Embedded VK in the recursive circuit (#5296)

Author: aeryz

galoisd/grpc/bls12381_server.go

@@ -11,6 +11,7 @@ import (
 	grpc "galois/grpc/api/v3"
 	"galois/pkg/lightclient"
 	bls12381gadget "galois/pkg/lightclient/bls12381"
+
 	// "io"
 	"math/big"
 	"os"
@@ -29,7 +30,6 @@ import (
 	cs_bls12381 "github.com/consensys/gnark/constraint/bls12-381"
 	cs_bn254 "github.com/consensys/gnark/constraint/bn254"
 	"github.com/consensys/gnark/frontend"
-	"github.com/consensys/gnark/frontend/cs/r1cs"
 	gadget "github.com/consensys/gnark/std/algebra/emulated/sw_bn254"
 	"github.com/consensys/gnark/std/recursion/groth16"
 	"github.com/holiman/uint256"
@@ -118,10 +118,8 @@ func (p *proverServerBls12381) Poll(ctx context.Context, pollReq *grpc.PollReque
 
 	prove := func() (*grpc.ProveResponse, error) {
 		innerProof, err := Prove(req, &p.innerCs, &p.innerPk, &p.innerVk)
-
-		circuitVk, err := groth16.ValueOfVerifyingKey[gadget.G1Affine, gadget.G2Affine, gadget.GTEl](backend.VerifyingKey(&p.innerVk))
 		if err != nil {
-			return nil, fmt.Errorf("Could not get the verifying key %s", err)
+			return nil, fmt.Errorf("Could not do the inner proving %s", err)
 		}
 
 		circuitWitness, err := groth16.ValueOfWitness[gadget.ScalarField](innerProof.PublicWitness)
@@ -136,9 +134,9 @@ func (p *proverServerBls12381) Poll(ctx context.Context, pollReq *grpc.PollReque
 
 		commitmentHash := cometbn254.HashToField(innerProof.ProofCommitment.Marshal())
 		bls12381Witness := &bls12381gadget.Circuit{
+			// verifying key is baked in, so we don't set here since it has no effect on the witness generation
 			InnerWitness:    circuitWitness,
 			Proof:           circuitProof,
-			VerifyingKey:    circuitVk,
 			CommitmentHash:  commitmentHash.BigInt(new(big.Int)),
 			CommitmentX:     innerProof.ProofCommitment.X.BigInt(new(big.Int)),
 			CommitmentY:     innerProof.ProofCommitment.Y.BigInt(new(big.Int)),
@@ -370,14 +368,20 @@ func loadOrCreateBls12381(r1csPath, pkPath, vkPath, innerR1csPath, innerPkPath,
 		}
 	}
 
-	circuit := &bls12381gadget.Circuit{
-		Proof:        groth16.PlaceholderProof[gadget.G1Affine, gadget.G2Affine](&csInner),
-		InnerWitness: groth16.PlaceholderWitness[gadget.ScalarField](&csInner),
-		VerifyingKey: groth16.PlaceholderVerifyingKey[gadget.G1Affine, gadget.G2Affine, gadget.GTEl](&csInner),
+	verifyingKey, err := groth16.ValueOfVerifyingKeyFixed[gadget.G1Affine, gadget.G2Affine, gadget.GTEl](&vkInner)
+	verifyingKey.PublicAndCommitmentCommitted = vkInner.PublicAndCommitmentCommitted
+
+	if err != nil {
+		return cs, pk, vk, csInner, pkInner, vkInner, err
 	}
 
 	log.Info().Msg("Compiling circuit...")
-	r1csInstance, err := frontend.Compile(ecc.BLS12_381.ScalarField(), r1cs.NewBuilder, circuit, frontend.WithCompressThreshold(300))
+	r1csInstance, err := bls12381gadget.Compile(
+		groth16.PlaceholderProof[gadget.G1Affine, gadget.G2Affine](&csInner),
+		groth16.PlaceholderWitness[gadget.ScalarField](&csInner),
+		verifyingKey,
+	)
+
 	if err != nil {
 		return cs, pk, vk, csInner, pkInner, vkInner, err
 	}

galoisd/pkg/lightclient/bls12381/circuit.go

@@ -3,8 +3,10 @@ package bls12381
 import (
 	"fmt"
 
-	// "github.com/consensys/gnark-crypto/ecc/bn254/fr"
+	"github.com/consensys/gnark-crypto/ecc"
+	"github.com/consensys/gnark/constraint"
 	"github.com/consensys/gnark/frontend"
+	"github.com/consensys/gnark/frontend/cs/r1cs"
 	"github.com/consensys/gnark/std/algebra/emulated/sw_bn254"
 
 	"github.com/consensys/gnark/std/algebra/emulated/sw_emulated"
@@ -13,15 +15,30 @@ import (
 )
 
