diff --git a/.gitignore b/.gitignore index 561a1d5b..d8948787 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,7 @@ Cargo.lock # Circom generated files -folding-schemes/src/frontend/circom/test_folder/cubic_circuit_js/ -folding-schemes/src/frontend/circom/test_folder/external_inputs_js/ +folding-schemes/src/frontend/circom/test_folder/*_js/ *.r1cs *.sym diff --git a/examples/circom_full_flow.rs b/examples/circom_full_flow.rs index 5b3174d7..71d0ed90 100644 --- a/examples/circom_full_flow.rs +++ b/examples/circom_full_flow.rs @@ -56,10 +56,11 @@ fn main() { ]; // initialize the Circom circuit - let r1cs_path = - PathBuf::from("./folding-schemes/src/frontend/circom/test_folder/external_inputs.r1cs"); + let r1cs_path = PathBuf::from( + "./folding-schemes/src/frontend/circom/test_folder/with_external_inputs.r1cs", + ); let wasm_path = PathBuf::from( - "./folding-schemes/src/frontend/circom/test_folder/external_inputs_js/external_inputs.wasm", + "./folding-schemes/src/frontend/circom/test_folder/with_external_inputs_js/with_external_inputs.wasm", ); let f_circuit_params = (r1cs_path, wasm_path, 1, 2); diff --git a/folding-schemes/Cargo.toml b/folding-schemes/Cargo.toml index 964a633d..d55b8e5c 100644 --- a/folding-schemes/Cargo.toml +++ b/folding-schemes/Cargo.toml @@ -14,7 +14,7 @@ ark-relations = { version = "^0.4.0", default-features = false } ark-r1cs-std = { version = "0.4.0", default-features = false } # this is patched at the workspace level ark-snark = { version = "^0.4.0"} ark-serialize = "^0.4.0" -ark-circom = { git = "https://github.com/arnaucube/circom-compat.git" } +ark-circom = { git = "https://github.com/arnaucube/circom-compat" } thiserror = "1.0" rayon = "1.7.0" num-bigint = "0.4" diff --git a/folding-schemes/src/frontend/circom/mod.rs b/folding-schemes/src/frontend/circom/mod.rs index dd496ff5..6d055558 100644 --- a/folding-schemes/src/frontend/circom/mod.rs +++ b/folding-schemes/src/frontend/circom/mod.rs @@ -1,3 +1,6 @@ +use crate::frontend::FCircuit; +use crate::frontend::FpVar::Var; +use crate::Error; use ark_circom::circom::{CircomCircuit, R1CS as CircomR1CS}; use ark_ff::PrimeField; use ark_r1cs_std::alloc::AllocVar; @@ -8,9 +11,6 @@ use ark_std::fmt::Debug; use num_bigint::BigInt; use std::path::PathBuf; -use crate::frontend::FCircuit; -use crate::Error; - pub mod utils; use utils::CircomWrapper; @@ -97,11 +97,11 @@ impl FCircuit for CircomFCircuit { #[cfg(test)] assert_eq!(external_inputs.len(), self.external_inputs_len()); - let input_values = self.fpvars_to_bigints(z_i)?; + let input_values = self.fpvars_to_bigints(&z_i)?; let mut inputs_map = vec![("ivc_input".to_string(), input_values)]; if self.external_inputs_len() > 0 { - let external_inputs_bi = self.fpvars_to_bigints(external_inputs)?; + let external_inputs_bi = self.fpvars_to_bigints(&external_inputs)?; inputs_map.push(("external_inputs".to_string(), external_inputs_bi)); } @@ -110,20 +110,32 @@ impl FCircuit for CircomFCircuit { .extract_witness(&inputs_map) .map_err(|_| SynthesisError::AssignmentMissing)?; + // Since public inputs are already allocated variables, we will tell `circom-compat` to not re-allocate those + let mut already_allocated_public_inputs = vec![]; + for var in z_i.iter() { + match var { + Var(var) => already_allocated_public_inputs.push(var.variable), + _ => return Err(SynthesisError::Unsatisfiable), // allocated z_i should be Var + } + } + // Initializes the CircomCircuit. let circom_circuit = CircomCircuit { r1cs: self.r1cs.clone(), witness: Some(witness.clone()), - inputs_already_allocated: true, + public_inputs_indexes: already_allocated_public_inputs, + allocate_inputs_as_witnesses: true, }; // Generates the constraints for the circom_circuit. circom_circuit.generate_constraints(cs.clone())?; + // TODO: https://github.com/privacy-scaling-explorations/sonobe/issues/104 + // We disable checking constraints for now // Checks for constraint satisfaction. - if !cs.is_satisfied().unwrap() { - return Err(SynthesisError::Unsatisfiable); - } + // if !cs.is_satisfied().unwrap() { + // return Err(SynthesisError::Unsatisfiable); + // } // Extracts the z_i1(next state) from the witness vector. let z_i1: Vec> = Vec::>::new_witness(cs.clone(), || { @@ -135,7 +147,7 @@ impl FCircuit for CircomFCircuit { } impl CircomFCircuit { - fn fpvars_to_bigints(&self, fpVars: Vec>) -> Result, SynthesisError> { + fn fpvars_to_bigints(&self, fpVars: &[FpVar]) -> Result, SynthesisError> { let mut input_values = Vec::new(); // converts each FpVar to PrimeField value, then to num_bigint::BigInt. for fp_var in fpVars.iter() { @@ -154,7 +166,7 @@ impl CircomFCircuit { #[cfg(test)] pub mod tests { use super::*; - use ark_pallas::Fr; + use ark_bn254::Fr; use ark_r1cs_std::alloc::AllocVar; use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystem}; @@ -186,8 +198,6 @@ pub mod tests { let z_i = vec![Fr::from(3u32)]; let z_i_var = Vec::>::new_witness(cs.clone(), || Ok(z_i)).unwrap(); - - let cs = ConstraintSystem::::new_ref(); let z_i1_var = circom_fcircuit .generate_step_constraints(cs.clone(), 1, z_i_var, vec![]) .unwrap(); @@ -222,32 +232,77 @@ pub mod tests { #[test] fn test_circom_external_inputs() { - let r1cs_path = PathBuf::from("./src/frontend/circom/test_folder/external_inputs.r1cs"); + let r1cs_path = + PathBuf::from("./src/frontend/circom/test_folder/with_external_inputs.r1cs"); let wasm_path = PathBuf::from( - "./src/frontend/circom/test_folder/external_inputs_js/external_inputs.wasm", + "./src/frontend/circom/test_folder/with_external_inputs_js/with_external_inputs.wasm", ); - let circom_fcircuit = CircomFCircuit::::new((r1cs_path, wasm_path, 1, 2)).unwrap(); // state_len:1, external_inputs_len:2 - let cs = ConstraintSystem::::new_ref(); - let z_i = vec![Fr::from(3u32)]; let external_inputs = vec![Fr::from(6u32), Fr::from(7u32)]; // run native step - let z_i1 = circom_fcircuit + let z_i1_native = circom_fcircuit .step_native(1, z_i.clone(), external_inputs.clone()) .unwrap(); - assert_eq!(z_i1, vec![Fr::from(52u32)]); // run gadget step let z_i_var = Vec::>::new_witness(cs.clone(), || Ok(z_i)).unwrap(); + let external_inputs_var = + Vec::>::new_witness(cs.clone(), || Ok(external_inputs.clone())).unwrap(); + let z_i1_var = circom_fcircuit + .generate_step_constraints(cs.clone(), 1, z_i_var, external_inputs_var) + .unwrap(); + + assert_eq!(z_i1_var.value().unwrap(), z_i1_native); + + // re-init cs and run gadget step with wrong ivc inputs (first ivc should not be zero) + let cs = ConstraintSystem::::new_ref(); + let wrong_z_i = vec![Fr::from(0)]; + let wrong_z_i_var = Vec::>::new_witness(cs.clone(), || Ok(wrong_z_i)).unwrap(); let external_inputs_var = Vec::>::new_witness(cs.clone(), || Ok(external_inputs)).unwrap(); + let _z_i1_var = circom_fcircuit.generate_step_constraints( + cs.clone(), + 1, + wrong_z_i_var, + external_inputs_var, + ); + // TODO:: https://github.com/privacy-scaling-explorations/sonobe/issues/104 + // Disable check for now + // assert!