logos-blockchain/logos-blockchain-circuits
1
0
Fork 0
mirror of https://github.com/logos-blockchain/logos-blockchain-circuits.git synced 2026-01-10 09:03:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from logos-co/drusu/release-zkey-generation

Browse Source 
feat(zkey): generate proving keys on release
This commit is contained in:
davidrusu 2025-11-03 12:22:50 -05:00 committed by GitHub
commit 4cb6289e80
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 419 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
.github/actions/compile-and-bundle/action.yml → .github/actions/compile-witness-generator/action.yml vendored
View File

@ -1,5 +1,5 @@
name: "Compile and Bundle Circuit"
description: "Compiles and bundles the witness generator of a Circom Circuit"
name: "Compile Witness Generator"
description: "Compiles the witness generator of a Circom Circuit"
branding:
icon: "package"
color: "blue"
@ -46,11 +46,11 @@ runs:
CIRCUIT_FILESTEM="${CIRCUIT_FILENAME%.circom}"
CIRCUIT_CPP_DIRNAME="${CIRCUIT_FILESTEM}_cpp"
platform_binary_name="${CIRCUIT_NAME_BINARY}"
compiled_binary_name="${CIRCUIT_FILESTEM}"
if [ "${OS}" = "windows" ]; then
platform_binary_name="${platform_binary_name}.exe"
compiled_binary_name="${compiled_binary_name}.exe"
fi
{
echo "CIRCUIT_DIRECTORY=${CIRCUIT_DIRECTORY}"
echo "CIRCUIT_FILENAME=${CIRCUIT_FILENAME}"
@ -59,7 +59,7 @@ runs:
echo "CIRCUIT_CPP_PATH=${CIRCUIT_DIRECTORY}/${CIRCUIT_CPP_DIRNAME}"
echo "WITNESS_GENERATOR_RESOURCES_PATH=${RESOURCES_PATH}/witness-generator"
echo "BUNDLE_TRIPLET=${BUNDLE_TRIPLET}"
echo "PLATFORM_BINARY_NAME=${platform_binary_name}"
echo "COMPILED_BINARY_NAME=${compiled_binary_name}"
} >> "${GITHUB_OUTPUT}"
- name: Generate ${{ inputs.circuit-name-display }}
@ -105,24 +105,10 @@ runs:
OS: ${{ inputs.os }}
run: make PROJECT="${CIRCUIT_FILESTEM}" "${OS}"
- name: Bundle ${{ inputs.circuit-name-display }}
shell: bash
env:
CIRCUIT_NAME: ${{ steps.parse-circuit-path.outputs.CIRCUIT_FILESTEM }}
PLATFORM_BINARY_NAME: ${{ steps.parse-circuit-path.outputs.PLATFORM_BINARY_NAME }}
BUNDLE_NAME: ${{ inputs.circuit-name-binary }}-${{ steps.parse-circuit-path.outputs.BUNDLE_TRIPLET }}
WITNESS_GENERATOR_DIR: ${{ steps.parse-circuit-path.outputs.CIRCUIT_CPP_PATH }}
run: |
BUNDLE_DIR="${BUNDLE_NAME}/witness-generator"
mkdir -p "$BUNDLE_DIR"
mv "${WITNESS_GENERATOR_DIR}/${CIRCUIT_NAME}" "$BUNDLE_DIR/${PLATFORM_BINARY_NAME}"
mv "${WITNESS_GENERATOR_DIR}/${CIRCUIT_NAME}.dat" "$BUNDLE_DIR/${PLATFORM_BINARY_NAME}.dat"
tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}"
- name: Upload ${{ inputs.circuit-name-display }}
uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8
with:
name: ${{ inputs.circuit-name-binary }}-${{ steps.parse-circuit-path.outputs.BUNDLE_TRIPLET }}.tar.gz
path: ${{ inputs.circuit-name-binary }}-${{ steps.parse-circuit-path.outputs.BUNDLE_TRIPLET }}.tar.gz
name: ${{ inputs.circuit-name-binary }}-${{ inputs.version }}-${{ inputs.os }}-${{ inputs.arch }}
path: |
${{ steps.parse-circuit-path.outputs.CIRCUIT_CPP_PATH }}/${{ steps.parse-circuit-path.outputs.COMPILED_BINARY_NAME }}
${{ steps.parse-circuit-path.outputs.CIRCUIT_CPP_PATH }}/${{ steps.parse-circuit-path.outputs.CIRCUIT_FILESTEM }}.dat

404
.github/workflows/build-circuits.yml vendored
View File

@ -4,6 +4,9 @@ on:
push:
tags:
- "v*.*.*"
pull_request:
branches:
- main
workflow_dispatch:
inputs:
tag:
@ -22,29 +25,126 @@ jobs:
id: define-version
env:
