Merge pull request #11411 from MinaProtocol/feature/check-public-input-length-kimchi

Update proof-systems to check public input length

Author: mrmr1993

src/lib/crypto/kimchi_bindings/js/bindings.js

@@ -1523,25 +1523,27 @@ var caml_plonk_verifier_index_of_rust = function(x, affine_class) {
     var domain = caml_plonk_domain_of_rust(x.domain);
     var max_poly_size = x.max_poly_size;
     var max_quot_size = x.max_quot_size;
+    var public_ = x.public_;
     var srs = free_on_finalize(x.srs);
     var evals = caml_plonk_verification_evals_of_rust(x.evals, affine_class);
     var shifts = caml_plonk_verification_shifts_of_rust(x.shifts);
     // TODO: Handle linearization correctly!
     // var linearization = linearization_of_rust(x.linearization, affine_class);
     var lookup_index = None;
     x.free();
-    return [0, domain, max_poly_size, max_quot_size, srs, evals, shifts, None];
+    return [0, domain, max_poly_size, max_quot_size, public_, srs, evals, shifts, None];
 };
 // Provides: caml_plonk_verifier_index_to_rust
 // Requires: caml_plonk_domain_to_rust, caml_plonk_verification_evals_to_rust, caml_plonk_verification_shifts_to_rust, free_finalization_registry
 var caml_plonk_verifier_index_to_rust = function(x, klass, domain_class, verification_evals_class, poly_comm_class, mk_affine, verification_shifts_class) {
     var domain = caml_plonk_domain_to_rust(x[1], domain_class);
     var max_poly_size = x[2];
     var max_quot_size = x[3];
-    var srs = x[4];
-    var evals = caml_plonk_verification_evals_to_rust(x[5], verification_evals_class, poly_comm_class, mk_affine);
-    var shifts = caml_plonk_verification_shifts_to_rust(x[6], verification_shifts_class);
-    return new klass(domain, max_poly_size, max_quot_size, srs, evals, shifts);
+    var public_ = x[4];
+    var srs = x[5];
+    var evals = caml_plonk_verification_evals_to_rust(x[6], verification_evals_class, poly_comm_class, mk_affine);
+    var shifts = caml_plonk_verification_shifts_to_rust(x[7], verification_shifts_class);
+    return new klass(domain, max_poly_size, max_quot_size, public_, srs, evals, shifts);
 };
 
 

src/lib/crypto/kimchi_bindings/stubs/kimchi_types.ml

@@ -171,6 +171,7 @@ module VerifierIndex = struct
     { domain : 'fr domain
     ; max_poly_size : int
     ; max_quot_size : int
+    ; public : int
     ; srs : 'srs
     ; evals : 'poly_comm verification_evals
     ; shifts : 'fr array

src/lib/crypto/kimchi_bindings/stubs/src/pasta_fp_plonk_verifier_index.rs

@@ -29,6 +29,7 @@ impl From<VerifierIndex<GAffine>> for CamlPastaFpPlonkVerifierIndex {
             },
             max_poly_size: vi.max_poly_size as isize,
             max_quot_size: vi.max_quot_size as isize,
+            public: vi.public as isize,
             srs: CamlFpSrs(vi.srs.get().expect("have an srs").clone()),
             evals: CamlPlonkVerificationEvals {
                 sigma_comm: vi.sigma_comm.to_vec().iter().map(Into::into).collect(),
@@ -88,6 +89,7 @@ impl From<CamlPastaFpPlonkVerifierIndex> for VerifierIndex<GAffine> {
             domain,
             max_poly_size: index.max_poly_size as usize,
             max_quot_size: index.max_quot_size as usize,
+            public: index.public as usize,
             powers_of_alpha,
             srs: {
                 let res = once_cell::sync::OnceCell::new();
@@ -230,6 +232,7 @@ pub fn caml_pasta_fp_plonk_verifier_index_dummy() -> CamlPastaFpPlonkVerifierInd
         },
         max_poly_size: 0,
         max_quot_size: 0,
+        public: 0,
         srs: CamlFpSrs::new(SRS::create(0)),
         evals: CamlPlonkVerificationEvals {
             sigma_comm: vec_comm(PERMUTS),

src/lib/crypto/kimchi_bindings/stubs/src/pasta_fq_plonk_verifier_index.rs

@@ -29,6 +29,7 @@ impl From<VerifierIndex<GAffine>> for CamlPastaFqPlonkVerifierIndex {
             },
             max_poly_size: vi.max_poly_size as isize,
             max_quot_size: vi.max_quot_size as isize,
+            public: vi.public as isize,
             srs: CamlFqSrs(vi.srs.get().expect("have an srs").clone()),
             evals: CamlPlonkVerificationEvals {
                 sigma_comm: vi.sigma_comm.to_vec().iter().map(Into::into).collect(),
@@ -88,6 +89,7 @@ impl From<CamlPastaFqPlonkVerifierIndex> for VerifierIndex<GAffine> {
             domain,
             max_poly_size: index.max_poly_size as usize,
             max_quot_size: index.max_quot_size as usize,
+            public: index.public as usize,
             powers_of_alpha,
             srs: {
                 let res = once_cell::sync::OnceCell::new();
@@ -230,6 +232,7 @@ pub fn caml_pasta_fq_plonk_verifier_index_dummy() -> CamlPastaFqPlonkVerifierInd
         },
         max_poly_size: 0,
         max_quot_size: 0,
+        public: 0,
         srs: CamlFqSrs::new(SRS::create(0)),
         evals: CamlPlonkVerificationEvals {
             sigma_comm: vec_comm(PERMUTS),

