Skip to content

circom interface with tests #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
arasuarun wants to merge 6 commits into
base: main
Choose a base branch
from
Open

circom interface with tests #7

arasuarun wants to merge 6 commits into from

Conversation

@arasuarun
Copy link
Contributor

@arasuarun arasuarun commented Oct 13, 2023

A circom interace using the circom-scotia library.

There are different ways to go with how the structs are designed, so keeping this as a draft PR for now. Most of the code is in src/circom/mod.rs with theSpartanCircuit struct. It's a wrapper around an R1CS object with an optional witness vector.

The generate_keys and generate_proof functions are defined outside the struct as they require different generics <G: Group, S: RelaxedR1CSSNARKTrait<G>. Perhaps these could be combined into the struct itself. Not sure what the best way to go about this is.

The circom files for the circuit being tested are in the examples/cube folder. I could also move the tests to be an example in that folder.

srinathsetty
srinathsetty reviewed Oct 13, 2023
View reviewed changes
srinathsetty
srinathsetty reviewed Oct 13, 2023
View reviewed changes
srinathsetty
srinathsetty reviewed Oct 13, 2023
View reviewed changes
@arasuarun
Copy link
Contributor Author

arasuarun commented Oct 16, 2023

Added a simpler create_snark function that takes r1cs_path, wtns_path, input and directly returns the snark proof. Lemme know if it looks okay and I can remove the old.

srinathsetty
srinathsetty reviewed Oct 16, 2023
View reviewed changes
src/circom/mod.rs Outdated
let root = current_dir().unwrap().join("examples/cube");
let r1cs_path = root.join("cube.r1cs");
let wtns_path = root.join("cube.wasm");
let mut circuit = SpartanCircuit::new(r1cs_path);
Copy link
Contributor

@srinathsetty srinathsetty Oct 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a simplification here. We can just pass r1cs_path to setup (which returns (pk,vk)) and the setup can internally create a SpartanCircuit object (this will hide the struct from the caller and reduces code that someone needs to write). Isn't it?

srinathsetty
srinathsetty reviewed Oct 16, 2023
View reviewed changes
src/circom/mod.rs Outdated
}

#[allow(dead_code)]
pub fn create_snark<G: Group, S: RelaxedR1CSSNARKTrait<G>>(
Copy link
Contributor

@srinathsetty srinathsetty Oct 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method seems not that useful. In other words, we can just have two methods, one for setup and another for prove. The setup takes the r1cs file path and the prove takes the witness file path (in addition to pk).

@arasuarun arasuarun marked this pull request as ready for review October 16, 2023 17:26
@arasuarun
Copy link
Contributor Author

arasuarun commented Oct 16, 2023

Changed the interface to avoid having the user use the struct SpartanCircuit. It still has to be pub because it's used in the definition of the SNARK proof returned.

Also, load_r1cs has to be called twice. There doesn't seem to be a quick way to fix that without modifying circom-scotia or exposing the SpartanCircuit struct to the user.

@huitseeker
Copy link

huitseeker commented Oct 17, 2023

@arasuarun Please open an issue on https://github.com/lurk-lab/circom-scotia with the change you have in mind! We'd love feedback on our APIs.

srinathsetty added a commit that referenced this pull request Sep 25, 2025
@daryakaviani @srinathsetty
feat: integrate zk into spartan (#7)
722810c 
* checkpoint

* checkpoint 1

* remove adapter

* debug logs removed

* nit

* remove option

* remove

* verify evals at the end

* unify transcript except tau

* same transcript for tau

* move to sumcheck

* delete more code

* nits

* snake

* tau check verifier

* remove interactive session

* remove unwrap or

* remove _orig

* naming

* process round returning chal

* move the conversion to reg to setup

* move inner/outer sumcheck

* call validate

* spartan_verifier_circuit

* refactor sumcheck

* include chal

* cleanup

---------

Co-authored-by: Srinath Setty <srinath@microsoft.com>
srinathsetty added a commit that referenced this pull request Sep 25, 2025
@daryakaviani @srinathsetty
feat: integrate zk into spartan (#7)
2c8e632 
* checkpoint

* checkpoint 1

* remove adapter

* debug logs removed

* nit

* remove option

* remove

* verify evals at the end

* unify transcript except tau

* same transcript for tau

* move to sumcheck

* delete more code

* nits

* snake

* tau check verifier

* remove interactive session

* remove unwrap or

* remove _orig

* naming

* process round returning chal

* move the conversion to reg to setup

* move inner/outer sumcheck

* call validate

* spartan_verifier_circuit

* refactor sumcheck

* include chal

* cleanup

---------

Co-authored-by: Srinath Setty <srinath@microsoft.com>
srinathsetty added a commit that referenced this pull request Oct 1, 2025
@srinathsetty @daryakaviani
Add ZK to Spartan and NeutronNova (#73)
d74febd 
* feat: multi-round circuit trait (#1)

* multiround

* comments

* separate challenges

* feat: multiround instance and shape (#2)

* feat: multiround instance and shape

* clippy

* remove option

* fix new var calc

* remove public val from shape for now

* only absorb previous

* refactor to avoid clone

* intermediary simple permutation test (no challenges)

* fix bug, finish permutation test

* return err

* relaxed (#4)

* feat: folding (#5)

* fold

* clippy fmt docs

* validation of split instance

* permutation test

* transcript absorb

* remove commit T relaxed

* remove fold relaxed

* remove re-export

* feat: zk spartan (#6)