# Use the tag name if it is available, otherwise use the input version.
# If neither is available, default to the commit hash.
TAG: ${{ (github.ref_type == 'tag' && github.ref_name) || inputs.tag || 'v0.0.0' }}
# For PR testing, use a test version based on PR number and commit SHA.
TAG: ${{ (github.ref_type == 'tag' && github.ref_name) || inputs.tag || format('v0.0.0-pr{0}-{1}', github.event.pull_request.number || '0', github.sha) }}
run: |
if [ -z "$TAG" ]; then
echo "Could not determine tag."
exit 1
elif [[ ! "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "TAG must follow the format of 'vX.Y.Z'. Value: '$VERSION'."
exit 2
fi
# Parse Version: Take only the vX.Y.Z part.
VERSION=$(echo $TAG | cut -d'-' -f2)
# For pull requests, allow test versions with format v0.0.0-pr*
if [[ "$TAG" =~ ^v0\.0\.0-pr ]]; then
echo "Using test version for PR: $TAG"
VERSION="$TAG"
elif [[ ! "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "TAG must follow the format of 'vX.Y.Z'. Value: '$TAG'."
exit 2
else
# Parse Version: Take only the vX.Y.Z part.
VERSION=$(echo $TAG | cut -d'-' -f1)
fi
# Export the tag and version.
echo "tag=$TAG" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT
generate-proving-keys:
name: Generate ${{ matrix.circuit.display }} Proving Key
runs-on: ubuntu-latest
needs:
- setup
strategy:
fail-fast: false
matrix:
circuit:
- name: pol
display: PoL
file: pol.circom
dir: mantle
- name: poq
display: PoQ
file: poq.circom
dir: blend
- name: zksign
display: ZKSign
file: signature.circom
dir: mantle
- name: poc
display: PoC
file: poc.circom
dir: mantle
env:
VERSION: ${{ needs.setup.outputs.version }}
PTAU_URL: "https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_17.ptau"
PTAU_FILE: "powersOfTau28_hez_final_17.ptau"
steps:
- name: Install Rust Toolchain
uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48
with:
toolchain: stable
cache: false
- name: Install Circom
run: |
git clone https://github.com/iden3/circom.git
cd circom
RUSTFLAGS="-A dead_code" cargo build --release
RUSTFLAGS="-A dead_code" cargo install --path circom
circom --version
- name: Checkout
uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709
- name: Initialise Submodules
run: git submodule update --init --recursive
- name: Setup Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
with:
node-version: '20'
- name: Install snarkjs
run: npm install -g snarkjs@latest
- name: Cache Powers of Tau
id: cache-ptau
uses: actions/cache@v4
with:
path: ${{ env.PTAU_FILE }}
key: ptau-${{ env.PTAU_FILE }}
- name: Download Powers of Tau
if: steps.cache-ptau.outputs.cache-hit != 'true'
run: |
echo "Downloading Powers of Tau file (this may take a while, ~3GB)..."
curl -L -o "${{ env.PTAU_FILE }}" "${{ env.PTAU_URL }}"
echo "Download complete."
