A simple GM Halo2 circuit for testing

.github/workflows/static-analysis.yaml

@@ -18,6 +18,19 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Clone submodules
+        run: git submodule update --init --recursive
+
+      - name: Set Git Identity
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "[email protected]"
+
+      - name: Apply Patch Changes to the submodule
+        run: |
+          cd packages/probabilistic-encryption
+          git apply ../../submodules-changes.patch
+
       - uses: actions/setup-python@v4
 
       - name: Install Rust toolchain 1.74 (with clippy and rustfmt)
@@ -27,4 +40,4 @@ jobs:
         uses: pre-commit/[email protected]
         with:
           extra_args: --all-files
-
+

.github/workflows/test-coverage.yaml

@@ -15,6 +15,19 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
+      - name: Clone submodules
+        run: git submodule update --init --recursive
+
+      - name: Set Git Identity
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "[email protected]"
+
+      - name: Apply Patch Changes to the submodule
+        run: |
+          cd packages/probabilistic-encryption
+          git apply ../../submodules-changes.patch
+
       - name: Install Rust toolchain 1.74
         run: rustup toolchain install nightly-2023-12-21
 
@@ -25,7 +38,7 @@ jobs:
         run: cargo llvm-cov --all-features --workspace --html --output-dir=target/llvm-cov/html
 
       - name: Upload coverage report
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: coverage-report
           path: target/llvm-cov/html

.github/workflows/test.yaml

@@ -18,6 +18,19 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Clone submodules
+        run: git submodule update --init --recursive
+
+      - name: Set Git Identity
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "[email protected]"
+
+      - name: Apply Patch Changes to the submodule
+        run: |
+          cd packages/probabilistic-encryption
+          git apply ../../submodules-changes.patch
+
       - uses: actions/setup-python@v4
 
       - name: Install Rust toolchain 1.74 (with clippy and rustfmt)

.gitignore

@@ -13,3 +13,6 @@ Cargo.lock
 # Added by cargo
 
 /target
+
+# Vscode
+.vscode

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "packages/probabilistic-encryption"]
+	path = packages/probabilistic-encryption
+	url = https://github.com/crodriguezvega/probabilisticpubkey

Cargo.toml

@@ -5,6 +5,7 @@ resolver = "2"
 members = [
     "packages/circuits",
     "packages/cli",
+    "packages/probabilistic-encryption"
 ]
 
 # Dev / testing mode. We make opt-level = 3 to improve proving times (otherwise it is really slow)

README.md

@@ -1,7 +1,5 @@
 # ZK Auction Toolkit
-> This project is using [axiom-crypto/halo2-scaffold](https://github.com/axiom-crypto/halo2-scaffold) template. 
-
-This repository is intended to provide a playground for you to easily start writing a ZK circuit using the Halo2 proving stack.
+This is a Rust toolkit for building ZK-Snark circuits for applying Zero-knowledge primitives in several kinds of auctions (First-bid, Second-bid, English, Dutch, and SEAL). That governs bidders anonymity, decentralization, and integrity. 
 