(z_i1_var.is_err()); + } + + #[test] + fn test_circom_no_external_inputs() { + let r1cs_path = PathBuf::from("./src/frontend/circom/test_folder/no_external_inputs.r1cs"); + let wasm_path = PathBuf::from( + "./src/frontend/circom/test_folder/no_external_inputs_js/no_external_inputs.wasm", + ); + let circom_fcircuit = CircomFCircuit::::new((r1cs_path, wasm_path, 3, 0)).unwrap(); + let cs = ConstraintSystem::::new_ref(); + let z_i = vec![Fr::from(3u32), Fr::from(4u32), Fr::from(5u32)]; + let z_i_var = Vec::>::new_witness(cs.clone(), || Ok(z_i.clone())).unwrap(); + // run native step + let z_i1_native = circom_fcircuit.step_native(1, z_i.clone(), vec![]).unwrap(); + + // run gadget step let z_i1_var = circom_fcircuit - .generate_step_constraints(cs.clone(), 1, z_i_var, external_inputs_var) + .generate_step_constraints(cs.clone(), 1, z_i_var, vec![]) .unwrap(); - assert_eq!(z_i1_var.value().unwrap(), vec![Fr::from(52u32)]); + + assert_eq!(z_i1_var.value().unwrap(), z_i1_native); + + // re-init cs and run gadget step with wrong ivc inputs (first ivc input should not be zero) + let cs = ConstraintSystem::::new_ref(); + let wrong_z_i = vec![Fr::from(0u32), Fr::from(4u32), Fr::from(5u32)]; + let wrong_z_i_var = Vec::>::new_witness(cs.clone(), || Ok(wrong_z_i)).unwrap(); + let _z_i1_var = + circom_fcircuit.generate_step_constraints(cs.clone(), 1, wrong_z_i_var, vec![]); + // TODO:: https://github.com/privacy-scaling-explorations/sonobe/issues/104 + // Disable check for now + // assert!(z_i1_var.is_err()) } } diff --git a/folding-schemes/src/frontend/circom/test_folder/circuits/is_zero.circom b/folding-schemes/src/frontend/circom/test_folder/circuits/is_zero.circom new file mode 100644 index 00000000..8ec62a9e --- /dev/null +++ b/folding-schemes/src/frontend/circom/test_folder/circuits/is_zero.circom @@ -0,0 +1,14 @@ +pragma circom 2.0.0; +// From: https://github.com/iden3/circomlib/blob/master/circuits/comparators.circom + +template IsZero() { + signal input in; + signal output out; + + signal inv; + + inv <-- in!=0 ? 1/in : 0; + + out <== -in*inv +1; + in*out === 0; +} \ No newline at end of file diff --git a/folding-schemes/src/frontend/circom/test_folder/compile.sh b/folding-schemes/src/frontend/circom/test_folder/compile.sh index d5b5e8f7..6eae30ed 100755 --- a/folding-schemes/src/frontend/circom/test_folder/compile.sh +++ b/folding-schemes/src/frontend/circom/test_folder/compile.sh @@ -1,4 +1,4 @@ #!/bin/bash circom ./folding-schemes/src/frontend/circom/test_folder/cubic_circuit.circom --r1cs --sym --wasm --prime bn128 --output ./folding-schemes/src/frontend/circom/test_folder/ - -circom ./folding-schemes/src/frontend/circom/test_folder/external_inputs.circom --r1cs --sym --wasm --prime bn128 --output ./folding-schemes/src/frontend/circom/test_folder/ +circom ./folding-schemes/src/frontend/circom/test_folder/with_external_inputs.circom --r1cs --sym --wasm --prime bn128 --output ./folding-schemes/src/frontend/circom/test_folder/ +circom ./folding-schemes/src/frontend/circom/test_folder/no_external_inputs.circom --r1cs --sym --wasm --prime bn128 --output ./folding-schemes/src/frontend/circom/test_folder/ diff --git a/folding-schemes/src/frontend/circom/test_folder/external_inputs.circom