- name: Generate Proving Key
run: |
cd ${{ matrix.circuit.dir }}
circom --r1cs --O2 ${{ matrix.circuit.file }}
snarkjs groth16 setup ${CIRCUIT_NAME}.r1cs ../${{ env.PTAU_FILE }} ${{ matrix.circuit.name }}-0.zkey
head -c 32 /dev/urandom | xxd -p -c 256 | snarkjs zkey contribute ${{ matrix.circuit.name }}-0.zkey ${{ matrix.circuit.name }}.zkey --name="RELEASE" -v
snarkjs zkey export verificationkey ${{ matrix.circuit.name }}.zkey ${{ matrix.circuit.name }}_verification_key.json
env:
CIRCUIT_NAME: ${{ matrix.circuit.file == 'signature.circom' && 'signature' || matrix.circuit.name }}
- name: Upload Proving Key
uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8
with:
name: ${{ matrix.circuit.name }}-proving-key
path: |
${{ matrix.circuit.dir }}/${{ matrix.circuit.name }}.zkey
${{ matrix.circuit.dir }}/${{ matrix.circuit.name }}_verification_key.json
build-linux:
name: Build Linux Binaries (Native)
runs-on: ubuntu-latest
needs:
- setup
- generate-proving-keys
env:
VERSION: ${{ needs.setup.outputs.version }}
OS: linux
@ -127,8 +227,8 @@ jobs:
name: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
path: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
- name: Compile and Bundle PoL
uses: ./.github/actions/compile-and-bundle
- name: Compile PoL Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoL"
circuit-name-binary: "pol"
@ -137,8 +237,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle PoQ
uses: ./.github/actions/compile-and-bundle
- name: Compile PoQ Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoQ"
circuit-name-binary: "poq"
@ -147,8 +247,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle ZKSign
uses: ./.github/actions/compile-and-bundle
- name: Compile ZKSign Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "ZKSign"
circuit-name-binary: "zksign"
@ -157,8 +257,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle PoC
uses: ./.github/actions/compile-and-bundle
- name: Compile PoC Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoC"
circuit-name-binary: "poc"
@ -167,11 +267,87 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Download PoL Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: pol-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/pol-artifact
- name: Download PoQ Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: poq-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/poq-artifact
- name: Download ZKSign Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: zksign-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/zksign-artifact
- name: Download PoC Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: poc-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/poc-artifact
- name: Download All Proving Key Artifacts
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
pattern: "*-proving-key"
path: proving-keys/
- name: Create Unified Release Bundle
env:
BUNDLE_NAME: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
run: |
# Create the bundle directory structure
mkdir -p "${BUNDLE_NAME}"/{pol,poq,zksign,poc}
# Create VERSION file
echo "${{ env.VERSION }}" > "${BUNDLE_NAME}/VERSION"
# Move witness generators into their respective circuit directories
mv witness-generators/pol-artifact/pol "${BUNDLE_NAME}/pol/witness_generator"
mv witness-generators/pol-artifact/pol.dat "${BUNDLE_NAME}/pol/witness_generator.dat"
mv witness-generators/poq-artifact/poq "${BUNDLE_NAME}/poq/witness_generator"
mv witness-generators/poq-artifact/poq.dat "${BUNDLE_NAME}/poq/witness_generator.dat"
mv witness-generators/zksign-artifact/signature "${BUNDLE_NAME}/zksign/witness_generator"
mv witness-generators/zksign-artifact/signature.dat "${BUNDLE_NAME}/zksign/witness_generator.dat"
mv witness-generators/poc-artifact/poc "${BUNDLE_NAME}/poc/witness_generator"
mv witness-generators/poc-artifact/poc.dat "${BUNDLE_NAME}/poc/witness_generator.dat"
# Restore execute permissions on witness generators
chmod +x "${BUNDLE_NAME}/pol/witness_generator"
chmod +x "${BUNDLE_NAME}/poq/witness_generator"
chmod +x "${BUNDLE_NAME}/zksign/witness_generator"
chmod +x "${BUNDLE_NAME}/poc/witness_generator"
# Copy proving keys and verification keys into each circuit directory
cp proving-keys/pol-proving-key/pol.zkey "${BUNDLE_NAME}/pol/proving_key.zkey"
