release: v0.9.0 (#95)

* update pd circuit

* add http circuit

* fix: `PlaintextAuthentication` tests

* fix: `HTTPVerification` test -- no body

* fix: `HTTPVerification` -- with body

* Update package.json

* fix: `PlaintextAuthentication` -- multi component

* fix: uncomment tests

* fix: uncomment pt auth tests

* json circuit with tests

* add 2 full tests

* complete tests

* req+res proving starts

* update HTTP.step_in[6] to be body_ciphertext_digest_pow_var

* add final test

* finish tests

* fix tests

* initial setup

* refactor

* cleanup + initial public io

* WIP: json parser

* save state

* more progress

* Update parser.rs

* Update parser.rs

* Update parser.rs

* Update parser.rs

* refactor + From trait

* reworking

* refactored

* one working test

* more tests and fixes

* stronger test

* checked things by hand like a pro

* feat: http parser

* update circuits inputs

* fix: add more fields to `RawJsonMachine`

* fix: parsing number status

* fix: use field elements

* fix: parsing number clear

* revert: extraction.test.ts

* WIP: fix HTTP parser

* fix: consistent header counting

* fix: CRLF in body

* move to single lib

* add `inner_main_digest` to http parser

* fix(http): remove last machine state

* fix rust tests

* wip: update

* add serialization methods

* fix parser bug, and remove unused code

* simplify authentication circuit step_out

* add flatten to httpmachine

* remove logs

* fix max rom length size

* fix more logs

* remove toods, clippy, and simplify http byteorpad

* remove `ByteOrPad::as_bytes`

* increase max rom length to 20

* add circuit diagram

* add final value verification

---------

Co-authored-by: Colin Roberts <[email protected]>

.gitignore

@@ -1,4 +1,4 @@
-/target
+**/target
 
 node_modules/*
 

.rustfmt.toml

@@ -0,0 +1,46 @@
+# Rustfmt configuration
+# Opinionated whitespace and tabs. The most important of these are imports and width settings.
+# Others may want to borrow or change these to their own liking.
+# https://rust-lang.github.io/rustfmt
+
+# version-related
+unstable_features=true
+use_try_shorthand=true # replace any `try!` (2015 Rust) with `?` 
+
+# misc formatting
+condense_wildcard_suffixes  =true # replace: (a,b,_,_)=(1, 2, 3, 4); -> (a,b,..)=(1, 2, 3, 4);
+format_code_in_doc_comments =true # format code blocks in doc comments
+format_macro_matchers       =true # $a: ident -> $a:ident
+format_strings              =true # break and insert newlines for long string literals 
+match_block_trailing_comma  =true # include comma in match blocks after '}'
+normalize_comments          =true # convert /*..*/ to //.. where possible
+reorder_impl_items          =true # move `type` and `const` declarations to top of impl block
+struct_field_align_threshold=20   # align struct arguments' types vertically 
+use_field_init_shorthand    =true # struct initialization short {x: x} -> {x}
+
+# reduce whitespace
+blank_lines_upper_bound=1                # default: 1. Sometimes useful to change to 0 to condense a file.
+brace_style            ="PreferSameLine" # prefer starting `{` without inserting extra \n
+fn_single_line         =true             # if it's a short 1-liner, let it be a short 1-liner
+match_arm_blocks       =false            # remove unnecessary {} in match arms
+newline_style          ="Unix"           # not auto, we won the culture war. \n over \r\n
+overflow_delimited_expr=true             # prefer ]); to ]\n);
+where_single_line      =true             # put where on a single line if possible
+
+# imports preferences
+group_imports      ="StdExternalCrate" # create import groupings for std, external libs, and internal deps
+imports_granularity="Crate"            # aggressively group imports
+
+# width settings: everything to 100
+comment_width         =100   # default: 80
+inline_attribute_width=60    # inlines #[cfg(test)]\nmod test -> #[cfg(test)] mod test
+max_width             =100   # default: 100
+use_small_heuristics  ="Max" # don't ever newline short of `max_width`.
+wrap_comments         =true  # wrap comments at `comment_width`
+# format_strings = true # wrap strings at `max_length`
+
+# tabs and spaces
+hard_tabs =false # (def: false) use spaces over tabs
+tab_spaces=2     # 2 > 4, it's just math.
+
+ignore=["tls"]