src/lib/crypto/kimchi_bindings/stubs/src/plonk_verifier_index.rs

@@ -144,6 +144,7 @@ pub struct CamlPlonkVerifierIndex<Fr, SRS, PolyComm> {
     pub domain: CamlPlonkDomain<Fr>,
     pub max_poly_size: ocaml::Int,
     pub max_quot_size: ocaml::Int,
+    pub public: ocaml::Int,
     pub srs: SRS,
     pub evals: CamlPlonkVerificationEvals<PolyComm>,
     pub shifts: Vec<Fr>,

src/lib/crypto/kimchi_bindings/wasm/src/plonk_verifier_index.rs

@@ -224,6 +224,7 @@ macro_rules! impl_verification_key {
                 pub domain: WasmDomain,
                 pub max_poly_size: i32,
                 pub max_quot_size: i32,
+                pub public_: i32,
                 #[wasm_bindgen(skip)]
                 pub srs: $WasmSrs,
                 #[wasm_bindgen(skip)]
@@ -240,6 +241,7 @@ macro_rules! impl_verification_key {
                     domain: &WasmDomain,
                     max_poly_size: i32,
                     max_quot_size: i32,
+                    public_: i32,
                     srs: &$WasmSrs,
                     evals: &WasmPlonkVerificationEvals,
                     shifts: &WasmShifts,
@@ -248,6 +250,7 @@ macro_rules! impl_verification_key {
                         domain: domain.clone(),
                         max_poly_size,
                         max_quot_size,
+                        public_,
                         srs: srs.clone(),
                         evals: evals.clone(),
                         shifts: shifts.clone(),
@@ -286,6 +289,7 @@ macro_rules! impl_verification_key {
                     },
                     max_poly_size: vi.max_poly_size as i32,
                     max_quot_size: vi.max_quot_size as i32,
+                    public_: vi.public as i32,
                     srs: srs.into(),
                     evals: WasmPlonkVerificationEvals {
                         sigma_comm: IntoIterator::into_iter(vi.sigma_comm).map(From::from).collect(),
@@ -359,6 +363,7 @@ macro_rules! impl_verification_key {
             pub fn of_wasm(
                 max_poly_size: i32,
                 max_quot_size: i32,
+                public_: i32,
                 log_size_of_group: i32,
                 srs: &$WasmSrs,
                 evals: &WasmPlonkVerificationEvals,
@@ -405,6 +410,7 @@ macro_rules! impl_verification_key {
                         endo: endo_q,
                         max_poly_size: max_poly_size as usize,
                         max_quot_size: max_quot_size as usize,
+                        public: public_ as usize,
                         zkpm: {
                             let res = once_cell::sync::OnceCell::new();
                             res.set(zk_polynomial(domain)).unwrap();
@@ -437,6 +443,7 @@ macro_rules! impl_verification_key {
                     of_wasm(
                         index.max_poly_size,
                         index.max_quot_size,
+                        index.public_,
                         index.domain.log_size_of_group,
                         &index.srs,
                         &index.evals,
@@ -575,6 +582,7 @@ macro_rules! impl_verification_key {
                     },
                     max_poly_size: 0,
                     max_quot_size: 0,
+                    public_: 0,
                     srs: $WasmSrs(Arc::new(SRS::create(0))),
                     evals: WasmPlonkVerificationEvals {
                         sigma_comm: vec_comm(PERMUTS),

src/lib/crypto/proof-systems

@@ -205,6 +205,11 @@ module Stable = struct
         in
         let log2_size = Import.Domain.log2_size d in
         let max_quot_size = Common.max_quot_size_int (Import.Domain.size d) in
+        let public =
+          let (T (input, conv, _conv_inv)) = Impls.Wrap.input () in
+          let (Typ typ) = input in
+          typ.size_in_field_elements
+        in
         (* we only compute the wrap_vk if the srs can be loaded *)
         let srs =
           try Some (Backend.Tock.Keypair.load_urs ()) with _ -> None
@@ -217,6 +222,7 @@ module Stable = struct
                   }
               ; max_poly_size = 1 lsl Nat.to_int Backend.Tock.Rounds.n
               ; max_quot_size
+              ; public
               ; srs
               ; evals =
                   (let g (x, y) =

src/lib/pickles/side_loaded_verification_key.ml

@@ -49,6 +49,7 @@ module Verifier_index_json = struct
     { domain : 'fr domain
     ; max_poly_size : int
     ; max_quot_size : int
+    ; public : int
     ; srs : 'sRS
     ; evals : 'polyComm verification_evals
     ; shifts : 'fr array
@@ -120,12 +121,18 @@ module Stable = struct
         let log2_size = Int.ceil_log2 d.constraints in
         let d = Domain.Pow_2_roots_of_unity log2_size in
         let max_quot_size = Common.max_quot_size_int (Domain.size d) in
+        let public =
+          let (T (input, conv, _conv_inv)) = Impls.Wrap.input () in
+          let (Typ typ) = input in
+          typ.size_in_field_elements
+        in
         { domain =
             { log_size_of_group = log2_size
             ; group_gen = Backend.Tock.Field.domain_generator log2_size
             }
         ; max_poly_size = 1 lsl Nat.to_int Rounds.Wrap.n
         ; max_quot_size
+        ; public
         ; srs
         ; evals =
             (let g (x, y) =