b/folding-schemes/src/frontend/circom/test_folder/external_inputs.circom deleted file mode 100644 index c79a7137..00000000 --- a/folding-schemes/src/frontend/circom/test_folder/external_inputs.circom +++ /dev/null @@ -1,20 +0,0 @@ -pragma circom 2.0.3; - -/* - z_{i+1} == z_i^3 + z_i * external_input[0] + external_input[1] -*/ -template Example () { - signal input ivc_input[1]; // IVC state - signal input external_inputs[2]; // not state - - signal output ivc_output[1]; // next IVC state - - signal temp1; - signal temp2; - - temp1 <== ivc_input[0] * ivc_input[0]; - temp2 <== ivc_input[0] * external_inputs[0]; - ivc_output[0] <== temp1 * ivc_input[0] + temp2 + external_inputs[1]; -} - -component main {public [ivc_input]} = Example(); diff --git a/folding-schemes/src/frontend/circom/test_folder/no_external_inputs.circom b/folding-schemes/src/frontend/circom/test_folder/no_external_inputs.circom new file mode 100644 index 00000000..258121fb --- /dev/null +++ b/folding-schemes/src/frontend/circom/test_folder/no_external_inputs.circom @@ -0,0 +1,23 @@ +pragma circom 2.0.3; + +include "./circuits/is_zero.circom"; + +template NoExternalInputs () { + signal input ivc_input[3]; + signal output ivc_output[3]; + + component check_input = IsZero(); + check_input.in <== ivc_input[0]; + check_input.out === 0; + + signal temp1; + signal temp2; + + temp1 <== ivc_input[0] * ivc_input[1]; + temp2 <== temp1 * ivc_input[2]; + ivc_output[0] <== temp1 * ivc_input[0]; + ivc_output[1] <== temp1 * ivc_input[1] + temp1; + ivc_output[2] <== temp1 * ivc_input[2] + temp2; +} + +component main {public [ivc_input]} = NoExternalInputs(); diff --git a/folding-schemes/src/frontend/circom/test_folder/with_external_inputs.circom b/folding-schemes/src/frontend/circom/test_folder/with_external_inputs.circom new file mode 100644 index 00000000..8614de0d --- /dev/null +++ b/folding-schemes/src/frontend/circom/test_folder/with_external_inputs.circom @@ -0,0 +1,22 @@ +pragma circom 2.0.3; + +include "./circuits/is_zero.circom"; + +template WithExternalInputs () { + signal input ivc_input[1]; + signal input external_inputs[2]; + signal output ivc_output[1]; + + component check_input = IsZero(); + check_input.in <== ivc_input[0]; + check_input.out === 0; + + signal temp1; + signal temp2; + + temp1 <== ivc_input[0] * ivc_input[0]; + temp2 <== ivc_input[0] * external_inputs[0]; + ivc_output[0] <== temp1 * ivc_input[0] + temp2 + external_inputs[1]; +} + +component main {public [ivc_input]} = WithExternalInputs(); \ No newline at end of file diff --git a/folding-schemes/src/frontend/circom/utils.rs b/folding-schemes/src/frontend/circom/utils.rs index b2faa9a5..4bdab8b7 100644 --- a/folding-schemes/src/frontend/circom/utils.rs +++ b/folding-schemes/src/frontend/circom/utils.rs @@ -49,7 +49,9 @@ impl CircomWrapper { let file = File::open(&self.r1cs_filepath)?; let reader = BufReader::new(file); let r1cs_file = r1cs_reader::R1CSFile::::new(reader)?; - Ok(r1cs_reader::R1CS::::from(r1cs_file)) + let mut r1cs = r1cs_reader::R1CS::::from(r1cs_file); + r1cs.wire_mapping = None; + Ok(r1cs) } // Extracts the witness vector as a vector of PrimeField elements. @@ -147,7 +149,8 @@ mod tests { let circom_circuit = CircomCircuit { r1cs, witness, - inputs_already_allocated: false, + public_inputs_indexes: vec![], + allocate_inputs_as_witnesses: false, }; circom_circuit.generate_constraints(cs.clone()).unwrap();