Skip to content

feat!: vk hashing in solidity verifier #15071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
lucasxia01 wants to merge 2 commits into from
Closed

feat!: vk hashing in solidity verifier #15071

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
aeda006
initial solidity changes to add vk hashing to solidity verifier
lucasxia01 Jun 4, 2025
7f07394
Merge remote-tracking branch 'origin/next' into lx/vk-hashing-in-soli…
lucasxia01 Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion barretenberg/acir_tests/flows/sol_honk.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ PROVE_FLAGS="$FLAGS $BFLAG --oracle_hash keccak --output_format bytes_and_fields
VERIFY_FLAGS="$FLAGS --oracle_hash keccak"

outdir=$(mktemp -d)
trap "rm -rf $outdir" EXIT
# trap "rm -rf $outdir" EXIT

# Export the paths to the environment variables for the js test runner
export PUBLIC_INPUTS="$outdir/public_inputs"
Expand Down
2 changes: 1 addition & 1 deletion barretenberg/cpp/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ endif(DOXYGEN_FOUND)

option(DISABLE_ASM "Disable custom assembly" OFF)
option(DISABLE_ADX "Disable ADX assembly variant" OFF)
option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF)
option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON)
option(MULTITHREADING "Enable multi-threading" ON)
option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF)
option(FUZZING "Build ONLY fuzzing harnesses" OFF)
Expand Down
363 changes: 252 additions & 111 deletions barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp
View file
Open in desktop

Large diffs are not rendered by default.

38 changes: 19 additions & 19 deletions barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -710,7 +710,7 @@ function bytesToFr(bytes calldata proofSection) pure returns (Fr scalar) {
}

// EC Point utilities
function convertProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory) {
function convertFromProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory) {
return Honk.G1Point({x: input.x_0 | (input.x_1 << 136), y: input.y_0 | (input.y_1 << 136)});
}

Expand Down Expand Up @@ -1689,7 +1689,7 @@ interface IVerifier {
tp.geminiR.invert() * (mem.posInvertedDenominator - (tp.shplonkNu * mem.negInvertedDenominator));

scalars[0] = ONE;
commitments[0] = convertProofPoint(proof.shplonkQ);
commitments[0] = convertFromProofPoint(proof.shplonkQ);

mem.batchedEvaluation = proof.geminiMaskingEval;
mem.batchingChallenge = tp.rho;
Expand All @@ -1706,7 +1706,7 @@ interface IVerifier {
mem.batchingChallenge = mem.batchingChallenge * tp.rho;
}

commitments[1] = convertProofPoint(proof.geminiMaskingPoly);
commitments[1] = convertFromProofPoint(proof.geminiMaskingPoly);

commitments[2] = vk.qm;
commitments[3] = vk.qc;
Expand Down Expand Up @@ -1737,21 +1737,21 @@ interface IVerifier {
commitments[28] = vk.lagrangeLast;

// Accumulate proof points
commitments[29] = convertProofPoint(proof.w1);
commitments[30] = convertProofPoint(proof.w2);
commitments[31] = convertProofPoint(proof.w3);
commitments[32] = convertProofPoint(proof.w4);
commitments[33] = convertProofPoint(proof.zPerm);
commitments[34] = convertProofPoint(proof.lookupInverses);
commitments[35] = convertProofPoint(proof.lookupReadCounts);
commitments[36] = convertProofPoint(proof.lookupReadTags);
commitments[29] = convertFromProofPoint(proof.w1);
commitments[30] = convertFromProofPoint(proof.w2);
commitments[31] = convertFromProofPoint(proof.w3);
commitments[32] = convertFromProofPoint(proof.w4);
commitments[33] = convertFromProofPoint(proof.zPerm);
commitments[34] = convertFromProofPoint(proof.lookupInverses);
commitments[35] = convertFromProofPoint(proof.lookupReadCounts);
commitments[36] = convertFromProofPoint(proof.lookupReadTags);

