1+ // ---------------------------------------------------------------------------//
2+ // Copyright (c) 2023 Elena Tatuzova <[email protected] >
3+ //
4+ // MIT License
5+ //
6+ // Permission is hereby granted, free of charge, to any person obtaining a copy
7+ // of this software and associated documentation files (the "Software"), to deal
8+ // in the Software without restriction, including without limitation the rights
9+ // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10+ // copies of the Software, and to permit persons to whom the Software is
11+ // furnished to do so, subject to the following conditions:
12+ //
13+ // The above copyright notice and this permission notice shall be included in all
14+ // copies or substantial portions of the Software.
15+ //
16+ // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17+ // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18+ // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19+ // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20+ // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21+ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22+ // SOFTWARE.
23+ // ---------------------------------------------------------------------------//
24+ // @file Declaration of interfaces for PLONK unified addition component.
25+ // ---------------------------------------------------------------------------//
26+ #ifndef __CONTRACTS_TEMPLATE_HPP__
27+ #define __CONTRACTS_TEMPLATE_HPP__
28+
29+ #include < string>
30+
31+ namespace nil {
32+ namespace blueprint {
33+ std::string main_contract_template = R"(
34+ pragma solidity >=0.8.4;
35+
36+ import "../../cryptography/transcript.sol";
37+ // Move away unused structures from types.sol
38+ import "../../types.sol";
39+ import "../../basic_marshalling.sol";
40+ import "../../interfaces/modular_verifier.sol";
41+ import "../../interfaces/modular_commitment.sol";
42+ import "../../interfaces/modular_gate_argument.sol";
43+ import "../../interfaces/modular_lookup_argument.sol";
44+ import "../../interfaces/modular_permutation_argument.sol";
45+ import "hardhat/console.sol";
46+
47+ contract modular_verifier_circuit3 is IModularVerifier{
48+ uint256 constant modulus = $MODULUS$;
49+ bool constant use_lookups = false;
50+ bytes32 constant vk1 = bytes32($VERIFICATION_KEY_1$);
51+ bytes32 constant vk2 = bytes32($VERIFICATION_KEY_2$);
52+ bytes32 transcript_state;
53+ address _gate_argument_address;
54+ address _permutation_argument_address;
55+ address _lookup_argument_address;
56+ address _commitment_contract_address;
57+ uint8 constant f_parts = 8; // Individually on parts
58+ uint32 constant z_offset = 212;
59+ uint32 constant table_offset = z_offset + 0x20 * 10;
60+ uint32 constant z_end = 0x35 * 0x20;
61+
62+ bytes constant batched_points = hex"020202020202020202020303030203";
63+ bytes constant variable_points = hex"010101";
64+ bytes constant permutation_points = hex"0202";
65+ bytes constant quotient_points = hex"010101010101";
66+ bytes constant lookup_points = hex"0303";
67+
68+ uint16 constant fixed_points_num = 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 3 + 3 + 3 + 2 + 3;
69+ uint16 constant variable_points_num = 3;
70+ uint16 constant permutation_points_num = 4;
71+ uint16 constant quotient_points_num = 6;
72+ uint16 constant lookup_points_num = 6;
73+ uint16 constant table_points_num = fixed_points_num - 10 + variable_points_num;
74+
75+ constructor(){
76+ }
77+
78+ function initialize(
79+ address permutation_argument_address,
80+ address lookup_argument_address,
81+ address gate_argument_address,
82+ address commitment_contract_address
83+ ) public{
84+ console.log("Initialize");
85+ types.transcript_data memory tr_state;
