[WIP] integrating halo2-ecc-snark-verifier: post rebase

Cargo.toml

@@ -33,3 +33,15 @@ incremental = false
 [profile.flamegraph]
 inherits = "release"
 debug = true
+
+
+[patch."https://github.com/privacy-scaling-explorations/halo2.git"]
+halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-snark-verifier-0323"  }
+[patch."https://github.com/privacy-scaling-explorations/poseidon.git"]
+poseidon = { git = "https://github.com/scroll-tech/poseidon.git", branch = "scroll-dev-0220" }
+[patch."https://github.com/privacy-scaling-explorations/halo2wrong.git"]
+ecc = { git = "https://github.com/scroll-tech/halo2wrong.git", branch = "halo2-ecc-snark-verifier-0323" }
+halo2wrong = { git = "https://github.com/scroll-tech/halo2wrong.git", branch = "halo2-ecc-snark-verifier-0323" }
+maingate = { git = "https://github.com/scroll-tech/halo2wrong", branch = "halo2-ecc-snark-verifier-0323" }
+[patch."https://github.com/privacy-scaling-explorations/halo2curves.git"]
+halo2curves = { git = "https://github.com/scroll-tech/halo2curves.git", branch = "0.3.1-derive-serde" }

rust-toolchain

@@ -1 +1 @@
-nightly-2022-12-10
+nightly-2022-12-10

snark-verifier-sdk/Cargo.toml

@@ -17,7 +17,8 @@ serde_json = "1.0"
 serde_with = { version = "2.2", optional = true }
 bincode = "1.3.3"
 ark-std = { version = "0.3.0", features = ["print-trace"], optional = true }
-halo2-base = { git = "https://github.com/axiom-crypto/halo2-lib.git", branch = "axiom-dev-0301", default-features = false }
+
+halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0323" }
 snark-verifier = { path = "../snark-verifier", default-features = false }
 
 # loader_evm
@@ -28,10 +29,10 @@ ethereum-types = { version = "0.14", default-features = false, features = ["std"
 # rlp = { version = "0.5", default-features = false, features = ["std"], optional = true }
 
 # zkevm benchmarks
-zkevm-circuits = { git = "https://github.com/privacy-scaling-explorations/zkevm-circuits.git", rev = "f834e61", features = ["test"], optional = true }
-bus-mapping = { git = "https://github.com/privacy-scaling-explorations/zkevm-circuits.git", rev = "f834e61", optional = true }
-eth-types = { git = "https://github.com/privacy-scaling-explorations/zkevm-circuits.git", rev = "f834e61", optional = true }
-mock = { git = "https://github.com/privacy-scaling-explorations/zkevm-circuits.git", rev = "f834e61", optional = true }
+zkevm-circuits = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0323", features = ["test"] }
+bus-mapping = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0323", optional = true }
+eth-types = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0323" }
+mock = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0323", optional = true }
 
 [dev-dependencies]
 ark-std = { version = "0.3.0", features = ["print-trace"] }
@@ -44,7 +45,7 @@ crossterm = { version = "0.25" }
 tui = { version = "0.19", default-features = false, features = ["crossterm"] }
 
 [features]
-default = ["loader_halo2", "loader_evm", "halo2-axiom", "halo2-base/jemallocator", "display"]
+default = ["loader_halo2", "loader_evm", "halo2-pse", "halo2-base/jemallocator" ]
 display = ["snark-verifier/display", "dep:ark-std"]
 loader_evm = ["snark-verifier/loader_evm", "dep:ethereum-types"]
 loader_halo2 = ["snark-verifier/loader_halo2"]
@@ -53,7 +54,7 @@ parallel = ["snark-verifier/parallel"]
 halo2-pse = ["snark-verifier/halo2-pse", "dep:serde_with"]
 halo2-axiom = ["snark-verifier/halo2-axiom"]
 
-zkevm = ["dep:zkevm-circuits", "dep:bus-mapping", "dep:mock", "dep:eth-types"]
+zkevm = [ "dep:bus-mapping", "dep:mock" ]
 
