Merge pull request #15 from succinctlabs/tqn/merge-upstream

chore: merge upstream

book/developers/common-issues.md

@@ -22,7 +22,7 @@ This is likely due to two different versions of `alloy_sol_types` being used. To
 
 ```toml
 [dependencies]
-sp1-sdk = { version = "1.1.0", default-features = false }
+sp1-sdk = { version = "2.0.0", default-features = false }
 ```
 
 This will configure out the `network` feature which will remove the dependency on `alloy_sol_types` and configure out the `NetworkProver`.
@@ -100,22 +100,23 @@ C++ toolchain be setting this variable manually:
 export CC_riscv32im_succinct_zkvm_elf=/path/to/toolchain
 ```
 
-## Compilation Errors with [`sp1-lib::syscall_verify_sp1_proof`](https://docs.rs/sp1-lib/latest/sp1_lib/fn.syscall_verify_sp1_proof.html) 
+## Compilation Errors with [`sp1-lib::syscall_verify_sp1_proof`](https://docs.rs/sp1-lib/latest/sp1_lib/fn.syscall_verify_sp1_proof.html)
 
 If you are using the [`sp1-lib::syscall_verify_sp1_proof`](https://docs.rs/sp1-lib/latest/sp1_lib/fn.syscall_verify_sp1_proof.html) function, you may encounter compilation errors when building your program.
 
 ```bash
   [sp1]    = note: rust-lld: error: undefined symbol: syscall_verify_sp1_proof
   [sp1]            >>> referenced by sp1_lib.b593533d149f0f6e-cgu.0
   [sp1]            >>>               sp1_lib-8f5deb4c47d01871.sp1_lib.b593533d149f0f6e-cgu.0.rcgu.o:(sp1_lib::verify::verify_sp1_proof::h5c1bb38f11b3fe71) in ...
-  [sp1]            
-  [sp1]  
+  [sp1]
+  [sp1]
   [sp1]  error: could not compile `package-name` (bin "package-name") due to 1 previous error
-  ```
+```
+
+To resolve this, ensure that you're importing both `sp1-lib` and `sp1-zkvm` with the verify feature enabled.
 
-  To resolve this, ensure that you're importing both `sp1-lib` and `sp1-zkvm` with the verify feature enabled.
-  ```toml
-  [dependencies]
-  sp1-lib = { version = "<VERSION>", features = ["verify"] }
-  sp1-zkvm = { version = "<VERSION>", features = ["verify"] }
-  ```
+```toml
+[dependencies]
+sp1-lib = { version = "<VERSION>", features = ["verify"] }
+sp1-zkvm = { version = "<VERSION>", features = ["verify"] }
+```

book/generating-proofs/advanced.md

@@ -48,7 +48,7 @@ RUSTFLAGS='-C target-cpu=native' cargo run --release
 Currently there is support for AVX512 and NEON SIMD instructions. For NEON, you must also enable the `sp1-sdk` feature `neon` in your script crate's `Cargo.toml` file.
 
 ```toml
-sp1-sdk = { version = "1.1.0", features = ["neon"] }
+sp1-sdk = { version = "2.0.0", features = ["neon"] }
 ```
 
 ## Performance

book/generating-proofs/proof-types.md

@@ -4,12 +4,12 @@ There are a few different types of proofs that can be generated by the SP1 zkVM.
 
 The `ProverClient` follows a "builder" pattern that allows you to configure the proof type and other options after creating a `ProverClient` and calling `prove` on it.
 
-For a full list of options, see the following [docs](https://docs.rs/sp1-sdk/1.1.0/sp1_sdk/action/struct.Prove.html).  
+For a full list of options, see the following [docs](https://docs.rs/sp1-sdk/1.2.0/sp1_sdk/action/struct.Prove.html).
 
 ## Core (Default)
 
 The default prover mode generates a list of STARK proofs that in aggregate have size proportional to
- the size of the execution. Use this in settings where you don't care about **verification cost / proof size**.
+the size of the execution. Use this in settings where you don't care about **verification cost / proof size**.
 
 ```rust,noplayground
 let client = ProverClient::new();
@@ -19,7 +19,7 @@ client.prove(&pk, stdin).run().unwrap();
 ## Compressed
 
