Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add PLONK in-circuit verifier #880

Merged
merged 27 commits into from
Nov 28, 2023
Merged

feat: add PLONK in-circuit verifier #880

merged 27 commits into from
Nov 28, 2023

Conversation

ivokub
Copy link
Collaborator

@ivokub ivokub commented Oct 20, 2023

Description

This PR adds in-circuit verifier supporting commitments for both 2-chain and emulated computations.

Fixes #847

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How has this been tested?

  • 2-chain test without commitments TestBLS12InBW6WoCommit
  • emulated test without commitments TestBW6InBN254WoCommit
  • 2-chain test with commitments TestBLS12InBW6Commit
  • emulated test with commitments TestBW6InBN254Commit

How has this been benchmarked?

Checklist:

  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I did not modify files generated from templates
  • golangci-lint does not output errors locally
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@ivokub ivokub self-assigned this Oct 20, 2023
@ivokub ivokub added new feature P1: High Issue priority: high labels Oct 20, 2023
@github-actions
Copy link

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bls12381
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bn254
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bw6761
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_emulated
TestScalarMulBase4 0s

📦 github.com/consensys/gnark/std/commitments/kzg
TestKZGVerificationEmulated 0s

TestKZGVerificationEmulated/bn254 0s

📦 github.com/consensys/gnark/std/evmprecompiles
TestECRecoverCircuitShortLax 0s

📦 github.com/consensys/gnark/std/gkr
TestMiMCFullDepthNoDepSolve 0s

📦 github.com/consensys/gnark/std/hash/sha3
TestSHA3 0s

TestSHA3/Keccak-512 0s

TestSHA3/SHA3-256 0s

📦 github.com/consensys/gnark/std/internal/logderivprecomp
TestXor 0s

TestXor/bn254 0s

TestXor/bn254/groth16 0s

📦 github.com/consensys/gnark/std/math/emulated
TestIsZero 0s

TestIsZero/Goldilocks/limb=64 0s

TestIsZero/Goldilocks/limb=64/bn254 0s

TestIsZero/Goldilocks/limb=64/bn254/groth16 0s

TestIsZero/Goldilocks/limb=64/bn254/groth16/valid_witness 0s

TestIsZero/Goldilocks/limb=64/bn254/plonk 0s

TestIsZero/Goldilocks/limb=64/bn254/plonk/valid_witness 0s

TestIsZero/Goldilocks/limb=64/bn254#01 0s

TestIsZero/Goldilocks/limb=64/bn254#01/groth16 0s

TestIsZero/Goldilocks/limb=64/bn254#01/groth16/valid_witness 0s

TestIsZero/Goldilocks/limb=64/bn254#01/plonk 0s

TestIsZero/Goldilocks/limb=64/bn254#01/plonk/valid_witness 0s

TestIsZero/Secp256k1Fp/limb=64 0s

TestIsZero/Secp256k1Fp/limb=64/bn254 0s

TestIsZero/Secp256k1Fp/limb=64/bn254/groth16 0s

🚧 TestIssue348UnconstrainedLimbs 0s

    element_test.go:820: regression #348

📦 github.com/consensys/gnark/std/permutation/keccakf
TestKeccakf 0s

TestKeccakf/bn254 0s

📦 github.com/consensys/gnark/std/permutation/sha2
TestBlockGeneric 0s

📦 github.com/consensys/gnark/std/polynomial
ExampleMultiLin_Evaluate 0s

📦 github.com/consensys/gnark/std/rangecheck
TestCheck 0s

@ivokub ivokub added the zk-evm label Oct 20, 2023
@github-actions
Copy link

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bls12381
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bn254
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bw6761
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_emulated
TestScalarMulBase4 0s

📦 github.com/consensys/gnark/std/commitments/kzg
TestKZGVerificationEmulated 0s

TestKZGVerificationEmulated/bn254 0s

📦 github.com/consensys/gnark/std/evmprecompiles
TestECRecoverCircuitShortLax 0s

📦 github.com/consensys/gnark/std/gkr
TestMiMCFullDepthNoDepSolve 0s

📦 github.com/consensys/gnark/std/hash/sha3
TestSHA3 0s

TestSHA3/SHA3-256 0s

TestSHA3/SHA3-384 0s

📦 github.com/consensys/gnark/std/internal/logderivprecomp
TestXor 0s

TestXor/bn254 0s

TestXor/bn254/groth16 0s

📦 github.com/consensys/gnark/std/math/emulated
TestIsZero 0s

TestIsZero/BN254Fp/limb=64 0s

TestIsZero/BN254Fp/limb=64/bn254 0s

TestIsZero/BN254Fp/limb=64/bn254/groth16 0s

TestIsZero/BN254Fp/limb=64/bn254/groth16/valid_witness 0s

TestIsZero/BN254Fp/limb=64/bn254/plonk 0s

TestIsZero/BN254Fp/limb=64/bn254/plonk/valid_witness 0s

TestIsZero/BN254Fp/limb=64/bn254#01 0s

TestIsZero/BN254Fp/limb=64/bn254#01/groth16 0s

TestIsZero/Goldilocks/limb=64 0s

TestIsZero/Goldilocks/limb=64/bn254 0s

TestIsZero/Goldilocks/limb=64/bn254/groth16 0s

TestIsZero/Goldilocks/limb=64/bn254/groth16/valid_witness 0s

TestIsZero/Goldilocks/limb=64/bn254/plonk 0s

TestIsZero/Goldilocks/limb=64/bn254/plonk/valid_witness 0s

TestIsZero/Goldilocks/limb=64/bn254#01 0s

TestIsZero/Goldilocks/limb=64/bn254#01/groth16 0s

TestIsZero/Goldilocks/limb=64/bn254#01/groth16/valid_witness 0s

TestIsZero/Goldilocks/limb=64/bn254#01/plonk 0s

TestIsZero/Goldilocks/limb=64/bn254#01/plonk/valid_witness 0s

TestIsZero/Secp256k1Fp/limb=64 0s

TestIsZero/Secp256k1Fp/limb=64/bn254 0s

TestIsZero/Secp256k1Fp/limb=64/bn254/groth16 0s

TestIsZero/Secp256k1Fp/limb=64/bn254/groth16/valid_witness 0s

TestIsZero/Secp256k1Fp/limb=64/bn254/plonk 0s

TestIsZero/Secp256k1Fp/limb=64/bn254/plonk/valid_witness 0s

TestIsZero/Secp256k1Fp/limb=64/bn254#01 0s

TestIsZero/Secp256k1Fp/limb=64/bn254#01/groth16 0s

TestIsZero/Secp256k1Fp/limb=64/bn254#01/groth16/valid_witness 0s

TestIsZero/Secp256k1Fp/limb=64/bn254#01/plonk 0s

TestIsZero/Secp256k1Fp/limb=64/bn254#01/plonk/valid_witness 0s

🚧 TestIssue348UnconstrainedLimbs 0s

    element_test.go:820: regression #348

📦 github.com/consensys/gnark/std/permutation/keccakf
TestKeccakf 0s

TestKeccakf/bn254 0s

📦 github.com/consensys/gnark/std/permutation/sha2
TestBlockGeneric 0s

📦 github.com/consensys/gnark/std/polynomial
ExampleMultiLin_Evaluate 0s

📦 github.com/consensys/gnark/std/rangecheck
TestCheck 0s

@ivokub ivokub force-pushed the feat/plonk-verifier branch from 6ecc547 to 42a4d5c Compare October 23, 2023 10:08
@github-actions
Copy link

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bls12381
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bn254
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bw6761
TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_emulated
TestScalarMulBase4 0s

