feat(galois): upgrade circuit to latest gnark

unionlabs · Nov 2, 2023 · b75cd34 · b75cd34
1 parent ed1ff7c
commit b75cd34
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 39 deletions.
diff --git a/galoisd/grpc/api/v1/server.go b/galoisd/grpc/api/v1/server.go
@@ -41,7 +41,6 @@ type proverServer struct {
 	cs         constraint.ConstraintSystem
 	pk         backend.ProvingKey
 	vk         backend.VerifyingKey
-	commitment constraint.Commitment
 	proving    atomic.Bool
 }
 
@@ -166,9 +165,10 @@ func (p *proverServer) QueryStats(ctx context.Context, req *QueryStatsRequest) (
 			NbG2:            uint32(p.vk.NbG2()),
 			NbPublicWitness: uint32(p.vk.NbPublicWitness()),
 		},
+		// Deprecated
 		CommitmentStats: &CommitmentStats{
-			NbPublicCommitted:  uint32(p.commitment.NbPublicCommitted()),
-			NbPrivateCommitted: uint32(p.commitment.NbPrivateCommitted),
+			NbPublicCommitted:  uint32(0),
+			NbPrivateCommitted: uint32(0),
 		},
 	}, nil
 }
@@ -327,14 +327,15 @@ func (p *proverServer) Prove(ctx context.Context, req *ProveRequest) (*ProveResp
 	// Ugly but https://github.com/ConsenSys/gnark/issues/652
 	switch _proof := proof.(type) {
 	case *backend_bn254.Proof:
-		if p.commitment.Is() {
-			res, err := fr.Hash(p.commitment.SerializeCommitment(_proof.Commitment.Marshal(), []*big.Int{}, (fr.Bits-1)/8+1), []byte(constraint.CommitmentDst), 1)
-			if err != nil {
-				return nil, err
-			}
-			proofCommitment = _proof.Commitment.Marshal()
-			commitmentHash = res[0].Marshal()
+		if len(_proof.Commitments) != 1 {
+			return nil, fmt.Errorf("Proof encoding is specialized for a single commitment, got: %d", len(_proof.Commitments))
+		}
+		res, err := fr.Hash(constraint.SerializeCommitment(_proof.Commitments[0].Marshal(), []*big.Int{}, (fr.Bits-1)/8+1), []byte(constraint.CommitmentDst), 1)
+		if err != nil {
+			return nil, err
 		}
+		proofCommitment = _proof.Commitments[0].Marshal()
+		commitmentHash = res[0].Marshal()
 		break
 	default:
 		return nil, fmt.Errorf("Impossible: proof backend must be BN254 at this point")
@@ -452,23 +453,9 @@ func NewProverServer(r1csPath string, pkPath string, vkPath string) (*proverServ
 		return nil, err
 	}
 
-	var commitment constraint.Commitment
-	switch _pk := pk.(type) {
-	case *backend_bn254.ProvingKey:
-		switch _vk := vk.(type) {
-		case *backend_bn254.VerifyingKey:
-			_pk.CommitmentKey = _vk.CommitmentKey
-			commitment = _vk.CommitmentInfo
-			break
-		}
-		break
-	default:
-		return nil, fmt.Errorf("Impossible: vk backend must be BN254 at this point")
-	}
-
 	runtime.GC()
 
-	return &proverServer{cs: cs, pk: pk, vk: vk, commitment: commitment}, nil
+	return &proverServer{cs: cs, pk: pk, vk: vk}, nil
 }
 
 func readFrom(file string, obj io.ReaderFrom) error {

diff --git a/galoisd/pkg/lightclient/common.go b/galoisd/pkg/lightclient/common.go
@@ -108,10 +108,6 @@ func (lc *TendermintLightClientAPI) Verify(message *gadget.G2Affine, expectedVal
 
 	curveArithmetic, _ := sw_emulated.New[emulated.BN254Fp, emulated.BN254Fr](lc.api, sw_emulated.GetBN254Params())
 
-	_, _, g1AffGen, _ := curve.Generators()
-
-	emulatedG1 := gadget.NewG1Affine(g1AffGen)
-
 	totalVotingPower := frontend.Variable(0)
 	currentVotingPower := frontend.Variable(0)
 	aggregatedKeys := frontend.Variable(0)
@@ -123,20 +119,16 @@ func (lc *TendermintLightClientAPI) Verify(message *gadget.G2Affine, expectedVal
 
 	leafHashes := make([]frontend.Variable, MaxVal)
 
-	// sizeof(0||leaf) = 1 + ValProtoSize = 48 bytes => 1 block
-	// sizeof(1||hash(left_leaf)|hash(right_leaf)) = 1 + 2*sizeof(hash(0||leaf)) = 65 bytes => 2 blocks
-	merkle := merkle.NewMerkleTreeAPI(lc.api, 1, 2)
+	merkle := merkle.NewMerkleTreeAPI(lc.api)
 
 	if err := forEachVal(func(i int, signed frontend.Variable, publicKey *gadget.G1Affine, power frontend.Variable, leaf frontend.Variable) error {
 		// Aggregate voting power and current power
 		totalVotingPower = lc.api.Add(totalVotingPower, power)
 		// Optionally aggregated public key/voting power if validator at index signed
 		currentVotingPower = lc.api.Add(currentVotingPower, lc.api.Select(signed, power, 0))
-		// Avoid issue with null point, emulatedG1 is never used because only reference in the !signed branch
-		toAggregate := curveArithmetic.Select(signed, publicKey, &emulatedG1)
 		// Optionally aggregated public key if validator at index signed
 		firstPK := lc.api.And(signed, lc.api.IsZero(aggregatedKeys))
-		aggregated := curveArithmetic.Add(&aggregatedPublicKey, toAggregate)
+		aggregated := curveArithmetic.AddUnified(&aggregatedPublicKey, curveArithmetic.Select(signed, publicKey, &gadget.G1Affine{}))
 		aggregateNext := curveArithmetic.Select(firstPK, publicKey, aggregated)
 		aggregatedPublicKey =
 			*curveArithmetic.Select(signed, aggregateNext, &aggregatedPublicKey)
@@ -167,6 +159,8 @@ func (lc *TendermintLightClientAPI) Verify(message *gadget.G2Affine, expectedVal
 		return fmt.Errorf("new pairing: %w", err)
 	}
 
+	_, _, g1AffGen, _ := curve.Generators()
+
 	// Verify that the aggregated signature is correct
 	var g1AffGenNeg curve.G1Affine
 	g1AffGenNeg.Neg(&g1AffGen)

diff --git a/galoisd/pkg/merkle/api.go b/galoisd/pkg/merkle/api.go
@@ -14,12 +14,10 @@ const (
 
 type MerkleTreeAPI struct {
 	api            frontend.API
-	leafMaxBlocks  int
-	innerMaxBlocks int
 }
 
-func NewMerkleTreeAPI(api frontend.API, leafMaxBlocks int, innerMaxblocks int) *MerkleTreeAPI {
-	return &MerkleTreeAPI{api: api, leafMaxBlocks: leafMaxBlocks, innerMaxBlocks: innerMaxblocks}
+func NewMerkleTreeAPI(api frontend.API) *MerkleTreeAPI {
+	return &MerkleTreeAPI{api: api}
 }
 
 func (m *MerkleTreeAPI) LeafHash(leaf []frontend.Variable) frontend.Variable {