 [[bench]]
 name = "standard_plonk"

snark-verifier-sdk/src/evm_circuits/evm_circuit.rs

@@ -0,0 +1,26 @@
+use eth_types::Field;
+use halo2_base::halo2_proofs::plonk::Selector;
+use zkevm_circuits::evm_circuit::EvmCircuit;
+
+use crate::CircuitExt;
+
+impl<F: Field> CircuitExt<F> for EvmCircuit<F> {
+    /// Return the number of instances of the circuit.
+    /// This may depend on extra circuit parameters but NOT on private witnesses.
+    fn num_instance(&self) -> Vec<usize> {
+        todo!()
+    }
+
+    fn instances(&self) -> Vec<Vec<F>> {
+        todo!()
+    }
+
+    fn accumulator_indices() -> Option<Vec<(usize, usize)>> {
+        todo!()
+    }
+
+    /// Output the simple selector columns (before selector compression) of the circuit
+    fn selectors(_: &Self::Config) -> Vec<Selector> {
+        todo!()
+    }
+}

snark-verifier-sdk/src/evm_circuits/mod.rs

@@ -0,0 +1,35 @@
+//! Place holders for CircuitExt Implementation of EVM circuits
+//!
+//! TODO: move those definitions to zkevm-circuit repo.
+
+mod evm_circuit;
+mod mpt_circuit;
+mod poseidon_circuit;
+mod state_circuit;
+mod super_circuit;
+
+#[cfg(test)]
+mod test {
+    use ark_std::test_rng;
+    use halo2_base::{halo2_proofs::halo2curves::bn256::Fr, utils::fs::gen_srs};
+
+    use crate::{
+        gen_pk,
+        halo2::{gen_snark_shplonk, verify_snark_shplonk},
+        CircuitExt,
+    };
+
+    // A simple unit test to check that C has implemented CircuitExt correctly.
+    pub(crate) fn test_circuit_native_verification<C: CircuitExt<Fr>>(circuit: C) -> bool {
+        std::env::set_var("VERIFY_CONFIG", "./configs/verify_circuit.config");
+
+        let mut rng = test_rng();
+        let params = gen_srs(10);
+
+        let pk = gen_pk(&params, &circuit, None);
+        let vk = pk.get_vk();
+
+        let snark = gen_snark_shplonk(&params, &pk, circuit, &mut rng, None::<String>);
+        verify_snark_shplonk::<C>(&params, snark, vk)
+    }
+}

snark-verifier-sdk/src/evm_circuits/mpt_circuit.rs

@@ -0,0 +1,26 @@
+use eth_types::Field;
+use halo2_base::halo2_proofs::plonk::Selector;
+use zkevm_circuits::mpt_circuit::MptCircuit;
+
+use crate::CircuitExt;
+
+impl<F: Field> CircuitExt<F> for MptCircuit<F> {
+    /// Return the number of instances of the circuit.
+    /// This may depend on extra circuit parameters but NOT on private witnesses.
+    fn num_instance(&self) -> Vec<usize> {
+        todo!()
+    }
+
+    fn instances(&self) -> Vec<Vec<F>> {
+        todo!()
+    }
+
+    fn accumulator_indices() -> Option<Vec<(usize, usize)>> {
+        todo!()
+    }
+
+    /// Output the simple selector columns (before selector compression) of the circuit
+    fn selectors(_: &Self::Config) -> Vec<Selector> {
+        todo!()
+    }
+}

snark-verifier-sdk/src/evm_circuits/poseidon_circuit.rs

@@ -0,0 +1,26 @@
+use eth_types::Field;
+use halo2_base::halo2_proofs::plonk::Selector;
+use zkevm_circuits::poseidon_circuit::PoseidonCircuit;
+
+use crate::CircuitExt;
+
+impl<F: Field> CircuitExt<F> for PoseidonCircuit<F> {
+    /// Return the number of instances of the circuit.
+    /// This may depend on extra circuit parameters but NOT on private witnesses.
+    fn num_instance(&self) -> Vec<usize> {
+        todo!()
+    }
+
+    fn instances(&self) -> Vec<Vec<F>> {
+        todo!()
+    }
+
+    fn accumulator_indices() -> Option<Vec<(usize, usize)>> {
+        todo!()
+    }
+
+    /// Output the simple selector columns (before selector compression) of the circuit
+    fn selectors(_: &Self::Config) -> Vec<Selector> {
+        todo!()
+    }
+}

