From 9745619382aa8b942a9c7f4367fd2826dfa7fc22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Pedro=20Sousa?= Date: Mon, 19 Feb 2024 17:35:35 +0000 Subject: [PATCH] removing non-static url because vite stuff --- .../circuit/contract/noirstarter/plonk_vk.sol | 457 +++++------------- vite-hardhat/utils/addresses.json | 2 +- vite-hardhat/utils/compile.ts | 19 +- vite-hardhat/vite.config.ts | 4 +- 4 files changed, 128 insertions(+), 354 deletions(-) diff --git a/vite-hardhat/circuit/contract/noirstarter/plonk_vk.sol b/vite-hardhat/circuit/contract/noirstarter/plonk_vk.sol index e52bbb7..f1225a4 100644 --- a/vite-hardhat/circuit/contract/noirstarter/plonk_vk.sol +++ b/vite-hardhat/circuit/contract/noirstarter/plonk_vk.sol @@ -284,49 +284,56 @@ abstract contract BaseUltraVerifier { uint256 internal constant PAIRING_RHS_X_LOC = 0x3220; uint256 internal constant PAIRING_RHS_Y_LOC = 0x3240; + // ### SUCCESS FLAG MEMORY LOCATIONS + uint256 internal constant GRAND_PRODUCT_SUCCESS_FLAG = 0x3300; + uint256 internal constant ARITHMETIC_TERM_SUCCESS_FLAG = 0x3020; + uint256 internal constant BATCH_OPENING_SUCCESS_FLAG = 0x3340; + uint256 internal constant OPENING_COMMITMENT_SUCCESS_FLAG = 0x3360; + uint256 internal constant PAIRING_PREAMBLE_SUCCESS_FLAG = 0x3380; + uint256 internal constant PAIRING_SUCCESS_FLAG = 0x33a0; + uint256 internal constant RESULT_FLAG = 0x33c0; + // misc stuff - uint256 internal constant OMEGA_INVERSE_LOC = 0x3300; - uint256 internal constant C_ALPHA_SQR_LOC = 0x3320; - uint256 internal constant C_ALPHA_CUBE_LOC = 0x3340; - uint256 internal constant C_ALPHA_QUAD_LOC = 0x3360; - uint256 internal constant C_ALPHA_BASE_LOC = 0x3380; + uint256 internal constant OMEGA_INVERSE_LOC = 0x3400; + uint256 internal constant C_ALPHA_SQR_LOC = 0x3420; + uint256 internal constant C_ALPHA_CUBE_LOC = 0x3440; + uint256 internal constant C_ALPHA_QUAD_LOC = 0x3460; + uint256 internal constant C_ALPHA_BASE_LOC = 0x3480; // ### RECURSION VARIABLE MEMORY LOCATIONS - uint256 internal constant RECURSIVE_P1_X_LOC = 0x3400; - uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3420; - uint256 internal constant RECURSIVE_P2_X_LOC = 0x3440; - uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3460; - uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3480; + uint256 internal constant RECURSIVE_P1_X_LOC = 0x3500; + uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3520; + uint256 internal constant RECURSIVE_P2_X_LOC = 0x3540; + uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3560; + + uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3580; // sub-identity storage - uint256 internal constant PERMUTATION_IDENTITY = 0x3500; - uint256 internal constant PLOOKUP_IDENTITY = 0x3520; - uint256 internal constant ARITHMETIC_IDENTITY = 0x3540; - uint256 internal constant SORT_IDENTITY = 0x3560; - uint256 internal constant ELLIPTIC_IDENTITY = 0x3580; - uint256 internal constant AUX_IDENTITY = 0x35a0; - uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x35c0; - uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x35e0; - uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3600; - uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3620; - uint256 internal constant AUX_MEMORY_EVALUATION = 0x3640; - - uint256 internal constant QUOTIENT_EVAL_LOC = 0x3660; - uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3680; + uint256 internal constant PERMUTATION_IDENTITY = 0x3600; + uint256 internal constant PLOOKUP_IDENTITY = 0x3620; + uint256 internal constant ARITHMETIC_IDENTITY = 0x3640; + uint256 internal constant SORT_IDENTITY = 0x3660; + uint256 internal constant ELLIPTIC_IDENTITY = 0x3680; + uint256 internal constant AUX_IDENTITY = 0x36a0; + uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x36c0; + uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x36e0; + uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3700; + uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3720; + uint256 