📦 github.com/consensys/gnark/std/commitments/kzg
TestKZGVerificationEmulated 0s

TestKZGVerificationEmulated/bn254 0s

📦 github.com/consensys/gnark/std/evmprecompiles
TestECRecoverCircuitFull 0s

TestECRecoverCircuitFull/bn254 0s

📦 github.com/consensys/gnark/std/gkr
TestMiMCFullDepthNoDepSolve 0s

📦 github.com/consensys/gnark/std/hash/sha3
TestSHA3 0s

TestSHA3/SHA3-256 0s

TestSHA3/SHA3-384 0s

📦 github.com/consensys/gnark/std/math/emulated
ExampleField_NewHint 0s

🚧 TestIssue348UnconstrainedLimbs 0s

    element_test.go:820: regression #348

📦 github.com/consensys/gnark/std/permutation/keccakf
TestKeccakf 0s

TestKeccakf/bn254 0s

📦 github.com/consensys/gnark/std/polynomial
ExampleMultiLin_Evaluate 0s

📦 github.com/consensys/gnark/std/rangecheck
TestCheck 0s

@github-actions
Copy link

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 630ms

    verifier_test.go:51: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:51
        	            				/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:83
        	Error:      	Received unexpected error:
        	            	invalid fr.Element encoding
        	Test:       	TestBLS12InBW6

@github-actions
Copy link

📦 github.com/consensys/gnark/std/gkr
TestSqNoDependencyCircuit 0s

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xb762aa]

goroutine 21862 [running]:
github.com/consensys/gnark-crypto/ecc/bn254/fr/iop.(*Polynomial).ToCanonical(0x0, 0xc00023fb00?, {0xc000c74f60?, 0xc0?, 0xfc6e00?})
	/home/runner/go/pkg/mod/github.com/consensys/[email protected]/ecc/bn254/fr/iop/polynomial.go:338 +0x2a
github.com/consensys/gnark/backend/plonk/bn254.(*instance).computeNumerator.func6(0x0)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:996 +0xc5
github.com/consensys/gnark/backend/plonk/bn254.batchApply.func1(0xc00050c040?)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1092 +0x31
created by github.com/consensys/gnark/backend/plonk/bn254.batchApply in goroutine 20920
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1091 +0x12b

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 550ms

panic: TODO [recovered]
	panic: TODO

goroutine 19 [running]:
testing.tRunner.func1.2({0x9d0de0, 0xb7ece0})
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1545 +0x238
testing.tRunner.func1()
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1548 +0x397
panic({0x9d0de0?, 0xb7ece0?})
	/opt/hostedtoolcache/go/1.21.3/x64/src/runtime/panic.go:914 +0x21f
github.com/consensys/gnark/std/recursion/plonk.ValueOfVerifyingKey[...](...)
	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier.go:64
github.com/consensys/gnark/std/recursion/plonk.TestBLS12InBW6(0xc000103d40)
	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:86 +0x90
testing.tRunner(0xc000103d40, 0xae43e0)
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1595 +0xff
created by testing.(*T).Run in goroutine 1
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1648 +0x3ad

@ivokub ivokub force-pushed the feat/plonk-verifier branch from f58117b to 7dba1bd Compare October 25, 2023 23:23
@github-actions
Copy link

📦 github.com/consensys/gnark/std/gkr
TestDoubleNoDependencyCircuit 0s

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xb762aa]

goroutine 14064 [running]:
github.com/consensys/gnark-crypto/ecc/bn254/fr/iop.(*Polynomial).ToCanonical(0x0, 0xc0002c3380?, {0xc000338760?, 0xc0?, 0xfc6e00?})
	/home/runner/go/pkg/mod/github.com/consensys/[email protected]/ecc/bn254/fr/iop/polynomial.go:338 +0x2a
github.com/consensys/gnark/backend/plonk/bn254.(*instance).computeNumerator.func6(0x0)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:996 +0xc5
github.com/consensys/gnark/backend/plonk/bn254.batchApply.func1(0x0?)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1092 +0x31
created by github.com/consensys/gnark/backend/plonk/bn254.batchApply in goroutine 13126
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1091 +0x12b

Copy link

github-actions bot commented Nov 3, 2023

📦 github.com/consensys/gnark/std/commitments/fri
TestFriVerification 380ms

    fri_test.go:128: [assertIsEqual] 10143962279866096754939274742091438846054446069363875312934954770438259016160 == 12728612357088466211075361665205415143201191108558212015308061573735919765935
        merkle.(*MerkleProof).VerifyProof
        	verify.go:106
        fri.RadixTwoFri.verifyProofOfProximitySingleRound
        	fri.go:181
        fri.RadixTwoFri.VerifyProofOfProximity
        	fri.go:231
        fri.(*ProofOfProximityTest).Define
        	fri_test.go:40
        

📦 github.com/consensys/gnark/std/fiat-shamir
TestFiatShamir 70ms

TestFiatShamir/bls12_377 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 3163888562371428093593618221793359294972156157684584935827002276768762058485 == 5303862187967141007985180745379160188857636083947327329330907206381618369881
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["6291300163970378290634550750052374931460828599673123801691548691174718402048","7906539547372309426722992846560604421922154724194538385200692220974258769956","3549857784597046223916185596666343261419633339184216329392545589951688765606","101383321449339439121212731153325265791307783045265928890282976641972056382"],["1815135838668298247765352902939425258757803492272416198250250210245464192361","5071857529627951707838038750563454916726902704596727994584725919179250572984","4032094196279148218543717435873280079819424450795985234480850316001228949824","1300348927825061413402309457575821357136587432593338951081321637951717689745"],["5425192024740364400046267066352482960735381981412414432073990519002750381944","3188837926985574803620132485082388180957876793823589270148515462362427381579","3955523470322280490183232283126198531015048777411103318458973976432766982470","318755067267743706618597160988406967417097609591303871297580539643399901653"]],"Challenges":["5303862187967
141007985180745379160188857636083947327329330907206381618369881","2925899173502819949783941743904339582241885703020466684961276501986793232235","7748600032351080752459402768121102982775136548857922841968266652631512129845"]}
        	Test:       	TestFiatShamir/bls12_377

TestFiatShamir/bls12_381 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 8696261718507777874422940675183796970688869201363951395369968226203794201289 == 5038966129905068384566280789872198845654100939943664748032998790711433717366
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["9391878985204293843246815406043355128663487663884213717864740814237180732421","30280909550882172713872972823846757926194781059199623012832373346392637004564","3932735292395239191736070259682861866406065970138743358294377384494621264455","13884141915506871491009370938540523084599223774138630644372914556673125501793"],["42503948158124107232356884605398838104158374381128805096606837198890244646701","36741750726148825040279983827499755372943964142182761971282733771337320986452","23768829278150777150739177161409562690091354540630781535222511138517542944662","28371295834624796675373055442311682602757087513768396953619136161871868218344"],["46324195837181634877850755620492354509644009985657669814372028862350457859496","9498647394034631688668923978204160888032133300085148794255527940694200558804","20528163023876810070819565278619897356833145664566547521906422298204407448969","1575107519948188940094826152794498297032197279869320139642075225193140949874"]],"Challenges":["503
8966129905068384566280789872198845654100939943664748032998790711433717366","18895313745035330202239304197877629206091077885394435073883642452521835788188","35286704864657592067245443796527822573351683839922075970588927567871743650011"]}
        	Test:       	TestFiatShamir/bls12_381