Cargo.toml

@@ -1,8 +1,36 @@
 [package]
-name = "create-pp"
+name = "web-proof-circuits"
 version = "0.1.0"
 edition = "2021"
 
+[[bin]]
+name = "create_pp"
+path = "src/main.rs"
+
+[lib]
+name = "web_proof_circuits_witness_generator"
+path = "lib/src/lib.rs"
+
 [dependencies]
 proofs = { git = "https://github.com/pluto/web-prover", rev = "d8c81d5" }
 anyhow = "1.0"
+
+serde = "1.0"
+serde_json = "1.0"
+
+client-side-prover = { git = "https://github.com/pluto/client-side-prover", rev = "8e7eb839e901dcee416179116bb0f9c4f7ae683c" }
+
+ff = { version = "0.13", default-features = false, features = ["derive"] }
+
+thiserror = "2.0"
+
+light-poseidon = { git = "https://github.com/pluto/light-poseidon" }
+
+ark-bn254 = "=0.4.0"
+halo2curves = "0.6.1"
+
+sppark = "=0.1.10" # lock this or cry
+num-bigint = "0.4"
+
+[dev-dependencies]
+rstest = "0.24"

Makefile

@@ -31,8 +31,8 @@ build:
 params:
 	@for target_dir in $(TARGET_DIRS); do \
 		size=$$(basename "$$target_dir" | sed 's/target_//' | sed 's/b//'); \
-		echo "Generating parameters for $${size}b with ROM length 5..."; \
-		cargo +nightly run --release -- "$$target_dir/artifacts" "$${size}b" "5" || exit 1; \
+		echo "Generating parameters for $${size}b with ROM length 20..."; \
+		cargo +nightly run --release -- "$$target_dir/artifacts" "$${size}b" "20" || exit 1; \
 	done
 
 .PHONY: check

README.md

@@ -16,7 +16,7 @@
 `web-prover-circuits` is a project focused on implementing parsers and extractors/selective-disclosure for various data formats inside zero-knowledge circuits.
 Specifically, these are designed to be used in an NIVC folding scheme.
 Currently, our program layout looks like this:
-![v0.7.5](docs/images/v0.7.5.png)
+![v0.9.0](docs/images/v0.9.0.png)
 
 ## Repository Structure
 

builds/target_1024b/http_verification_1024b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/http/verification.circom";
 
-component main { public [step_in] } = HTTPVerification(1024, 25);
+component main { public [step_in] } = HTTPVerification(1024, 25, 11);

builds/target_1024b/json_extraction_1024b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/json/extraction.circom";
 
-component main { public [step_in] } = JSONExtraction(1024, 10);
+component main { public [step_in] } = JSONExtraction(1024, 10, 11);

builds/target_1024b/plaintext_authentication_1024b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/chacha20/authentication.circom";
 
-component main { public [step_in] } = PlaintextAuthentication(1024);
+component main { public [step_in] } = PlaintextAuthentication(1024, 11);

builds/target_512b/http_verification_512b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/http/verification.circom";
 
-component main { public [step_in] } = HTTPVerification(512, 10);
+component main { public [step_in] } = HTTPVerification(512, 10, 11);

builds/target_512b/json_extraction_512b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/json/extraction.circom";
 
-component main { public [step_in] } = JSONExtraction(512, 10);
+component main { public [step_in] } = JSONExtraction(512, 10, 11);

builds/target_512b/plaintext_authentication_512b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/chacha20/authentication.circom";
 
