2024-02-09 15:40:30 -06:00
|
|
|
## Nim-Codex
|
|
|
|
## Copyright (c) 2024 Status Research & Development GmbH
|
|
|
|
## Licensed under either of
|
|
|
|
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
|
|
|
|
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
|
|
|
|
## at your option.
|
|
|
|
## This file may not be copied, modified, or distributed except according to
|
|
|
|
## those terms.
|
|
|
|
|
|
|
|
{.push raises: [].}
|
|
|
|
|
|
|
|
import std/sequtils
|
|
|
|
|
|
|
|
import pkg/chronos
|
|
|
|
import pkg/questionable/results
|
|
|
|
import pkg/circomcompat
|
|
|
|
import pkg/poseidon2/io
|
|
|
|
|
|
|
|
import ../../types
|
|
|
|
import ../../../stores
|
|
|
|
import ../../../merkletree
|
|
|
|
import ../../../codextypes
|
2024-02-19 12:58:39 -06:00
|
|
|
import ../../../contracts
|
2024-02-09 15:40:30 -06:00
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
import ./converters
|
|
|
|
|
|
|
|
export circomcompat, converters
|
2024-02-09 15:40:30 -06:00
|
|
|
|
|
|
|
type
|
|
|
|
CircomCompat* = object
|
|
|
|
slotDepth : int # max depth of the slot tree
|
|
|
|
datasetDepth : int # max depth of dataset tree
|
|
|
|
blkDepth : int # depth of the block merkle tree (pow2 for now)
|
|
|
|
cellElms : int # number of field elements per cell
|
|
|
|
numSamples : int # number of samples per slot
|
|
|
|
r1csPath : string # path to the r1cs file
|
|
|
|
wasmPath : string # path to the wasm file
|
2024-02-19 12:58:39 -06:00
|
|
|
zkeyPath : string # path to the zkey file
|
2024-02-09 15:40:30 -06:00
|
|
|
backendCfg : ptr CircomBn254Cfg
|
2024-02-19 12:58:39 -06:00
|
|
|
vkp* : ptr CircomKey
|
2024-02-09 15:40:30 -06:00
|
|
|
|
|
|
|
proc release*(self: CircomCompat) =
|
2024-02-19 12:58:39 -06:00
|
|
|
## Release the ctx
|
2024-02-09 15:40:30 -06:00
|
|
|
##
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if not isNil(self.backendCfg):
|
|
|
|
self.backendCfg.unsafeAddr.releaseCfg()
|
2024-02-09 15:40:30 -06:00
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if not isNil(self.vkp):
|
|
|
|
self.vkp.unsafeAddr.release_key()
|
2024-02-09 15:40:30 -06:00
|
|
|
|
|
|
|
proc prove*[H](
|
|
|
|
self: CircomCompat,
|
2024-02-19 12:58:39 -06:00
|
|
|
input: ProofInputs[H]): ?!CircomProof =
|
|
|
|
## Encode buffers using a ctx
|
2024-02-09 15:40:30 -06:00
|
|
|
##
|
|
|
|
|
|
|
|
# NOTE: All inputs are statically sized per circuit
|
|
|
|
# and adjusted accordingly right before being passed
|
|
|
|
# to the circom ffi - `setLen` is used to adjust the
|
|
|
|
# sequence length to the correct size which also 0 pads
|
|
|
|
# to the correct length
|
|
|
|
doAssert input.samples.len == self.numSamples,
|
|
|
|
"Number of samples does not match"
|
|
|
|
|
|
|
|
doAssert input.slotProof.len <= self.datasetDepth,
|
|
|
|
"Number of slot proofs does not match"
|
|
|
|
|
|
|
|
doAssert input.samples.allIt(
|
|
|
|
block:
|
|
|
|
(it.merklePaths.len <= self.slotDepth + self.blkDepth and
|
|
|
|
it.cellData.len <= self.cellElms * 32)), "Merkle paths length does not match"
|
|
|
|
|
|
|
|
# TODO: All parameters should match circom's static parametter
|