TestFiatShamir/bls24_315 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 2359179430821968354184234031394932597477330536560107271435799337242705237533 == 9884243649614624108838134730344466738017321927296759039412304362476292178667
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["2198128240669689316787754711667666319719740031109946991893031608413414473111","3296567216737832499536884502018528187027939314923429305592083544203108993987","10292838815259732041301031190710103591456025395080539870856479116630222270686","5218345630339555201426174440312936300723943003514428226202201295492144951512"],["1983454648999166633156704713135109739126009598312913806675556197709828872982","5742887290338284881647232797701047613145007440862387722515607515639506361027","6925475754576784735751961718951581570958452184828420886884480414856146318887","2240989890792884842541000897627317756381920878951008824632432250739378839181"],["577740837901196244993839760166399523882114120704386641560829776823090015923","4918834379557413735143144587229902008123849203046522680979707645560497330300","9971999469857050064352459005007593511079302760678195857208172718175700257387","9966155939345140814558183903981236307103450761506879379862224882925549880162"]],"Challenges":["98842436496
14624108838134730344466738017321927296759039412304362476292178667","11398620813508854652363537080460318073097481894438388753799727206842712433704","9321536512427710998898024731197907166140976337591400960298208211638289239879"]}
        	Test:       	TestFiatShamir/bls24_315

TestFiatShamir/bls24_317 20ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 24470135421085567986037135534090829682886137962048430268674195640794157519518 == 23826843743354467619154411902437927204404990202710438610605521547252520642696
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["12629955706893136513475473078513477631257086656770085153923101957489733302730","9330796712475762700370899245902198312772390750305013985624676565647869470083","24851326899543838818117724524775252402879635569960434693346341694443672222900","770772383832774376461831994409263265290179330938143470342373786354940171424"],["10436324015327596409366252187625659330788663857805374970051784500276310866183","252258590300624661374300583101318112214182133233177706027045119617766332592","24066326997870464497350362302892118005563990460625010238066579605149722317826","3943076652646080737830556684640912420244420238071508564103327589629049422141"],["15145907488421821499254812195788217531113343745427767731740259415984442900314","6043711222462020671227554979423982724061333728187659067381242614822277652442","11349629588121235245209424264489239041799748345546955593371161347851632798946","26219122209225338948401468501462681135574201105457748878921351974358387986622"]],"Challenges":["238268
43743354467619154411902437927204404990202710438610605521547252520642696","6982253999963435270470561326231279338995279707264267410876288314410193992768","10989469211956918598133731787544634185579985658162137417656479388956725773901"]}
        	Test:       	TestFiatShamir/bls24_317

TestFiatShamir/bn254 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 3796935116167748471942166145793596519651128497273976398414188149351362499104 == 20724595094432976631835710626927786556187472458566207992305806867487125290725
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["1676980996228780107238068323920417170832219792090394809897120601625035524339","5447682647749328434613116024225313696913171774349701498050890867232681425607","2691518689036150882080322045571972800297737067339635116752943083016374126039","5403784750430382824119088784462127714781160300682693585390839537046832557430"],["1209528016041266309495173814769851459296262753986606358243577713456077532871","15463039324304123905260978481590996151072410798735736278302307682983869276847","18142503582348694673944410285313835004294361464633435939462744787875163478409","8862380238909944010941991665466463749753903440709074818110887406157940985628"],["270519456509555543972948331421079594885730580783304552872908312589890854314","18197100796970964047745835411988512013760618216279658985067317237329544965182","6661586594534419233734872839971444947066935931616053821585991057792436126111","13368322664696295582731699801607664361162557964045396532229203093588380515804"]],"Challenges":["20724595
094432976631835710626927786556187472458566207992305806867487125290725","3781906352106464750555502188108172730257404755465779415581100632511715152560","12118197161733147328306639330027267950944005272809888593046666750697102986607"]}
        	Test:       	TestFiatShamir/bn254

TestFiatShamir/bw6_633 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 4508429985267206112545932946741473832093196980287798912777852843131805242919125539980307504390 == 32561104289712216457971152338467849761730538544309146304204408970906928212382736248505372658728
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["4828408093586476358007686529634062099778834097027180848566497493075566991074097614410732890370","6454150834326426073276736101489265187737365967701407522131599290758409985427984223805815662269","19775543321802352964718849891928308789823798340680588383640754846720924619181403310795623371620","6358703640520588561088665171593460713854674288304992340189871668377040196016703136648732246507"],["19035180068553943052269983334644509619054732252807322011793022425650194649105621989177700360741","12621300327343586993167376282184568075651967067782976278149828749033232595258010683014098137861","16303817727095306261311457051061239832922029819749078437182950073512072409686373459828910370817","23599904661653903086105693638420965041420230429093890902336771176178770399415760048112217403793"],["39473306974940492008616033009828962939390179844699456932406647142023457204323360953386375468282","39046121002446934726795059600575061060739448613086364455216588091352287295449334077408152052864"
,"7881954047306544613536330912464313169485619949454105410568017334403687207418940521308613061132","9770378181828516718814932307820941173652217135695139684368284880619671023576968359494864994231"]],"Challenges":["32561104289712216457971152338467849761730538544309146304204408970906928212382736248505372658728","31813661360999231115369184843613329345537182287861152242346853542916268829253297789771875359279","37875095360103425435601308813753704904321041208548393900993161947576086005081697399122117204731"]}
        	Test:       	TestFiatShamir/bw6_633

TestFiatShamir/bw6_761 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 58643728296573478344445451045297754502205386348408702842265087709365155626258926248679847234247653517423754267888 == 19135851982861533992158655111543281317947729710626961660625851881007837021475524633239883922834729055005194814924
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["131786283179681204313711389172440827170842642790147454589985247184620903722608058246206270988135027896320260142262","190488604032644345698279519199086970058028552814675383834750176269481474258927866439146917021805407850077025453872","1454786076985381089026432953764106759219828631310620780694357041598566968069189657234869201421952112013247170355","52000114051638911805598945790018529138078193098235329856094297797661684676535510190034059631837516354245051805645"],["74835038568659812850278433069878453562555640193755200669940444083546621295221558524634416265451155223699996601946","147928058349231213473721987613509385198351743349311637229843607919496141338409886643244613398584606871791961343882","222738178286898975312522421102136361776991534783583273908639323483547310808835899395532973966768245609222219704713","131763635637800422232543398264965384849905384098687355877954755083715834958479649047218022283306761830968885731376"],["1026602408727867654934180942950866529837467
59842303452321039375575868316155867533681460988926289111092466839184393","204781753482336581950336423239184205306153176876792073267655259739877706350953773474840897248923754968742169201976","199173048286990963404822030189871406340427129827761986132215207139910455222379943582635988391055662603909880819518","67986233940672701127169374173694639135780607691402982184362768995287704007551386461866776249101950753921817053837"]],"Challenges":["19135851982861533992158655111543281317947729710626961660625851881007837021475524633239883922834729055005194814924","160616971098496206694191062434645687958947737072855977448369526275018364508478077275321706468879739391683998170738","123200620317255831072790580327897531002291515429751205976994168155720538237268961649502345194674813461961457577226"]}
        	Test:       	TestFiatShamir/bw6_761