 The compressed prover mode generates STARK proofs that have constant size. Use this in settings where you
-care about **verification cost / proof size**. This is useful for applications where you want to recursively verify SP1 proofs within SP1 (see the [proof aggregation](../writing-programs/proof-aggregation.md) section). 
+care about **verification cost / proof size**. This is useful for applications where you want to recursively verify SP1 proofs within SP1 (see the [proof aggregation](../writing-programs/proof-aggregation.md) section).
 
 ```rust,noplayground
 let client = ProverClient::new();
@@ -32,7 +32,6 @@ client.prove(&pk, stdin).compressed().run().unwrap();
 WARNING: The PLONK prover requires around 64GB of RAM and is only guaranteed to work on official releases of SP1. We recommend using the prover network to generate PLONK proofs.
 </div>
 
-
 The PLONK prover mode generates a SNARK proof with extremely small proof size and low verification cost.
 This mode is necessary for generating proofs that can be verified onchain for around ~300k gas.
 

book/generating-proofs/prover-network.md

@@ -1,8 +1,9 @@
 # Prover Network Beta
 
-> **Currently, the supported version of SP1 on the prover network is `v1.1.0`.**
+> **Currently, the supported version of SP1 on the prover network is `v2.0.0`.**
 
 Succinct [has been building](https://blog.succinct.xyz/succinct-network/) the Succinct Prover Network, a distributed network of provers that can generate proofs of any size quickly and reliably. It's currently in private beta, but you can get access by following the steps below.
 
 To get started, **[FILL OUT THIS FORM](https://forms.gle/rTUvhstS8PFfv9B3A)** to gain access to the Succinct
-Network. Completing this form requires you to complete the [key setup](./prover-network/key-setup.md) steps below.
+Network. Completing this form requires you to complete the [key
+setup](./prover-network/key-setup.md) steps below.

book/generating-proofs/prover-network/usage.md

@@ -1,6 +1,6 @@
 # Prover Network: Usage
 
-> **Currently, the supported version of SP1 on the prover network is `v1.1.0`.**
+> **See [Supported Versions](../versions.md) for the currently supported versions of SP1 on the Prover Network.**
 
 ## Sending a proof request
 

book/generating-proofs/prover-network/versions.md

@@ -2,28 +2,29 @@
 
 The prover network currently only supports specific versions of SP1:
 
-| Environment | RPC URL                    | Supported Version |
-| ----------- | -------------------------- | ----------------- |
-| Production  | `https://rpc.succinct.xyz` | `v1.2.X`          |
+| Version | Description                                                                                                                                              |
+| ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| v2.X.X  | Audited, production ready version.                                                                                                                       |
+| v3.X.X  | Pre-release version with enhanced performance, currently being audited. **Recommended for benchmarking or testing, not recommended for production use.** |
 
-Where `X` denotes that any patch version is supported (e.g. `v1.2.0`, `v1.2.1`).
+`X` denotes that any minor and patch version is supported (e.g. `v2.1.0`, `v2.1.1`).
 
-If you submit a proof request to the prover network and your are not using the supported version, you will receive an error message.
+If you submit a proof request to the prover network and you are not using a supported version, you will receive an error message.
 
 ## Changing versions
 
 You must switch to a supported version before submitting a proof. To do so, replace the `sp1-zkvm` version in your progam's `Cargo.toml`:
 
 ```toml
 [dependencies]
-sp1-zkvm = "1.1.0"
+sp1-zkvm = "2.0.0"
 ```
 
 replace the `sp1-sdk` version in your script's `Cargo.toml`:
 
 ```toml
 [dependencies]
-sp1-sdk = "1.1.0"
+sp1-sdk = "2.0.0"
 ```
 
 Re-build your program and script, and then try again.

book/generating-proofs/setup.md

@@ -32,7 +32,7 @@ name = "script"
 edition = "2021"
 
 [dependencies]
-sp1-sdk = "1.1.0"
+sp1-sdk = "2.0.0"
 ```
 
 The `sp1-sdk` crate includes the necessary utilities to generate, save, and verify proofs.

book/onchain-verification/getting-started.md

@@ -27,5 +27,5 @@ You can run the above script with `RUST_LOG=info cargo run --bin plonk_bn254 --r
 If you would like to run the PLONK prover directly without Docker, you must have Go 1.22 installed and enable the `native-plonk` feature in `sp1-sdk`. This path is not recommended and may require additional native dependencies.
 
 ```toml
-sp1-sdk = { version = "1.1.0", features = ["native-plonk"] }
+sp1-sdk = { version = "2.0.0", features = ["native-plonk"] }
 ```

book/writing-programs/compiling.md

@@ -34,7 +34,6 @@ Under the hood, this CLI command calls `cargo build` with the `riscv32im-succinc
 
 You can pass additional arguments to the `cargo prove build` command to customize the build process, like configuring what features are enabled, customizing the output directory and more. To see all available options, run `cargo prove build --help`. Many of these options mirror the options available in the `cargo build` command.
 
