From 4549fb2fb2648537e4ac967c6bf9d7001ac93b69 Mon Sep 17 00:00:00 2001
From: saitima <2371121+saitima@users.noreply.github.com>
Date: Wed, 18 Dec 2024 15:45:23 +0300
Subject: [PATCH] fix(snark-wrapper):  range check bitlen in snark wrapper
 circuit (#56)

This PR fixes bitlen in a snark wrapper circuit that was causing vk
divergency of wrapper circuit made for plonk based prover.
---
 .../src/plonk/circuit/goldilocks/mod.rs       |  6 +-----
 crates/snark-wrapper/src/verifier/mod.rs      | 21 +++++++++++++++++--
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs b/crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs
index 24b9fb2..9f7c22a 100644
--- a/crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs
+++ b/crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs
@@ -47,10 +47,6 @@ impl<E: Engine> Hash for GoldilocksField<E> {
 }
 
 pub fn range_check_for_num_bits<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, num: &Num<E>, num_bits: usize) -> Result<(), SynthesisError> {
-    range_check_for_num_bits_coarsely(cs, num, num_bits, true)
-}
-
-pub fn range_check_for_num_bits_coarsely<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, num: &Num<E>, num_bits: usize, coarsely: bool) -> Result<(), SynthesisError> {
     assert!(num_bits % 16 == 0);
 
     if let Num::Constant(value) = num {
@@ -60,7 +56,7 @@ pub fn range_check_for_num_bits_coarsely<E: Engine, CS: ConstraintSystem<E>>(cs:
     } else {
         // Name of the table should be checked
         if let Ok(table) = cs.get_table(BITWISE_LOGICAL_OPS_TABLE_NAME) {
-            enforce_range_check_using_bitop_table(cs, &num.get_variable(), num_bits, table, coarsely)?;
+            enforce_range_check_using_bitop_table(cs, &num.get_variable(), num_bits, table, true)?;
         } else if <CS::Params as PlonkConstraintSystemParams<E>>::CAN_ACCESS_NEXT_TRACE_STEP {
             enforce_range_check_using_naive_approach(cs, &num.get_variable(), num_bits)?;
         } else {
diff --git a/crates/snark-wrapper/src/verifier/mod.rs b/crates/snark-wrapper/src/verifier/mod.rs
index 8c16f3a..33fe4b9 100644
--- a/crates/snark-wrapper/src/verifier/mod.rs
+++ b/crates/snark-wrapper/src/verifier/mod.rs
@@ -201,9 +201,12 @@ fn aggregate_public_inputs<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, publ
     );
 
     // Firstly we check that public inputs have correct size
-    use rescue_poseidon::franklin_crypto::plonk::circuit::goldilocks::range_check_for_num_bits_coarsely;
     for pi in public_inputs.iter() {
-        range_check_for_num_bits_coarsely(cs, &pi.into_num(), 64, false)?;
+        if let Ok(_) = cs.get_table(BITWISE_LOGICAL_OPS_TABLE_NAME) {
+            range_check_with_lookup(cs, &pi.into_num(), chunk_bit_size)?;
+        } else {
+            range_check_with_naive(cs, &pi.into_num(), chunk_bit_size)?;
+        }
     }
 
     // compute aggregated pi value
@@ -229,3 +232,17 @@ fn aggregate_public_inputs<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, publ
 
     Ok(pi)
 }
+
+pub fn range_check_with_naive<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, num: &Num<E>, num_bits: usize) -> Result<(), SynthesisError> {
+    use rescue_poseidon::franklin_crypto::plonk::circuit::goldilocks::range_check_for_num_bits;
+    range_check_for_num_bits(cs, num, num_bits)?;
+
+    Ok(())
+}
+
+pub fn range_check_with_lookup<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, num: &Num<E>, num_bits: usize) -> Result<(), SynthesisError> {
+    let table = cs.get_table(BITWISE_LOGICAL_OPS_TABLE_NAME).unwrap();
+    use rescue_poseidon::franklin_crypto::plonk::circuit::bigint_new::enforce_range_check_using_bitop_table;
+    enforce_range_check_using_bitop_table(cs, &num.get_variable(), num_bits, table, false)?;
+    Ok(())
+}