// to be Shifted
commitments[37] = convertProofPoint(proof.w1);
commitments[38] = convertProofPoint(proof.w2);
commitments[39] = convertProofPoint(proof.w3);
commitments[40] = convertProofPoint(proof.w4);
commitments[41] = convertProofPoint(proof.zPerm);
commitments[37] = convertFromProofPoint(proof.w1);
commitments[38] = convertFromProofPoint(proof.w2);
commitments[39] = convertFromProofPoint(proof.w3);
commitments[40] = convertFromProofPoint(proof.w4);
commitments[41] = convertFromProofPoint(proof.zPerm);


// Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator:
Expand Down Expand Up @@ -1795,7 +1795,7 @@ interface IVerifier {
// Update the running power of v
mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu * tp.shplonkNu;

commitments[boundary + i] = convertProofPoint(proof.geminiFoldComms[i]);
commitments[boundary + i] = convertFromProofPoint(proof.geminiFoldComms[i]);
}

boundary += CONST_PROOF_SIZE_LOG_N - 1;
Expand All @@ -1820,7 +1820,7 @@ interface IVerifier {
scalars[boundary + 2] = mem.batchingScalars[3];

for (uint256 i = 0; i < 3; i++) {
commitments[boundary++] = convertProofPoint(proof.libraCommitments[i]);
commitments[boundary++] = convertFromProofPoint(proof.libraCommitments[i]);
}

commitments[boundary] = Honk.G1Point({x: 1, y: 2});
Expand All @@ -1829,7 +1829,7 @@ interface IVerifier {
if (! checkEvalsConsistency(proof.libraPolyEvals, tp.geminiR, tp.sumCheckUChallenges, proof.libraEvaluation)) {
revert ConsistencyCheckFailed();
}
Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient);
Honk.G1Point memory quotient_commitment = convertFromProofPoint(proof.kzgQuotient);

commitments[boundary] = quotient_commitment;
scalars[boundary] = tp.shplonkZ; // evaluation challenge
Expand Down
78 changes: 44 additions & 34 deletions barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
* @param include_types_import - include a "HonkTypes" import, only required for local tests, not with the bundled
*contract from bb contract_honk
**/
#include "barretenberg/ecc/fields/field_conversion.hpp"
#include <ostream>
inline void output_vk_sol_ultra_honk(std::ostream& os,
auto const& key,
std::string const& class_name,
Expand All @@ -30,14 +32,23 @@ inline void output_vk_sol_ultra_honk(std::ostream& os,
os << " " << name << ": uint256(" << element << ")," << std::endl;
};

const auto print_g1 = [&](const auto& element, const std::string& name, const bool last = false) {
os << " " << name << ": Honk.G1Point({ \n"
const auto print_g1_proof_point = [&](const auto& element, const std::string& name, const bool last = false) {
// split element.x into x_0 and x_1 and element.y into y_0 and y_1
std::vector<bb::fr> xs = bb::field_conversion::convert_grumpkin_fr_to_bn254_frs(element.x);
std::vector<bb::fr> ys = bb::field_conversion::convert_grumpkin_fr_to_bn254_frs(element.y);
os << " " << name << ": Honk.G1ProofPoint({ \n"
<< " "
<< "x: "
<< "uint256(" << element.x << "),\n"
<< "x_0: "
<< "uint256(" << xs[0] << "),\n"
<< " "
<< "y: "
<< "uint256(" << element.y << ")\n"
<< "x_1: "
<< "uint256(" << xs[1] << "),\n"
<< " "
<< "y_0: "
<< "uint256(" << ys[0] << "),\n"
<< " "
<< "y_1: "
<< "uint256(" << ys[1] << ")\n"
<< " })";