|
|
|
var
|
2024-02-19 12:58:39 -06:00
|
|
|
ctx: ptr CircomCompatCtx
|
2024-02-09 15:40:30 -06:00
|
|
|
|
2024-02-10 17:17:11 -06:00
|
|
|
defer:
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx != nil:
|
|
|
|
ctx.addr.releaseCircomCompat()
|
2024-02-10 17:17:11 -06:00
|
|
|
|
2024-02-09 15:40:30 -06:00
|
|
|
if initCircomCompat(
|
|
|
|
self.backendCfg,
|
2024-02-19 12:58:39 -06:00
|
|
|
addr ctx) != ERR_OK or ctx == nil:
|
|
|
|
raiseAssert("failed to initialize CircomCompat ctx")
|
2024-02-09 15:40:30 -06:00
|
|
|
|
|
|
|
var
|
|
|
|
entropy = input.entropy.toBytes
|
|
|
|
dataSetRoot = input.datasetRoot.toBytes
|
|
|
|
slotRoot = input.slotRoot.toBytes
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU256Array(
|
2024-02-09 15:40:30 -06:00
|
|
|
"entropy".cstring, entropy[0].addr, entropy.len.uint32) != ERR_OK:
|
|
|
|
return failure("Failed to push entropy")
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU256Array(
|
2024-02-09 15:40:30 -06:00
|
|
|
"dataSetRoot".cstring, dataSetRoot[0].addr, dataSetRoot.len.uint32) != ERR_OK:
|
|
|
|
return failure("Failed to push data set root")
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU256Array(
|
2024-02-09 15:40:30 -06:00
|
|
|
"slotRoot".cstring, slotRoot[0].addr, slotRoot.len.uint32) != ERR_OK:
|
|
|
|
return failure("Failed to push data set root")
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU32(
|
2024-02-09 15:40:30 -06:00
|
|
|
"nCellsPerSlot".cstring, input.nCellsPerSlot.uint32) != ERR_OK:
|
|
|
|
return failure("Failed to push nCellsPerSlot")
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU32(
|
2024-02-09 15:40:30 -06:00
|
|
|
"nSlotsPerDataSet".cstring, input.nSlotsPerDataSet.uint32) != ERR_OK:
|
|
|
|
return failure("Failed to push nSlotsPerDataSet")
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU32(
|
2024-02-09 15:40:30 -06:00
|
|
|
"slotIndex".cstring, input.slotIndex.uint32) != ERR_OK:
|
|
|
|
return failure("Failed to push slotIndex")
|
|
|
|
|
|
|
|
var
|
|
|
|
slotProof = input.slotProof.mapIt( it.toBytes ).concat
|
|
|
|
|
|
|
|
slotProof.setLen(self.datasetDepth) # zero pad inputs to correct size
|
|
|
|
|
|
|
|
# arrays are always flattened
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU256Array(
|
2024-02-09 15:40:30 -06:00
|
|
|
"slotProof".cstring,
|
|
|
|
slotProof[0].addr,
|
|
|
|
uint (slotProof[0].len * slotProof.len)) != ERR_OK:
|
|
|
|
return failure("Failed to push slot proof")
|
|
|
|
|
|
|
|
for s in input.samples:
|
|
|
|
var
|
|
|
|
merklePaths = s.merklePaths.mapIt( it.toBytes )
|
|
|
|
data = s.cellData
|
|
|
|
|
|
|
|
merklePaths.setLen(self.slotDepth) # zero pad inputs to correct size
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU256Array(
|
2024-02-09 15:40:30 -06:00
|
|
|
"merklePaths".cstring,
|
|
|
|
merklePaths[0].addr,
|
|
|
|
uint (merklePaths[0].len * merklePaths.len)) != ERR_OK:
|
|
|
|
return failure("Failed to push merkle paths")
|
|
|
|
|
|
|
|
data.setLen(self.cellElms * 32) # zero pad inputs to correct size
|
2024-02-19 12:58:39 -06:00
|
|
|
if ctx.pushInputU256Array(
|