internal constant AUX_MEMORY_EVALUATION = 0x3740; + + uint256 internal constant QUOTIENT_EVAL_LOC = 0x3760; + uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3780; // when hashing public inputs we use memory at NU_CHALLENGE_INPUT_LOC_A, as the hash input size is unknown at compile time - uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x36a0; - uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x36c0; - uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x36e0; + uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x37a0; + uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x37c0; + uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x37e0; - bytes4 internal constant INVALID_VERIFICATION_KEY_SELECTOR = 0x7e5769bf; - bytes4 internal constant POINT_NOT_ON_CURVE_SELECTOR = 0xa3dad654; bytes4 internal constant PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR = 0xeba9f4a6; bytes4 internal constant PUBLIC_INPUT_GE_P_SELECTOR = 0x374a972f; bytes4 internal constant MOD_EXP_FAILURE_SELECTOR = 0xf894a7bc; - bytes4 internal constant PAIRING_PREAMBLE_FAILED_SELECTOR = 0x01882d81; - bytes4 internal constant OPENING_COMMITMENT_FAILED_SELECTOR = 0x4e719763; - bytes4 internal constant PAIRING_FAILED_SELECTOR = 0xd71fd263; + bytes4 internal constant EC_SCALAR_MUL_FAILURE_SELECTOR = 0xf755f369; + bytes4 internal constant PROOF_FAILURE_SELECTOR = 0x0711fcec; uint256 internal constant ETA_INPUT_LENGTH = 0xc0; // W1, W2, W3 = 6 * 0x20 bytes @@ -350,227 +357,17 @@ abstract contract BaseUltraVerifier { // y^2 = x^3 + ax + b // for Grumpkin, a = 0 and b = -17. We use b in a custom gate relation that evaluates elliptic curve arithmetic uint256 internal constant GRUMPKIN_CURVE_B_PARAMETER_NEGATED = 17; - - error INVALID_VERIFICATION_KEY(); - error POINT_NOT_ON_CURVE(); error PUBLIC_INPUT_COUNT_INVALID(uint256 expected, uint256 actual); error PUBLIC_INPUT_INVALID_BN128_G1_POINT(); error PUBLIC_INPUT_GE_P(); error MOD_EXP_FAILURE(); - error PAIRING_PREAMBLE_FAILED(); - error OPENING_COMMITMENT_FAILED(); - error PAIRING_FAILED(); + error EC_SCALAR_MUL_FAILURE(); + error PROOF_FAILURE(); function getVerificationKeyHash() public pure virtual returns (bytes32); - /** - * @dev We assume that the verification key loaded by this function is constant as we only verify it on deployment - */ function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure virtual; - constructor() { - loadVerificationKey(N_LOC, OMEGA_INVERSE_LOC); - - // We verify that all of the EC points in the verification key lie on the bn128 curve. - assembly { - let q := 21888242871839275222246405745257275088696311157297823662689037894645226208583 // EC group order - - let success := 1 - - // VALIDATE Q1 - { - let x := mload(Q1_X_LOC) - let y := mload(Q1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE Q2 - { - let x := mload(Q2_X_LOC) - let y := mload(Q2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE Q3 - { - let x := mload(Q3_X_LOC) - let y := mload(Q3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE Q4 - { - let x := mload(Q4_X_LOC) - let y := mload(Q4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - mstore(0x00, x) - mstore(0x20, y) - } - // VALIDATE QM - { - let x := mload(QM_X_LOC) - let y := mload(QM_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE QC - { - let x := mload(QC_X_LOC) - let y := mload(QC_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE QARITH - { - let x := mload(QARITH_X_LOC) - let y := mload(QARITH_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE QSORT - { - let x := mload(QSORT_X_LOC) - let y := mload(QSORT_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE QELLIPTIC - { - let x := mload(QELLIPTIC_X_LOC) - let y := mload(QELLIPTIC_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE QAUX - { - let x := mload(QAUX_X_LOC) - let y := mload(QAUX_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE SIGMA1 - { - let x := mload(SIGMA1_X_LOC) - let y := mload(SIGMA1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE SIGMA2 - { - let x := mload(SIGMA2_X_LOC) - let y := mload(SIGMA2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE SIGMA3 - { - let x := mload(SIGMA3_X_LOC) - let y := mload(SIGMA3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE SIGMA4 - { - let x := mload(SIGMA4_X_LOC) - let y := mload(SIGMA4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE TABLE1 - { - let x := mload(TABLE1_X_LOC) - let y := mload(TABLE1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE TABLE2 - { - let x := mload(TABLE2_X_LOC) - let y := mload(TABLE2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE TABLE3 - { - let x := mload(TABLE3_X_LOC) - let y := mload(TABLE3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE TABLE4 - { - let x := mload(TABLE4_X_LOC) - let y := mload(TABLE4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE TABLE_TYPE - { - let x := mload(TABLE_TYPE_X_LOC) - let y := mload(TABLE_TYPE_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE ID1 - { - let x := mload(ID1_X_LOC) - let y := mload(ID1_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE ID2 - { - let x := mload(ID2_X_LOC) - let y := mload(ID2_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE ID3 - { - let x := mload(ID3_X_LOC) - let y := mload(ID3_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - // VALIDATE ID4 - { - let x := mload(ID4_X_LOC) - let y := mload(ID4_Y_LOC) - let xx := mulmod(x, x, q) - // validate on curve - success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) - } - - if iszero(success) { - mstore(0x0, INVALID_VERIFICATION_KEY_SELECTOR) - revert(0x00, 0x04) - } - } - } - /** * @notice Verify a Ultra Plonk proof * @param _proof - The serialized proof @@ -1989,10 +1786,7 @@ abstract contract BaseUltraVerifier { let y := mload(T1_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q)) mstore(ACCUMULATOR_X_LOC, x) mstore(add(ACCUMULATOR_X_LOC, 0x20), y) } @@ -2002,16 +1796,13 @@ abstract contract BaseUltraVerifier { let y := mload(T2_Y_LOC) // 0x1420 let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } mstore(0x40, mload(ZETA_POW_N_LOC)) // accumulator_2 = [T2].zeta^n - success := staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40) + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) // accumulator = [T1] + accumulator_2 success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) @@ -2021,10 +1812,7 @@ abstract contract BaseUltraVerifier { let y := mload(T3_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2040,10 +1828,7 @@ abstract contract BaseUltraVerifier { let y := mload(T4_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2059,10 +1844,7 @@ abstract contract BaseUltraVerifier { let y := mload(W1_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2078,10 +1860,7 @@ abstract contract BaseUltraVerifier { let y := mload(W2_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2097,10 +1876,7 @@ abstract contract BaseUltraVerifier { let y := mload(W3_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2116,10 +1892,7 @@ abstract contract BaseUltraVerifier { let y := mload(W4_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2135,10 +1908,7 @@ abstract contract BaseUltraVerifier { let y := mload(S_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2154,10 +1924,7 @@ abstract contract BaseUltraVerifier { let y := mload(Z_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2173,10 +1940,7 @@ abstract contract BaseUltraVerifier { let y := mload(Z_LOOKUP_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2191,7 +1955,8 @@ abstract contract BaseUltraVerifier { let x := mload(Q1_X_LOC) let y := mload(Q1_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2206,7 +1971,8 @@ abstract contract BaseUltraVerifier { let x := mload(Q2_X_LOC) let y := mload(Q2_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2221,7 +1987,8 @@ abstract contract BaseUltraVerifier { let x := mload(Q3_X_LOC) let y := mload(Q3_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2236,7 +2003,8 @@ abstract contract BaseUltraVerifier { let x := mload(Q4_X_LOC) let y := mload(Q4_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2251,7 +2019,8 @@ abstract contract BaseUltraVerifier { let x := mload(QM_X_LOC) let y := mload(QM_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2266,7 +2035,8 @@ abstract contract BaseUltraVerifier { let x := mload(QC_X_LOC) let y := mload(QC_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2281,7 +2051,8 @@ abstract contract BaseUltraVerifier { let x := mload(QARITH_X_LOC) let y := mload(QARITH_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2296,7 +2067,8 @@ abstract contract BaseUltraVerifier { let x := mload(QSORT_X_LOC) let y := mload(QSORT_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2311,7 +2083,8 @@ abstract contract BaseUltraVerifier { let x := mload(QELLIPTIC_X_LOC) let y := mload(QELLIPTIC_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2326,7 +2099,8 @@ abstract contract BaseUltraVerifier { let x := mload(QAUX_X_LOC) let y := mload(QAUX_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2341,7 +2115,8 @@ abstract contract BaseUltraVerifier { let x := mload(SIGMA1_X_LOC) let y := mload(SIGMA1_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2356,7 +2131,8 @@ abstract contract BaseUltraVerifier { let x := mload(SIGMA2_X_LOC) let y := mload(SIGMA2_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2371,7 +2147,8 @@ abstract contract BaseUltraVerifier { let x := mload(SIGMA3_X_LOC) let y := mload(SIGMA3_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2386,7 +2163,8 @@ abstract contract BaseUltraVerifier { let x := mload(SIGMA4_X_LOC) let y := mload(SIGMA4_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2401,7 +2179,8 @@ abstract contract BaseUltraVerifier { let x := mload(TABLE1_X_LOC) let y := mload(TABLE1_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2416,7 +2195,8 @@ abstract contract BaseUltraVerifier { let x := mload(TABLE2_X_LOC) let y := mload(TABLE2_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2431,7 +2211,8 @@ abstract contract BaseUltraVerifier { let x := mload(TABLE3_X_LOC) let y := mload(TABLE3_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2446,7 +2227,8 @@ abstract contract BaseUltraVerifier { let x := mload(TABLE4_X_LOC) let y := mload(TABLE4_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2461,7 +2243,8 @@ abstract contract BaseUltraVerifier { let x := mload(TABLE_TYPE_X_LOC) let y := mload(TABLE_TYPE_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2476,7 +2259,8 @@ abstract contract BaseUltraVerifier { let x := mload(ID1_X_LOC) let y := mload(ID1_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2491,7 +2275,8 @@ abstract contract BaseUltraVerifier { let x := mload(ID2_X_LOC) let y := mload(ID2_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2506,7 +2291,8 @@ abstract contract BaseUltraVerifier { let x := mload(ID3_X_LOC) let y := mload(ID3_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2521,7 +2307,8 @@ abstract contract BaseUltraVerifier { let x := mload(ID4_X_LOC) let y := mload(ID4_Y_LOC) let xx := mulmod(x, x, q) - // Verification key fields verified to be on curve at contract deployment + // validate on curve + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2709,10 +2496,7 @@ abstract contract BaseUltraVerifier { // accumulator = accumulator + accumulator_2 success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) - if iszero(success) { - mstore(0x0, OPENING_COMMITMENT_FAILED_SELECTOR) - revert(0x00, 0x04) - } + mstore(OPENING_COMMITMENT_SUCCESS_FLAG, success) } /** @@ -2727,16 +2511,13 @@ abstract contract BaseUltraVerifier { let y := mload(PI_Z_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q)) mstore(0x00, x) mstore(0x20, y) } // compute zeta.