data_ptr, 0x600)), p)) - mstore(ID2_EVAL_LOC, mod(calldataload(add(data_ptr, 0x620)), p)) - mstore(ID3_EVAL_LOC, mod(calldataload(add(data_ptr, 0x640)), p)) - mstore(ID4_EVAL_LOC, mod(calldataload(add(data_ptr, 0x660)), p)) - - mstore(W1_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x680)), p)) - mstore(W2_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x6a0)), p)) - mstore(W3_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x6c0)), p)) - mstore(W4_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x6e0)), p)) - mstore(S_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x700)), p)) - - mstore(Z_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x720)), p)) - - mstore(Z_LOOKUP_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x740)), p)) - mstore(TABLE1_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x760)), p)) - mstore(TABLE2_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x780)), p)) - mstore(TABLE3_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x7a0)), p)) - mstore(TABLE4_OMEGA_EVAL_LOC, mod(calldataload(add(data_ptr, 0x7c0)), p)) - - mstore(PI_Z_Y_LOC, mod(calldataload(add(data_ptr, 0x7e0)), q)) - mstore(PI_Z_X_LOC, mod(calldataload(add(data_ptr, 0x800)), q)) - - mstore(PI_Z_OMEGA_Y_LOC, mod(calldataload(add(data_ptr, 0x820)), q)) - mstore(PI_Z_OMEGA_X_LOC, mod(calldataload(add(data_ptr, 0x840)), q)) - } - - /** - * LOAD RECURSIVE PROOF INTO MEMORY - */ - { - if mload(CONTAINS_RECURSIVE_PROOF_LOC) { - let public_inputs_ptr := add(calldataload(0x24), 0x24) - let index_counter := add(shl(5, mload(RECURSIVE_PROOF_PUBLIC_INPUT_INDICES_LOC)), public_inputs_ptr) - - let x0 := calldataload(index_counter) - x0 := add(x0, shl(68, calldataload(add(index_counter, 0x20)))) - x0 := add(x0, shl(136, calldataload(add(index_counter, 0x40)))) - x0 := add(x0, shl(204, calldataload(add(index_counter, 0x60)))) - let y0 := calldataload(add(index_counter, 0x80)) - y0 := add(y0, shl(68, calldataload(add(index_counter, 0xa0)))) - y0 := add(y0, shl(136, calldataload(add(index_counter, 0xc0)))) - y0 := add(y0, shl(204, calldataload(add(index_counter, 0xe0)))) - let x1 := calldataload(add(index_counter, 0x100)) - x1 := add(x1, shl(68, calldataload(add(index_counter, 0x120)))) - x1 := add(x1, shl(136, calldataload(add(index_counter, 0x140)))) - x1 := add(x1, shl(204, calldataload(add(index_counter, 0x160)))) - let y1 := calldataload(add(index_counter, 0x180)) - y1 := add(y1, shl(68, calldataload(add(index_counter, 0x1a0)))) - y1 := add(y1, shl(136, calldataload(add(index_counter, 0x1c0)))) - y1 := add(y1, shl(204, calldataload(add(index_counter, 0x1e0)))) - mstore(RECURSIVE_P1_X_LOC, x0) - mstore(RECURSIVE_P1_Y_LOC, y0) - mstore(RECURSIVE_P2_X_LOC, x1) - mstore(RECURSIVE_P2_Y_LOC, y1) - - // validate these are valid bn128 G1 points - if iszero(and(and(lt(x0, q), lt(x1, q)), and(lt(y0, q), lt(y1, q)))) { - mstore(0x00, PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR) - revert(0x00, 0x04) - } - } - } - - { - /** - * Generate initial challenge - */ - mstore(0x00, shl(224, mload(N_LOC))) - mstore(0x04, shl(224, mload(NUM_INPUTS_LOC))) - let challenge := keccak256(0x00, 0x08) - - /** - * Generate eta challenge - */ - mstore(PUBLIC_INPUTS_HASH_LOCATION, challenge) - // The public input location is stored at 0x24, we then add 0x24 to skip selector and the length of public inputs - let public_inputs_start := add(calldataload(0x24), 0x24) - // copy the public inputs over - let public_input_size := mul(mload(NUM_INPUTS_LOC), 0x20) - calldatacopy(add(PUBLIC_INPUTS_HASH_LOCATION, 0x20), public_inputs_start, public_input_size) - - // copy W1, W2, W3 into challenge. Each point is 0x40 bytes, so load 0xc0 = 3 * 0x40 bytes (ETA input length) - let w_start := add(calldataload(0x04), 0x24) - calldatacopy(add(add(PUBLIC_INPUTS_HASH_LOCATION, 0x20), public_input_size), w_start, ETA_INPUT_LENGTH) - - // Challenge is the old challenge + public inputs + W1, W2, W3 (0x20 + public_input_size + 0xc0) - let challenge_bytes_size := add(0x20, add(public_input_size, ETA_INPUT_LENGTH)) - - challenge := keccak256(PUBLIC_INPUTS_HASH_LOCATION, challenge_bytes_size) - { - let eta := mod(challenge, p) - mstore(C_ETA_LOC, eta) - mstore(C_ETA_SQR_LOC, mulmod(eta, eta, p)) - mstore(C_ETA_CUBE_LOC, mulmod(mload(C_ETA_SQR_LOC), eta, p)) - } - - /** - * Generate beta challenge - */ - mstore(0x00, challenge) - mstore(0x20, mload(W4_Y_LOC)) - mstore(0x40, mload(W4_X_LOC)) - mstore(0x60, mload(S_Y_LOC)) - mstore(0x80, mload(S_X_LOC)) - challenge := keccak256(0x00, 0xa0) - mstore(C_BETA_LOC, mod(challenge, p)) - - /** - * Generate gamma challenge - */ - mstore(0x00, challenge) - mstore8(0x20, 0x01) - challenge := keccak256(0x00, 0x21) - mstore(C_GAMMA_LOC, mod(challenge, p)) - - /** - * Generate alpha challenge - */ - mstore(0x00, challenge) - mstore(0x20, mload(Z_Y_LOC)) - mstore(0x40, mload(Z_X_LOC)) - mstore(0x60, mload(Z_LOOKUP_Y_LOC)) - mstore(0x80, mload(Z_LOOKUP_X_LOC)) - challenge := keccak256(0x00, 0xa0) - mstore(C_ALPHA_LOC, mod(challenge, p)) - - /** - * Compute and store some powers of alpha for future computations - */ - let alpha := mload(C_ALPHA_LOC) - mstore(C_ALPHA_SQR_LOC, mulmod(alpha, alpha, p)) - mstore(C_ALPHA_CUBE_LOC, mulmod(mload(C_ALPHA_SQR_LOC), alpha, p)) - mstore(C_ALPHA_QUAD_LOC, mulmod(mload(C_ALPHA_CUBE_LOC), alpha, p)) - mstore(C_ALPHA_BASE_LOC, alpha) - - /** - * Generate zeta challenge - */ - mstore(0x00, challenge) - mstore(0x20, mload(T1_Y_LOC)) - mstore(0x40, mload(T1_X_LOC)) - mstore(0x60, mload(T2_Y_LOC)) - mstore(0x80, mload(T2_X_LOC)) - mstore(0xa0, mload(T3_Y_LOC)) - mstore(0xc0, mload(T3_X_LOC)) - mstore(0xe0, mload(T4_Y_LOC)) - mstore(0x100, mload(T4_X_LOC)) - - challenge := keccak256(0x00, 0x120) - - mstore(C_ZETA_LOC, mod(challenge, p)) - mstore(C_CURRENT_LOC, challenge) - } - - /** - * EVALUATE FIELD OPERATIONS - */ - - /** - * COMPUTE PUBLIC INPUT DELTA - * ΔPI = ∏ᵢ∈ℓ(wᵢ + β σ(i) + γ) / ∏ᵢ∈ℓ(wᵢ + β σ'(i) + γ) - */ - { - let beta := mload(C_BETA_LOC) // β - let gamma := mload(C_GAMMA_LOC) // γ - let work_root := mload(OMEGA_LOC) // ω - let numerator_value := 1 - let denominator_value := 1 - - let p_clone := p // move p to the front of the stack - let valid_inputs := true - - // Load the starting point of the public inputs (jump over the selector and the length of public inputs [0x24]) - let public_inputs_ptr := add(calldataload(0x24), 0x24) - - // endpoint_ptr = public_inputs_ptr + num_inputs * 0x20. // every public input is 0x20 bytes - let endpoint_ptr := add(public_inputs_ptr, mul(mload(NUM_INPUTS_LOC), 0x20)) - - // root_1 = β * 0x05 - let root_1 := mulmod(beta, 0x05, p_clone) // k1.β - // root_2 = β * 0x0c - let root_2 := mulmod(beta, 0x0c, p_clone) - // @note 0x05 + 0x07 == 0x0c == external coset generator - - for {} lt(public_inputs_ptr, endpoint_ptr) { public_inputs_ptr := add(public_inputs_ptr, 0x20) } { - /** - * input = public_input[i] - * valid_inputs &= input < p - * temp = input + gamma - * numerator_value *= (β.σ(i) + wᵢ + γ) // σ(i) = 0x05.ωⁱ - * denominator_value *= (β.σ'(i) + wᵢ + γ) // σ'(i) = 0x0c.ωⁱ - * root_1 *= ω - * root_2 *= ω - */ - - let input := calldataload(public_inputs_ptr) - valid_inputs := and(valid_inputs, lt(input, p_clone)) - let temp := addmod(input, gamma, p_clone) - - numerator_value := mulmod(numerator_value, add(root_1, temp), p_clone) - denominator_value := mulmod(denominator_value, add(root_2, temp), p_clone) - - root_1 := mulmod(root_1, work_root, p_clone) - root_2 := mulmod(root_2, work_root, p_clone) - } - - // Revert if not all public inputs are field elements (i.e. < p) - if iszero(valid_inputs) { - mstore(0x00, PUBLIC_INPUT_GE_P_SELECTOR) - revert(0x00, 0x04) - } - - mstore(DELTA_NUMERATOR_LOC, numerator_value) - mstore(DELTA_DENOMINATOR_LOC, denominator_value) - } - - /** - * Compute Plookup delta factor [γ(1 + β)]^{n-k} - * k = num roots cut out of Z_H = 4 - */ - { - let delta_base := mulmod(mload(C_GAMMA_LOC), addmod(mload(C_BETA_LOC), 1, p), p) - let delta_numerator := delta_base - { - let exponent := mload(N_LOC) - let count := 1 - for {} lt(count, exponent) { count := add(count, count) } { - delta_numerator := mulmod(delta_numerator, delta_numerator, p) - } - } - mstore(PLOOKUP_DELTA_NUMERATOR_LOC, delta_numerator) - - let delta_denominator := mulmod(delta_base, delta_base, p) - delta_denominator := mulmod(delta_denominator, delta_denominator, p) - mstore(PLOOKUP_DELTA_DENOMINATOR_LOC, delta_denominator) - } - /** - * Compute lagrange poly and vanishing poly fractions - */ - { - /** - * vanishing_numerator = zeta - * ZETA_POW_N = zeta^n - * vanishing_numerator -= 1 - * accumulating_root = omega_inverse - * work_root = p - accumulating_root - * domain_inverse = domain_inverse - * vanishing_denominator = zeta + work_root - * work_root *= accumulating_root - * vanishing_denominator *= (zeta + work_root) - * work_root *= accumulating_root - * vanishing_denominator *= (zeta + work_root) - * vanishing_denominator *= (zeta + (zeta + accumulating_root)) - * work_root = omega - * lagrange_numerator = vanishing_numerator * domain_inverse - * l_start_denominator = zeta - 1 - * accumulating_root = work_root^2 - * l_end_denominator = accumulating_root^2 * work_root * zeta - 1 - * Note: l_end_denominator term contains a term \omega^5 to cut out 5 roots of unity from vanishing poly - */ - - let zeta := mload(C_ZETA_LOC) - - // compute zeta^n, where n is a power of 2 - let vanishing_numerator := zeta - { - // pow_small - let exponent := mload(N_LOC) - let count := 1 - for {} lt(count, exponent) { count := add(count, count) } { - vanishing_numerator := mulmod(vanishing_numerator, vanishing_numerator, p) - } - } - mstore(ZETA_POW_N_LOC, vanishing_numerator) - vanishing_numerator := addmod(vanishing_numerator, sub(p, 1), p) - - let accumulating_root := mload(OMEGA_INVERSE_LOC) - let work_root := sub(p, accumulating_root) - let domain_inverse := mload(DOMAIN_INVERSE_LOC) - - let vanishing_denominator := addmod(zeta, work_root, p) - work_root := mulmod(work_root, accumulating_root, p) - vanishing_denominator := mulmod(vanishing_denominator, addmod(zeta, work_root, p), p) - work_root := mulmod(work_root, accumulating_root, p) - vanishing_denominator := mulmod(vanishing_denominator, addmod(zeta, work_root, p), p) - vanishing_denominator := - mulmod(vanishing_denominator, addmod(zeta, mulmod(work_root, accumulating_root, p), p), p) - - work_root := mload(OMEGA_LOC) - - let lagrange_numerator := mulmod(vanishing_numerator, domain_inverse, p) - let l_start_denominator := addmod(zeta, sub(p, 1), p) - - accumulating_root := mulmod(work_root, work_root, p) - - let l_end_denominator := - addmod( - mulmod(mulmod(mulmod(accumulating_root, accumulating_root, p), work_root, p), zeta, p), sub(p, 