Interface update #81 nil-foundation/zkllvm-transpiler#45 (#82)

* Interface update #81 nil-foundation/zkllvm-transpiler#45 * updated example circuits to new interface #81 * cleanup #81 NilFoundation/zkllvm-transpiler#45 * modular_verifier interface update, added eta value checks #81 NilFoundation/zkllvm-transpiler#46
NilFoundation · Nov 9, 2023 · 7e17aea · 7e17aea
1 parent cbeb5e2
commit 7e17aea
Show file tree

Hide file tree

Showing 43 changed files with 725 additions and 631 deletions.
diff --git a/contracts/interfaces/modular_verifier.sol b/contracts/interfaces/modular_verifier.sol
@@ -24,8 +24,8 @@ interface IModularVerifier {
         address commitment_contract_address
     ) external;
 
-    function verify(        
+    function verify(
         bytes calldata blob,
         uint256[] calldata public_input
-    ) external view;
+    ) external view returns (bool result);
 }
diff --git a/contracts/zkllvm/circuit1/commitment.sol b/contracts/zkllvm/circuit1/commitment.sol
@@ -37,7 +37,7 @@ library modular_commitment_scheme_circuit1 {
     uint256 constant unique_points = 4;
     uint256 constant permutation_point = 2;
     uint256 constant quotient_point = 0;
-    uint256 constant lookup_point = 94325795984320;
+    uint256 constant lookup_point = 0;
     bytes constant   points_ids = hex"01010101010101010303010100000000";
     uint256 constant omega = 14450201850503471296781915119640920297985789873634237091629829669980153907901;
     uint256 constant _etha = 14062721881273474090606415031361994540585550571695842571456013353340629726555;
@@ -247,8 +247,8 @@ library modular_commitment_scheme_circuit1 {
     }
 
     function compute_combined_Q(bytes calldata blob,commitment_state memory state) internal view returns(uint256[2] memory y){
-        for(uint256 p = 0; p < unique_points; ){
-            uint256[2] memory tmp;
+        uint256[2][unique_points] memory values;
+        {
             uint256 offset = state.initial_data_offset - state.poly_num * 0x40; // Save initial data offset for future use;
             uint256 cur = 0;
             for(uint256 b = 0; b < batches_num;){
@@ -260,17 +260,21 @@ library modular_commitment_scheme_circuit1 {
                     else if(b == 4) cur_point = lookup_point;
                     else console.log("Wrong index");
 
-                    tmp[0] = mulmod(tmp[0], state.theta, modulus);
-                    tmp[1] = mulmod(tmp[1], state.theta, modulus);
-
-                    if(cur_point == p){
-                        tmp[0] = addmod(tmp[0], basic_marshalling.get_uint256_be(blob, offset), modulus);
-                        tmp[1] = addmod(tmp[1], basic_marshalling.get_uint256_be(blob, offset + 0x20), modulus);
+                    for(uint256 k = 0; k < unique_points; ){
+                        values[k][0] = mulmod(values[k][0], state.theta, modulus);
+                        values[k][1] = mulmod(values[k][1], state.theta, modulus);
+                        unchecked{k++;}
                     }
+
+                    values[cur_point][0] = addmod(values[cur_point][0], basic_marshalling.get_uint256_be(blob, offset), modulus);
+                    values[cur_point][1] = addmod(values[cur_point][1], basic_marshalling.get_uint256_be(blob, offset + 0x20), modulus);
                     unchecked{offset += 0x40;j++; cur++;}
                 }
                 unchecked{b++;}
             }
+        }
+        for(uint256 p = 0; p < unique_points; ){
+            uint256[2] memory tmp = values[p];
             tmp[0] = mulmod(tmp[0], state.factors[p], modulus);
             tmp[1] = mulmod(tmp[1], state.factors[p], modulus);
             uint256 s = state.x;
@@ -417,6 +421,40 @@ library modular_commitment_scheme_circuit1 {
         types.transcript_data memory tr_state;
         tr_state.current_challenge = transcript_state;
         commitment_state memory state;
+
+        		{
+			uint256 poly_at_eta;
+			/* 1 - 2*permutation_size */
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 40);// 0
+			if(poly_at_eta != 0x1f1737f0f9693494b37fd517f70fe4d844c0e4dd11e9df8639a0be9abfccb55b) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x68);// 0x1
+			if(poly_at_eta != 0x1b7417b4df0e06e7817f2977d34f78391337465946f76b67edc9572bbeff8ac5) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0xa8);// 0x2
+			if(poly_at_eta != 0x94476885b462285877bcf57208d591d1b872dc6503b26d072945200bafdb5d7) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0xe8);// 0x3
+			if(poly_at_eta != 0x2e5650a9c85eac9ba56b0cb3a2c2bd9189a3e4df9127c2123ce59a03a6f48d33) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x128);// 0x4
+			if(poly_at_eta != 0x1f1737f0f9693494b37fd517f70fe4d844c0e4dd11e9df8639a0be9abfccb55b) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x168);// 0x5
+			if(poly_at_eta != 0x1b7417b4df0e06e7817f2977d34f78391337465946f76b67edc9572bbeff8ac5) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x1a8);// 0x6
+			if(poly_at_eta != 0x94476885b462285877bcf57208d591d1b872dc6503b26d072945200bafdb5d7) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x1e8);// 0x7
+			if(poly_at_eta != 0x2e5650a9c85eac9ba56b0cb3a2c2bd9189a3e4df9127c2123ce59a03a6f48d33) return false;
+			/* 2 - special selectors */
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x248);// 0x8
+			if(poly_at_eta != 0xf3114c664f481e6028c47f122b53b12f6aa455ea26f54aad80ad778950b2177) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x2a8);// 0x9
+			if(poly_at_eta != 0x2acd90c58b8637d005a76e69a474de1cc5f432a41724e855b2a0b19b71a52150) return false;
+			/* 3 - constant columns */
+			/* 4 - selector columns */
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x2e8);// 0xa
+			if(poly_at_eta != 0x277b3d077e65208b010bc2f62957e87b900bd1f007ef61acf14649463be06cbb) return false;
+			poly_at_eta = basic_marshalling.get_uint256_be(blob, 0x328);// 0xb
+			if(poly_at_eta != 0x308efe88baf9b3bc3787b68d279234d783ef3e4064de84b20dc2a1d72eb2e0e3) return false;
+		}
+
+
         {
             uint256 offset;
 