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 730ms

TestBLS12InBW6/bw6_761 10ms

ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Points []frontend.Variable
    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsBoolean] 444016192865
        	            	bits.fromBinary
        	            		conversion_binary.go:36
        	            	bits.FromBase
        	            		conversion.go:42
        	            	bits.FromBinary
        	            		conversion_binary.go:16
        	            	recursion.(*shortCircuitHash).Write
        	            		wrapped_hash.go:244
        	            	fiat-shamir.(*Transcript).ComputeChallenge
        	            		transcript.go:153
        	            	plonk.(*Verifier[...]).deriveRandomness
        	            		verifier.go:573
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:291
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:84
        	            	
        	            	witness:{"Proof":{"LRO":[{"G1El":{"X":"193287807574155234665703987172556898856391565773452682083710449129334020624113076083752135236810081195944671505909","Y":"23065430555995554555920172814353530119825632757418747268386105420699503568089674674395052015766896038445612344060"}},{"G1El":{"X":"355094838535282191300241501520676381662223983398239332878840413935507552655638951998671185094455752274186212320","Y":"128746439451750983844611346823319226228828489600342712479488971730841129329375185344167865801022251733360838603673"}},{"G1El":{"X":"40072461756439445414430727995309704312595542632595279775796319822094261771160951055839989328252481527034497856772","Y":"30657191356029651361323668847599765912418203611767747919104164186435631504233504125183086653009461719827283707889"}}],"Z":{"G1El":{"X":"60721804516788057377984968955947889562327178820974388596811968785218101290666797041779694325814735479996424161070","Y":"2081246918424189669928183026379355472283734624594167277800806509996631286555599367041
57020170218154059650193129800"}},"H":[{"G1El":{"X":"23434526675361357119812361108093729000121567400091164794740238655901375694863755438341630007373782306802858100607","Y":"137460013709898812020158119592629905255636654601992476297103708496123848723572501074323758514423143129088194273309"}},{"G1El":{"X":"128069736999944306093075678022456853606886725616172239442510796428902226026812217356874136122269985639232562219806","Y":"136348144394645607875251138448732756914773077785993888189530339383101199678611985806189556472497367247030380363070"}},{"G1El":{"X":"123483938875050508011061745830384516920358592022296749286949889280077007474569715548960104533611635681128378369001","Y":"137538908022621727398262199833139927896370590649411566375086773236655373472665913495675669512976688589633714602185"}}],"BatchedProof":{"QuotientPoly":{"X":"222753019234202892988703165802167539306551943444212645930991587742048330218105447512964379251191871984278532557153","Y":"598975271225090248693622439220362812092081103826640504234755814564149
64546434110033507676050350578082590660241217"},"ClaimedValues":["880359431596862465442178865663168944978160319535121030552143283775242222581","2774161365298157845889880829207019485165404858946671557878730069315234200975","1080102532583576206553022602741445105969501703850844093619186257860805971853","7574653122525843764824022127854417689330968514353988617429781670846357167870","2212010931434901294691544575521410219067694405067295252588540919746770500612","337475976816557717144324355578167679181437707156209890102875041324631234513","5467961860065941771393904847628590872811027857787832310128922042919444268837"]},"ZShiftedOpening":{"QuotientPoly":{"X":"244328173805691593921498773871881418885391930947033360074513805583546937980860537949747991611462582819166135287099","Y":"33866411996519031471476146863031726930010564695969616559120379944503697095836920092854992215813299138882396483139"},"ClaimedValue":"901610211588746007530480127958128205478550901858300395351216094719325967305","Point":1}},"VerifyingKey":{"Size":4,
"SizeInv":"6333346312071277818186618704086159898531924501365547870951425091938056929281","Generator":"880904806456922042258150504921383618666682042621506879489","Kzg":{"SRS":[{"X":{"A0":"233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294","A1":"140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118"},"Y":{"A0":"63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423","A1":"149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491"}},{"X":{"A0":"197487989529169039797901372637203768568880620644243311534350504654042744861515916514902847752106582440975969154503","A1":"177834945064927985819232243246807186072907567000582911754536973694170033569559488642391102131508292683714627367750"},"Y":{"A0":"11831575641890263091606358135519685592366191832562880278528800879334471933093603678646
0765237134622877479754447920","A1":"211441955035634224716331256021389203792082246683722702766385406818890361901888977244646636300177825985071450890034"}}]},"CosetShift":22,"S":[{"G1El":{"X":"58818828082671107722040494270092989733604256797346944455839725142575816071573204087330897867143730761412582190906","Y":"89025995190463862316668137740226176488944348576425488390449504782223551567810320510977475059424447670035145831083"}},{"G1El":{"X":"41807256128783827327708795714494873039043551875495654186299694541759434439833242902410246209190857904531115900090","Y":"53802668449585277093387415462284304690276490336010688627283627561721091207319813653436478712522252607259733466786"}},{"G1El":{"X":"229357714275675823236048044509707664175686073040240495294224726389424695390586983695321225675418111482630164314112","Y":"3028683948223411206116162166086233135397815246810711328761190735918590082171070188783444899329774501605903380478"}}],"Ql":{"G1El":{"X":"18584085988870019159057457086724578789390594528911136053807372128401488063
9283441181920077440814468801210313340072","Y":"84153284364172426386658235732171307991629044814788303515031929116995622827438506753586872713110028512322246551604"}},"Qr":{"G1El":{"X":"185771601333162953706345135162471105707677286547564455895794446819262853490291303196317121388678720276293922935081","Y":"146682034915935479360452244285677333961765393311515727147282836117063326311852958278540876874456151808296469216410"}},"Qm":{"G1El":{"X":"244531027910978350350823970652213683991353072501205522126460344486951429889590131703916457967948555172930876760818","Y":"136810005735508215141777566891753514293694610649186116676915566318275437169306498005125991324755301114440048297786"}},"Qo":{"G1El":{"X":"244531027910978350350823970652213683991353072501205522126460344486951429889590131703916457967948555172930876760818","Y":"121854420277460878868875166803140019242698902105728543862968696348445031179034324769842896814818059010000273160391"}},"Qk":{"G1El":{"X":0,"Y":0}}},"InnerWitness":{"Public":[15]}}
        	Test:       	TestBLS12InBW6/bw6_761

@ivokub ivokub force-pushed the feat/plonk-verifier branch from 08e1a34 to 93ef51f Compare November 3, 2023 12:57
Copy link

github-actions bot commented Nov 3, 2023

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 690ms

TestBLS12InBW6/bw6_761 0s

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	runtime error: invalid memory address or nil pointer dereference
        	            	runtime.panicmem
        	            		panic.go:261
        	            	runtime.sigpanic
        	            		signal_unix.go:861
        	            	big.(*Int).Cmp
        	            		int.go:381
        	            	recursion.NewHash
        	            		wrapped_hash.go:168
        	            	recursion.NewTranscript
        	            		wrapped_hash.go:182
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:279
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:85
        	            	