2024-02-09 15:40:30 -06:00
|
|
|
"cellData".cstring,
|
|
|
|
data[0].addr,
|
|
|
|
data.len.uint) != ERR_OK:
|
|
|
|
return failure("Failed to push cell data")
|
|
|
|
|
|
|
|
var
|
|
|
|
proofPtr: ptr Proof = nil
|
|
|
|
|
|
|
|
let proof =
|
|
|
|
try:
|
|
|
|
if (
|
2024-02-19 12:58:39 -06:00
|
|
|
let res = self.backendCfg.proveCircuit(ctx, proofPtr.addr);
|
2024-02-09 15:40:30 -06:00
|
|
|
res != ERR_OK) or
|
|
|
|
proofPtr == nil:
|
|
|
|
return failure("Failed to prove - err code: " & $res)
|
|
|
|
|
|
|
|
proofPtr[]
|
|
|
|
finally:
|
|
|
|
if proofPtr != nil:
|
|
|
|
proofPtr.addr.releaseProof()
|
|
|
|
|
|
|
|
success proof
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
proc verify*[H](
|
2024-02-09 15:40:30 -06:00
|
|
|
self: CircomCompat,
|
|
|
|
proof: CircomProof,
|
2024-02-19 12:58:39 -06:00
|
|
|
inputs: ProofInputs[H]): ?!bool =
|
|
|
|
## Verify a proof using a ctx
|
2024-02-09 15:40:30 -06:00
|
|
|
##
|
|
|
|
|
|
|
|
var
|
2024-02-19 12:58:39 -06:00
|
|
|
proofPtr = unsafeAddr proof
|
|
|
|
inputs = inputs.toCircomInputs()
|
|
|
|
|
|
|
|
try:
|
|
|
|
let res = verifyCircuit(proofPtr, inputs.addr, self.vkp)
|
|
|
|
if res == ERR_OK:
|
|
|
|
success true
|
|
|
|
elif res == ERR_FAILED_TO_VERIFY_PROOF:
|
|
|
|
success false
|
|
|
|
else:
|
|
|
|
failure("Failed to verify proof - err code: " & $res)
|
|
|
|
finally:
|
|
|
|
inputs.releaseCircomInputs()
|
2024-02-09 15:40:30 -06:00
|
|
|
|
|
|
|
proc init*(
|
|
|
|
_: type CircomCompat,
|
|
|
|
r1csPath : string,
|
|
|
|
wasmPath : string,
|
2024-02-19 12:58:39 -06:00
|
|
|
zkeyPath : string = "",
|
2024-02-09 15:40:30 -06:00
|
|
|
slotDepth = DefaultMaxSlotDepth,
|
|
|
|
datasetDepth = DefaultMaxDatasetDepth,
|
|
|
|
blkDepth = DefaultBlockDepth,
|
|
|
|
cellElms = DefaultCellElms,
|
|
|
|
numSamples = DefaultSamplesNum): CircomCompat =
|
2024-02-19 12:58:39 -06:00
|
|
|
## Create a new ctx
|
2024-02-09 15:40:30 -06:00
|
|
|
##
|
|
|
|
|
|
|
|
var cfg: ptr CircomBn254Cfg
|
2024-02-19 12:58:39 -06:00
|
|
|
var zkey = if zkeyPath.len > 0: zkeyPath.cstring else: nil
|
|
|
|
|
2024-02-09 15:40:30 -06:00
|
|
|
if initCircomConfig(
|
|
|
|
r1csPath.cstring,
|
|
|
|
wasmPath.cstring,
|
2024-02-19 12:58:39 -06:00
|
|
|
zkey, cfg.addr) != ERR_OK or cfg == nil:
|
|
|
|
if cfg != nil: cfg.addr.releaseCfg()
|
2024-02-09 15:40:30 -06:00
|
|
|
raiseAssert("failed to initialize circom compat config")
|
|
|
|
|
2024-02-19 12:58:39 -06:00
|
|
|
var
|
|
|
|
vkpPtr: ptr VerifyingKey = nil
|
|
|
|
|
|
|
|
if cfg.getVerifyingKey(vkpPtr.addr) != ERR_OK or vkpPtr == nil:
|
|
|
|
if vkpPtr != nil: vkpPtr.addr.releaseKey()
|
|
|
|
raiseAssert("Failed to get verifying key")
|
|
|
|
|
2024-02-09 15:40:30 -06:00
|
|
|
CircomCompat(
|
|
|
|
r1csPath : r1csPath,
|
|
|
|
wasmPath : wasmPath,
|
2024-02-19 12:58:39 -06:00
|
|
|
zkeyPath : zkeyPath,
|
2024-02-09 15:40:30 -06:00
|
|
|
slotDepth : slotDepth,
|
|
|
|
datasetDepth: datasetDepth,
|
|
|
|
blkDepth : blkDepth,
|
|
|
|
cellElms : cellElms,
|
2024-02-19 12:58:39 -06:00
|
|
|
numSamples : numSamples,
|
|
|
|
backendCfg : cfg,
|
|
|
|
vkp : vkpPtr)
|