1), p - ) - - /** - * Compute inversions using Montgomery's batch inversion trick - */ - let accumulator := mload(DELTA_DENOMINATOR_LOC) - let t0 := accumulator - accumulator := mulmod(accumulator, vanishing_denominator, p) - let t1 := accumulator - accumulator := mulmod(accumulator, vanishing_numerator, p) - let t2 := accumulator - accumulator := mulmod(accumulator, l_start_denominator, p) - let t3 := accumulator - accumulator := mulmod(accumulator, mload(PLOOKUP_DELTA_DENOMINATOR_LOC), p) - let t4 := accumulator - { - mstore(0, 0x20) - mstore(0x20, 0x20) - mstore(0x40, 0x20) - mstore(0x60, mulmod(accumulator, l_end_denominator, p)) - mstore(0x80, sub(p, 2)) - mstore(0xa0, p) - if iszero(staticcall(gas(), 0x05, 0x00, 0xc0, 0x00, 0x20)) { - mstore(0x0, MOD_EXP_FAILURE_SELECTOR) - revert(0x00, 0x04) - } - accumulator := mload(0x00) - } - - t4 := mulmod(accumulator, t4, p) - accumulator := mulmod(accumulator, l_end_denominator, p) - - t3 := mulmod(accumulator, t3, p) - accumulator := mulmod(accumulator, mload(PLOOKUP_DELTA_DENOMINATOR_LOC), p) - - t2 := mulmod(accumulator, t2, p) - accumulator := mulmod(accumulator, l_start_denominator, p) - - t1 := mulmod(accumulator, t1, p) - accumulator := mulmod(accumulator, vanishing_numerator, p) - - t0 := mulmod(accumulator, t0, p) - accumulator := mulmod(accumulator, vanishing_denominator, p) - - accumulator := mulmod(mulmod(accumulator, accumulator, p), mload(DELTA_DENOMINATOR_LOC), p) - - mstore(PUBLIC_INPUT_DELTA_LOC, mulmod(mload(DELTA_NUMERATOR_LOC), accumulator, p)) - mstore(ZERO_POLY_LOC, mulmod(vanishing_numerator, t0, p)) - mstore(ZERO_POLY_INVERSE_LOC, mulmod(vanishing_denominator, t1, p)) - mstore(L_START_LOC, mulmod(lagrange_numerator, t2, p)) - mstore(PLOOKUP_DELTA_LOC, mulmod(mload(PLOOKUP_DELTA_NUMERATOR_LOC), t3, p)) - mstore(L_END_LOC, mulmod(lagrange_numerator, t4, p)) - } - - /** - * UltraPlonk Widget Ordering: - * - * 1. Permutation widget - * 2. Plookup widget - * 3. Arithmetic widget - * 4. Fixed base widget (?) - * 5. GenPermSort widget - * 6. Elliptic widget - * 7. Auxiliary widget - */ - - /** - * COMPUTE PERMUTATION WIDGET EVALUATION - */ - { - let alpha := mload(C_ALPHA_LOC) - let beta := mload(C_BETA_LOC) - let gamma := mload(C_GAMMA_LOC) - - /** - * t1 = (W1 + gamma + beta * ID1) * (W2 + gamma + beta * ID2) - * t2 = (W3 + gamma + beta * ID3) * (W4 + gamma + beta * ID4) - * result = alpha_base * z_eval * t1 * t2 - * t1 = (W1 + gamma + beta * sigma_1_eval) * (W2 + gamma + beta * sigma_2_eval) - * t2 = (W2 + gamma + beta * sigma_3_eval) * (W3 + gamma + beta * sigma_4_eval) - * result -= (alpha_base * z_omega_eval * t1 * t2) - */ - let t1 := - mulmod( - add(add(mload(W1_EVAL_LOC), gamma), mulmod(beta, mload(ID1_EVAL_LOC), p)), - add(add(mload(W2_EVAL_LOC), gamma), mulmod(beta, mload(ID2_EVAL_LOC), p)), - p - ) - let t2 := - mulmod( - add(add(mload(W3_EVAL_LOC), gamma), mulmod(beta, mload(ID3_EVAL_LOC), p)), - add(add(mload(W4_EVAL_LOC), gamma), mulmod(beta, mload(ID4_EVAL_LOC), p)), - p - ) - let result := mulmod(mload(C_ALPHA_BASE_LOC), mulmod(mload(Z_EVAL_LOC), mulmod(t1, t2, p), p), p) - t1 := - mulmod( - add(add(mload(W1_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA1_EVAL_LOC), p)), - add(add(mload(W2_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA2_EVAL_LOC), p)), - p - ) - t2 := - mulmod( - add(add(mload(W3_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA3_EVAL_LOC), p)), - add(add(mload(W4_EVAL_LOC), gamma), mulmod(beta, mload(SIGMA4_EVAL_LOC), p)), - p - ) - result := - addmod( - result, - sub(p, mulmod(mload(C_ALPHA_BASE_LOC), mulmod(mload(Z_OMEGA_EVAL_LOC), mulmod(t1, t2, p), p), p)), - p - ) - - /** - * alpha_base *= alpha - * result += alpha_base . (L_{n-k}(ʓ) . (z(ʓ.ω) - ∆_{PI})) - * alpha_base *= alpha - * result += alpha_base . (L_1(ʓ)(Z(ʓ) - 1)) - * alpha_Base *= alpha - */ - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p)) - result := - addmod( - result, - mulmod( - mload(C_ALPHA_BASE_LOC), - mulmod( - mload(L_END_LOC), - addmod(mload(Z_OMEGA_EVAL_LOC), sub(p, mload(PUBLIC_INPUT_DELTA_LOC)), p), - p - ), - p - ), - p - ) - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p)) - mstore( - PERMUTATION_IDENTITY, - addmod( - result, - mulmod( - mload(C_ALPHA_BASE_LOC), - mulmod(mload(L_START_LOC), addmod(mload(Z_EVAL_LOC), sub(p, 1), p), p), - p - ), - p - ) - ) - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p)) - } - - /** - * COMPUTE PLOOKUP WIDGET EVALUATION - */ - { - /** - * Goal: f = (w1(z) + q2.w1(zω)) + η(w2(z) + qm.w2(zω)) + η²(w3(z) + qc.w_3(zω)) + q3(z).η³ - * f = η.q3(z) - * f += (w3(z) + qc.w_3(zω)) - * f *= η - * f += (w2(z) + qm.w2(zω)) - * f *= η - * f += (w1(z) + q2.w1(zω)) - */ - let f := mulmod(mload(C_ETA_LOC), mload(Q3_EVAL_LOC), p) - f := - addmod(f, addmod(mload(W3_EVAL_LOC), mulmod(mload(QC_EVAL_LOC), mload(W3_OMEGA_EVAL_LOC), p), p), p) - f := mulmod(f, mload(C_ETA_LOC), p) - f := - addmod(f, addmod(mload(W2_EVAL_LOC), mulmod(mload(QM_EVAL_LOC), mload(W2_OMEGA_EVAL_LOC), p), p), p) - f := mulmod(f, mload(C_ETA_LOC), p) - f := - addmod(f, addmod(mload(W1_EVAL_LOC), mulmod(mload(Q2_EVAL_LOC), mload(W1_OMEGA_EVAL_LOC), p), p), p) - - // t(z) = table4(z).η³ + table3(z).η² + table2(z).η + table1(z) - let t := - addmod( - addmod( - addmod( - mulmod(mload(TABLE4_EVAL_LOC), mload(C_ETA_CUBE_LOC), p), - mulmod(mload(TABLE3_EVAL_LOC), mload(C_ETA_SQR_LOC), p), - p - ), - mulmod(mload(TABLE2_EVAL_LOC), mload(C_ETA_LOC), p), - p - ), - mload(TABLE1_EVAL_LOC), - p - ) - - // t(zw) = table4(zw).η³ + table3(zw).η² + table2(zw).η + table1(zw) - let t_omega := - addmod( - addmod( - addmod( - mulmod(mload(TABLE4_OMEGA_EVAL_LOC), mload(C_ETA_CUBE_LOC), p), - mulmod(mload(TABLE3_OMEGA_EVAL_LOC), mload(C_ETA_SQR_LOC), p), - p - ), - mulmod(mload(TABLE2_OMEGA_EVAL_LOC), mload(C_ETA_LOC), p), - p - ), - mload(TABLE1_OMEGA_EVAL_LOC), - p - ) - - /** - * Goal: numerator = (TABLE_TYPE_EVAL * f(z) + γ) * (t(z) + βt(zω) + γ(β + 1)) * (β + 1) - * gamma_beta_constant = γ(β + 1) - * numerator = f * TABLE_TYPE_EVAL + gamma - * temp0 = t(z) + t(zω) * β + gamma_beta_constant - * numerator *= temp0 - * numerator *= (β + 1) - * temp0 = alpha * l_1 - * numerator += temp0 - * numerator *= z_lookup(z) - * numerator -= temp0 - */ - let gamma_beta_constant := mulmod(mload(C_GAMMA_LOC), addmod(mload(C_BETA_LOC), 1, p), p) - let numerator := addmod(mulmod(f, mload(TABLE_TYPE_EVAL_LOC), p), mload(C_GAMMA_LOC), p) - let temp0 := addmod(addmod(t, mulmod(t_omega, mload(C_BETA_LOC), p), p), gamma_beta_constant, p) - numerator := mulmod(numerator, temp0, p) - numerator := mulmod(numerator, addmod(mload(C_BETA_LOC), 1, p), p) - temp0 := mulmod(mload(C_ALPHA_LOC), mload(L_START_LOC), p) - numerator := addmod(numerator, temp0, p) - numerator := mulmod(numerator, mload(Z_LOOKUP_EVAL_LOC), p) - numerator := addmod(numerator, sub(p, temp0), p) - - /** - * Goal: denominator = z_lookup(zω)*[s(z) + βs(zω) + γ(1 + β)] - [z_lookup(zω) - [γ(1 + β)]^{n-k}]*α²L_end(z) - * note: delta_factor = [γ(1 + β)]^{n-k} - * denominator = s(z) + βs(zω) + γ(β + 1) - * temp1 = α²L_end(z) - * denominator -= temp1 - * denominator *= z_lookup(zω) - * denominator += temp1 * delta_factor - * PLOOKUP_IDENTITY = (numerator - denominator).alpha_base - * alpha_base *= alpha^3 - */ - let denominator := - addmod( - addmod(mload(S_EVAL_LOC), mulmod(mload(S_OMEGA_EVAL_LOC), mload(C_BETA_LOC), p), p), - gamma_beta_constant, - p - ) - let temp1 := mulmod(mload(C_ALPHA_SQR_LOC), mload(L_END_LOC), p) - denominator := addmod(denominator, sub(p, temp1), p) - denominator := mulmod(denominator, mload(Z_LOOKUP_OMEGA_EVAL_LOC), p) - denominator := addmod(denominator, mulmod(temp1, mload(PLOOKUP_DELTA_LOC), p), p) - - mstore(PLOOKUP_IDENTITY, mulmod(addmod(numerator, sub(p, denominator), p), mload(C_ALPHA_BASE_LOC), p)) - - // update alpha - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_CUBE_LOC), p)) - } - - /** - * COMPUTE ARITHMETIC WIDGET EVALUATION - */ - { - /** - * The basic arithmetic gate identity in standard plonk is as follows. - * (w_1 . w_2 . q_m) + (w_1 . q_1) + (w_2 . q_2) + (w_3 . q_3) + (w_4 . q_4) + q_c = 0 - * However, for Ultraplonk, we extend this to support "passing" wires between rows (shown without alpha scaling below): - * q_arith * ( ( (-1/2) * (q_arith - 3) * q_m * w_1 * w_2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c ) + - * (q_arith - 1)*( α * (q_arith - 2) * (w_1 + w_4 - w_1_omega + q_m) + w_4_omega) ) = 0 - * - * This formula results in several cases depending on q_arith: - * 1. q_arith == 0: Arithmetic gate is completely disabled - * - * 2. q_arith == 1: Everything in the minigate on the right is disabled. The equation is just a standard plonk equation - * with extra wires: q_m * w_1 * w_2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c = 0 - * - * 3. q_arith == 2: The (w_1 + w_4 - ...) term is disabled. THe equation is: - * (1/2) * q_m * w_1 * w_2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c + w_4_omega = 0 - * It allows defining w_4 at next index (w_4_omega) in terms of current wire values - * - * 4. q_arith == 3: The product of w_1 and w_2 is disabled, but a mini addition gate is enabled. α allows us to split - * the equation into two: - * - * q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c + 2 * w_4_omega = 0 - * and - * w_1 + w_4 - w_1_omega + q_m = 0 (we are reusing q_m here) - * - * 5. q_arith > 3: The product of w_1 and w_2 is scaled by (q_arith - 3), while the w_4_omega term is scaled by (q_arith - 1). - * The equation can be split into two: - * - * (q_arith - 3)* q_m * w_1 * w_ 2 + q_1 * w_1 + q_2 * w_2 + q_3 * w_3 + q_4 * w_4 + q_c + (q_arith - 1) * w_4_omega = 0 - * and - * w_1 + w_4 - w_1_omega + q_m = 0 - * - * The problem that q_m is used both in both equations can be dealt with by appropriately changing selector values at - * the next gate. Then we can treat (q_arith - 1) as a simulated q_6 selector and scale q_m to handle (q_arith - 3) at - * product. - */ - - let w1q1 := mulmod(mload(W1_EVAL_LOC), mload(Q1_EVAL_LOC), p) - let w2q2 := mulmod(mload(W2_EVAL_LOC), mload(Q2_EVAL_LOC), p) - let w3q3 := mulmod(mload(W3_EVAL_LOC), mload(Q3_EVAL_LOC), p) - let w4q3 := mulmod(mload(W4_EVAL_LOC), mload(Q4_EVAL_LOC), p) - - // @todo - Add a explicit test that hits QARITH == 3 - // w1w2qm := (w_1 . w_2 . q_m . (QARITH_EVAL_LOC - 3)) / 2 - let w1w2qm := - mulmod( - mulmod( - mulmod(mulmod(mload(W1_EVAL_LOC), mload(W2_EVAL_LOC), p), mload(QM_EVAL_LOC), p), - addmod(mload(QARITH_EVAL_LOC), sub(p, 3), p), - p - ), - NEGATIVE_INVERSE_OF_2_MODULO_P, - p - ) - - // (w_1 . w_2 . q_m . (q_arith - 3)) / -2) + (w_1 . q_1) + (w_2 . q_2) + (w_3 . q_3) + (w_4 . q_4) + q_c - let identity := - addmod( - mload(QC_EVAL_LOC), addmod(w4q3, addmod(w3q3, addmod(w2q2, addmod(w1q1, w1w2qm, p), p), p), p), p - ) - - // if q_arith == 3 we evaluate an additional mini addition gate (on top of the regular one), where: - // w_1 + w_4 - w_1_omega + q_m = 0 - // we use this gate to save an addition gate when adding or subtracting non-native field elements - // α * (q_arith - 2) * (w_1 + w_4 - w_1_omega + q_m) - let extra_small_addition_gate_identity := - mulmod( - mload(C_ALPHA_LOC), - mulmod( - addmod(mload(QARITH_EVAL_LOC), sub(p, 2), p), - addmod( - mload(QM_EVAL_LOC), - addmod( - sub(p, mload(W1_OMEGA_EVAL_LOC)), addmod(mload(W1_EVAL_LOC), mload(W4_EVAL_LOC), p), p - ), - p - ), - p - ), - p - ) - - // if q_arith == 2 OR q_arith == 3 we add the 4th wire of the NEXT gate into the arithmetic identity - // N.B. if q_arith > 2, this wire value will be scaled by (q_arith - 1) relative to the other gate wires! - // alpha_base * q_arith * (identity + (q_arith - 1) * (w_4_omega + extra_small_addition_gate_identity)) - mstore( - ARITHMETIC_IDENTITY, - mulmod( - mload(C_ALPHA_BASE_LOC), - mulmod( - mload(QARITH_EVAL_LOC), - addmod( - identity, - mulmod( - addmod(mload(QARITH_EVAL_LOC), sub(p, 1), p), - addmod(mload(W4_OMEGA_EVAL_LOC), extra_small_addition_gate_identity, p), - p - ), - p - ), - p - ), - p - ) - ) - - // update alpha - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_SQR_LOC), p)) - } - - /** - * COMPUTE GENPERMSORT WIDGET EVALUATION - */ - { - /** - * D1 = (w2 - w1) - * D2 = (w3 - w2) - * D3 = (w4 - w3) - * D4 = (w1_omega - w4) - * - * α_a = alpha_base - * α_b = alpha_base * α - * α_c = alpha_base * α^2 - * α_d = alpha_base * α^3 - * - * range_accumulator = ( - * D1(D1 - 1)(D1 - 2)(D1 - 3).α_a + - * D2(D2 - 1)(D2 - 2)(D2 - 3).α_b + - * D3(D3 - 1)(D3 - 2)(D3 - 3).α_c + - * D4(D4 - 1)(D4 - 2)(D4 - 3).α_d + - * ) . q_sort - */ - let minus_two := sub(p, 2) - let minus_three := sub(p, 3) - let d1 := addmod(mload(W2_EVAL_LOC), sub(p, mload(W1_EVAL_LOC)), p) - let d2 := addmod(mload(W3_EVAL_LOC), sub(p, mload(W2_EVAL_LOC)), p) - let d3 := addmod(mload(W4_EVAL_LOC), sub(p, mload(W3_EVAL_LOC)), p) - let d4 := addmod(mload(W1_OMEGA_EVAL_LOC), sub(p, mload(W4_EVAL_LOC)), p) - - let range_accumulator := - mulmod( - mulmod( - mulmod(addmod(mulmod(d1, d1, p), sub(p, d1), p), addmod(d1, minus_two, p), p), - addmod(d1, minus_three, p), - p - ), - mload(C_ALPHA_BASE_LOC), - p - ) - range_accumulator := - addmod( - range_accumulator, - mulmod( - mulmod( - mulmod(addmod(mulmod(d2, d2, p), sub(p, d2), p), addmod(d2, minus_two, p), p), - addmod(d2, minus_three, p), - p - ), - mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p), - p - ), - p - ) - range_accumulator := - addmod( - range_accumulator, - mulmod( - mulmod( - mulmod(addmod(mulmod(d3, d3, p), sub(p, d3), p), addmod(d3, minus_two, p), p), - addmod(d3, minus_three, p), - p - ), - mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_SQR_LOC), p), - p - ), - p - ) - range_accumulator := - addmod( - range_accumulator, - mulmod( - mulmod( - mulmod(addmod(mulmod(d4, d4, p), sub(p, d4), p), addmod(d4, minus_two, p), p), - addmod(d4, minus_three, p), - p - ), - mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_CUBE_LOC), p), - p - ), - p - ) - range_accumulator := mulmod(range_accumulator, mload(QSORT_EVAL_LOC), p) - - mstore(SORT_IDENTITY, range_accumulator) - - // update alpha - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_QUAD_LOC), p)) - } - - /** - * COMPUTE ELLIPTIC WIDGET EVALUATION - */ - { - /** - * endo_term = (-x_2) * x_1 * (x_3 * 2 + x_1) * q_beta - * endo_sqr_term = x_2^2 - * endo_sqr_term *= (x_3 - x_1) - * endo_sqr_term *= q_beta^2 - * leftovers = x_2^2 - * leftovers *= x_2 - * leftovers += x_1^2 * (x_3 + x_1) @follow-up Invalid comment in BB widget - * leftovers -= (y_2^2 + y_1^2) - * sign_term = y_2 * y_1 - * sign_term += sign_term - * sign_term *= q_sign - */ - // q_elliptic * (x3 + x2 + x1)(x2 - x1)(x2 - x1) - y2^2 - y1^2 + 2(y2y1)*q_sign = 0 - let x_diff := addmod(mload(X2_EVAL_LOC), sub(p, mload(X1_EVAL_LOC)), p) - let y2_sqr := mulmod(mload(Y2_EVAL_LOC), mload(Y2_EVAL_LOC), p) - let y1_sqr := mulmod(mload(Y1_EVAL_LOC), mload(Y1_EVAL_LOC), p) - let y1y2 := mulmod(mulmod(mload(Y1_EVAL_LOC), mload(Y2_EVAL_LOC), p), mload(QSIGN_LOC), p) - - let x_add_identity := - addmod( - mulmod( - addmod(mload(X3_EVAL_LOC), addmod(mload(X2_EVAL_LOC), mload(X1_EVAL_LOC), p), p), - mulmod(x_diff, x_diff, p), - p - ), - addmod(sub(p, addmod(y2_sqr, y1_sqr, p)), addmod(y1y2, y1y2, p), p), - p - ) - x_add_identity := - mulmod(mulmod(x_add_identity, addmod(1, sub(p, mload(QM_EVAL_LOC)), p), p), mload(C_ALPHA_BASE_LOC), p) - - // q_elliptic * (x3 + x2 + x1)(x2 - x1)(x2 - x1) - y2^2 - y1^2 + 2(y2y1)*q_sign = 0 - let y1_plus_y3 := addmod(mload(Y1_EVAL_LOC), mload(Y3_EVAL_LOC), p) - let y_diff := addmod(mulmod(mload(Y2_EVAL_LOC), mload(QSIGN_LOC), p), sub(p, mload(Y1_EVAL_LOC)), p) - let y_add_identity := - addmod( - mulmod(y1_plus_y3, x_diff, p), - mulmod(addmod(mload(X3_EVAL_LOC), sub(p, mload(X1_EVAL_LOC)), p), y_diff, p), - p - ) - y_add_identity := - mulmod( - mulmod(y_add_identity, addmod(1, sub(p, mload(QM_EVAL_LOC)), p), p), - mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p), - p - ) - - // ELLIPTIC_IDENTITY = (x_identity + y_identity) * Q_ELLIPTIC_EVAL - mstore( - ELLIPTIC_IDENTITY, mulmod(addmod(x_add_identity, y_add_identity, p), mload(QELLIPTIC_EVAL_LOC), p) - ) - } - { - /** - * x_pow_4 = (y_1_sqr - curve_b) * x_1; - * y_1_sqr_mul_4 = y_1_sqr + y_1_sqr; - * y_1_sqr_mul_4 += y_1_sqr_mul_4; - * x_1_pow_4_mul_9 = x_pow_4; - * x_1_pow_4_mul_9 += x_1_pow_4_mul_9; - * x_1_pow_4_mul_9 += x_1_pow_4_mul_9; - * x_1_pow_4_mul_9 += x_1_pow_4_mul_9; - * x_1_pow_4_mul_9 += x_pow_4; - * x_1_sqr_mul_3 = x_1_sqr + x_1_sqr + x_1_sqr; - * x_double_identity = (x_3 + x_1 + x_1) * y_1_sqr_mul_4 - x_1_pow_4_mul_9; - * y_double_identity = x_1_sqr_mul_3 * (x_1 - x_3) - (y_1 + y_1) * (y_1 + y_3); - */ - // (x3 + x1 + x1) (4y1*y1) - 9 * x1 * x1 * x1 * x1 = 0 - let x1_sqr := mulmod(mload(X1_EVAL_LOC), mload(X1_EVAL_LOC), p) - let y1_sqr := mulmod(mload(Y1_EVAL_LOC), mload(Y1_EVAL_LOC), p) - let x_pow_4 := mulmod(addmod(y1_sqr, GRUMPKIN_CURVE_B_PARAMETER_NEGATED, p), mload(X1_EVAL_LOC), p) - let y1_sqr_mul_4 := mulmod(y1_sqr, 4, p) - let x1_pow_4_mul_9 := mulmod(x_pow_4, 9, p) - let x1_sqr_mul_3 := mulmod(x1_sqr, 3, p) - let x_double_identity := - addmod( - mulmod( - addmod(mload(X3_EVAL_LOC), addmod(mload(X1_EVAL_LOC), mload(X1_EVAL_LOC), p), p), - y1_sqr_mul_4, - p - ), - sub(p, x1_pow_4_mul_9), - p - ) - // (y1 + y1) (2y1) - (3 * x1 * x1)(x1 - x3) = 0 - let y_double_identity := - addmod( - mulmod(x1_sqr_mul_3, addmod(mload(X1_EVAL_LOC), sub(p, mload(X3_EVAL_LOC)), p), p), - sub( - p, - mulmod( - addmod(mload(Y1_EVAL_LOC), mload(Y1_EVAL_LOC), p), - addmod(mload(Y1_EVAL_LOC), mload(Y3_EVAL_LOC), p), - p - ) - ), - p - ) - x_double_identity := mulmod(x_double_identity, mload(C_ALPHA_BASE_LOC), p) - y_double_identity := - mulmod(y_double_identity, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_LOC), p), p) - x_double_identity := mulmod(x_double_identity, mload(QM_EVAL_LOC), p) - y_double_identity := mulmod(y_double_identity, mload(QM_EVAL_LOC), p) - // ELLIPTIC_IDENTITY += (x_double_identity + y_double_identity) * Q_DOUBLE_EVAL - mstore( - ELLIPTIC_IDENTITY, - addmod( - mload(ELLIPTIC_IDENTITY), - mulmod(addmod(x_double_identity, y_double_identity, p), mload(QELLIPTIC_EVAL_LOC), p), - p - ) - ) - - // update alpha - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_QUAD_LOC), p)) - } - - /** - * COMPUTE AUXILIARY WIDGET EVALUATION - */ - { - { - /** - * Non native field arithmetic gate 2 - * _ _ - * / _ _ _ 14 \ - * q_2 . q_4 | (w_1 . w_2) + (w_1 . w_2) + (w_1 . w_4 + w_2 . w_3 - w_3) . 2 - w_3 - w_4 | - * \_ _/ - * - * limb_subproduct = w_1 . w_2_omega + w_1_omega . w_2 - * non_native_field_gate_2 = w_1 * w_4 + w_4 * w_3 - w_3_omega - * non_native_field_gate_2 = non_native_field_gate_2 * limb_size - * non_native_field_gate_2 -= w_4_omega - * non_native_field_gate_2 += limb_subproduct - * non_native_field_gate_2 *= q_4 - * limb_subproduct *= limb_size - * limb_subproduct += w_1_omega * w_2_omega - * non_native_field_gate_1 = (limb_subproduct + w_3 + w_4) * q_3 - * non_native_field_gate_3 = (limb_subproduct + w_4 - (w_3_omega + w_4_omega)) * q_m - * non_native_field_identity = (non_native_field_gate_1 + non_native_field_gate_2 + non_native_field_gate_3) * q_2 - */ - - let limb_subproduct := - addmod( - mulmod(mload(W1_EVAL_LOC), mload(W2_OMEGA_EVAL_LOC), p), - mulmod(mload(W1_OMEGA_EVAL_LOC), mload(W2_EVAL_LOC), p), - p - ) - - let non_native_field_gate_2 := - addmod( - addmod( - mulmod(mload(W1_EVAL_LOC), mload(W4_EVAL_LOC), p), - mulmod(mload(W2_EVAL_LOC), mload(W3_EVAL_LOC), p), - p - ), - sub(p, mload(W3_OMEGA_EVAL_LOC)), - p - ) - non_native_field_gate_2 := mulmod(non_native_field_gate_2, LIMB_SIZE, p) - non_native_field_gate_2 := addmod(non_native_field_gate_2, sub(p, mload(W4_OMEGA_EVAL_LOC)), p) - non_native_field_gate_2 := addmod(non_native_field_gate_2, limb_subproduct, p) - non_native_field_gate_2 := mulmod(non_native_field_gate_2, mload(Q4_EVAL_LOC), p) - limb_subproduct := mulmod(limb_subproduct, LIMB_SIZE, p) - limb_subproduct := - addmod(limb_subproduct, mulmod(mload(W1_OMEGA_EVAL_LOC), mload(W2_OMEGA_EVAL_LOC), p), p) - let non_native_field_gate_1 := - mulmod( - addmod(limb_subproduct, sub(p, addmod(mload(W3_EVAL_LOC), mload(W4_EVAL_LOC), p)), p), - mload(Q3_EVAL_LOC), - p - ) - let non_native_field_gate_3 := - mulmod( - addmod( - addmod(limb_subproduct, mload(W4_EVAL_LOC), p), - sub(p, addmod(mload(W3_OMEGA_EVAL_LOC), mload(W4_OMEGA_EVAL_LOC), p)), - p - ), - mload(QM_EVAL_LOC), - p - ) - let non_native_field_identity := - mulmod( - addmod(addmod(non_native_field_gate_1, non_native_field_gate_2, p), non_native_field_gate_3, p), - mload(Q2_EVAL_LOC), - p - ) - - mstore(AUX_NON_NATIVE_FIELD_EVALUATION, non_native_field_identity) - } - - { - /** - * limb_accumulator_1 = w_2_omega; - * limb_accumulator_1 *= SUBLIMB_SHIFT; - * limb_accumulator_1 += w_1_omega; - * limb_accumulator_1 *= SUBLIMB_SHIFT; - * limb_accumulator_1 += w_3; - * limb_accumulator_1 *= SUBLIMB_SHIFT; - * limb_accumulator_1 += w_2; - * limb_accumulator_1 *= SUBLIMB_SHIFT; - * limb_accumulator_1 += w_1; - * limb_accumulator_1 -= w_4; - * limb_accumulator_1 *= q_4; - */ - let limb_accumulator_1 := mulmod(mload(W2_OMEGA_EVAL_LOC), SUBLIMB_SHIFT, p) - limb_accumulator_1 := addmod(limb_accumulator_1, mload(W1_OMEGA_EVAL_LOC), p) - limb_accumulator_1 := mulmod(limb_accumulator_1, SUBLIMB_SHIFT, p) - limb_accumulator_1 := addmod(limb_accumulator_1, mload(W3_EVAL_LOC), p) - limb_accumulator_1 := mulmod(limb_accumulator_1, SUBLIMB_SHIFT, p) - limb_accumulator_1 := addmod(limb_accumulator_1, mload(W2_EVAL_LOC), p) - limb_accumulator_1 := mulmod(limb_accumulator_1, SUBLIMB_SHIFT, p) - limb_accumulator_1 := addmod(limb_accumulator_1, mload(W1_EVAL_LOC), p) - limb_accumulator_1 := addmod(limb_accumulator_1, sub(p, mload(W4_EVAL_LOC)), p) - limb_accumulator_1 := mulmod(limb_accumulator_1, mload(Q4_EVAL_LOC), p) - - /** - * limb_accumulator_2 = w_3_omega; - * limb_accumulator_2 *= SUBLIMB_SHIFT; - * limb_accumulator_2 += w_2_omega; - * limb_accumulator_2 *= SUBLIMB_SHIFT; - * limb_accumulator_2 += w_1_omega; - * limb_accumulator_2 *= SUBLIMB_SHIFT; - * limb_accumulator_2 += w_4; - * limb_accumulator_2 *= SUBLIMB_SHIFT; - * limb_accumulator_2 += w_3; - * limb_accumulator_2 -= w_4_omega; - * limb_accumulator_2 *= q_m; - */ - let limb_accumulator_2 := mulmod(mload(W3_OMEGA_EVAL_LOC), SUBLIMB_SHIFT, p) - limb_accumulator_2 := addmod(limb_accumulator_2, mload(W2_OMEGA_EVAL_LOC), p) - limb_accumulator_2 := mulmod(limb_accumulator_2, SUBLIMB_SHIFT, p) - limb_accumulator_2 := addmod(limb_accumulator_2, mload(W1_OMEGA_EVAL_LOC), p) - limb_accumulator_2 := mulmod(limb_accumulator_2, SUBLIMB_SHIFT, p) - limb_accumulator_2 := addmod(limb_accumulator_2, mload(W4_EVAL_LOC), p) - limb_accumulator_2 := mulmod(limb_accumulator_2, SUBLIMB_SHIFT, p) - limb_accumulator_2 := addmod(limb_accumulator_2, mload(W3_EVAL_LOC), p) - limb_accumulator_2 := addmod(limb_accumulator_2, sub(p, mload(W4_OMEGA_EVAL_LOC)), p) - limb_accumulator_2 := mulmod(limb_accumulator_2, mload(QM_EVAL_LOC), p) - - mstore( - AUX_LIMB_ACCUMULATOR_EVALUATION, - mulmod(addmod(limb_accumulator_1, limb_accumulator_2, p), mload(Q3_EVAL_LOC), p) - ) - } - - { - /** - * memory_record_check = w_3; - * memory_record_check *= eta; - * memory_record_check += w_2; - * memory_record_check *= eta; - * memory_record_check += w_1; - * memory_record_check *= eta; - * memory_record_check += q_c; - * - * partial_record_check = memory_record_check; - * - * memory_record_check -= w_4; - */ - - let memory_record_check := mulmod(mload(W3_EVAL_LOC), mload(C_ETA_LOC), p) - memory_record_check := addmod(memory_record_check, mload(W2_EVAL_LOC), p) - memory_record_check := mulmod(memory_record_check, mload(C_ETA_LOC), p) - memory_record_check := addmod(memory_record_check, mload(W1_EVAL_LOC), p) - memory_record_check := mulmod(memory_record_check, mload(C_ETA_LOC), p) - memory_record_check := addmod(memory_record_check, mload(QC_EVAL_LOC), p) - - let partial_record_check := memory_record_check - memory_record_check := addmod(memory_record_check, sub(p, mload(W4_EVAL_LOC)), p) - - mstore(AUX_MEMORY_EVALUATION, memory_record_check) - - // index_delta = w_1_omega - w_1 - let index_delta := addmod(mload(W1_OMEGA_EVAL_LOC), sub(p, mload(W1_EVAL_LOC)), p) - // record_delta = w_4_omega - w_4 - let record_delta := addmod(mload(W4_OMEGA_EVAL_LOC), sub(p, mload(W4_EVAL_LOC)), p) - // index_is_monotonically_increasing = index_delta * (index_delta - 1) - let index_is_monotonically_increasing := mulmod(index_delta, addmod(index_delta, sub(p, 1), p), p) - - // adjacent_values_match_if_adjacent_indices_match = record_delta * (1 - index_delta) - let adjacent_values_match_if_adjacent_indices_match := - mulmod(record_delta, addmod(1, sub(p, index_delta), p), p) - - // AUX_ROM_CONSISTENCY_EVALUATION = ((adjacent_values_match_if_adjacent_indices_match * alpha) + index_is_monotonically_increasing) * alpha + partial_record_check - mstore( - AUX_ROM_CONSISTENCY_EVALUATION, - addmod( - mulmod( - addmod( - mulmod(adjacent_values_match_if_adjacent_indices_match, mload(C_ALPHA_LOC), p), - index_is_monotonically_increasing, - p - ), - mload(C_ALPHA_LOC), - p - ), - memory_record_check, - p - ) - ) - - { - /** - * next_gate_access_type = w_3_omega; - * next_gate_access_type *= eta; - * next_gate_access_type += w_2_omega; - * next_gate_access_type *= eta; - * next_gate_access_type += w_1_omega; - * next_gate_access_type *= eta; - * next_gate_access_type = w_4_omega - next_gate_access_type; - */ - let next_gate_access_type := mulmod(mload(W3_OMEGA_EVAL_LOC), mload(C_ETA_LOC), p) - next_gate_access_type := addmod(next_gate_access_type, mload(W2_OMEGA_EVAL_LOC), p) - next_gate_access_type := mulmod(next_gate_access_type, mload(C_ETA_LOC), p) - next_gate_access_type := addmod(next_gate_access_type, mload(W1_OMEGA_EVAL_LOC), p) - next_gate_access_type := mulmod(next_gate_access_type, mload(C_ETA_LOC), p) - next_gate_access_type := addmod(mload(W4_OMEGA_EVAL_LOC), sub(p, next_gate_access_type), p) - - // value_delta = w_3_omega - w_3 - let value_delta := addmod(mload(W3_OMEGA_EVAL_LOC), sub(p, mload(W3_EVAL_LOC)), p) - // adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation = (1 - index_delta) * value_delta * (1 - next_gate_access_type); - - let adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation := - mulmod( - addmod(1, sub(p, index_delta), p), - mulmod(value_delta, addmod(1, sub(p, next_gate_access_type), p), p), - p - ) - - // AUX_RAM_CONSISTENCY_EVALUATION - - /** - * access_type = w_4 - partial_record_check - * access_check = access_type^2 - access_type - * next_gate_access_type_is_boolean = next_gate_access_type^2 - next_gate_access_type - * RAM_consistency_check_identity = adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation; - * RAM_consistency_check_identity *= alpha; - * RAM_consistency_check_identity += index_is_monotonically_increasing; - * RAM_consistency_check_identity *= alpha; - * RAM_consistency_check_identity += next_gate_access_type_is_boolean; - * RAM_consistency_check_identity *= alpha; - * RAM_consistency_check_identity += access_check; - */ - - let access_type := addmod(mload(W4_EVAL_LOC), sub(p, partial_record_check), p) - let access_check := mulmod(access_type, addmod(access_type, sub(p, 1), p), p) - let next_gate_access_type_is_boolean := - mulmod(next_gate_access_type, addmod(next_gate_access_type, sub(p, 1), p), p) - let RAM_cci := - mulmod( - adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation, - mload(C_ALPHA_LOC), - p - ) - RAM_cci := addmod(RAM_cci, index_is_monotonically_increasing, p) - RAM_cci := mulmod(RAM_cci, mload(C_ALPHA_LOC), p) - RAM_cci := addmod(RAM_cci, next_gate_access_type_is_boolean, p) - RAM_cci := mulmod(RAM_cci, mload(C_ALPHA_LOC), p) - RAM_cci := addmod(RAM_cci, access_check, p) - - mstore(AUX_RAM_CONSISTENCY_EVALUATION, RAM_cci) - } - - { - // timestamp_delta = w_2_omega - w_2 - let timestamp_delta := addmod(mload(W2_OMEGA_EVAL_LOC), sub(p, mload(W2_EVAL_LOC)), p) - - // RAM_timestamp_check_identity = (1 - index_delta) * timestamp_delta - w_3 - let RAM_timestamp_check_identity := - addmod( - mulmod(timestamp_delta, addmod(1, sub(p, index_delta), p), p), sub(p, mload(W3_EVAL_LOC)), p - ) - - /** - * memory_identity = ROM_consistency_check_identity * q_2; - * memory_identity += RAM_timestamp_check_identity * q_4; - * memory_identity += memory_record_check * q_m; - * memory_identity *= q_1; - * memory_identity += (RAM_consistency_check_identity * q_arith); - * - * auxiliary_identity = memory_identity + non_native_field_identity + limb_accumulator_identity; - * auxiliary_identity *= q_aux; - * auxiliary_identity *= alpha_base; - */ - let memory_identity := mulmod(mload(AUX_ROM_CONSISTENCY_EVALUATION), mload(Q2_EVAL_LOC), p) - memory_identity := - addmod(memory_identity, mulmod(RAM_timestamp_check_identity, mload(Q4_EVAL_LOC), p), p) - memory_identity := - addmod(memory_identity, mulmod(mload(AUX_MEMORY_EVALUATION), mload(QM_EVAL_LOC), p), p) - memory_identity := mulmod(memory_identity, mload(Q1_EVAL_LOC), p) - memory_identity := - addmod( - memory_identity, mulmod(mload(AUX_RAM_CONSISTENCY_EVALUATION), mload(QARITH_EVAL_LOC), p), p - ) - - let auxiliary_identity := addmod(memory_identity, mload(AUX_NON_NATIVE_FIELD_EVALUATION), p) - auxiliary_identity := addmod(auxiliary_identity, mload(AUX_LIMB_ACCUMULATOR_EVALUATION), p) - auxiliary_identity := mulmod(auxiliary_identity, mload(QAUX_EVAL_LOC), p) - auxiliary_identity := mulmod(auxiliary_identity, mload(C_ALPHA_BASE_LOC), p) - - mstore(AUX_IDENTITY, auxiliary_identity) - - // update alpha - mstore(C_ALPHA_BASE_LOC, mulmod(mload(C_ALPHA_BASE_LOC), mload(C_ALPHA_CUBE_LOC), p)) - } - } - } - - { - /** - * quotient = ARITHMETIC_IDENTITY - * quotient += PERMUTATION_IDENTITY - * quotient += PLOOKUP_IDENTITY - * quotient += SORT_IDENTITY - * quotient += ELLIPTIC_IDENTITY - * quotient += AUX_IDENTITY - * quotient *= ZERO_POLY_INVERSE - */ - mstore( - QUOTIENT_EVAL_LOC, - mulmod( - addmod( - addmod( - addmod( - addmod( - addmod(mload(PERMUTATION_IDENTITY), mload(PLOOKUP_IDENTITY), p), - mload(ARITHMETIC_IDENTITY), - p - ), - mload(SORT_IDENTITY), - p - ), - mload(ELLIPTIC_IDENTITY), - p - ), - mload(AUX_IDENTITY), - p - ), - mload(ZERO_POLY_INVERSE_LOC), - p - ) - ) - } - - /** - * GENERATE NU AND SEPARATOR CHALLENGES - */ - { - let current_challenge := mload(C_CURRENT_LOC) - // get a calldata pointer that points to the start of the data we want to copy - let calldata_ptr := add(calldataload(0x04), 0x24) - - calldata_ptr := add(calldata_ptr, NU_CALLDATA_SKIP_LENGTH) - - mstore(NU_CHALLENGE_INPUT_LOC_A, current_challenge) - mstore(NU_CHALLENGE_INPUT_LOC_B, mload(QUOTIENT_EVAL_LOC)) - calldatacopy(NU_CHALLENGE_INPUT_LOC_C, calldata_ptr, NU_INPUT_LENGTH) - - // hash length = (0x20 + num field elements), we include the previous challenge in the hash - let challenge := keccak256(NU_CHALLENGE_INPUT_LOC_A, add(NU_INPUT_LENGTH, 0x40)) - - mstore(C_V0_LOC, mod(challenge, p)) - // We need THIRTY-ONE independent nu challenges! - mstore(0x00, challenge) - mstore8(0x20, 0x01) - mstore(C_V1_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x02) - mstore(C_V2_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x03) - mstore(C_V3_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x04) - mstore(C_V4_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x05) - mstore(C_V5_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x06) - mstore(C_V6_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x07) - mstore(C_V7_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x08) - mstore(C_V8_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x09) - mstore(C_V9_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x0a) - mstore(C_V10_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x0b) - mstore(C_V11_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x0c) - mstore(C_V12_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x0d) - mstore(C_V13_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x0e) - mstore(C_V14_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x0f) - mstore(C_V15_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x10) - mstore(C_V16_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x11) - mstore(C_V17_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x12) - mstore(C_V18_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x13) - mstore(C_V19_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x14) - mstore(C_V20_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x15) - mstore(C_V21_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x16) - mstore(C_V22_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x17) - mstore(C_V23_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x18) - mstore(C_V24_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x19) - mstore(C_V25_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x1a) - mstore(C_V26_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x1b) - mstore(C_V27_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x1c) - mstore(C_V28_LOC, mod(keccak256(0x00, 