        	            	witness:{"Proof":{"LRO":[{"G1El":{"X":"196548503668016044380133063126356121823036145057979704463462128987553090220077379198600266944685922625332703271824","Y":"214090964711194832115310848911819974164120898248629418319396812554477705496229217476365065682584103844408107484879"}},{"G1El":{"X":"235516964484035587485014088225517195825165153142992756676438865607836053383520734255759443949146598170808653068254","Y":"140469916693323861691688353692838399744128864523216827168617130974722514006426752894464150313562963042487983455439"}},{"G1El":{"X":"85084612998039316763995724964802150536468287625505921681713726575042312924611288348986301872502469227816304715107","Y":"227042921643688908174534191004931872078449609898130635394994773583742654933014986355165417712930394749554462191530"}}],"Z":{"G1El":{"X":"65174441907605058712443019187024287680425960809925525713590333946918589684919436974595151673165885745443807219901","Y":"16720982098492192178452282235683395003925528683185192880396768413585125407175935
5351382917082126923134394613389482"}},"H":[{"G1El":{"X":"115349902033088254677532519363402694647935581044859198602940173188741796431047103552562837838263753358799732717552","Y":"53998259376057978622077771667251242146174177685538392187359614346878908649920303763236897364320899426423685281859"}},{"G1El":{"X":"206569191951069780042542905816617062865936050184390406950515952955971426136563704315638562030799315318626161106570","Y":"181889573818608157996069390920836842216098263827785251343473351365384187243414173837281513360025659221660249648135"}},{"G1El":{"X":"19748671239673935332351668053662811872019735590758644977988534472734103874634539468457715198398379601916363915001","Y":"146290617204129276725621788183675349866809136081481717963179808406228117287730310351283967488819363990125352213046"}}],"BatchedProof":{"QuotientPoly":{"X":"58675858332608172082439213072120396717465381298892154049263873810175332923224511968786652979329174507463756293307","Y":"113031268647185475554424214961938379483878313711679541697675680228
555655994179929906619806815244997992802066872049"},"ClaimedValues":[{"Limbs":["33728202843085721132208179625129688786137987401920569417469937726550553473"]},{"Limbs":["5962989668634166451562915011530384505830588520780438327348319810359667585102"]},{"Limbs":["632905560565278898659171485792945034242428700831243731089078422217691480673"]},{"Limbs":["753086223445701762614583476754688711159954656484562768297576210090519153499"]},{"Limbs":["1770423897418043666850257310617243492992073299121092810955899098787516724148"]},{"Limbs":["4631150168019752962293064518283462366569885886037214051394065036728463502465"]},{"Limbs":["5806103312593245997570148884059907500670804098947240075856198083676526738359"]}]},"ZShiftedOpening":{"QuotientPoly":{"X":"115292622250029024810336942598037613075451783960090081557659343951172325124730389375680394424552808407049682875381","Y":"212853175100233419468559751535725792287339449275817363935515895014010873158637341895665896699995759960308441628403"},"ClaimedValue":{"Limbs":["57412963401203895
78367168075396421532439108413866494313942569251257451274675"]},"Point":{"Limbs":[1]}}},"VerifyingKey":{"Size":{"Limbs":[4]},"SizeInv":{"Limbs":["6333346312071277818186618704086159898531924501365547870951425091938056929281"]},"Generator":{"Limbs":["880904806456922042258150504921383618666682042621506879489"]},"Kzg":{"SRS":[{"X":{"A0":"233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294","A1":"140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118"},"Y":{"A0":"63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423","A1":"149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491"}},{"X":{"A0":"233647295443072603917851894882335667644508568003687271433256096835891725415827039625362656464009079263248056935698","A1":"384860111779721709921110729887619025681380484099300533688939855890
63647426306749633993326932722740719351680623001"},"Y":{"A0":"105631780992921028195213822994230469596989067730138052492747170432962014628087516546244063139793689161711715916554","A1":"86151188775497278236541480964281180813461871612950524871388102155253078471704841822704620812014532467876828041649"}}]},"CosetShift":{"Limbs":[22]},"S":[{"G1El":{"X":"164145496270958653362865457760044712760413824350881907199978717126940413120194454664945052735177074696901970548177","Y":"234365962377835610559168807266509551355724850502788973247982598923009085772461485437279734316412767791314508143121"}},{"G1El":{"X":"85335569928532006250442807036461492872351369027438435547251821945011432666461935349901411890184626843771575068724","Y":"55393204343543503315392259962336344513965087561507926435389580322264015523909437593800339836511027931756981418607"}},{"G1El":{"X":"44042344774100799675492339150919395407587940877711688671547038041828042201673239325323938683332831953352050001243","Y":"206181953580390988848066541626503747124296303304781
486339246289507667269358858533207014169453721536425433078505365"}}],"Ql":{"G1El":{"X":"71979890398417170200516132026454140917461190821488715289999195980139483406079931769733897537517298830024567733707","Y":"47976073820824640475703456566349053158412543619842529625552280023765180960907316380821159700407420292567172683032"}},"Qr":{"G1El":{"X":"31671898208112495294460451729061645210358119638985047702450656145518073960341563572475418306816101175358929493891","Y":"71942539187214378445880468265359578519689424748803708065655156098763350663979154476589953314057956123662087605875"}},"Qm":{"G1El":{"X":"85007969379210954589974643842614033102589094786156374528920676520480115079074125661470167899277947258783416543938","Y":"167962436744924620931255460756643204206797647797346587780396918836322098703165701006737466591520753164915909139862"}},"Qo":{"G1El":{"X":"85007969379210954589974643842614033102589094786156374528920676520480115079074125661470167899277947258783416543938","Y":"907019892680444730793972729382503293295958649575
68072759487343830398369645175121768231421548052606959524412318315"}},"Qk":{"G1El":{"X":0,"Y":0}}},"InnerWitness":{"Public":[{"Limbs":[15]}]}}
        	Test:       	TestBLS12InBW6/bw6_761

Copy link

github-actions bot commented Nov 3, 2023

📦 github.com/consensys/gnark/std/recursion/plonk
🛑 build failed

📦 github.com/consensys/gnark/std/recursion/plonk [github.com/consensys/gnark/std/recursion/plonk.test]

std/recursion/plonk/verifier_test.go:82:52: too many arguments in call to NewVerifier
	have (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl], "github.com/consensys/gnark/std/hash".FieldHasher)
	want (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl])
std/recursion/plonk/verifier.go:5:2: "math/big" imported and not used
std/recursion/plonk/verifier.go:6:2: "strconv" imported and not used

@ivokub ivokub force-pushed the feat/plonk-verifier branch from 1592414 to 1667207 Compare November 8, 2023 11:17
Copy link

github-actions bot commented Nov 8, 2023

📦 github.com/consensys/gnark/std/recursion/plonk
🛑 build failed

📦 github.com/consensys/gnark/std/recursion/plonk [github.com/consensys/gnark/std/recursion/plonk.test]

std/recursion/plonk/verifier_test.go:82:52: too many arguments in call to NewVerifier
	have (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl], "github.com/consensys/gnark/std/hash".FieldHasher)
	want (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl])
std/recursion/plonk/verifier.go:5:2: "math/big" imported and not used
std/recursion/plonk/verifier.go:6:2: "strconv" imported and not used

@ivokub ivokub force-pushed the feat/plonk-verifier branch from 1667207 to 0ac8f1c Compare November 8, 2023 15:31
Copy link

github-actions bot commented Nov 8, 2023

📦 github.com/consensys/gnark/backend/plonk
TestProver 0s

TestProver/bn254 0s

📦 github.com/consensys/gnark/internal/stats
TestCircuitStatistics 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_377/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_377/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_377/plonkFRI 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_381/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_381/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_381/plonkFRI 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_315/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_315/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_315/plonkFRI 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_317/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_317/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_317/plonkFRI 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bn254/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bn254/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bn254/plonkFRI 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_633/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_633/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_633/plonkFRI 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_761/groth16 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_761/plonk 0s

TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_761/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bls12_377/groth16 0s

TestCircuitStatistics/api/Lookup2/bls12_377/plonk 0s

TestCircuitStatistics/api/Lookup2/bls12_377/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bls12_381/groth16 0s

TestCircuitStatistics/api/Lookup2/bls12_381/plonk 0s

TestCircuitStatistics/api/Lookup2/bls12_381/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bls24_315/groth16 0s

TestCircuitStatistics/api/Lookup2/bls24_315/plonk 0s

TestCircuitStatistics/api/Lookup2/bls24_315/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bls24_317/groth16 0s

TestCircuitStatistics/api/Lookup2/bls24_317/plonk 0s

TestCircuitStatistics/api/Lookup2/bls24_317/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bn254/groth16 0s

TestCircuitStatistics/api/Lookup2/bn254/plonk 0s

TestCircuitStatistics/api/Lookup2/bn254/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bw6_633/groth16 0s

TestCircuitStatistics/api/Lookup2/bw6_633/plonk 0s

TestCircuitStatistics/api/Lookup2/bw6_633/plonkFRI 0s

TestCircuitStatistics/api/Lookup2/bw6_761/groth16 0s

TestCircuitStatistics/api/Lookup2/bw6_761/plonk 0s

TestCircuitStatistics/api/Lookup2/bw6_761/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_377/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_377/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_377/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_381/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_381/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_381/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_315/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_315/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_315/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_317/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_317/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_317/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bn254/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bn254/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bn254/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_633/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_633/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_633/plonkFRI 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_761/groth16 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_761/plonk 0s

TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_761/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_377/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_377/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_377/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_381/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_381/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_381/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_315/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_315/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_315/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_317/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_317/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_317/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bn254/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bn254/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bn254/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_633/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_633/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_633/plonkFRI 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_761/groth16 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_761/plonk 0s

TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_761/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls12_377/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls12_377/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls12_377/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls12_381/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls12_381/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls12_381/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls24_315/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls24_315/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls24_315/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls24_317/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls24_317/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bls24_317/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bn254/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bn254/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bn254/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bw6_633/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bw6_633/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bw6_633/plonkFRI 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bw6_761/groth16 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bw6_761/plonk 0s

TestCircuitStatistics/math/emulated/secp256k1_64/bw6_761/plonkFRI 0s

TestCircuitStatistics/pairing_bls12377/bw6_761/groth16 0s

📦 github.com/consensys/gnark/std/algebra/emulated/fields_bls12381
TestFp12ExptTorus 0s

📦 github.com/consensys/gnark/std/algebra/emulated/fields_bn254
TestDivFp12 0s

@ivokub ivokub force-pushed the feat/plonk-verifier branch from 0ac8f1c to 4e6454d Compare November 9, 2023 09:08
Copy link

github-actions bot commented Nov 9, 2023

📦 github.com/consensys/gnark/std/recursion/plonk
🛑 build failed

📦 github.com/consensys/gnark/std/recursion/plonk [github.com/consensys/gnark/std/recursion/plonk.test]

std/recursion/plonk/verifier.go:5:2: "math/big" imported and not used
std/recursion/plonk/verifier.go:7:2: "strconv" imported and not used

Copy link

github-actions bot commented Nov 9, 2023

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 1.08s

MSM input
E([258618278724209285611851849132948908195012707530361089681070129433652228518316204497376809596443622613802295211378,140334735106941239160485080214324606453532092216871283616768725194182250348640885464128347562788892503106178238373])
2146406540857918237865578843785926273242030438707749098436688494278526093469
E([55326139862841378904450641229696688750646111785564068755942356439281089331229392687777953801014450769490290061020,250060215593771891398625126096229309599607384596288579548775512071711089172446820313503153211511752708233878409428])
3999113244465746569675590933553141533633301663853922109784140088122177688290
E([248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242,183814392839645442995650223385915395659471760288273849901343604959012928735370891271406471342556347827891531939152])
6903447453637311323998303144633435191133564589142533497285490497617601790471
E([248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242,74850033173323651015002510308978137876921752466640810638540657707707539612969931503562416797017012296548789519025])
3472817178521767514543705893566523544287198681856057587125953808632968955990
O
1
E([9825211791914993690312657590546014209147204593431368457054890377894235871542551312039708292976752739881721385125,82090757997907767999539621908872505188716691521681000211104047793191560017507213732585235385188551279493746353668])
5928333484623298087445035059582510466800272603715539480982140243704972531882
E([202601209786867752830240772289312449630913655171378355746986707468426240964175074682757352954530625217430369685767,33997091150883083381111491271572824605494467403340971734052161653982505311539887135830525498045041225654865700865])
5424009932483523022401733985733888715553320754567840414626602313584432421859
MSM output
E([164116021395424605742475300353803725477189323797482639960127878137699203886959823989621220842178782746999450653711,191899905181045652813342262363812247331749905598563260167277546087779602303910347681135448158187173315934430913445])
MSM input
(test.engine) pairing2.go:300 258618278724209285611851849132948908195012707530361089681070129433652228518316204497376809596443622613802295211378 140334735106941239160485080214324606453532092216871283616768725194182250348640885464128347562788892503106178238373 
2146406540857918237865578843785926273242030438707749098436688494278526093469
(test.engine) pairing2.go:300 55326139862841378904450641229696688750646111785564068755942356439281089331229392687777953801014450769490290061020 250060215593771891398625126096229309599607384596288579548775512071711089172446820313503153211511752708233878409428 
3999113244465746569675590933553141533633301663853922109784140088122177688290
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 183814392839645442995650223385915395659471760288273849901343604959012928735370891271406471342556347827891531939152 
6903447453637311323998303144633435191133564589142533497285490497617601790471
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 74850033173323651015002510308978137876921752466640810638540657707707539612969931503562416797017012296548789519025 
3472817178521767514543705893566523544287198681856057587125953808632968955990
(test.engine) pairing2.go:300 0 0 
1
(test.engine) pairing2.go:300 9825211791914993690312657590546014209147204593431368457054890377894235871542551312039708292976752739881721385125 82090757997907767999539621908872505188716691521681000211104047793191560017507213732585235385188551279493746353668 
5928333484623298087445035059582510466800272603715539480982140243704972531882
(test.engine) pairing2.go:300 202601209786867752830240772289312449630913655171378355746986707468426240964175074682757352954530625217430369685767 33997091150883083381111491271572824605494467403340971734052161653982505311539887135830525498045041225654865700865 
5424009932483523022401733985733888715553320754567840414626602313584432421859
scalarmul step 1
(test.engine) pairing2.go:300 55326139862841378904450641229696688750646111785564068755942356439281089331229392687777953801014450769490290061020 250060215593771891398625126096229309599607384596288579548775512071711089172446820313503153211511752708233878409428 
(test.engine) pairing2.go:300 31767517785301381912059066044118560445018638753061426989296160895763206549725226443003203640704579229004128766946 16341545270707960578363409797670391763005836715393957990592745229389479322524298498964031907326999556988008533293 
(test.engine) pairing2.go:300 176901414787357197151385744259346483031521467624150737234707185100708789503310986759122373753144788551790947268589 97877135160575184310856251837339036361795833812419030156841277187377303637019994046742008008756303225308970805064 
scalarmul step 2
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 183814392839645442995650223385915395659471760288273849901343604959012928735370891271406471342556347827891531939152 
(test.engine) pairing2.go:300 217653717162407488718821279292799567726829432831582545736766995482876015315193663266010977310994887930113787180296 77325280924544709073411669218730406327306782231612751100877115544898413476298665025899588756110801565816933570983 
(test.engine) pairing2.go:300 10700558984110735835301417048061301807444501506641141569448675788266293504597068807960536255090389288687548975178 113179290881212818966312531353861499235252849074217009847017274538393213478211947913757279137109716339481214584953 
scalarmul step 3
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 74850033173323651015002510308978137876921752466640810638540657707707539612969931503562416797017012296548789519025 
(test.engine) pairing2.go:300 1943924800302734330327604702384606641479038411657705771522362925256303307310738254504416633421883431411630449421 115921587659265584476750169674384128955782721532535480777386362078797666222814717255834848493942820276555334919062 
(test.engine) pairing2.go:300 179945338339851518044040336317424488913870308888308355138453578669455335370181077917866966743815839008013003081232 97541613384049711058679106058274433502746604232338133624348562724904077720790122598051540842459383739370848133051 
scalarmul step 4
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 147343719487591290254416043695259515680723154473357324307552810669926174515235380553758504019537648759826649242550 34237936367068495349673050060961090784992807821412679256221697120128356263114255199542415774621995288160546447149 
scalarmul step 5
(test.engine) pairing2.go:300 9825211791914993690312657590546014209147204593431368457054890377894235871542551312039708292976752739881721385125 82090757997907767999539621908872505188716691521681000211104047793191560017507213732585235385188551279493746353668 
(test.engine) pairing2.go:300 11780573288624104103079680879449632813307055855334373276605973748156161559288996513846913065752310303690223609667 184750510289659623187304275162622831058633787617446542658212588180517047362408495323060338062066349524285874906943 
(test.engine) pairing2.go:300 81129611742409389274128278515188436670526850677987040469255858426266353601314611311042963530891597681709896204607 212811153351860089616054011787223611025408109933120862330683786745518700493080831468921421929245846568726246179851 
scalarmul step 6
(test.engine) pairing2.go:300 202601209786867752830240772289312449630913655171378355746986707468426240964175074682757352954530625217430369685767 33997091150883083381111491271572824605494467403340971734052161653982505311539887135830525498045041225654865700865 
(test.engine) pairing2.go:300 86017958985955314359346187670225135785617662668815171068994729298978258913389993955119674861017850507327918058127 54997636954123333153736032198397495177629963544160754429921291317658241271583223740951684679524345598807110576849 
(test.engine) pairing2.go:300 82979180301159002123164902088584976997977052042289822791306550715733985702212400580485131316376124551217833986820 197139364198503146474924954134097830102301602532346441412487460322876309042733185566589749965675743654758954328980 
MSM output
(test.engine) pairing2.go:300 61428436339526920053125146526124310637696223934897386595378906826550418991289676218729363542126131826466141810965 163293203409896771594872536015298253756708476766928354621540858350872989347975512863303217059712726220062812660526 
    verifier_test.go:117: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:117
        	Error:      	Received unexpected error:
        	            	[assertIsEqual] 45642230551888635535892632415632154253271979889246112966183323678771839313414356715633471798260607272704816951426 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:560
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:205
        	            	kzg.(*Verifier[...]).BatchVerifyMultiPoints
        	            		verifier.go:481
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:552
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:90
        	Test:       	TestBLS12InBW6