// only include comma if we are not the last element
Expand Down Expand Up @@ -74,34 +85,33 @@ inline void output_vk_sol_ultra_honk(std::ostream& os,
print_u256(key->circuit_size, "circuitSize");
print_u256(key->log_circuit_size, "logCircuitSize");
print_u256(key->num_public_inputs, "publicInputsSize");
print_g1(key->q_l, "ql");
print_g1(key->q_r, "qr");
print_g1(key->q_o, "qo");
print_g1(key->q_4, "q4");
print_g1(key->q_m, "qm");
print_g1(key->q_c, "qc");
print_g1(key->q_arith, "qArith");
print_g1(key->q_delta_range, "qDeltaRange");
print_g1(key->q_elliptic, "qElliptic");
print_g1(key->q_aux, "qAux");
print_g1(key->q_lookup, "qLookup");
print_g1(key->q_poseidon2_external, "qPoseidon2External");
print_g1(key->q_poseidon2_internal, "qPoseidon2Internal");
print_g1(key->sigma_1, "s1");
print_g1(key->sigma_2, "s2");
print_g1(key->sigma_3, "s3");
print_g1(key->sigma_4, "s4");
print_g1(key->table_1, "t1");
print_g1(key->table_2, "t2");
print_g1(key->table_3, "t3");
print_g1(key->table_4, "t4");
// print_g1("0x500", "0x520", key->table, "vk.TABLE_TYPE");
print_g1(key->id_1, "id1");
print_g1(key->id_2, "id2");
print_g1(key->id_3, "id3");
print_g1(key->id_4, "id4");
print_g1(key->lagrange_first, "lagrangeFirst");
print_g1(key->lagrange_last, "lagrangeLast", /*last=*/ true);
print_g1_proof_point(key->q_l, "ql");
print_g1_proof_point(key->q_r, "qr");
print_g1_proof_point(key->q_o, "qo");
print_g1_proof_point(key->q_4, "q4");
print_g1_proof_point(key->q_m, "qm");
print_g1_proof_point(key->q_c, "qc");
print_g1_proof_point(key->q_arith, "qArith");
print_g1_proof_point(key->q_delta_range, "qDeltaRange");
print_g1_proof_point(key->q_elliptic, "qElliptic");
print_g1_proof_point(key->q_aux, "qAux");
print_g1_proof_point(key->q_lookup, "qLookup");
print_g1_proof_point(key->q_poseidon2_external, "qPoseidon2External");
print_g1_proof_point(key->q_poseidon2_internal, "qPoseidon2Internal");
print_g1_proof_point(key->sigma_1, "s1");
print_g1_proof_point(key->sigma_2, "s2");
print_g1_proof_point(key->sigma_3, "s3");
print_g1_proof_point(key->sigma_4, "s4");
print_g1_proof_point(key->table_1, "t1");
print_g1_proof_point(key->table_2, "t2");
print_g1_proof_point(key->table_3, "t3");
print_g1_proof_point(key->table_4, "t4");
print_g1_proof_point(key->id_1, "id1");
print_g1_proof_point(key->id_2, "id2");
print_g1_proof_point(key->id_3, "id3");
print_g1_proof_point(key->id_4, "id4");
print_g1_proof_point(key->lagrange_first, "lagrangeFirst");
print_g1_proof_point(key->lagrange_last, "lagrangeLast", /*last=*/ true);
os <<
" });\n"
" return vk;\n"
Expand Down
5 changes: 1 addition & 4 deletions barretenberg/sol/bootstrap.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,13 @@
rm -rf broadcast cache out
forge install

cd ../../sol

echo "Building c++ binaries..."
cd ../cpp
cmake --build --preset clang16 --parallel --target solidity_key_gen solidity_proof_gen honk_solidity_proof_gen honk_solidity_key_gen
cmake --build --preset clang16 --parallel --target honk_solidity_proof_gen honk_solidity_key_gen
cd ../sol

# Keys of non-zk and zk verifier should be the same
echo "Generating verification keys..."
./scripts/init.sh
./scripts/init_honk.sh

echo "Formatting code..."
Expand Down
9 changes: 0 additions & 9 deletions barretenberg/sol/scripts/init.sh
View file
Open in desktop

This file was deleted.

Loading
Loading