-
 ## Production Builds
 
 For production builds of programs, you can build your program inside a Docker container which will generate a **reproducible ELF** on all platforms. To do so, just use the `--docker` flag and optionally the `--tag` flag with the release version you want to use (defaults to `latest`). For example:
@@ -62,24 +61,23 @@ The path passed in to `build_program` should point to the directory containing t
 
 ```toml
 [build-dependencies]
-sp1-build = "1.2.0"
+sp1-build = "2.0.0"
 ```
 
 You will see output like the following from the build script if the program has changed, indicating that the program was rebuilt:
 
-````
+```
 [fibonacci-script 0.1.0] cargo:rerun-if-changed=../program/src
 [fibonacci-script 0.1.0] cargo:rerun-if-changed=../program/Cargo.toml
 [fibonacci-script 0.1.0] cargo:rerun-if-changed=../program/Cargo.lock
 [fibonacci-script 0.1.0] cargo:warning=fibonacci-program built at 2024-03-02 22:01:26
 [fibonacci-script 0.1.0] [sp1]    Compiling fibonacci-program v0.1.0 (/Users/umaroy/Documents/fibonacci/program)
 [fibonacci-script 0.1.0] [sp1]     Finished release [optimized] target(s) in 0.15s
 warning: fibonacci-script@0.1.0: fibonacci-program built at 2024-03-02 22:01:26
-````
+```
 
 The above output was generated by running `RUST_LOG=info cargo run --release -vv` for the `script` folder of the Fibonacci example.
 
-
 ### Advanced Build Options
 
 To configure the build process when using the `sp1-build` crate, you can pass a [`BuildArgs`](https://docs.rs/sp1-build/1.2.0/sp1_build/struct.BuildArgs.html) struct to to the [`build_program_with_args`](https://docs.rs/sp1-build/1.2.0/sp1_build/fn.build_program_with_args.html) function. The build arguments are the same as the ones available from the `cargo prove build` command.
@@ -99,4 +97,4 @@ fn main() {
 }
 ```
 
-**Note:** If you want reproducible builds with the `build.rs` approach, you should use the `docker` flag and the `build_program_with_args` function, as shown in the example above.
+**Note:** If you want reproducible builds with the `build.rs` approach, you should use the `docker` flag and the `build_program_with_args` function, as shown in the example above.

book/writing-programs/cycle-tracking.md

@@ -14,7 +14,7 @@ Note that to use the macro, you must add the `sp1-derive` crate to your dependen
 
 ```toml
 [dependencies]
-sp1-derive = "1.1.0"
+sp1-derive = "2.0.0"
 ```
 
 In the script for proof generation, setup the logger with `utils::setup_logger()` and run the script with `RUST_LOG=info cargo run --release`. You should see the following output:
@@ -43,6 +43,7 @@ stdout: result: 2940
 Note that we elegantly handle nested cycle tracking, as you can see above.
 
 ### Get Tracked Cycle Counts
+
 To include tracked cycle counts in the `ExecutionReport` when using `ProverClient::execute`, use the following annotations:
 
 ```rust,noplayground
@@ -65,8 +66,7 @@ First, we need to generate a trace file of the program counter at each cycle whi
 TRACE_FILE=trace.log RUST_LOG=info cargo run --release
 ```
 
-When the `TRACE_FILE` environment variable is set, as SP1's RISC-V runtime is executing, it will write a log of the program counter to the file specified by `TRACE_FILE`. 
-
+When the `TRACE_FILE` environment variable is set, as SP1's RISC-V runtime is executing, it will write a log of the program counter to the file specified by `TRACE_FILE`.
 
 Next, we can use the `cargo prove` CLI with the `trace` command to analyze the trace file and generate a table of instruction counts. This can be done with the following command:
 

book/writing-programs/setup.md

@@ -32,7 +32,7 @@ name = "program"
 edition = "2021"
 
 [dependencies]
-sp1-zkvm = "1.1.0"
+sp1-zkvm = "2.0.0"
 ```
 
 The `sp1-zkvm` crate includes necessary utilities for your program, including handling inputs and outputs,

crates/core/machine/src/io.rs

@@ -113,13 +113,20 @@ impl SP1PublicValues {
         self.buffer.write_slice(slice);
     }
 
+    /// Hash the public values.
+    pub fn hash(&self) -> Vec<u8> {
+        let mut hasher = Sha256::new();
+        hasher.update(self.buffer.data.as_slice());
+        hasher.finalize().to_vec()
+    }
+
     /// Hash the public values, mask the top 3 bits and return a BigUint. Matches the implementation
     /// of `hashPublicValues` in the Solidity verifier.
     ///
     /// ```solidity
     /// sha256(publicValues) & bytes32(uint256((1 << 253) - 1));
     /// ```
-    pub fn hash(&self) -> BigUint {
+    pub fn hash_bn254(&self) -> BigUint {
         // Hash the public values.
         let mut hasher = Sha256::new();
         hasher.update(self.buffer.data.as_slice());
@@ -188,7 +195,7 @@ mod tests {
 
         let mut public_values = SP1PublicValues::new();
         public_values.write_slice(&test_bytes);
-        let hash = public_values.hash();
+        let hash = public_values.hash_bn254();
 
         let expected_hash = "1ce987d0a7fcc2636fe87e69295ba12b1cc46c256b369ae7401c51b805ee91bd";
         let expected_hash_biguint = BigUint::from_bytes_be(&hex::decode(expected_hash).unwrap());

crates/prover/src/verify.rs

@@ -441,7 +441,7 @@ pub fn verify_plonk_bn254_public_inputs(
         return Err(PlonkVerificationError::InvalidVerificationKey.into());
     }
 