86+ transcript.init_transcript(tr_state, hex"");
87+ transcript.update_transcript_b32(tr_state, vk1);
88+ transcript.update_transcript_b32(tr_state, vk2);
89+
90+ _gate_argument_address = gate_argument_address;
91+ _permutation_argument_address = permutation_argument_address;
92+ _lookup_argument_address = lookup_argument_address;
93+ _commitment_contract_address = commitment_contract_address;
94+
95+ ICommitmentScheme commitment_scheme = ICommitmentScheme(commitment_contract_address);
96+ tr_state.current_challenge = commitment_scheme.initialize(tr_state.current_challenge);
97+ transcript_state = tr_state.current_challenge;
98+ }
99+
100+ function verify(
101+ bytes calldata blob
102+ ) public view{
103+ uint256 gas = gasleft();
104+ //0. Check proof size
105+ // No direct public input
106+
107+ //1. Init transcript
108+ types.transcript_data memory tr_state;
109+ tr_state.current_challenge = transcript_state;
110+
111+ {
112+ //2. Push variable_values commitment to transcript
113+ transcript.update_transcript_b32_by_offset_calldata(tr_state, blob, 0x9);
114+
115+ //3. Permutation argument
116+ $CALL_PERMUTATION_ARGUMENT$
117+ uint256 a = transcript.get_field_challenge(tr_state, modulus);//beta
118+ console.log("beta: ", a);
119+ uint256 b = transcript.get_field_challenge(tr_state, modulus);//beta
120+ console.log("gamma:", b);
121+ IModularPermutationArgument permutation_argument = IModularPermutationArgument(_permutation_argument_address);
122+ permutation_argument.verify(
123+ blob[z_offset:z_end],
124+ a,
125+ b
126+ );
127+ }
128+
129+ {
130+ $CALL_LOOKUP_ARGUMENT$
131+ //4. Lookup argument
132+ IModularLookupArgument lookup_argument = IModularLookupArgument(_lookup_argument_address);
133+ ( , tr_state.current_challenge) = lookup_argument.verify(
134+ blob[table_offset: table_offset + table_points_num*0x20], blob[table_offset:z_end], basic_marshalling.get_uint256_be(blob, 0x81), tr_state.current_challenge
135+ );
136+ }
137+
138+ //5. Push permutation batch to transcript
139+ transcript.update_transcript_b32_by_offset_calldata(tr_state, blob, 0x31);
140+
141+ {
142+ $CALL_GATE_ARGUMENT$
143+ //6. Gate argument
144+ IModularGateArgument gate_argument = IModularGateArgument(_gate_argument_address);
145+ gate_argument.verify(blob[table_offset:table_offset + table_points_num*0x20], transcript.get_field_challenge(tr_state, modulus));
146+ }
147+
148+ // No public input gate
149+
150+ {
151+ //7. Push quotient to transcript
152+ uint256[f_parts] memory alphas;
153+ for( uint8 i = 0; i < f_parts;){
154+ alphas[i] = transcript.get_field_challenge(tr_state, modulus);
155+ console.log("alpha ", i, ":", alphas[i]);
156+ unchecked{i++;}
157+ }
158+ transcript.update_transcript_b32_by_offset_calldata(tr_state, blob, 0x59);
159+ }
160+
161+ //8. Commitment scheme proof_eval
162+ {.
163+ $CALL_COMMITMENT_SCHEME$
164+ ICommitmentScheme commitment_scheme = ICommitmentScheme(_commitment_contract_address);
165+
166+ uint256[] memory commitments = new uint256[](5);
167+ commitments[0] = uint256(vk2);
168+ commitments[1] = basic_marshalling.get_uint256_be(blob, 0x9);
169+ commitments[2] = basic_marshalling.get_uint256_be(blob, 0x31);
170+ commitments[3] = basic_marshalling.get_uint256_be(blob, 0x59);
171+ commitments[4] = basic_marshalling.get_uint256_be(blob, 0x81);
172+ if(!commitment_scheme.verify_eval(
173+ blob[z_offset:], commitments, basic_marshalling.get_uint256_be(blob, 0xa1), tr_state.current_challenge
174+ )) console.log("Error from commitment scheme!");
175+ }
176+
177+ //9. Final check
178+ console.log("Gas for verification:", gas-gasleft());
179+ }
180+ }
181+ )" ;
182+ }
183+ }
184+
185+ #endif // __GATE_ARGUMENT_TEMPLATE_HPP__
0 commit comments