0x21), p)) - mstore8(0x20, 0x1d) - mstore(C_V29_LOC, mod(keccak256(0x00, 0x21), p)) - - // @follow-up - Why are both v29 and v30 using appending 0x1d to the prior challenge and hashing, should it not change? - mstore8(0x20, 0x1d) - challenge := keccak256(0x00, 0x21) - mstore(C_V30_LOC, mod(challenge, p)) - - // separator - mstore(0x00, challenge) - mstore(0x20, mload(PI_Z_Y_LOC)) - mstore(0x40, mload(PI_Z_X_LOC)) - mstore(0x60, mload(PI_Z_OMEGA_Y_LOC)) - mstore(0x80, mload(PI_Z_OMEGA_X_LOC)) - - mstore(C_U_LOC, mod(keccak256(0x00, 0xa0), p)) - } - - let success := 0 - // VALIDATE T1 - { - let x := mload(T1_X_LOC) - let y := mload(T1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q)) - mstore(ACCUMULATOR_X_LOC, x) - mstore(add(ACCUMULATOR_X_LOC, 0x20), y) - } - // VALIDATE T2 - { - let x := mload(T2_X_LOC) // 0x1400 - let y := mload(T2_Y_LOC) // 0x1420 - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(ZETA_POW_N_LOC)) - // accumulator_2 = [T2].zeta^n - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = [T1] + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE T3 - { - let x := mload(T3_X_LOC) - let y := mload(T3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(mload(ZETA_POW_N_LOC), mload(ZETA_POW_N_LOC), p)) - // accumulator_2 = [T3].zeta^{2n} - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE T4 - { - let x := mload(T4_X_LOC) - let y := mload(T4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(mulmod(mload(ZETA_POW_N_LOC), mload(ZETA_POW_N_LOC), p), mload(ZETA_POW_N_LOC), p)) - // accumulator_2 = [T4].zeta^{3n} - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE W1 - { - let x := mload(W1_X_LOC) - let y := mload(W1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V0_LOC), p)) - // accumulator_2 = v0.(u + 1).[W1] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE W2 - { - let x := mload(W2_X_LOC) - let y := mload(W2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V1_LOC), p)) - // accumulator_2 = v1.(u + 1).[W2] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE W3 - { - let x := mload(W3_X_LOC) - let y := mload(W3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V2_LOC), p)) - // accumulator_2 = v2.(u + 1).[W3] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE W4 - { - let x := mload(W4_X_LOC) - let y := mload(W4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V3_LOC), p)) - // accumulator_2 = v3.(u + 1).[W4] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE S - { - let x := mload(S_X_LOC) - let y := mload(S_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V4_LOC), p)) - // accumulator_2 = v4.(u + 1).[S] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE Z - { - let x := mload(Z_X_LOC) - let y := mload(Z_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V5_LOC), p)) - // accumulator_2 = v5.(u + 1).[Z] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE Z_LOOKUP - { - let x := mload(Z_LOOKUP_X_LOC) - let y := mload(Z_LOOKUP_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V6_LOC), p)) - // accumulator_2 = v6.(u + 1).[Z_LOOKUP] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE Q1 - { - let x := mload(Q1_X_LOC) - let y := mload(Q1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V7_LOC)) - // accumulator_2 = v7.[Q1] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE Q2 - { - let x := mload(Q2_X_LOC) - let y := mload(Q2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V8_LOC)) - // accumulator_2 = v8.[Q2] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE Q3 - { - let x := mload(Q3_X_LOC) - let y := mload(Q3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V9_LOC)) - // accumulator_2 = v9.[Q3] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE Q4 - { - let x := mload(Q4_X_LOC) - let y := mload(Q4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V10_LOC)) - // accumulator_2 = v10.[Q4] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE QM - { - let x := mload(QM_X_LOC) - let y := mload(QM_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V11_LOC)) - // accumulator_2 = v11.[Q;] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE QC - { - let x := mload(QC_X_LOC) - let y := mload(QC_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V12_LOC)) - // accumulator_2 = v12.[QC] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE QARITH - { - let x := mload(QARITH_X_LOC) - let y := mload(QARITH_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V13_LOC)) - // accumulator_2 = v13.[QARITH] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE QSORT - { - let x := mload(QSORT_X_LOC) - let y := mload(QSORT_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V14_LOC)) - // accumulator_2 = v14.[QSORT] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE QELLIPTIC - { - let x := mload(QELLIPTIC_X_LOC) - let y := mload(QELLIPTIC_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V15_LOC)) - // accumulator_2 = v15.[QELLIPTIC] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE QAUX - { - let x := mload(QAUX_X_LOC) - let y := mload(QAUX_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V16_LOC)) - // accumulator_2 = v15.[Q_AUX] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE SIGMA1 - { - let x := mload(SIGMA1_X_LOC) - let y := mload(SIGMA1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V17_LOC)) - // accumulator_2 = v17.[sigma1] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE SIGMA2 - { - let x := mload(SIGMA2_X_LOC) - let y := mload(SIGMA2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V18_LOC)) - // accumulator_2 = v18.[sigma2] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE SIGMA3 - { - let x := mload(SIGMA3_X_LOC) - let y := mload(SIGMA3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V19_LOC)) - // accumulator_2 = v19.[sigma3] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE SIGMA4 - { - let x := mload(SIGMA4_X_LOC) - let y := mload(SIGMA4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V20_LOC)) - // accumulator_2 = v20.[sigma4] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE TABLE1 - { - let x := mload(TABLE1_X_LOC) - let y := mload(TABLE1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V21_LOC), p)) - // accumulator_2 = u.[table1] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE TABLE2 - { - let x := mload(TABLE2_X_LOC) - let y := mload(TABLE2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V22_LOC), p)) - // accumulator_2 = u.[table2] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE TABLE3 - { - let x := mload(TABLE3_X_LOC) - let y := mload(TABLE3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V23_LOC), p)) - // accumulator_2 = u.[table3] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE TABLE4 - { - let x := mload(TABLE4_X_LOC) - let y := mload(TABLE4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(addmod(mload(C_U_LOC), 0x1, p), mload(C_V24_LOC), p)) - // accumulator_2 = u.[table4] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE TABLE_TYPE - { - let x := mload(TABLE_TYPE_X_LOC) - let y := mload(TABLE_TYPE_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V25_LOC)) - // accumulator_2 = v25.[TableType] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE ID1 - { - let x := mload(ID1_X_LOC) - let y := mload(ID1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V26_LOC)) - // accumulator_2 = v26.[ID1] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE ID2 - { - let x := mload(ID2_X_LOC) - let y := mload(ID2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V27_LOC)) - // accumulator_2 = v27.[ID2] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE ID3 - { - let x := mload(ID3_X_LOC) - let y := mload(ID3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V28_LOC)) - // accumulator_2 = v28.[ID3] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE ID4 - { - let x := mload(ID4_X_LOC) - let y := mload(ID4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mload(C_V29_LOC)) - // accumulator_2 = v29.[ID4] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - /** - * COMPUTE BATCH EVALUATION SCALAR MULTIPLIER - */ - { - /** - * batch_evaluation = v0 * (w_1_omega * u + w_1_eval) - * batch_evaluation += v1 * (w_2_omega * u + w_2_eval) - * batch_evaluation += v2 * (w_3_omega * u + w_3_eval) - * batch_evaluation += v3 * (w_4_omega * u + w_4_eval) - * batch_evaluation += v4 * (s_omega_eval * u + s_eval) - * batch_evaluation += v5 * (z_omega_eval * u + z_eval) - * batch_evaluation += v6 * (z_lookup_omega_eval * u + z_lookup_eval) - */ - let batch_evaluation := - mulmod( - mload(C_V0_LOC), - addmod(mulmod(mload(W1_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W1_EVAL_LOC), p), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V1_LOC), - addmod(mulmod(mload(W2_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W2_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V2_LOC), - addmod(mulmod(mload(W3_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W3_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V3_LOC), - addmod(mulmod(mload(W4_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(W4_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V4_LOC), - addmod(mulmod(mload(S_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(S_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V5_LOC), - addmod(mulmod(mload(Z_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(Z_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V6_LOC), - addmod(mulmod(mload(Z_LOOKUP_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(Z_LOOKUP_EVAL_LOC), p), - p - ), - p - ) - - /** - * batch_evaluation += v7 * Q1_EVAL - * batch_evaluation += v8 * Q2_EVAL - * batch_evaluation += v9 * Q3_EVAL - * batch_evaluation += v10 * Q4_EVAL - * batch_evaluation += v11 * QM_EVAL - * batch_evaluation += v12 * QC_EVAL - * batch_evaluation += v13 * QARITH_EVAL - * batch_evaluation += v14 * QSORT_EVAL_LOC - * batch_evaluation += v15 * QELLIPTIC_EVAL_LOC - * batch_evaluation += v16 * QAUX_EVAL_LOC - * batch_evaluation += v17 * SIGMA1_EVAL_LOC - * batch_evaluation += v18 * SIGMA2_EVAL_LOC - * batch_evaluation += v19 * SIGMA3_EVAL_LOC - * batch_evaluation += v20 * SIGMA4_EVAL_LOC - */ - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V7_LOC), mload(Q1_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V8_LOC), mload(Q2_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V9_LOC), mload(Q3_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V10_LOC), mload(Q4_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V11_LOC), mload(QM_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V12_LOC), mload(QC_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V13_LOC), mload(QARITH_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V14_LOC), mload(QSORT_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V15_LOC), mload(QELLIPTIC_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V16_LOC), mload(QAUX_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V17_LOC), mload(SIGMA1_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V18_LOC), mload(SIGMA2_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V19_LOC), mload(SIGMA3_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V20_LOC), mload(SIGMA4_EVAL_LOC), p), p) - - /** - * batch_evaluation += v21 * (table1(zw) * u + table1(z)) - * batch_evaluation += v22 * (table2(zw) * u + table2(z)) - * batch_evaluation += v23 * (table3(zw) * u + table3(z)) - * batch_evaluation += v24 * (table4(zw) * u + table4(z)) - * batch_evaluation += v25 * table_type_eval - * batch_evaluation += v26 * id1_eval - * batch_evaluation += v27 * id2_eval - * batch_evaluation += v28 * id3_eval - * batch_evaluation += v29 * id4_eval - * batch_evaluation += quotient_eval - */ - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V21_LOC), - addmod(mulmod(mload(TABLE1_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE1_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V22_LOC), - addmod(mulmod(mload(TABLE2_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE2_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V23_LOC), - addmod(mulmod(mload(TABLE3_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE3_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := - addmod( - batch_evaluation, - mulmod( - mload(C_V24_LOC), - addmod(mulmod(mload(TABLE4_OMEGA_EVAL_LOC), mload(C_U_LOC), p), mload(TABLE4_EVAL_LOC), p), - p - ), - p - ) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V25_LOC), mload(TABLE_TYPE_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V26_LOC), mload(ID1_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V27_LOC), mload(ID2_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V28_LOC), mload(ID3_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mulmod(mload(C_V29_LOC), mload(ID4_EVAL_LOC), p), p) - batch_evaluation := addmod(batch_evaluation, mload(QUOTIENT_EVAL_LOC), p) - - mstore(0x00, 0x01) // [1].x - mstore(0x20, 0x02) // [1].y - mstore(0x40, sub(p, batch_evaluation)) - // accumulator_2 = -[1].(batch_evaluation) - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - mstore(OPENING_COMMITMENT_SUCCESS_FLAG, success) - } - - /** - * PERFORM PAIRING PREAMBLE - */ - { - let u := mload(C_U_LOC) - let zeta := mload(C_ZETA_LOC) - // VALIDATE PI_Z - { - let x := mload(PI_Z_X_LOC) - let y := mload(PI_Z_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q)) - mstore(0x00, x) - mstore(0x20, y) - } - // compute zeta.[PI_Z] and add into accumulator - mstore(0x40, zeta) - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // accumulator = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - - // VALIDATE PI_Z_OMEGA - { - let x := mload(PI_Z_OMEGA_X_LOC) - let y := mload(PI_Z_OMEGA_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - mstore(0x40, mulmod(mulmod(u, zeta, p), mload(OMEGA_LOC), p)) - // accumulator_2 = u.zeta.omega.[PI_Z_OMEGA] - success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) - // PAIRING_RHS = accumulator + accumulator_2 - success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, PAIRING_RHS_X_LOC, 0x40)) - - mstore(0x00, mload(PI_Z_X_LOC)) - mstore(0x20, mload(PI_Z_Y_LOC)) - mstore(0x40, mload(PI_Z_OMEGA_X_LOC)) - mstore(0x60, mload(PI_Z_OMEGA_Y_LOC)) - mstore(0x80, u) - success := and(success, staticcall(gas(), 7, 0x40, 0x60, 0x40, 0x40)) - // PAIRING_LHS = [PI_Z] + [PI_Z_OMEGA] * u - success := and(success, staticcall(gas(), 6, 0x00, 0x80, PAIRING_LHS_X_LOC, 0x40)) - // negate lhs y-coordinate - mstore(PAIRING_LHS_Y_LOC, sub(q, mload(PAIRING_LHS_Y_LOC))) - - if mload(CONTAINS_RECURSIVE_PROOF_LOC) { - // VALIDATE RECURSIVE P1 - { - let x := mload(RECURSIVE_P1_X_LOC) - let y := mload(RECURSIVE_P1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - - // compute u.u.[recursive_p1] and write into 0x60 - mstore(0x40, mulmod(u, u, p)) - success := and(success, staticcall(gas(), 7, 0x00, 0x60, 0x60, 0x40)) - // VALIDATE RECURSIVE P2 - { - let x := mload(RECURSIVE_P2_X_LOC) - let y := mload(RECURSIVE_P2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - // compute u.u.[recursive_p2] and write into 0x00 - // 0x40 still contains u*u - success := and(success, staticcall(gas(), 7, 0x00, 0x60, 0x00, 0x40)) - - // compute u.u.[recursiveP1] + rhs and write into rhs - mstore(0xa0, mload(PAIRING_RHS_X_LOC)) - mstore(0xc0, mload(PAIRING_RHS_Y_LOC)) - success := and(success, staticcall(gas(), 6, 0x60, 0x80, PAIRING_RHS_X_LOC, 0x40)) - - // compute u.u.[recursiveP2] + lhs and write into lhs - mstore(0x40, mload(PAIRING_LHS_X_LOC)) - mstore(0x60, mload(PAIRING_LHS_Y_LOC)) - success := and(success, staticcall(gas(), 6, 0x00, 0x80, PAIRING_LHS_X_LOC, 0x40)) - } - - if iszero(success) { - mstore(0x0, EC_SCALAR_MUL_FAILURE_SELECTOR) - revert(0x00, 0x04) - } - mstore(PAIRING_PREAMBLE_SUCCESS_FLAG, success) - } - - /** - * PERFORM PAIRING - */ - { - // rhs paired with [1]_2 - // lhs paired with [x]_2 - - mstore(0x00, mload(PAIRING_RHS_X_LOC)) - mstore(0x20, mload(PAIRING_RHS_Y_LOC)) - mstore(0x40, 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) // this is [1]_2 - mstore(0x60, 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed) - mstore(0x80, 0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b) - mstore(0xa0, 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa) - - mstore(0xc0, mload(PAIRING_LHS_X_LOC)) - mstore(0xe0, mload(PAIRING_LHS_Y_LOC)) - mstore(0x100, mload(G2X_X0_LOC)) - mstore(0x120, mload(G2X_X1_LOC)) - mstore(0x140, mload(G2X_Y0_LOC)) - mstore(0x160, mload(G2X_Y1_LOC)) - - success := staticcall(gas(), 8, 0x00, 0x180, 0x00, 0x20) - mstore(PAIRING_SUCCESS_FLAG, success) - mstore(RESULT_FLAG, mload(0x00)) - } - if iszero( - and( - and(and(mload(PAIRING_SUCCESS_FLAG), mload(RESULT_FLAG)), mload(PAIRING_PREAMBLE_SUCCESS_FLAG)), - mload(OPENING_COMMITMENT_SUCCESS_FLAG) - ) - ) { - mstore(0x0, PROOF_FAILURE_SELECTOR) - revert(0x00, 0x04) - } - { - mstore(0x00, 0x01) - return(0x00, 0x20) // Proof succeeded! - } - } - } -} +import {BaseUltraVerifier} from "./BaseUltraVerifier.sol"; contract Verifier is BaseUltraVerifier { function getVerificationKeyHash() public pure override(BaseUltraVerifier) returns (bytes32) { diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 95a7a5a8eacd..22af8adcf3b9 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -31,12 +31,14 @@ const testName = getEnvVar("TEST_NAME"); const keyPath = getEnvVar("KEY_PATH"); const verifierPath = getEnvVar("VERIFIER_PATH"); const testPath = getEnvVar("TEST_PATH"); +const basePath = getEnvVar("BASE_PATH"); const encoding = {encoding: "utf8"}; -const [key, test, verifier] = await Promise.all( +const [key, test, verifier, base] = await Promise.all( [ fsPromises.readFile(keyPath, encoding), fsPromises.readFile(testPath, encoding), - fsPromises.readFile(verifierPath, encoding) + fsPromises.readFile(verifierPath, encoding), + fsPromises.readFile(basePath, encoding) ]); @@ -51,6 +53,9 @@ var input = { }, 'Verifier.sol': { content: verifier + }, + 'BaseUltraVerifier.sol': { + content: base } }, settings: { // we require the optimiser From 681c6c7ada9d531eefbaa0524af19258f38de0be Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 00:51:29 +0000 Subject: [PATCH 12/21] fix: dependence on solidity test completion --- .circleci/config.yml | 1 + build_manifest.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index e9f67bcfa850..0282ab6c0939 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1180,6 +1180,7 @@ workflows: - barretenberg-acir-tests-bb-sol: requires: - barretenberg-x86_64-linux-clang-assert + - barretenberg-x86_64-linux-clang-sol <<: *defaults - bb-js: requires: diff --git a/build_manifest.yml b/build_manifest.yml index ad119338cb71..f73029a43763 100644 --- a/build_manifest.yml +++ b/build_manifest.yml @@ -44,6 +44,7 @@ barretenberg-acir-tests-bb-sol: dockerfile: Dockerfile.bb.sol dependencies: - barretenberg-x86_64-linux-clang-assert + - barretenberg-x86_64-linux-clang-sol barretenberg-acir-tests-bb.js: buildDir: barretenberg/acir_tests From 299f2be950572d8878fdaceed2544f0358dfde90 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 01:18:26 +0000 Subject: [PATCH 13/21] fix: retry if port taken, ensure trap causes failure --- barretenberg/acir_tests/run_acir_tests.sh | 1 + barretenberg/acir_tests/sol-test/Test.sol | 4 ++- barretenberg/acir_tests/sol-test/Verifier.sol | 4 ++- barretenberg/acir_tests/sol-test/src/index.js | 26 ++++++++++++++++--- 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index 5f4cfc29389e..fccd24aafa89 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -64,6 +64,7 @@ function test() { echo -e "\033[32mPASSED\033[0m ($duration ms)" else echo -e "\033[31mFAILED\033[0m" + touch "$error_file" exit 1 fi diff --git a/barretenberg/acir_tests/sol-test/Test.sol b/barretenberg/acir_tests/sol-test/Test.sol index 3b7535b595e7..a6988291f78f 100644 --- a/barretenberg/acir_tests/sol-test/Test.sol +++ b/barretenberg/acir_tests/sol-test/Test.sol @@ -1,4 +1,6 @@ -// THIS FILE WILL BE COPIED +// THIS FILE WILL NOT COMPILE BY ITSELF +// Compilation is handled in `src/index.js` where solcjs gathers the dependencies + pragma solidity >=0.8.4; import {Verifier} from "./Verifier.sol"; diff --git a/barretenberg/acir_tests/sol-test/Verifier.sol b/barretenberg/acir_tests/sol-test/Verifier.sol index e07daf6a3550..b187e16f47e7 100644 --- a/barretenberg/acir_tests/sol-test/Verifier.sol +++ b/barretenberg/acir_tests/sol-test/Verifier.sol @@ -1,4 +1,6 @@ -// THIS FILE WILL BE COPIED +// THIS FILE WILL NOT COMPILE BY ITSELF +// Compilation is handled in `src/index.js` where solcjs gathers the dependencies + // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 22af8adcf3b9..2b34c63f4f66 