[PI_Z] and add into accumulator mstore(0x40, zeta) - success := staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40) + success := and(success, staticcall(gas(), 7, 0x00, 0x60, ACCUMULATOR2_X_LOC, 0x40)) // accumulator = accumulator + accumulator_2 success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40)) @@ -2746,10 +2527,7 @@ abstract contract BaseUltraVerifier { let y := mload(PI_Z_OMEGA_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2777,10 +2555,7 @@ abstract contract BaseUltraVerifier { let y := mload(RECURSIVE_P1_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2794,10 +2569,7 @@ abstract contract BaseUltraVerifier { let y := mload(RECURSIVE_P2_Y_LOC) let xx := mulmod(x, x, q) // validate on curve - if iszero(eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) { - mstore(0x0, POINT_NOT_ON_CURVE_SELECTOR) - revert(0x00, 0x04) - } + success := and(success, eq(mulmod(y, y, q), addmod(mulmod(x, xx, q), 3, q))) mstore(0x00, x) mstore(0x20, y) } @@ -2817,9 +2589,10 @@ abstract contract BaseUltraVerifier { } if iszero(success) { - mstore(0x0, PAIRING_PREAMBLE_FAILED_SELECTOR) + mstore(0x0, EC_SCALAR_MUL_FAILURE_SELECTOR) revert(0x00, 0x04) } + mstore(PAIRING_PREAMBLE_SUCCESS_FLAG, success) } /** @@ -2844,12 +2617,18 @@ abstract contract BaseUltraVerifier { mstore(0x160, mload(G2X_Y1_LOC)) success := staticcall(gas(), 8, 0x00, 0x180, 0x00, 0x20) - if iszero(and(success, mload(0x00))) { - mstore(0x0, PAIRING_FAILED_SELECTOR) - revert(0x00, 0x04) - } + mstore(PAIRING_SUCCESS_FLAG, success) + mstore(RESULT_FLAG, mload(0x00)) + } + if iszero( + and( + and(and(mload(PAIRING_SUCCESS_FLAG), mload(RESULT_FLAG)), mload(PAIRING_PREAMBLE_SUCCESS_FLAG)), + mload(OPENING_COMMITMENT_SUCCESS_FLAG) + ) + ) { + mstore(0x0, PROOF_FAILURE_SELECTOR) + revert(0x00, 0x04) } - { mstore(0x00, 0x01) return(0x00, 0x20) // Proof succeeded! diff --git a/vite-hardhat/utils/addresses.json b/vite-hardhat/utils/addresses.json index f320895..bb7973c 100644 --- a/vite-hardhat/utils/addresses.json +++ b/vite-hardhat/utils/addresses.json @@ -1 +1 @@ -{"chainId":31337,"verifier":"0xcf7ed3acca5a467e9e704c703e8d87f634fb0fc9"} \ No newline at end of file +{"chainId":31337,"verifier":"0x9a676e781a523b5d0c0e43731313a708cb607508"} \ No newline at end of file diff --git a/vite-hardhat/utils/compile.ts b/vite-hardhat/utils/compile.ts index 3ccca9e..13b6aab 100644 --- a/vite-hardhat/utils/compile.ts +++ b/vite-hardhat/utils/compile.ts @@ -1,20 +1,15 @@ import { compile, createFileManager } from '@noir-lang/noir_wasm'; import { CompiledCircuit } from '@noir-lang/types'; -export async function getFile(file_path: string): Promise> { - const file_url = new URL(file_path, import.meta.url); - console.log(file_url); - const response = await fetch(file_url); - - if (!response.ok) throw new Error('Network response was not OK'); - - return response.body as ReadableStream; -} - export async function getCircuit() { const fm = createFileManager('/'); - fm.writeFile('./src/main.nr', await getFile(`../circuit/src/main.nr`)); - fm.writeFile('./Nargo.toml', await getFile(`../circuit/Nargo.toml`)); + const main = (await fetch(new URL(`../circuit/src/main.nr`, import.meta.url))) + .body as ReadableStream; + const nargoToml = (await fetch(new URL(`../circuit/Nargo.toml`, import.meta.url))) + .body as ReadableStream; + + fm.writeFile('./src/main.nr', main); + fm.writeFile('./Nargo.toml', nargoToml); const result = await compile(fm); if (!('program' in result)) { throw new Error('Compilation failed'); diff --git a/vite-hardhat/vite.config.ts b/vite-hardhat/vite.config.ts index 1c6e529..a08fe6d 100644 --- a/vite-hardhat/vite.config.ts +++ b/vite-hardhat/vite.config.ts @@ -4,8 +4,8 @@ import react from '@vitejs/plugin-react-swc'; export default defineConfig({ optimizeDeps: { esbuildOptions: { - target: 'esnext' - } + target: 'esnext', + }, }, build: { target: 'esnext',