Copy link

github-actions bot commented Nov 9, 2023

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 1.05s

E([239590018433899658927039574151039536957481631493201421927862200190777520220755175176254019114733956545926288288091,106964765183821332882538363787355890129858480614288592257809040137433414249548927752377798236229717647548457906080])
(test.engine) pairing2.go:129 1 
(test.engine) pairing2.go:300 221726091528959723636225903800261783588130931858628944548956933340883974093458689682436368616284958469252099813544 258637589621716111342025226009513971530738703783358246531060886970478746808836205007187338223248057761734692362863 
(test.engine) pairing2.go:300 110233397506727019578616885131607463062295378632411511448245905147138337645298684529001047283604567156357149329133 58983812637871963815582350032643199882404371500223932513549295798441080786185131632269106440265287733544910189603 
(test.engine) pairing2.go:300 153436877557365231864061578180678153883603222087099177038085256706723014283522277173241979961560276245768502928509 186212663695063459257110922493492545080650313866551056570442250414332140599026910212696703428246027757677699504412 
(test.engine) pairing2.go:129 2 
(test.engine) pairing2.go:300 20385779864330344651755217632337165600074128349935647660901503312535834886748658751461343213367046706502726394908 148971987470268447223349210276740002660762291514958607688532555207203375547450182886127135215616142869445569667625 
(test.engine) pairing2.go:300 254618730473472702094672844757089588187053195718441982156765129490018653769287871801960338430494734397229164566687 184262203611195456135867187395080691471430117069328444928225331555941564164418913631669978854475564177817347830049 
(test.engine) pairing2.go:300 58822644936217814185219203085597560156444477171962735087949067794963658195756410510724518868940832582944605618568 217362719324786118119063838237056813975984588059315750929218953700429647244540192280880788698826630403641442767623 
(test.engine) pairing2.go:129 3 
(test.engine) pairing2.go:300 20385779864330344651755217632337165600074128349935647660901503312535834886748658751461343213367046706502726394908 109692438542700646787303523418153530875631221239956052851351707459517092800890639888841752923957217254994751790552 
(test.engine) pairing2.go:300 98008166777066096399993949402670351035582606095594111817772238354188772139543740131927390021187835107505819354912 80549750637361823664716340525210670101231517880211940942367023402296259460276620981178364257085621065695960548342 
(test.engine) pairing2.go:300 156163226437666950471642515110645876964101034048574912488778783281756951822284821517744007134238670944773136540853 228131651417007131100159593608325865107333136046042398584028769722450138048791498052218128178832258589680597897917 
(test.engine) pairing2.go:129 4 
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 195644473939059817444447787864505532560890235276410196122199010116813850508424298496703885451541725627342369116225 257746148002600876770731318423740649921580325995777601526599948225781067219906369583971032849581564249655499693965 
(test.engine) pairing2.go:129 5 
(test.engine) pairing2.go:300 237846135123342408832535573761433722905186695279311108850674022444128093143830403467117662846326109102372710379108 79441464446749464649065841953657554910756516440585160644723484178864567166358655072341851017649071159297272791577 
(test.engine) pairing2.go:300 62445833047477337646308700383216904007065593288552263468639700653949551353706327873668623522223286225348109412033 97179109047783782317580436824922344318777778456039610342947499790016529935859788844563010203754699772598396098264 
(test.engine) pairing2.go:300 83064948347090649753574118132467057361493500707603096395158163641397850006643209158499019752571774483200731624294 217035699321582499254406112315172473548914671779857625820873777393664451577273907425615159156583223680186591808208 
(test.engine) pairing2.go:129 6 
(test.engine) pairing2.go:300 70591197046195004999491184996321207228951961947433722843433387465270016555588066562300335105256306540794100574527 163806718135413631722950341050401012563949857832603699664996143450871257284061531472527149673865944590132701992235 
(test.engine) pairing2.go:300 2921953991263866847232150137611123550245714688202139156844145045290938100356494589485599321939588967346839763013 218238951594075718832277498389854814368616165299271746525485329539639375585895617929738668374606489931566618578257 
(test.engine) pairing2.go:300 113894895562055113979662772030226829739507361240860577356729015115842460274547870049283322477631067829460803623351 217633115077091890219893741627932061096683071531322213162630177042685886745140655781843441015207417075018628487140 
(test.engine) pairing2.go:300 255185139513135322625114182058247280781004171004342088914668022900543952734654833251173418064405238148926309720082 11475600566797552315186074887772147775011382213725285677650091757100071440051355004196098665371477869675359707460 
    verifier_test.go:117: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:117
        	Error:      	Received unexpected error:
        	            	[assertIsEqual] 139097160712923751847620791370935717729881072878574095224516193171051207318139766276175867087671296596404763491920 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:560
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:205
        	            	kzg.(*Verifier[...]).BatchVerifyMultiPoints
        	            		verifier.go:481
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:550
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:90
        	Test:       	TestBLS12InBW6

Copy link

📦 github.com/consensys/gnark/std/recursion/plonk
TestBLS12InBW6 1.17s

MSM input
E([163599858427788436395159355242648579604641615078328394010995263004690372192112802932188342783243791014292704139562,52203338491555651554164379381705803125756218108998164366346849018158513871749933341361405664709709768002604042005])
2433119615273081480775713420181811698266071207184473408449909377156834058007
E([105673775204816984867090067056470053464117316433406559539849129189599676602681104065342619398689859026244826275387,221942997193771496586630170714158798069233586112552209646467658211032577242219780683026154846195140343423819776256])
6474495409460539141679075816378949526145434590030721621530961278684902934514
E([212399744341400757003412984774211579000194537356427744441882569400932875127683241020785128698368010703732748540195,9145133614724904161212925428551687728279505636852126097140531606212108411952428650244782959698353506808031065923])
922867878099810689886110362982400975103107461932158832061077797068569079355
E([212399744341400757003412984774211579000194537356427744441882569400932875127683241020785128698368010703732748540195,249519292398244189849439808266341845808114007118062534442743731060508359936388394124724105179875006617632290392254])
1043708910934129578101853620016246567941904951169190147666511270012636414403
O
1
E([69217444783365525890428505076972381694101865256715363809558391563088590428002819016833874383792989040002413846066,229132141541527791692499292255407707792077778627832681757267330444328873051155931565947514912385578383081917940618])
5061388742347176565060870311216201079791399925183093609187306422162315439255
E([74675835054876910979126035804428612146716908709168166414578129330036006084152049071406362230551665977501448940030,135668107058273201268947921547613357484010128143334317718349200972140746782979141414535495213821993228106567681561])
5404133523538812159692038485658278596538829530131921629519531933979010077287
MSM output
E([174391693457535977047508817806978604357085373820499742414339231124663432233139507028224346348631802179525740435980,222335180700273016132165070971785044461748466767346408754762036826260026747474290486889654431750698386068479677309])
    verifier_test.go:117: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:117
        	Error:      	Received unexpected error:
        	            	[assertIsEqual] 211392648691077746883273275692098596020863176770229494567124714544056307546655649123138168340546079826182969470042 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:560
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:206
        	            	kzg.(*Verifier[...]).BatchVerifyMultiPoints
        	            		verifier.go:481
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:554
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:90
        	Test:       	TestBLS12InBW6