cp proving-keys/pol-proving-key/pol_verification_key.json "${BUNDLE_NAME}/pol/verification_key.json"
cp proving-keys/poq-proving-key/poq.zkey "${BUNDLE_NAME}/poq/proving_key.zkey"
cp proving-keys/poq-proving-key/poq_verification_key.json "${BUNDLE_NAME}/poq/verification_key.json"
cp proving-keys/zksign-proving-key/zksign.zkey "${BUNDLE_NAME}/zksign/proving_key.zkey"
cp proving-keys/zksign-proving-key/zksign_verification_key.json "${BUNDLE_NAME}/zksign/verification_key.json"
cp proving-keys/poc-proving-key/poc.zkey "${BUNDLE_NAME}/poc/proving_key.zkey"
cp proving-keys/poc-proving-key/poc_verification_key.json "${BUNDLE_NAME}/poc/verification_key.json"
# Create tarball
tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}"
- name: Upload Unified Release Bundle
uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8
with:
name: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
path: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
build-windows:
name: Build Windows Binaries (Native)
runs-on: windows-latest
needs:
- setup
- generate-proving-keys
env:
VERSION: ${{ needs.setup.outputs.version }}
OS: windows
@ -293,8 +469,8 @@ jobs:
name: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
path: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
- name: Compile and Bundle PoL
uses: ./.github/actions/compile-and-bundle
- name: Compile PoL Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoL"
circuit-name-binary: "pol"
@ -303,8 +479,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle PoQ
uses: ./.github/actions/compile-and-bundle
- name: Compile PoQ Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoQ"
circuit-name-binary: "poq"
@ -313,8 +489,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle ZKSign
uses: ./.github/actions/compile-and-bundle
- name: Compile ZKSign Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "ZKSign"
circuit-name-binary: "zksign"
@ -323,8 +499,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle PoC
uses: ./.github/actions/compile-and-bundle
- name: Compile PoC Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoC"
circuit-name-binary: "poc"
@ -333,11 +509,82 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Download PoL Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: pol-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/pol-artifact
- name: Download PoQ Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: poq-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/poq-artifact
- name: Download ZKSign Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: zksign-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/zksign-artifact
- name: Download PoC Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: poc-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/poc-artifact
- name: Download All Proving Key Artifacts
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
pattern: "*-proving-key"
path: proving-keys/
- name: Create Unified Release Bundle
shell: msys2 {0}
env:
BUNDLE_NAME: nomos-circuits-${{ env.OS }}-${{ env.ARCH }}-${{ env.VERSION }}
run: |
# Create the bundle directory structure
mkdir -p "${BUNDLE_NAME}"/{pol,poq,zksign,poc}
# Create VERSION file
echo "${{ env.VERSION }}" > "${BUNDLE_NAME}/VERSION"
# Move witness generators into their respective circuit directories
mv witness-generators/pol-artifact/pol.exe "${BUNDLE_NAME}/pol/witness_generator.exe"
mv witness-generators/pol-artifact/pol.dat "${BUNDLE_NAME}/pol/witness_generator.dat"
mv witness-generators/poq-artifact/poq.exe "${BUNDLE_NAME}/poq/witness_generator.exe"
mv witness-generators/poq-artifact/poq.dat "${BUNDLE_NAME}/poq/witness_generator.dat"
mv witness-generators/zksign-artifact/signature.exe "${BUNDLE_NAME}/zksign/witness_generator.exe"
mv witness-generators/zksign-artifact/signature.dat "${BUNDLE_NAME}/zksign/witness_generator.dat"
mv witness-generators/poc-artifact/poc.exe "${BUNDLE_NAME}/poc/witness_generator.exe"
mv witness-generators/poc-artifact/poc.dat "${BUNDLE_NAME}/poc/witness_generator.dat"
# Copy proving keys and verification keys into each circuit directory
cp proving-keys/pol-proving-key/pol.zkey "${BUNDLE_NAME}/pol/proving_key.zkey"