-    let public_values_hash = public_values.hash();
+    let public_values_hash = public_values.hash_bn254();
     if public_values_hash != expected_public_values_hash {
         return Err(PlonkVerificationError::InvalidPublicValues.into());
     }
@@ -464,7 +464,7 @@ pub fn verify_groth16_bn254_public_inputs(
         return Err(Groth16VerificationError::InvalidVerificationKey.into());
     }
 
-    let public_values_hash = public_values.hash();
+    let public_values_hash = public_values.hash_bn254();
     if public_values_hash != expected_public_values_hash {
         return Err(Groth16VerificationError::InvalidPublicValues.into());
     }

crates/recursion/gnark-ffi/assets/SP1VerifierGroth16.txt

@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {ISP1Verifier, ISP1VerifierWithHash} from "../ISP1Verifier.sol";
+import {Groth16Verifier} from "./Groth16Verifier.sol";
+
+/// @title SP1 Verifier
+/// @author Succinct Labs
+/// @notice This contracts implements a solidity verifier for SP1.
+contract SP1Verifier is Groth16Verifier, ISP1VerifierWithHash {
+    /// @notice Thrown when the verifier selector from this proof does not match the one in this
+    /// verifier. This indicates that this proof was sent to the wrong verifier.
+    /// @param received The verifier selector from the first 4 bytes of the proof.
+    /// @param expected The verifier selector from the first 4 bytes of the VERIFIER_HASH().
+    error WrongVerifierSelector(bytes4 received, bytes4 expected);
+
+    /// @notice Thrown when the proof is invalid.
+    error InvalidProof();
+
+    function VERSION() external pure returns (string memory) {
+        return "{SP1_CIRCUIT_VERSION}";
+    }
+
+    /// @inheritdoc ISP1VerifierWithHash
+    function VERIFIER_HASH() public pure returns (bytes32) {
+        return {VERIFIER_HASH};
+    }
+
+    /// @notice Hashes the public values to a field elements inside Bn254.
+    /// @param publicValues The public values.
+    function hashPublicValues(
+        bytes calldata publicValues
+    ) public pure returns (bytes32) {
+        return sha256(publicValues) & bytes32(uint256((1 << 253) - 1));
+    }
+
+    /// @notice Verifies a proof with given public values and vkey.
+    /// @param programVKey The verification key for the RISC-V program.
+    /// @param publicValues The public values encoded as bytes.
+    /// @param proofBytes The proof of the program execution the SP1 zkVM encoded as bytes.
+    function verifyProof(
+        bytes32 programVKey,
+        bytes calldata publicValues,
+        bytes calldata proofBytes
+    ) external view {
+        bytes4 receivedSelector = bytes4(proofBytes[:4]);
+        bytes4 expectedSelector = bytes4(VERIFIER_HASH());
+        if (receivedSelector != expectedSelector) {
+            revert WrongVerifierSelector(receivedSelector, expectedSelector);
+        }
+
+        bytes32 publicValuesDigest = hashPublicValues(publicValues);
+        uint256[2] memory inputs;
+        inputs[0] = uint256(programVKey);
+        inputs[1] = uint256(publicValuesDigest);
+        uint256[8] memory proof = abi.decode(proofBytes[4:], (uint256[8]));
+        this.Verify(proof, inputs);
+    }
+}

crates/recursion/gnark-ffi/assets/SP1Verifier.txt → crates/recursion/gnark-ffi/assets/SP1VerifierPlonk.txt

@@ -2,12 +2,12 @@
 pragma solidity ^0.8.20;
 
 import {ISP1Verifier, ISP1VerifierWithHash} from "../ISP1Verifier.sol";
-import {{PROOF_SYSTEM}Verifier} from "./{PROOF_SYSTEM}Verifier.sol";
+import {PlonkVerifier} from "./PlonkVerifier.sol";
 
 /// @title SP1 Verifier
 /// @author Succinct Labs
 /// @notice This contracts implements a solidity verifier for SP1.
-contract SP1Verifier is {PROOF_SYSTEM}Verifier, ISP1VerifierWithHash {
+contract SP1Verifier is PlonkVerifier, ISP1VerifierWithHash {
     /// @notice Thrown when the verifier selector from this proof does not match the one in this
     /// verifier. This indicates that this proof was sent to the wrong verifier.
     /// @param received The verifier selector from the first 4 bytes of the proof.