 ## Setup
 
@@ -17,108 +15,34 @@ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
 npm install -g @commitlint/cli @commitlint/config-conventional
 ```
 
-## Quick start with `halo2-lib`
-
-To write your first ZK circuit, copy [`examples/halo2_lib.rs`](examples/halo2_lib.rs) to a new file in `examples` directory. Now you can fill in the `some_function_in_zk` function with your desired computation.
-
-We provide some examples of how to write these functions:
-
-- [`examples/halo2_lib.rs`](examples/halo2_lib.rs): Takes in an input `x` and computes `x**2 + 27` in several different ways.
-- [`examples/range.rs`](examples/range.rs): Takes in an input `x` and checks if `x` is in `[0, 2**64)`.
-- [`examples/poseidon.rs`](examples/poseidon.rs): Takes in two inputs `x, y` and computes the Poseidon hash of `[x, y]`. We recommend skipping this example on first pass unless you explicitly need to use the Poseidon hash function for something.
-
-These examples use the [halo2-lib](https://github.com/axiom-crypto/halo2-lib/) API, which is a frontend API we wrote to aid in ZK circuit development on top of the original `halo2_proofs` API. This API is designed to be easier to use for ZK beginners and improve development velocity for all ZK developers.
-
-For a walkthrough of these examples, see [this doc](https://docs.axiom.xyz/zero-knowledge-proofs/getting-started-with-halo2).
-
-To explore all the functions available in the halo2-lib API, see this [list](https://docs.axiom.xyz/zero-knowledge-proofs/getting-started-with-halo2#available-api-functions).
-
-Below we go over the available ZK commands that can be run on your circuit. They work on each of the examples above, replacing the name `halo2_lib` below with `<Example Name>`.
-
-### Mock Prover
-
-After writing your circuit, run the mock prover using
-
-```bash
-cargo run --example halo2_lib -- --name halo2_lib -k <DEGREE> mock # for example, DEGREE=8
-```
-
-where `--name` can be used to specify any name for your circuit. By default, the program will try to read in the input as a JSON from [`data/halo2_lib.in`](data/halo2_lib.in). A different input path can be specified with option `--input filename.in` which is expected to be located at `data/filename.in`.
-
-The `MockProver` does not run the cryptographic prover on your circuit, but instead directly checks if constraints are satisfied. This is useful for testing purposes, and runs faster than the actual prover.
-
-Here `DEGREE` is a variable you specify to set the circuit to have `2^DEGREE` number of rows. The halo2-lib API will automatically allocate columns for the optimal circuit that fits within the specified number of rows. See [here](https://docs.axiom.xyz/zero-knowledge-proofs/getting-started-with-halo2#cost-modeling) for a discussion of how to think about the row vs. column tradeoff in a Halo2 circuit. _Note:_ The last ~9 rows of a circuit are reserved for the proof system (blinding factors to ensure zero-knowledge).
-
-If you want to see the statistics for what is actually being auto-configured in the circuit, you can run
-
-```bash
-RUST_LOG=info cargo run --example halo2_lib -- --name halo2_lib -k <DEGREE> mock
-```
-
-### Key generation
-
-To generate a random universal trusted setup (for testing only!) and the proving and verifying keys for your circuit, run
+### Submodules
+#### 1. Clone a Submodule
 