cp proving-keys/pol-proving-key/pol_verification_key.json "${BUNDLE_NAME}/pol/verification_key.json"
cp proving-keys/poq-proving-key/poq.zkey "${BUNDLE_NAME}/poq/proving_key.zkey"
cp proving-keys/poq-proving-key/poq_verification_key.json "${BUNDLE_NAME}/poq/verification_key.json"
cp proving-keys/zksign-proving-key/zksign.zkey "${BUNDLE_NAME}/zksign/proving_key.zkey"
cp proving-keys/zksign-proving-key/zksign_verification_key.json "${BUNDLE_NAME}/zksign/verification_key.json"
cp proving-keys/poc-proving-key/poc.zkey "${BUNDLE_NAME}/poc/proving_key.zkey"
cp proving-keys/poc-proving-key/poc_verification_key.json "${BUNDLE_NAME}/poc/verification_key.json"
# Create tarball
tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}"
- name: Upload Unified Release Bundle
uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8
with:
name: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
path: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
build-macos:
name: Build MacOS Binaries (Native)
runs-on: macos-latest
needs:
- setup
- generate-proving-keys
env:
VERSION: ${{ needs.setup.outputs.version }}
ARCH: aarch64
@ -416,8 +663,8 @@ jobs:
name: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
path: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
- name: Compile and Bundle PoL
uses: ./.github/actions/compile-and-bundle
- name: Compile PoL Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoL"
circuit-name-binary: "pol"
@ -426,8 +673,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle PoQ
uses: ./.github/actions/compile-and-bundle
- name: Compile PoQ Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoQ"
circuit-name-binary: "poq"
@ -436,8 +683,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle ZKSign
uses: ./.github/actions/compile-and-bundle
- name: Compile ZKSign Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "ZKSign"
circuit-name-binary: "zksign"
@ -446,8 +693,8 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Compile and Bundle PoC
uses: ./.github/actions/compile-and-bundle
- name: Compile PoC Witness Generator
uses: ./.github/actions/compile-witness-generator
with:
circuit-name-display: "PoC"
circuit-name-binary: "poc"
@ -456,11 +703,89 @@ jobs:
os: ${{ env.OS }}
arch: ${{ env.ARCH }}
- name: Download PoL Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: pol-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/pol-artifact
- name: Download PoQ Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: poq-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/poq-artifact
- name: Download ZKSign Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: zksign-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/zksign-artifact
- name: Download PoC Witness Generator
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: poc-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
path: witness-generators/poc-artifact
- name: Download All Proving Key Artifacts
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
pattern: "*-proving-key"
path: proving-keys/
- name: Create Unified Release Bundle
env:
BUNDLE_NAME: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}
run: |
# Create the bundle directory structure
mkdir -p "${BUNDLE_NAME}"/{pol,poq,zksign,poc}
# Create VERSION file
echo "${{ env.VERSION }}" > "${BUNDLE_NAME}/VERSION"
# Move witness generators into their respective circuit directories
mv witness-generators/pol-artifact/pol "${BUNDLE_NAME}/pol/witness_generator"
mv witness-generators/pol-artifact/pol.dat "${BUNDLE_NAME}/pol/witness_generator.dat"
mv witness-generators/poq-artifact/poq "${BUNDLE_NAME}/poq/witness_generator"
mv witness-generators/poq-artifact/poq.dat "${BUNDLE_NAME}/poq/witness_generator.dat"
mv witness-generators/zksign-artifact/signature "${BUNDLE_NAME}/zksign/witness_generator"
mv witness-generators/zksign-artifact/signature.dat "${BUNDLE_NAME}/zksign/witness_generator.dat"
mv witness-generators/poc-artifact/poc "${BUNDLE_NAME}/poc/witness_generator"
mv witness-generators/poc-artifact/poc.dat "${BUNDLE_NAME}/poc/witness_generator.dat"
# Restore execute permissions on witness generators
chmod +x "${BUNDLE_NAME}/pol/witness_generator"