snark-verifier-sdk/src/evm_circuits/state_circuit.rs

@@ -0,0 +1,26 @@
+use eth_types::Field;
+use halo2_base::halo2_proofs::plonk::Selector;
+use zkevm_circuits::state_circuit::StateCircuit;
+
+use crate::CircuitExt;
+
+impl<F: Field> CircuitExt<F> for StateCircuit<F> {
+    /// Return the number of instances of the circuit.
+    /// This may depend on extra circuit parameters but NOT on private witnesses.
+    fn num_instance(&self) -> Vec<usize> {
+        todo!()
+    }
+
+    fn instances(&self) -> Vec<Vec<F>> {
+        todo!()
+    }
+
+    fn accumulator_indices() -> Option<Vec<(usize, usize)>> {
+        todo!()
+    }
+
+    /// Output the simple selector columns (before selector compression) of the circuit
+    fn selectors(_: &Self::Config) -> Vec<Selector> {
+        todo!()
+    }
+}

snark-verifier-sdk/src/evm_circuits/super_circuit.rs

@@ -0,0 +1,33 @@
+use eth_types::Field;
+use halo2_base::halo2_proofs::plonk::Selector;
+use zkevm_circuits::super_circuit::SuperCircuit;
+
+use crate::CircuitExt;
+
+impl<
+        F: Field,
+        const MAX_TXS: usize,
+        const MAX_CALLDATA: usize,
+        const MAX_INNER_BLOCKS: usize,
+        const MOCK_RANDOMNESS: u64,
+    > CircuitExt<F> for SuperCircuit<F, MAX_TXS, MAX_CALLDATA, MAX_INNER_BLOCKS, MOCK_RANDOMNESS>
+{
+    /// Return the number of instances of the circuit.
+    /// This may depend on extra circuit parameters but NOT on private witnesses.
+    fn num_instance(&self) -> Vec<usize> {
+        todo!()
+    }
+
+    fn instances(&self) -> Vec<Vec<F>> {
+        todo!()
+    }
+
+    fn accumulator_indices() -> Option<Vec<(usize, usize)>> {
+        todo!()
+    }
+
+    /// Output the simple selector columns (before selector compression) of the circuit
+    fn selectors(_: &Self::Config) -> Vec<Selector> {
+        todo!()
+    }
+}

snark-verifier-sdk/src/halo2.rs

@@ -1,7 +1,9 @@
 use super::{read_instances, write_instances, CircuitExt, PlonkSuccinctVerifier, Snark};
 #[cfg(feature = "display")]
 use ark_std::{end_timer, start_timer};
-use halo2_base::halo2_proofs;
+use halo2_base::halo2_proofs::{
+    self, poly::kzg::strategy::SingleStrategy, transcript::TranscriptReadBuffer,
+};
 use halo2_proofs::{
     circuit::Layouter,
     halo2curves::{
@@ -248,6 +250,64 @@ pub fn gen_snark_shplonk<ConcreteCircuit: CircuitExt<Fr>>(
     gen_snark::<ConcreteCircuit, ProverSHPLONK<_>, VerifierSHPLONK<_>>(params, pk, circuit, path)
 }
 