 ```bash
-cargo run --example halo2_lib -- --name halo2_lib -k <DEGREE> --input halo2_lib.0.in keygen
+git submodule update --init --recursive 
 ```
 
-For technical reasons (to be removed in the future), keygen still requires an input file of the correct format. However keygen is only done once per circuit, so it is best practice to use a different input than the input you want to test with.
-
-This will generate a proving key `data/halo2_lib.pk` and a verifying key `data/halo2_lib.vk`. It will also generate a file `configs/halo2_lib.json` which describes (and pins down) the configuration of the circuit. This configuration file is later read by the prover.
-
-### Proof generation
-
-After you have generated the proving and verifying keys, you can generate a proof for your circuit using
-
+#### 2. Applying Patch Changes
+- Ensure a clean work directory before applying any patches, by using `git status`.
+- If there any uncommitted changes, either commit them or stash them using `git stash`.
+- Apply the patch changes by using ``
 ```bash
-cargo run --example halo2_lib -- --name halo2_lib -k <DEGREE> prove
+# pwd: packages/probabilistic-encryption
+git apply ../../submodules-changes.patch
 ```
 
-This creates a SNARK proof, stored as a binary file `data/halo2_lib.snark`, using the inputs read (by default) from `data/halo2_lib.in`. You can specify a different input file with the option `--input filename.in`, which would look for a file at `data/filename.in`.
-
-Using the same proving key, you can generate proofs for the same ZK circuit on _different_ inputs using this command.
-
-### Verifying a proof
-
-You can verify the proof generated above using
-
+#### 3. Making changes in a Submodule
+- Navigate to the submodule directory:
 ```bash
-cargo run --example halo2_lib -- --name halo2_lib -k <DEGREE> verify
+cd packages/probabilistic-encryption
 ```
-
-## Range checks
-
-It is often necessary to use functions that involve checking that a certain field element has a certain number of bits. While there are ways to do this by computing the full bit decomposition, it is more efficient in Halo2 to use a lookup table. We provide a `RangeChip` that has this functionality built in (together with various other functions: see the trait [`RangeInstructions`](https://axiom-crypto.github.io/halo2-lib/halo2_base/gates/range/trait.RangeInstructions.html) which `RangeChip` implements).
-
-You can find an example of how to use `RangeChip` in [`range.rs`](examples/range.rs). To run this example, run
-
+- Make your changes.
+- Update the Patch File: To update the patch file with your new changes, generate a patch that includes all changes from the initial commit `0a6dd9e` to the current `HEAD`:
 ```bash
-LOOKUP_BITS=8 cargo run --example range -- --name range -k <DEGREE> <COMMAND>
+git diff > ../../submodules-changes.patch
 ```
-
-where `<COMMAND>` can be `mock`, `keygen`, `prove`, or `verify`.
-You can change `LOOKUP_BITS` to any number less than `DEGREE`. Internally, we use the lookup table to check that a number is in `[0, 2**LOOKUP_BITS)`. However in the external `RangeInstructions::range_check` function, we have some additional logic that allows you to check that a number is in `[0, 2**bits)` for _any_ number of bits `bits`. For example, in the `range.rs` example, we check that an input is in `[0, 2**64)`. This works regardless of what `LOOKUP_BITS` is set to.
-
-## Using the vanilla Halo2 API
-
-**Note:** If you just want to get started writing a circuit, we recommend skipping this section and focusing on the section [above](#quick-start-with-halo2-lib) instead.
-
-For documentation on the vanilla Halo2 API, see the [halo2 book](https://zcash.github.io/halo2/index.html) as well as the [rustdocs](https://axiom-crypto.github.io/halo2/halo2_proofs/).
-
-To see the basic scaffolding needed to begin writing a circuit using the raw Halo2 API, see the examples in the [`vanilla_circuits`](src/vanilla_circuits/) directory. We recommend looking at the examples in this order:
-
-- [OR gate](src/vanilla_circuits/or.rs): creates a "custom" OR gate and then writes a circuit to compute logical OR of two bits.
-- [Standard PLONK](src/vanilla_circuits/standard_plonk.rs): creates a circuit that implements the standard PLONK gate.
-- [Is Zero](src/vanilla_circuits/is_zero.rs): creates a circuit that performs the computation `x -> x == 0 ? 1 : 0`.
-
-To run the mock prover on for example the `or.rs` circuit for testing purposes, run
-
+#### 4. Additional Notes
+- Checking Submodule Status:
 ```bash
-cargo test -- --nocapture test_or
+git submodule status
 ```
-
-where `--nocapture` tells rust to display any stdout outputs (by default tests omit stdout).
-This performs witness generation on the circuit and checks that the constraints you imposed are satisfied. This does _not_ run the actual cryptographic operations behind a ZK proof. As a result, the mock prover is much faster than the actual prover, and should be used first for all debugging purposes.
-
-You can replace `test_or` with `test_standard_plonk` or `test_is_zero_zero` or `test_is_zero_random` to run the mock prover on the other circuits.

packages/circuits/Cargo.toml

@@ -4,21 +4,26 @@ version = "0.3.0"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[lib]
+crate-type = ["lib", "cdylib"]
 
 [dependencies]
+anyhow = "1.0.81"
 env_logger = "=0.10"
 serde = { version = "=1.0", default-features = false, features = ["derive"] }
 serde_json = "=1.0"
 rand = "=0.8"
 clap = { version = "=4.0", features = ["derive"] }
 clap-num = "=1.0.2"
 cli = { path = "../cli" }
+probabilistic-encryption = { path = "../probabilistic-encryption" }
+num-bigint = "0.4.4"
 
 # halo2
-halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_02_02" }
-
-# Axiom's helper API with basic functions
-halo2-base = { git = "https://github.com/axiom-crypto/halo2-lib", branch = "community-edition" }
+halo2-ecc = { version = "0.4.1", default-features = false, features = ["halo2-axiom"] }
+halo2-base = { version = "0.4.1", default-features = false, features = ["halo2-axiom"] }
+halo2-wasm = { version = "0.3.4" }
+wasm-bindgen = "0.2.89"
 snark-verifier-sdk = { git = "https://github.com/axiom-crypto/snark-verifier.git", branch = "community-edition" }
 
 [dev-dependencies]

packages/circuits/configs/gm_encryption.config

@@ -0,0 +1,8 @@
+{
+  "k": 15,
+  "numAdvice": 34,
+  "numLookupAdvice": 3,
+  "numInstance": 1,
+  "numLookupBits": 14,
+  "numVirtualInstance": 0
+}