chmod +x "${BUNDLE_NAME}/poq/witness_generator"
chmod +x "${BUNDLE_NAME}/zksign/witness_generator"
chmod +x "${BUNDLE_NAME}/poc/witness_generator"
# Copy proving keys and verification keys into each circuit directory
cp proving-keys/pol-proving-key/pol.zkey "${BUNDLE_NAME}/pol/proving_key.zkey"
cp proving-keys/pol-proving-key/pol_verification_key.json "${BUNDLE_NAME}/pol/verification_key.json"
cp proving-keys/poq-proving-key/poq.zkey "${BUNDLE_NAME}/poq/proving_key.zkey"
cp proving-keys/poq-proving-key/poq_verification_key.json "${BUNDLE_NAME}/poq/verification_key.json"
cp proving-keys/zksign-proving-key/zksign.zkey "${BUNDLE_NAME}/zksign/proving_key.zkey"
cp proving-keys/zksign-proving-key/zksign_verification_key.json "${BUNDLE_NAME}/zksign/verification_key.json"
cp proving-keys/poc-proving-key/poc.zkey "${BUNDLE_NAME}/poc/proving_key.zkey"
cp proving-keys/poc-proving-key/poc_verification_key.json "${BUNDLE_NAME}/poc/verification_key.json"
# Create tarball
tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}"
- name: Upload Unified Release Bundle
uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8
with:
name: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
path: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz
publish-release:
name: Create Release
runs-on: ubuntu-latest
# Only create releases for tags, not for PRs
if: github.ref_type == 'tag' || github.event_name == 'workflow_dispatch'
needs:
- setup
- generate-proving-keys
- build-linux
- build-windows
- build-macos
@ -495,8 +820,10 @@ jobs:
prerelease: true
upload-artifacts:
name: Upload Artifacts to Release
name: Upload Unified Bundles to Release
runs-on: ubuntu-latest
# Only upload to release for tags, not for PRs
if: github.ref_type == 'tag' || github.event_name == 'workflow_dispatch'
needs:
- setup
- publish-release
@ -510,23 +837,16 @@ jobs:
arch: aarch64
- os: windows
arch: x86_64
artifact:
- prover
- verifier
- pol
- poq
- zksign
- poc
env:
UPLOAD_URL: ${{ needs.publish-release.outputs.upload_url }}
ARTIFACT_NAME: ${{ matrix.artifact }}-${{ needs.setup.outputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
ARTIFACT_NAME: nomos-circuits-${{ needs.setup.outputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
steps:
- name: Download Artifacts
- name: Download Unified Bundle
uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b
with:
name: ${{ env.ARTIFACT_NAME }}
- name: Upload Artifacts to Release
- name: Upload Unified Bundle to Release
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

47
CONTRIBUTING.md
View File

@ -10,6 +10,53 @@ To trigger a release build:
> Currently, releases published this way are marked as **Draft** and **Pre-Release** to ensure that the changelog and pre-release steps are manually reviewed first.
### Generated Artifacts
Each release includes a single unified bundle per platform:
#### Unified Release Bundles
For each supported platform (Linux x86_64, macOS aarch64, Windows x86_64):
- **`nomos-circuits-{version}-{os}-{arch}.tar.gz`**
A complete bundle containing all components needed to generate and verify proofs for all circuits.
**Bundle Structure:**
```
nomos-circuits-{version}-{os}-{arch}/
├── VERSION
├── pol/
│ ├── witness_generator[.exe]
│ ├── witness_generator.dat
│ ├── proving_key.zkey
│ └── verification_key.json
├── poq/
│ ├── witness_generator[.exe]
│ ├── witness_generator.dat
│ ├── proving_key.zkey
│ └── verification_key.json
├── zksign/
│ ├── witness_generator[.exe]
│ ├── witness_generator.dat
│ ├── proving_key.zkey
│ └── verification_key.json
└── poc/
├── witness_generator[.exe]
├── witness_generator.dat
├── proving_key.zkey
└── verification_key.json
```
Each circuit directory contains:
- **witness_generator**: Compiled C++ binary for generating witnesses from inputs
- **witness_generator.dat**: Required data file for the witness generator
- **proving_key.zkey**: Groth16 proving key for generating zk-SNARK proofs
- **verification_key.json**: Verification key for verifying proofs
The proving keys are generated using the Hermez Powers of Tau ceremony (`powersOfTau28_hez_final_17.ptau`), which supports circuits with up to 2^17 constraints.
### Example
```bash