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -41,7 +41,6 @@ const [key, test, verifier, base] = await Promise.all( fsPromises.readFile(basePath, encoding) ]); - var input = { language: 'Solidity', sources: { @@ -80,7 +79,16 @@ const launchAnvil = async (port) => { const handle = spawn("anvil", ["-p", port]); // wait until the anvil instance is ready on port 8545 - await new Promise((resolve) => { + await new Promise((resolve, reject) => { + // If we get an error reject, which will cause the caller to retry on a new port + handle.stderr.on("data", (data) => { + const str = data.toString(); + if (str.includes("error binding")) { + reject("we go again baby") + } + }); + + // If we get a success resolve, anvil is ready handle.stdout.on("data", (data) => { const str = data.toString(); if (str.includes("Listening on")) { @@ -114,8 +122,18 @@ const readPublicInputs = (numPublicInputs, proofAsFields) => { } // start anvil -const randomPort = Math.floor(Math.random() * 10000) + 10000; -const anvil = await launchAnvil(randomPort); +const getAnvil = async () => { + const port = Math.floor(Math.random() * 10000) + 10000; + try { + return [await launchAnvil(port), port]; + } catch (e) { + // Recursive call should try again on a new port in the rare case the port is already taken + // yes this looks dangerous, but it relies on 0-10000 being hard to collide on + return getAnvil(); + } +} + +const [anvil, randomPort] = await getAnvil(); const killAnvil = () => { anvil.kill(); console.log(testName, " complete") From 442490ad488aee5a1966bb5d54cf0ea5eca80917 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 01:25:19 +0000 Subject: [PATCH 14/21] fix: copy anvil bin --- barretenberg/acir_tests/Dockerfile.bb.sol | 1 + barretenberg/acir_tests/flows/sol.sh | 6 ++++-- barretenberg/acir_tests/sol-test/src/index.js | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/barretenberg/acir_tests/Dockerfile.bb.sol b/barretenberg/acir_tests/Dockerfile.bb.sol index 125d62750157..70983227e62f 100644 --- a/barretenberg/acir_tests/Dockerfile.bb.sol +++ b/barretenberg/acir_tests/Dockerfile.bb.sol @@ -5,6 +5,7 @@ FROM node:18-alpine RUN apk update && apk add git bash curl jq COPY --from=0 /usr/src/barretenberg/cpp/build /usr/src/barretenberg/cpp/build COPY --from=1 /usr/src/barretenberg/sol/src/ultra/BaseUltraVerifier.sol /usr/src/barretenberg/sol/src/ultra/BaseUltraVerifier.sol +COPY --from=ghcr.io/foundry-rs/foundry:latest /usr/local/bin/anvil /usr/local/bin/anvil WORKDIR /usr/src/barretenberg/acir_tests COPY . . # Run every acir test through a solidity verifier". diff --git a/barretenberg/acir_tests/flows/sol.sh b/barretenberg/acir_tests/flows/sol.sh index 497921fa2b1b..3b66110f9f25 100755 --- a/barretenberg/acir_tests/flows/sol.sh +++ b/barretenberg/acir_tests/flows/sol.sh @@ -5,8 +5,9 @@ export PROOF="$(pwd)/proof" export PROOF_AS_FIELDS="$(pwd)/proof_fields.json" # Get the number of public inputs in the circuit -gates=$($BIN gates -v 2>&1 | tr -d '\0') -export NUM_PUBLIC_INPUTS=$(echo "$gates" | grep -o 'public inputs: [0-9]*' | awk '{print $3}') +gates=$($BIN gates -v 2>&1 | tr -d '\0') +NUM_PUBLIC_INPUTS=$(echo "$gates" | awk '/public inputs: [0-9]+/ {print $3}') +echo "Number of public inputs: $NUM_PUBLIC_INPUTS" # Create a proof, write the solidity contract, write the proof as fields in order to extract the public inputs $BIN prove -o proof @@ -19,6 +20,7 @@ export KEY_PATH="$(pwd)/Key.sol" export VERIFIER_PATH=$(realpath "../../sol-test/Verifier.sol") export TEST_PATH=$(realpath "../../sol-test/Test.sol") export BASE_PATH=$(realpath "../../../sol/src/ultra/BaseUltraVerifier.sol") +export NUM_PUBLIC_INPUTS=$NUM_PUBLIC_INPUTS # Use solcjs to compile the generated key contract with the template verifier and test contract # index.js will start an anvil, on a random port diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 2b34c63f4f66..a94de01f142a 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -19,7 +19,7 @@ import solc from "solc"; const getEnvVar = (envvar) => { const varVal = process.env[envvar]; if (!varVal) { - throw new Error(`${envvar} not set`); + return 0; } return varVal; } From e0cc57746789693a444bf7be8743cbd45d74b4f0 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 02:14:37 +0000 Subject: [PATCH 15/21] fix: rework pub inputs thing --- barretenberg/acir_tests/flows/sol.sh | 6 ------ barretenberg/acir_tests/sol-test/src/index.js | 10 +++++----- barretenberg/build-system | 1 - barretenberg/cpp/src/barretenberg/bb/main.cpp | 2 -- .../src/barretenberg/dsl/acir_proofs/acir_composer.cpp | 1 - .../src/barretenberg/dsl/acir_proofs/acir_composer.hpp | 2 -- .../circuit_builder/ultra_circuit_builder.hpp | 2 -- 7 files changed, 5 insertions(+), 19 deletions(-) delete mode 160000 barretenberg/build-system diff --git a/barretenberg/acir_tests/flows/sol.sh b/barretenberg/acir_tests/flows/sol.sh index 3b66110f9f25..d95c9039eea1 100755 --- a/barretenberg/acir_tests/flows/sol.sh +++ b/barretenberg/acir_tests/flows/sol.sh @@ -4,11 +4,6 @@ set -eu export PROOF="$(pwd)/proof" export PROOF_AS_FIELDS="$(pwd)/proof_fields.json" -# Get the number of public inputs in the circuit -gates=$($BIN gates -v 2>&1 | tr -d '\0') -NUM_PUBLIC_INPUTS=$(echo "$gates" | awk '/public inputs: [0-9]+/ {print $3}') -echo "Number of public inputs: $NUM_PUBLIC_INPUTS" - # Create a proof, write the solidity contract, write the proof as fields in order to extract the public inputs $BIN prove -o proof $BIN write_vk -o vk @@ -20,7 +15,6 @@ export KEY_PATH="$(pwd)/Key.sol" export VERIFIER_PATH=$(realpath "../../sol-test/Verifier.sol") export TEST_PATH=$(realpath "../../sol-test/Test.sol") export BASE_PATH=$(realpath "../../../sol/src/ultra/BaseUltraVerifier.sol") -export NUM_PUBLIC_INPUTS=$NUM_PUBLIC_INPUTS # Use solcjs to compile the generated key contract with the template verifier and test contract # index.js will start an anvil, on a random port diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index a94de01f142a..6f4c1444f122 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -111,14 +111,15 @@ const deploy = async (signer) => { * * @param {number} numPublicInputs * @param {Array} proofAsFields - * @returns {Array} + * @returns {Array,number>} */ -const readPublicInputs = (numPublicInputs, proofAsFields) => { +const readPublicInputs = (proofAsFields) => { const publicInputs = []; + const numPublicInputs = proofAsFields.length - 93; for (let i = 0; i < numPublicInputs; i++) { publicInputs.push(proofAsFields[i]); } - return publicInputs; + return [numPublicInputs, publicInputs]; } // start anvil @@ -142,8 +143,7 @@ const killAnvil = () => { try { const proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS"); const proofAsFields = readFileSync(proofAsFieldsPath); - const numPublicInputs = +getEnvVar("NUM_PUBLIC_INPUTS"); - const publicInputs = readPublicInputs(numPublicInputs, JSON.parse(proofAsFields.toString())); + const [numPublicInputs, publicInputs] = readPublicInputs(JSON.parse(proofAsFields.toString())); const proofPath = getEnvVar("PROOF"); const proof = readFileSync(proofPath); diff --git a/barretenberg/build-system b/barretenberg/build-system deleted file mode 160000 index a109f3aef28c..000000000000 --- a/barretenberg/build-system +++ /dev/null @@ -1 +0,0 @@ -Subproject commit a109f3aef28cea4a50481cdf2d74fc3909212c0b diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index a7de3b8f289d..69834bdff8cd 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -141,11 +141,9 @@ void gateCount(const std::string& bytecodePath) { auto constraint_system = get_constraint_system(bytecodePath); auto acir_composer = init(constraint_system); - auto num_public_inputs = acir_composer.get_num_public_inputs(); auto gate_count = acir_composer.get_total_circuit_size(); writeUint64AsRawBytesToStdout(static_cast(gate_count)); - vinfo("public inputs: ", num_public_inputs); vinfo("gate count: ", gate_count); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp index 8464d9e3f0cf..5f7cee439c62 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp @@ -24,7 +24,6 @@ void AcirComposer::create_circuit(acir_format::acir_format& constraint_system) vinfo("building circuit..."); builder_ = acir_format::create_circuit(constraint_system, size_hint_); exact_circuit_size_ = builder_.get_num_gates(); - num_public_inputs_ = builder_.get_num_public_inputs(); total_circuit_size_ = builder_.get_total_circuit_size(); circuit_subgroup_size_ = builder_.get_circuit_subgroup_size(total_circuit_size_); size_hint_ = circuit_subgroup_size_; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp index 6986661b6270..32b678268e38 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp @@ -27,7 +27,6 @@ class AcirComposer { bool verify_proof(std::vector const& proof, bool is_recursive); std::string get_solidity_verifier(); - size_t get_num_public_inputs() { return num_public_inputs_; }; size_t get_exact_circuit_size() { return exact_circuit_size_; }; size_t get_total_circuit_size() { return total_circuit_size_; }; size_t get_circuit_subgroup_size() { return circuit_subgroup_size_; }; @@ -41,7 +40,6 @@ class AcirComposer { acir_format::Builder builder_; size_t size_hint_; size_t exact_circuit_size_; - size_t num_public_inputs_; size_t total_circuit_size_; size_t circuit_subgroup_size_; std::shared_ptr proving_key_; diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp index e0335fd7d5b5..9c3f25ee6090 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp @@ -834,8 +834,6 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBasepublic_inputs.size(); } - /**x * @brief Print the number and composition of gates in the circuit * From 6fb8d98d9e93ca259a4ec1693282607d40563aff Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 4 Nov 2023 02:24:21 +0000 Subject: [PATCH 16/21] docs: bit more docs --- barretenberg/acir_tests/sol-test/src/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 6f4c1444f122..33eb045ed857 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -19,7 +19,7 @@ import solc from "solc"; const getEnvVar = (envvar) => { const varVal = process.env[envvar]; if (!varVal) { - return 0; + throw new Error(`Missing environment variable ${envvar}`); } return varVal; } @@ -115,6 +115,7 @@ const deploy = async (signer) => { */ const readPublicInputs = (proofAsFields) => { const publicInputs = []; + // A proof with no public inputs is 93 fields long const numPublicInputs = proofAsFields.length - 93; for (let i = 0; i < numPublicInputs; i++) { publicInputs.push(proofAsFields[i]); From f247a12b8ddfcf6ebbe9a74c2889cc5fe2cc2b7e Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:43:12 +0000 Subject: [PATCH 17/21] fix: add init proving key to bb.js, make parallel a flag --- barretenberg/acir_tests/Dockerfile.bb | 2 +- barretenberg/acir_tests/Dockerfile.bb.sol | 2 +- barretenberg/acir_tests/run_acir_tests.sh | 7 ++++++- barretenberg/ts/src/main.ts | 1 + 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/barretenberg/acir_tests/Dockerfile.bb b/barretenberg/acir_tests/Dockerfile.bb index 3afa93c0ed9b..ce0d274c2ec0 100644 --- a/barretenberg/acir_tests/Dockerfile.bb +++ b/barretenberg/acir_tests/Dockerfile.bb @@ -6,6 +6,6 @@ COPY --from=0 /usr/src/barretenberg/cpp/build /usr/src/barretenberg/cpp/build WORKDIR /usr/src/barretenberg/acir_tests COPY . . # Run every acir test through native bb build "prove_and_verify". -RUN FLOW=all_cmds ./run_acir_tests.sh +RUN ./run_acir_tests.sh # Run 1_mul through native bb build, all_cmds flow, to test all cli args. RUN VERBOSE=1 FLOW=all_cmds ./run_acir_tests.sh 1_mul diff --git a/barretenberg/acir_tests/Dockerfile.bb.sol b/barretenberg/acir_tests/Dockerfile.bb.sol index 70983227e62f..bbe4a8a03cde 100644 --- a/barretenberg/acir_tests/Dockerfile.bb.sol +++ b/barretenberg/acir_tests/Dockerfile.bb.sol @@ -10,4 +10,4 @@ WORKDIR /usr/src/barretenberg/acir_tests COPY . . # Run every acir test through a solidity verifier". RUN (cd sol-test && yarn) -RUN FLOW=sol ./run_acir_tests.sh +RUN PARALLEL=1 FLOW=sol ./run_acir_tests.sh diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index fccd24aafa89..722957d6ed4e 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -90,7 +90,12 @@ else continue fi - test $TEST_NAME & + # If parallel flag is set, run in parallel + if [ -n "${PARALLEL:-}" ]; then + test $TEST_NAME & + else + test $TEST_NAME + fi done fi diff --git a/barretenberg/ts/src/main.ts b/barretenberg/ts/src/main.ts index a985ea59e796..513748a2f974 100755 --- a/barretenberg/ts/src/main.ts +++ b/barretenberg/ts/src/main.ts @@ -124,6 +124,7 @@ export async function prove( debug(`creating proof...`); const bytecode = getBytecode(bytecodePath); const witness = getWitness(witnessPath); + await api.acirInitProvingKey(acirComposer, bytecode); const proof = await api.acirCreateProof(acirComposer, bytecode, witness, isRecursive); debug(`done.`); From e271243083ea52a7d3e424eba6b78fdb8d439c4b Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Mon, 6 Nov 2023 14:46:47 +0000 Subject: [PATCH 18/21] review fixes --- barretenberg/acir_tests/sol-test/src/index.js | 30 ++++++++++++++----- .../barretenberg/solidity_helpers/key_gen.cpp | 2 +- barretenberg/sol/test/ultra/ECDSA.t.sol | 5 +--- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/barretenberg/acir_tests/sol-test/src/index.js b/barretenberg/acir_tests/sol-test/src/index.js index 33eb045ed857..f59ef1545055 100644 --- a/barretenberg/acir_tests/sol-test/src/index.js +++ b/barretenberg/acir_tests/sol-test/src/index.js @@ -4,6 +4,8 @@ import {spawn} from "child_process"; import {ethers} from "ethers"; import solc from "solc"; +const NUMBER_OF_FIELDS_IN_PROOF = 93; + // We use the solcjs compiler version in this test, although it is slower than foundry, to run the test end to end // it simplifies of parallelising the test suite @@ -75,10 +77,15 @@ const contract = output.contracts['Test.sol']['Test']; const bytecode = contract.evm.bytecode.object; const abi = contract.abi; +/** + * Launch anvil on the given port, + * Resolves when ready, rejects when port is already allocated + * @param {Number} port + */ const launchAnvil = async (port) => { const handle = spawn("anvil", ["-p", port]); - // wait until the anvil instance is ready on port 8545 + // wait until the anvil instance is ready on port await new Promise((resolve, reject) => { // If we get an error reject, which will cause the caller to retry on a new port handle.stderr.on("data", (data) => { @@ -100,6 +107,10 @@ const launchAnvil = async (port) => { return handle; } +/** + * Deploys the contract + * @param {ethers.Signer} signer + */ const deploy = async (signer) => { const factory = new ethers.ContractFactory(abi, bytecode, signer); const deployment = await factory.deploy(); @@ -108,22 +119,27 @@ const deploy = async (signer) => { } /** - * - * @param {number} numPublicInputs + * Takes in a proof as fields, and returns the public inputs, as well as the number of public inputs * @param {Array} proofAsFields - * @returns {Array,number>} + * @return {Array} [number, Array] */ const readPublicInputs = (proofAsFields) => { const publicInputs = []; // A proof with no public inputs is 93 fields long - const numPublicInputs = proofAsFields.length - 93; + const numPublicInputs = proofAsFields.length - NUMBER_OF_FIELDS_IN_PROOF; for (let i = 0; i < numPublicInputs; i++) { publicInputs.push(proofAsFields[i]); } return [numPublicInputs, publicInputs]; } -// start anvil +/** + * Get Anvil + * + * Creates an anvil instance on a random port, and returns the instance and the port + * If the port is alredy allocated, it will try again + * @returns {[ChildProcess, Number]} [anvil, port] + */ const getAnvil = async () => { const port = Math.floor(Math.random() * 10000) + 10000; try { @@ -152,7 +168,6 @@ try { // Cut the number of public inputs off of the proof string const proofStr = `0x${proof.toString("hex").substring(64*numPublicInputs)}`; - // Get the contract artifact const key = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"; const provider = new ethers.JsonRpcProvider(`http://localhost:${randomPort}`); const signer = new ethers.Wallet(key, provider); @@ -161,7 +176,6 @@ try { const address = await deploy(signer); const contract = new ethers.Contract(address, abi, signer); - // Run the test const result = await contract.test(proofStr, publicInputs); if (!result) throw new Error("Test failed"); } diff --git a/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp b/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp index 5532dcac07f3..ff7601e7fc4c 100644 --- a/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp +++ b/barretenberg/cpp/src/barretenberg/solidity_helpers/key_gen.cpp @@ -83,7 +83,7 @@ int main(int argc, char** argv) } else if (circuit_flavour == "ecdsa") { generate_keys(output_path, plonk_flavour, circuit_flavour); } else { - info("Only blake, add2 and recursive circuits are supported at the moment"); + info("Unsupported circuit are supported at the moment"); return 1; } return 0; diff --git a/barretenberg/sol/test/ultra/ECDSA.t.sol b/barretenberg/sol/test/ultra/ECDSA.t.sol index 98e2a20d4f41..a055801615ce 100644 --- a/barretenberg/sol/test/ultra/ECDSA.t.sol +++ b/barretenberg/sol/test/ultra/ECDSA.t.sol @@ -14,11 +14,9 @@ contract EcdsaUltraTest is TestBaseUltra { verifier = IVerifier(address(new EcdsaUltraVerifier())); fuzzer = fuzzer.with_circuit_flavour(DifferentialFuzzer.CircuitFlavour.Ecdsa); - // Does the noir code do this? - // NOTE Seems here for the recursive public input count the inptus amount is always 16, this is not true all of the time PUBLIC_INPUT_COUNT = 6; - // // Add default inputs to the fuzzer (we will override these in fuzz test) + // Add default inputs to the fuzzer (we will override these in fuzz test) uint256[] memory inputs = new uint256[](6); inputs[0] = uint256(0x67); inputs[1] = uint256(0x6f); @@ -30,7 +28,6 @@ contract EcdsaUltraTest is TestBaseUltra { fuzzer = fuzzer.with_inputs(inputs); } - // Nothing to fuzz for now, we could fuzz a string input up to a give size? function testFuzzProof() public { // NOTE we do not fuzz here yet // "goblin" From ce051b8ce8c90843dc0460b8c8cd34b6d818b5ef Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Mon, 6 Nov 2023 14:49:20 +0000 Subject: [PATCH 19/21] fix: remove sol tests from circleci --- .circleci/config.yml | 16 ---------------- barretenberg/acir_tests/Dockerfile.bb | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 907ea42d59df..bb420c5da890 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -250,17 +250,6 @@ jobs: name: "Build and test" command: cond_spot_run_build barretenberg-acir-tests-bb 32 - barretenberg-acir-tests-bb-sol: - docker: - - image: aztecprotocol/alpine-build-image - resource_class: small - steps: - - *checkout - - *setup_env - - run: - name: "Build and test" - command: cond_spot_run_build barretenberg-acir-tests-bb-sol 32 - bb-js: machine: image: ubuntu-2204:2023.07.2 @@ -1193,11 +1182,6 @@ workflows: requires: - barretenberg-x86_64-linux-clang-assert <<: *defaults - - barretenberg-acir-tests-bb-sol: - requires: - - barretenberg-x86_64-linux-clang-assert - - barretenberg-x86_64-linux-clang-sol - <<: *defaults - bb-js: requires: - barretenberg-wasm-linux-clang diff --git a/barretenberg/acir_tests/Dockerfile.bb b/barretenberg/acir_tests/Dockerfile.bb index ce0d274c2ec0..3afa93c0ed9b 100644 --- a/barretenberg/acir_tests/Dockerfile.bb +++ b/barretenberg/acir_tests/Dockerfile.bb @@ -6,6 +6,6 @@ COPY --from=0 /usr/src/barretenberg/cpp/build /usr/src/barretenberg/cpp/build WORKDIR /usr/src/barretenberg/acir_tests COPY . . # Run every acir test through native bb build "prove_and_verify". -RUN ./run_acir_tests.sh +RUN FLOW=all_cmds ./run_acir_tests.sh # Run 1_mul through native bb build, all_cmds flow, to test all cli args. RUN VERBOSE=1 FLOW=all_cmds ./run_acir_tests.sh 1_mul From e9a87d4a065eb6f092f14abf0f9cecf5e8af90ef Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Mon, 6 Nov 2023 14:50:41 +0000 Subject: [PATCH 20/21] chore: add recursion test to bb test --- barretenberg/acir_tests/Dockerfile.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/barretenberg/acir_tests/Dockerfile.bb b/barretenberg/acir_tests/Dockerfile.bb index 3afa93c0ed9b..b187ef4d8ceb 100644 --- a/barretenberg/acir_tests/Dockerfile.bb +++ b/barretenberg/acir_tests/Dockerfile.bb @@ -9,3 +9,5 @@ COPY . . RUN FLOW=all_cmds ./run_acir_tests.sh # Run 1_mul through native bb build, all_cmds flow, to test all cli args. RUN VERBOSE=1 FLOW=all_cmds ./run_acir_tests.sh 1_mul +# Run double_verify_proof through sol +RUN VERBOSE=1 FLOW=sol ./run_acir_tests.sh double_verify_proof From c817ed3b072f1fc9ed73beeb8932a90eeed1ed4c Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:35:47 +0000 Subject: [PATCH 21/21] fix --- barretenberg/acir_tests/Dockerfile.bb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/barretenberg/acir_tests/Dockerfile.bb b/barretenberg/acir_tests/Dockerfile.bb index b187ef4d8ceb..c0122be4ddca 100644 --- a/barretenberg/acir_tests/Dockerfile.bb +++ b/barretenberg/acir_tests/Dockerfile.bb @@ -8,6 +8,4 @@ COPY . . # Run every acir test through native bb build "prove_and_verify". RUN FLOW=all_cmds ./run_acir_tests.sh # Run 1_mul through native bb build, all_cmds flow, to test all cli args. -RUN VERBOSE=1 FLOW=all_cmds ./run_acir_tests.sh 1_mul -# Run double_verify_proof through sol -RUN VERBOSE=1 FLOW=sol ./run_acir_tests.sh double_verify_proof +RUN VERBOSE=1 FLOW=all_cmds ./run_acir_tests.sh 1_mul \ No newline at end of file