diff --git a/contracts/zkllvm/circuit1/gate_0.sol b/contracts/zkllvm/circuit1/gate_0.sol
diff --git a/contracts/zkllvm/circuit1/gate_1.sol b/contracts/zkllvm/circuit1/gate_1.sol
diff --git a/contracts/zkllvm/circuit1/gate_argument.sol b/contracts/zkllvm/circuit1/gate_argument.sol
@@ -21,8 +21,6 @@ import "../../types.sol";
 import "../../basic_marshalling.sol";
 import "../../interfaces/modular_gate_argument.sol";
 import "hardhat/console.sol";
-import "./gate_0.sol"; 
-import "./gate_1.sol"; 
 
 
 contract modular_gate_argument_circuit1 is IGateArgument{
@@ -35,9 +33,42 @@ contract modular_gate_argument_circuit1 is IGateArgument{
     ) external view returns (uint256 F){
         uint256 theta_acc = 1;
         uint256 eval;
+        uint256 x;
 
-		(eval, theta_acc) = gate_circuit1_0.evaluate_gate_be( blob, theta, theta_acc ); F = addmod(F, eval, modulus);
-		(eval, theta_acc) = gate_circuit1_1.evaluate_gate_be( blob, theta, theta_acc ); F = addmod(F, eval, modulus);
+		uint256 prod;
+		uint256 sum;
+		uint256 gate;
+// gate === 0 ===
+		gate = 0;
+// constraint 0
+		sum = 0;
+		prod = basic_marshalling.get_uint256_be(blob, 192);
+		prod = mulmod(prod, 28948022309329048855892746252171976963363056481941560715954676764349967630336, modulus);
+		sum = addmod(sum, prod, modulus);
+		prod = basic_marshalling.get_uint256_be(blob, 160);
+		sum = addmod(sum, prod, modulus);
+		prod = basic_marshalling.get_uint256_be(blob, 128);
+		sum = addmod(sum, prod, modulus);
+		sum = mulmod(sum, theta_acc, modulus);
+		theta_acc = mulmod(theta, theta_acc, modulus);
+		gate = addmod(gate, sum, modulus);
+		gate = mulmod(gate, basic_marshalling.get_uint256_be(blob, 0), modulus);
+		F = addmod(F, gate, modulus);
+// gate === 1 ===
+		gate = 0;
+// constraint 0
+		sum = 0;
+		prod = basic_marshalling.get_uint256_be(blob, 192);
+		prod = mulmod(prod, 28948022309329048855892746252171976963363056481941560715954676764349967630336, modulus);
+		sum = addmod(sum, prod, modulus);
+		prod = basic_marshalling.get_uint256_be(blob, 128);
+		prod = mulmod(prod, basic_marshalling.get_uint256_be(blob, 160), modulus);
+		sum = addmod(sum, prod, modulus);
+		sum = mulmod(sum, theta_acc, modulus);
+		theta_acc = mulmod(theta, theta_acc, modulus);
+		gate = addmod(gate, sum, modulus);
+		gate = mulmod(gate, basic_marshalling.get_uint256_be(blob, 64), modulus);
+		F = addmod(F, gate, modulus);
 
     }
 }        
diff --git a/contracts/zkllvm/circuit1/gate_libs_list.json b/contracts/zkllvm/circuit1/gate_libs_list.json
diff --git a/contracts/zkllvm/circuit1/lookup_argument.sol b/contracts/zkllvm/circuit1/lookup_argument.sol
@@ -19,5 +19,4 @@
 pragma solidity >=0.8.4;
 
 library modular_lookup_argument_circuit1{
-}            
-
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -19,5 +19,4 @@ @@
     pragma solidity >=0.8.4;
     library modular_lookup_argument_circuit1{
-    }
+    }