Direct public input updated#21

NilFoundation · Oct 4, 2023 · c17bef5 · c17bef5
1 parent fe5bbb7
commit c17bef5
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 16 deletions.
diff --git a/include/nil/blueprint/transpiler/evm_verifier_gen.hpp b/include/nil/blueprint/transpiler/evm_verifier_gen.hpp
@@ -192,6 +192,9 @@ namespace nil {
 
                 _permutation_offset = _variable_values_offset;
                 for( std::size_t i = 0; i < PlaceholderParams::arithmetization_params::witness_columns + PlaceholderParams::arithmetization_params::public_input_columns; i++){
+                    if(i == PlaceholderParams::arithmetization_params::witness_columns){
+                        _public_input_offset = _permutation_offset;
+                    }
                     _permutation_offset += 0x20 * (_common_data.columns_rotations[i].size());
                 }
 
@@ -398,6 +401,7 @@ namespace nil {
                 reps["$PERMUTATION_SIZE$"] = to_string(_permutation_size);
                 reps["$SPECIAL_SELECTORS_OFFSET$"] = to_string(_special_selectors_offset);
                 reps["$TABLE_Z_OFFSET$"] = to_string(_table_z_offset);
+                reps["$PUBLIC_INPUT_OFFSET$"] = to_string(_public_input_offset);
                 reps["$PERMUTATION_TABLE_OFFSET$"] = to_string(_permutation_offset);
                 reps["$QUOTIENT_OFFSET$"] = to_string(_quotient_offset);
                 reps["$ROWS_AMOUNT$"] = to_string(_common_data.rows_amount);
@@ -435,6 +439,7 @@ namespace nil {
             std::size_t _variable_values_offset;
             std::size_t _permutation_offset;
             std::size_t _quotient_offset;
+            std::size_t _public_input_offset;
             variable_indices_type _var_indices;
 
             std::string _gate_includes;

diff --git a/include/nil/blueprint/transpiler/templates/commitment_scheme.hpp b/include/nil/blueprint/transpiler/templates/commitment_scheme.hpp
@@ -580,7 +580,6 @@ library modular_commitment_scheme_$TEST_NAME$ {
             
             unchecked{i++;}
         }
-        console.log("EVALUATION PROOF verified");
         return true;
     }
 }        

diff --git a/include/nil/blueprint/transpiler/templates/modular_verifier.hpp b/include/nil/blueprint/transpiler/templates/modular_verifier.hpp
@@ -82,7 +82,6 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
         address gate_argument_address,
         address commitment_contract_address
     ) public{
-        console.log("Initialize");
         types.transcript_data memory tr_state;
         transcript.init_transcript(tr_state, hex"");
         transcript.update_transcript_b32(tr_state, vk1);
@@ -104,28 +103,77 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
         uint256 Z_at_xi;
         uint256 l0;
         uint256[f_parts] F;
+        uint256 gas;
+        bool b;
+    }
+
+    // Public input columns
+    function public_input_direct(bytes calldata blob, uint256[] calldata public_input, verifier_state memory state) internal view 
+    returns (bool check){
+        check = true;
+
+        uint256 result = 0;
+        uint256 Omega = 1;
+
+        for(uint256 i = 0; i < public_input.length;){
+            if( public_input[i] != 0){
+                uint256 L = mulmod(
+                    Omega,
+                    field.inverse_static(
+                        addmod(state.xi, modulus - Omega, modulus),
+                        modulus
+                    ),
+                    modulus
+                );
+                    
+                result = addmod(
+                    result, 
+                    mulmod(
+                        public_input[i], L, modulus
+                    ), 
+                    modulus
+                );
+            }
+            Omega = mulmod(Omega, omega, modulus);
+            unchecked{i++;}
+        }
+        result = mulmod(
+            result, addmod(field.pow_small(state.xi, rows_amount, modulus), modulus - 1, modulus), modulus
+        );
+        result = mulmod(result, field.inverse_static(rows_amount, modulus), modulus);
+
+        // Input is proof_map.eval_proof_combined_value_offset
+        if( result != basic_marshalling.get_uint256_be(
+            blob, $PUBLIC_INPUT_OFFSET$
+        )) check = false;
     }
 
     function verify(
-        bytes calldata blob
+        bytes calldata blob,
+        uint256[] calldata public_input
     ) public view{
         verifier_state memory state;
-        uint256 gas = gasleft();
-        uint256 xi = basic_marshalling.get_uint256_be(blob, $EVAL_PROOF_OFFSET$);
-        state.Z_at_xi = addmod(field.pow_small(xi, rows_amount, modulus), modulus-1, modulus);
+        state.b = true;
+        state.gas = gasleft();
+        state.xi = basic_marshalling.get_uint256_be(blob, $EVAL_PROOF_OFFSET$);
+        state.Z_at_xi = addmod(field.pow_small(state.xi, rows_amount, modulus), modulus-1, modulus);
         state.l0 = mulmod(
             state.Z_at_xi, 
-            field.inverse_static(mulmod(addmod(xi, modulus - 1, modulus), rows_amount, modulus), modulus), 
+            field.inverse_static(mulmod(addmod(state.xi, modulus - 1, modulus), rows_amount, modulus), modulus), 
             modulus
         );
 
-        //0. Check proof size
-        // No direct public input
+        //0. Direct public input check
+        if(public_input.length > 0) {
+            if (!public_input_direct(blob[$TABLE_Z_OFFSET$:$TABLE_Z_OFFSET$+$QUOTIENT_OFFSET$], public_input, state)) {
+                console.log("Wrong public input!");
+                state.b = false;
+            }
+        }
 
         //1. Init transcript        
         types.transcript_data memory tr_state;
         tr_state.current_challenge = transcript_state;
-        // TODO: Just do something with it
 
         {
             //2. Push variable_values commitment to transcript
@@ -167,7 +215,6 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
             transcript.update_transcript_b32_by_offset_calldata(tr_state, blob, 0x59);
         }
 
-        bool b = true;
         //8. Commitment scheme verify_eval
         {
 //            ICommitmentScheme commitment_scheme = ICommitmentScheme(_commitment_contract_address);
@@ -178,10 +225,10 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
                 unchecked{i++;}
             }
             if(!modular_commitment_scheme_$TEST_NAME$.verify_eval(
-                blob[z_offset - 0x8:], commitments, xi, tr_state.current_challenge
+                blob[z_offset - 0x8:], commitments, state.xi, tr_state.current_challenge
             )) {
                 console.log("Error from commitment scheme!");
-                b = false;
+                state.b = false;
             }
         }
 
@@ -200,12 +247,12 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
             }
             if( F_consolidated != mulmod(T_consolidated, state.Z_at_xi, modulus) ) {
                 console.log("Error. Table does't satisfy constraint system");
-                b = false;
+                state.b = false;
             }
-            if(b) console.log("SUCCESS!"); else console.log("FAILURE!");
+            if(state.b) console.log("SUCCESS!"); else console.log("FAILURE!");
         }
 
-        console.log("Gas for verification:", gas-gasleft());
+        console.log("Gas for verification:", state.gas-gasleft());
     }
 }            
         )";