-component main { public [step_in] } = PlaintextAuthentication(512);
+component main { public [step_in] } = PlaintextAuthentication(512, 11);

circuits/chacha20/authentication.circom

@@ -24,7 +24,7 @@ include "circomlib/circuits/poseidon.circom";
 // | # | N | N | N |
 // +---+---+---+---+
 // paramaterized by `DATA_BYTES` which is the plaintext length in bytes
-template PlaintextAuthentication(DATA_BYTES) {
+template PlaintextAuthentication(DATA_BYTES, PUBLIC_IO_LENGTH) {
   // key => 8 32-bit words = 32 bytes
   signal input key[8][32];
   // nonce => 3 32-bit words = 12 bytes
@@ -37,13 +37,12 @@ template PlaintextAuthentication(DATA_BYTES) {
   signal input plaintext[DATA_BYTES];
 
   signal input ciphertext_digest;
-  signal input plaintext_index_counter;
 
   // step_in should be the ciphertext digest + the HTTP digests + JSON seq digest
-  signal input step_in[1];
+  signal input step_in[PUBLIC_IO_LENGTH];
 
   // step_out should be the plaintext digest
-  signal output step_out[1];
+  signal output step_out[PUBLIC_IO_LENGTH];
 
   signal isPadding[DATA_BYTES]; // == 1 in the case we hit padding number
   signal plaintextBits[DATA_BYTES / 4][32];
@@ -145,13 +144,47 @@ template PlaintextAuthentication(DATA_BYTES) {
     }
   }
 
+  // for (var i = 0 ; i < DATA_BYTES ; i++) {
+  //   log("bigEndianCiphertext[",i,"]", bigEndianCiphertext[i]);
+  // }
+
+  // Count the number of non-padding bytes
+  signal ciphertext_digest_pow[DATA_BYTES+1];
+  ciphertext_digest_pow[0] <== step_in[1];
+  signal mult_factor[DATA_BYTES];
+  // Sets any padding bytes to zero (which are presumably at the end) so they don't accum into the poly hash
   signal zeroed_plaintext[DATA_BYTES];
   for(var i = 0 ; i < DATA_BYTES ; i++) {
-     // Sets any padding bytes to zero (which are presumably at the end) so they don't accum into the poly hash
     zeroed_plaintext[i] <== (1 - isPadding[i]) * plaintext[i];
+    mult_factor[i] <== (1 - isPadding[i]) * ciphertext_digest + isPadding[i];
+    ciphertext_digest_pow[i+1] <== ciphertext_digest_pow[i] * mult_factor[i];
+  }
+  signal part_ciphertext_digest <== DataHasherWithSeed(DATA_BYTES)(step_in[10],bigEndianCiphertext);
+
+  // log("part_ciphertext_digest: ", part_ciphertext_digest);
+
+  signal plaintext_digest   <== PolynomialDigestWithCounter(DATA_BYTES)(zeroed_plaintext, ciphertext_digest, step_in[1]);
+
+  // log("plaintext_digest: ", plaintext_digest);
+
+  step_out[0] <== step_in[0] + step_in[10] - part_ciphertext_digest + plaintext_digest;
+  step_out[1] <== ciphertext_digest_pow[DATA_BYTES];
+  // TODO: I was lazy and put this at the end instead of in a better spot
+  step_out[10] <== part_ciphertext_digest;
+
+  // reset HTTP Verification inputs
+  step_out[2] <== step_in[2]; // Ciphertext digest POW accumulator
+  step_out[3] <== 1; // Machine state hash digest
+  for (var i = 4 ; i < PUBLIC_IO_LENGTH - 1 ; i++) {
+    if (i == 6) {
+      step_out[i] <== 0; // Body ciphertext digest pow counter
+    } else {
+      step_out[i] <== step_in[i];
+    }
   }
-  signal part_ciphertext_digest <== DataHasher(DATA_BYTES)(bigEndianCiphertext);
-  signal plaintext_digest   <== PolynomialDigestWithCounter(DATA_BYTES)(zeroed_plaintext, ciphertext_digest, plaintext_index_counter);
 
-  step_out[0] <== step_in[0] - part_ciphertext_digest + plaintext_digest;
+  // for (var i = 0; i < PUBLIC_IO_LENGTH ; i++) {
+  //   log("step_out[",i,"]", step_out[i]);
+  // }
+  // log("xxxxxx Authentication Done xxxxxx");
 }