+/// Verifies a native proof using either SHPLONK or GWC proving method. Uses Poseidon for Fiat-Shamir.
+///
+pub fn verify_snark<'params, ConcreteCircuit, V>(
+    verifier_params: &'params ParamsKZG<Bn256>,
+    snark: Snark,
+    vk: &VerifyingKey<G1Affine>,
+) -> bool
+where
+    ConcreteCircuit: CircuitExt<Fr>,
+    V: Verifier<
+        'params,
+        KZGCommitmentScheme<Bn256>,
+        Guard = GuardKZG<'params, Bn256>,
+        MSMAccumulator = DualMSM<'params, Bn256>,
+    >,
+{
+    let mut transcript: PoseidonTranscript<_, _> =
+        TranscriptReadBuffer::<_, G1Affine, _>::init(snark.proof.as_slice());
+    let strategy = SingleStrategy::new(verifier_params);
+    let instance_slice = snark.instances.iter().map(|x| &x[..]).collect::<Vec<_>>();
+    match verify_proof::<_, V, _, _, _>(
+        verifier_params,
+        vk,
+        strategy,
+        &[instance_slice.as_slice()],
+        &mut transcript,
+    ) {
+        Ok(_p) => true,
+        Err(_e) => false,
+    }
+}
+
+/// Verifies a native proof using SHPLONK proving method. Uses Poseidon for Fiat-Shamir.
+///
+pub fn verify_snark_shplonk<ConcreteCircuit>(
+    verifier_params: &ParamsKZG<Bn256>,
+    snark: Snark,
+    vk: &VerifyingKey<G1Affine>,
+) -> bool
+where
+    ConcreteCircuit: CircuitExt<Fr>,
+{
+    verify_snark::<ConcreteCircuit, VerifierSHPLONK<_>>(verifier_params, snark, vk)
+}
+
+/// Verifies a native proof using GWC proving method. Uses Poseidon for Fiat-Shamir.
+///
+pub fn verify_snark_gwc<ConcreteCircuit>(
+    verifier_params: &ParamsKZG<Bn256>,
+    snark: Snark,
+    vk: &VerifyingKey<G1Affine>,
+) -> bool
+where
+    ConcreteCircuit: CircuitExt<Fr>,
+{
+    verify_snark::<ConcreteCircuit, VerifierGWC<_>>(verifier_params, snark, vk)
+}
+
 /// Tries to deserialize a SNARK from the specified `path` using `bincode`.
 ///
 /// WARNING: The user must keep track of whether the SNARK was generated using the GWC or SHPLONK multi-open scheme.

snark-verifier-sdk/src/lib.rs

@@ -30,6 +30,11 @@ pub mod evm;
 #[cfg(feature = "loader_halo2")]
 pub mod halo2;
 
+mod evm_circuits;
+
+#[cfg(test)]
+mod tests;
+
 pub const LIMBS: usize = 3;
 pub const BITS: usize = 88;
 

snark-verifier-sdk/src/tests/evm_verifier.rs

@@ -0,0 +1,30 @@
+use super::TestCircuit1;
+use crate::evm::{evm_verify, gen_evm_proof_shplonk, gen_evm_verifier};
+use crate::gen_pk;
+use crate::CircuitExt;
+use ark_std::test_rng;
+use halo2_base::halo2_proofs;
+use halo2_proofs::halo2curves::bn256::Bn256;
+use snark_verifier::loader::halo2::halo2_ecc::halo2_base::utils::fs::gen_srs;
+use snark_verifier::pcs::kzg::{Bdfg21, Kzg};
+
+#[test]
+fn test_evm_verification() {
+    std::env::set_var("VERIFY_CONFIG", "./configs/verify_circuit.config");
+
+    let mut rng = test_rng();
+    let params = gen_srs(8);
+
+    let circuit = TestCircuit1::rand(&mut rng);
+    let pk = gen_pk(&params, &circuit, None);
+    let deployment_code = gen_evm_verifier::<TestCircuit1, Kzg<Bn256, Bdfg21>>(
+        &params,
+        pk.get_vk(),
+        circuit.num_instance(),
+        None,
+    );
+
+    let instances = circuit.instances();
+    let proof = gen_evm_proof_shplonk(&params, &pk, circuit.clone(), instances.clone(), &mut rng);
+    evm_verify(deployment_code.clone(), circuit.instances(), proof)
+}