* zk spartan

* clena docs

* rename

* public values

* remove eval_Z

* docs

* squaring test

* interleave

* remove unused

* docs

* feat: integrate zk into spartan (#7)

* checkpoint

* checkpoint 1

* remove adapter

* debug logs removed

* nit

* remove option

* remove

* verify evals at the end

* unify transcript except tau

* same transcript for tau

* move to sumcheck

* delete more code

* nits

* snake

* tau check verifier

* remove interactive session

* remove unwrap or

* remove _orig

* naming

* process round returning chal

* move the conversion to reg to setup

* move inner/outer sumcheck

* call validate

* spartan_verifier_circuit

* refactor sumcheck

* include chal

* cleanup

---------

Co-authored-by: Srinath Setty <srinath@microsoft.com>

* feat: integrate zk into spartan (#7)

* checkpoint

* checkpoint 1

* remove adapter

* debug logs removed

* nit

* remove option

* remove

* verify evals at the end

* unify transcript except tau

* same transcript for tau

* move to sumcheck

* delete more code

* nits

* snake

* tau check verifier

* remove interactive session

* remove unwrap or

* remove _orig

* naming

* process round returning chal

* move the conversion to reg to setup

* move inner/outer sumcheck

* call validate

* spartan_verifier_circuit

* refactor sumcheck

* include chal

* cleanup

---------

Co-authored-by: Srinath Setty <srinath@microsoft.com>

* opt: small padding (#8)

* opt: small padding

* docs

* docs

* Fix lints: remove unnecessary parentheses (unused_parens) (#9)

* opt: shrink width (#10)

* fix: is_small for multiround (#11)

* optimize computation of eval_A, eval_B, and eval_C (#13)

* opt: par fold (#14)

* opt: remove fold inst (#15)

* opt: remove fold inst

* remove

* docs

* docs

* opt: jemalloc and clones (#16)

* opt: jemalloc

* clone removal

* remove unneeded clone

* feature

* feat: padding (#19)

* absorb missing public IO (#22)

* absorb missing public IO

* add transcript absorb in a uniform fashion with spartan.rs

* feat: zk neutronnova (#27)

* Implement zero-knowledge neutron nova protocol

- Add NIFS sumcheck implementation with ZK support
- Implement prove_zk in NIFS with multi-round verifier circuit integration
- Separate eval step and core functionality
- Add comprehensive logging and performance instrumentation
- Clean up debugging code and optimize memory allocations
- Integrate with multi-round Spartan witness system
- Add proper challenge derivation via Fiat-Shamir
- Fix API compatibility with updated check_partial function

* fmt

* use mr commitment width

* eval_x (#28)

* fix: pad Az/Bz/Cz to match tau length for outer sumcheck (#29)

* neutronnova: pad Az/Bz/Cz to match tau length for outer sumcheck; fix OOB under parallelism

* fmt

* make change to equalize

* fmt remove debug logs

* edits

---------

Co-authored-by: Ubuntu <zkid@zkid.ukmmb14z4vuuja3bcp1n0y0tha.phxx.internal.cloudapp.net>

* Finish making the proofs zero-knowledge (#32)

* eliminate the need for partial commitment type

* checkpoint

* fix bug

* switch ordering

* remove eval_W; cut unnecessary ck_s

* connect ZKPCS with NeutronNova

* remove sensitive info from proof

* Update src/spartan.rs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Darya Kaviani <daryakavi@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Rerandomize prep state (#33)

* add rerandomization to spartan prep state

* rerandomize neutronnova prep_snark

* cargo clippy

* optimize eval_W by reusing work from sum-check prover (#34)

* eliminate the need to evaluate W at r_y

* optimize eval_W in neutronnova

* Simplifications to ZK circuit (#36)

* simplifications

* reorder comm_W round to be one before, avoids linking

* fix off by one in the verifier + move code around

* Eliminate matrix evals from spartan prover; additional cleanup elsewhere (#38)

* remove matrix evals from the prover

* make tau_at_rx public, cleanup ZK sum-check code; remove unnecessary parameters

* Cargo clippy

* opt: neutronnova zk optimizations (#39)

* linear combination allocs removed

* tests

* clean

* remove dead code

* delete unneeded test

* quotient

* unnecessary constraints

* clean

* add back constraints

* additional cleanup

* cleanup NIFS verifier

* cargo fmt

* additional cleanup

* simplify code

* substantial cleanup of final step of outer sum-check; streamline the two circuits

* remove c_outer challenge that is not necessary

* clippy

* further cleanup

* further cleanup

* further simplifications

* cleanup

* refactor code

* code cleanup

* cleanup

* global rename to use vc as a shorthand for verifier circuit

* Update src/zk.rs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/zk.rs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/neutronnova.rs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Srinath Setty <srinath@microsoft.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fixes

* ZK fixes (#44)

* add missing

* cargo fmt

* bring back non-zk Spartan

* cleanup

* update CI

* small fixes

* fix tests

* update README.md

* fix

* fix version

---------

Co-authored-by: Darya Kaviani <daryakavi@gmail.com>
Co-authored-by: Ubuntu <zkid@zkid.ukmmb14z4vuuja3bcp1n0y0tha.phxx.internal.cloudapp.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@srinathsetty srinathsetty srinathsetty left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arasuarun @huitseeker @srinathsetty