@ivokub ivokub force-pushed the feat/plonk-verifier branch from 6bebdca to 5f8a060 Compare November 20, 2023 13:03
@ivokub ivokub marked this pull request as ready for review November 20, 2023 16:48
@ivokub ivokub requested a review from yelhousni November 20, 2023 16:48
@ivokub
Copy link
Collaborator Author

ivokub commented Nov 20, 2023

Ready from my side. @ThomasPiellard - if you can confirm that also good from your side then I think it is good for review. I assigned @yelhousni for review as we both have worked on it :)

@ivokub ivokub changed the title feat: add PLONK in-circuit verifier (WIP) feat: add PLONK in-circuit verifier Nov 20, 2023
Copy link
Contributor

@yelhousni yelhousni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I need a second round of review

std/algebra/emulated/sw_emulated/point.go Show resolved Hide resolved
std/algebra/native/sw_bls12377/pairing2.go Show resolved Hide resolved
std/algebra/native/sw_bls24315/pairing2.go Show resolved Hide resolved
@ivokub
Copy link
Collaborator Author

ivokub commented Nov 23, 2023

Added MSM tests for emulated and 2-chain curves. This revealed another bug :)

I think the PR is done from my side. We could merge from my side after approving review. I think we can address additional optimisations in different PRs, to keep number of different open PRs small and avoid needing to rebase/merge.

Some other discussed optimisations:

Ping @yelhousni for review.

@ivokub ivokub mentioned this pull request Nov 28, 2023
11 tasks
@yelhousni
Copy link
Contributor

yelhousni commented Nov 28, 2023

Added MSM tests for emulated and 2-chain curves. This revealed another bug :)

I think the PR is done from my side. We could merge from my side after approving review. I think we can address additional optimisations in different PRs, to keep number of different open PRs small and avoid needing to rebase/merge.

Some other discussed optimisations:

Ping @yelhousni for review.

Alright on my end. Let's merge this and address optimizations in other PRs. I gave the Wesolowski VDF approach a try to compute efficiently z^(2^T) mod n but it's not sound since n is a known prime (the root finding problem is easy). Also 2^T is small in our use-case compared to n so reducing the exponent modulo n-1 (the Euler totient) is not helpful neither. I would add to the list of optimizations:

  • MSM in-circuit
  • For 2-chains, use twisted Edwards complete formulae for windowed scalar multiplication might be worth it.

@ivokub ivokub merged commit a99d198 into master Nov 28, 2023
6 checks passed
@ivokub ivokub deleted the feat/plonk-verifier branch November 28, 2023 15:20
@ivokub
Copy link
Collaborator Author

ivokub commented Nov 28, 2023

Thanks for the review and co-authoring the PR! I gathered the ideas for improvements in #935.

ivokub added a commit that referenced this pull request Nov 28, 2023
commit 6c05ea4
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 28 16:24:47 2023 +0100

    perf: use G2 precomputed lines for Miller loop (#930)

    * feat: add lazy line eval for Miller loop

    * chore: go mod

    * fix: DoublePairFixed order

    * refactor: remove fixed Q specialized methods

    * chore: serialize lines for KZG key

    * chore: go generate

    * docs: add init docs

    * feat: add fixed KZG verification key init

    * test: add constant and fixed VK test cases

    * test: use fixed init

    * feat: add fixed Groth16 verification

    * fix: unused import

    * refactor: merge last manual iteration

commit a99d198
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 28 16:20:44 2023 +0100

    feat: add PLONK in-circuit verifier (#880)

    * test: add recursion hash tests

    * fix: accumulate MSM result

    * refactor: take emulated element for additional data

    * fix: handled infinity point in native multi scalar exp

    * fix: use only nbBits when creating scalar

    * feat: add PLONK verifier

    * feat: PlaceholderVerifyingKey takes the vk as argument

    * feat: f -> scalarApi

    * feat: addition of computeIthLagrangeAtZeta

    * feat: bsb commitments are added to pi

    * refactor: PlaceholderProof takes the proof as argument

    * fix: compute ith lagrange ok, hashToField failing

    * fix: native short hash output size

    * feat: add bw6

    * docs: add package documentation

    * refactor: describe error in panic

    * refactor: init curve and pairing implicitly

    * refactor: remove comments

    * docs: add package examples

    * feat: add all supported witness assignments

    * test: add MSM test

    * fix: remove todo panic

    * feat: add option shortcuts

    * fix: include hash to field in shortcut option

    * feat: use only CCS for placeholder proof and verifyingkey

    * chore: typos and cleanup

    * docs: add KZG package documentation

    ---------

    Co-authored-by: Thomas Piellard <[email protected]>

commit 62b52ea
Merge: ec07217 97156f3
Author: Youssef El Housni <[email protected]>
Date:   Fri Nov 24 10:44:33 2023 -0500

    Merge pull request #933 from Consensys/perf/karabina-cycloSq

    Perf: variant of the Karabina cyclotomic squaring

commit 97156f3
Author: Youssef El Housni <[email protected]>
Date:   Fri Nov 24 10:27:00 2023 -0500

    refactor: apply PR review suggestions

commit f52c4cb
Author: Youssef El Housni <[email protected]>
Date:   Thu Nov 23 01:50:41 2023 -0500

    perf(bls12-377): implement a variant of Karabina cyclo square

commit d7e8d78
Author: Youssef El Housni <[email protected]>
Date:   Wed Nov 22 23:28:26 2023 -0500

    perf(bw6): implement a variant of Karabina cyclo square

commit ec07217
Merge: 3aa2559 5479586
Author: Youssef El Housni <[email protected]>
Date:   Wed Nov 22 18:16:46 2023 -0500

    Merge pull request #931 from Consensys/perf/bw6-finalExp

    Perf: optimize addition chains in BW6-761 final exponentiation

commit 5479586
Author: Youssef El Housni <[email protected]>
Date:   Wed Nov 22 13:07:50 2023 -0500

    perf(bw6/finalExp): replace Add(x,x) by MulConst(x,2)

commit 65cd6ee
Author: Youssef El Housni <[email protected]>
Date:   Tue Nov 21 21:39:55 2023 -0500

    fix(linter): ineffectual assignment

commit d948c7c
Author: Youssef El Housni <[email protected]>
Date:   Tue Nov 21 21:27:02 2023 -0500

    perf(bw6/finalExp): optimize addition chains

commit 3aa2559
Author: Gautam Botrel <[email protected]>
Date:   Mon Nov 20 14:03:52 2023 -0600

    feat: if we don't compress we don't need the dict (#929)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feat: implement Plonk verifier in-circuit
3 participants