 type Circuit struct {
-	Proof           groth16.Proof[sw_bn254.G1Affine, sw_bn254.G2Affine]
-	VerifyingKey    groth16.VerifyingKey[sw_bn254.G1Affine, sw_bn254.G2Affine, sw_bn254.GTEl]
-	InnerWitness    groth16.Witness[sw_bn254.ScalarField]
-	CommitmentHash  frontend.Variable `gnark:",public"`
-	CommitmentX     frontend.Variable `gnark:",public"`
-	CommitmentY     frontend.Variable `gnark:",public"`
-	InnerInputsHash frontend.Variable `gnark:",public"`
-	// VkHash          frontend.Variable `gnark:",public"`
-	// OptimizedInnerWitness frontend.Variable `gnark:",public"`
+	Proof        groth16.Proof[sw_bn254.G1Affine, sw_bn254.G2Affine]
+	InnerWitness groth16.Witness[sw_bn254.ScalarField] `gnark:",public"`
+	// we are using an embedded constant verifying key since it's easier and doesn't require a vkhash
+	verifyingKey    groth16.VerifyingKey[sw_bn254.G1Affine, sw_bn254.G2Affine, sw_bn254.GTEl] `gnark:"-"`
+	CommitmentHash  frontend.Variable                                                         `gnark:",public"`
+	CommitmentX     frontend.Variable                                                         `gnark:",public"`
+	CommitmentY     frontend.Variable                                                         `gnark:",public"`
+	InnerInputsHash frontend.Variable                                                         `gnark:",public"`
+}
+
+func Compile(
+	proof groth16.Proof[sw_bn254.G1Affine, sw_bn254.G2Affine],
+	innerWitness groth16.Witness[sw_bn254.ScalarField],
+	verifyingKey groth16.VerifyingKey[sw_bn254.G1Affine, sw_bn254.G2Affine, sw_bn254.GTEl],
+) (constraint.ConstraintSystem, error) {
+
+	r1csInstance, err := frontend.Compile(ecc.BLS12_381.ScalarField(), r1cs.NewBuilder, &Circuit{
+		Proof:        proof,
+		verifyingKey: verifyingKey,
+		InnerWitness: innerWitness,
+	}, frontend.WithCompressThreshold(300))
+
+	return r1csInstance, err
+
 }
 
 func (c *Circuit) Define(api frontend.API) error {
@@ -30,8 +47,6 @@ func (c *Circuit) Define(api frontend.API) error {
 		return fmt.Errorf("new verifier: %w", err)
 	}
 
-	// AssertEq(mimcHash(verifyikgkey.G1.X.Limbs..., verifyingKey.G1.Y.Limbs...), VkHash)
-
 	xLimbs := Unpack(api, c.CommitmentX, 256, 64)
 	yLimbs := Unpack(api, c.CommitmentY, 256, 64)
 
@@ -48,7 +63,7 @@ func (c *Circuit) Define(api frontend.API) error {
 	innerInputsHash := scalarApi.FromBits(api.ToBinary(c.InnerInputsHash)...)
 	scalarApi.AssertIsEqual(&c.InnerWitness.Public[0], innerInputsHash)
 
-	return verifier.AssertProof(c.VerifyingKey, c.Proof, c.InnerWitness, groth16.WithCommitmentHash(c.CommitmentHash))
+	return verifier.AssertProof(c.verifyingKey, c.Proof, c.InnerWitness, groth16.WithCommitmentHash(c.CommitmentHash))
 }
 
 func Unpack(api frontend.API, packed frontend.Variable, sizeOfInput int, sizeOfElem int) []frontend.Variable {

sui/ibc/sources/ibc_commitment.move

@@ -196,7 +196,7 @@ module ibc::commitment {
         keccak256(&channel_path(channel_id))
     }
 
-    public(package) fun batch_packets_commitment_key(
+    public fun batch_packets_commitment_key(
         batch_hash: vector<u8>
     ): vector<u8> {
         keccak256(&batch_packets_commitment_path(batch_hash))
@@ -222,7 +222,7 @@ module ibc::commitment {
     }
 
     // not calling `commit_packets` here because this function is optimized for a single packet
-    public(package) fun commit_packet(packet: &Packet): vector<u8> {
+    public fun commit_packet(packet: &Packet): vector<u8> {
         let mut encoded = bcs::to_bytes(&SinglePacketCommitmentBcs {
             offset_0x20_1: address::from_u256(0x20),
             len_1: address::from_u256(1),

sui/ucs03_zkgm/sources/events.move

@@ -0,0 +1,95 @@
+// License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
+// "Business Source License" is a trademark of MariaDB Corporation Ab.
+
+// Parameters
+
+// Licensor:             Union.fi, Labs Inc.
+// Licensed Work:        All files under https://github.com/unionlabs/union's sui subdirectory
+//                       The Licensed Work is (c) 2024 Union.fi, Labs Inc.
+// Change Date:          Four years from the date the Licensed Work is published.
+// Change License:       Apache-2.0
+//
+
+// For information about alternative licensing arrangements for the Licensed Work,
+// please contact [email protected].
+
+// Notice
+
+// Business Source License 1.1
+
+// Terms
+
+// The Licensor hereby grants you the right to copy, modify, create derivative
+// works, redistribute, and make non-production use of the Licensed Work. The
+// Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+// Effective on the Change Date, or the fourth anniversary of the first publicly
+// available distribution of a specific version of the Licensed Work under this
+// License, whichever comes first, the Licensor hereby grants you rights under
+// the terms of the Change License, and the rights granted in the paragraph
+// above terminate.
+
+// If your use of the Licensed Work does not comply with the requirements
+// currently in effect as described in this License, you must purchase a
+// commercial license from the Licensor, its affiliated entities, or authorized
+// resellers, or you must refrain from using the Licensed Work.
+
+// All copies of the original and modified Licensed Work, and derivative works
+// of the Licensed Work, are subject to this License. This License applies
+// separately for each version of the Licensed Work and the Change Date may vary
+// for each version of the Licensed Work released by Licensor.
+
+// You must conspicuously display this License on each original or modified copy
+// of the Licensed Work. If you receive the Licensed Work in original or
+// modified form from a third party, the terms and conditions set forth in this
+// License apply to your use of that work.
+
+// Any use of the Licensed Work in violation of this License will automatically
+// terminate your rights under this License for the current and all other
+// versions of the Licensed Work.
+
+// This License does not grant you any right in any trademark or logo of
+// Licensor or its affiliates (provided that you may use a trademark or logo of
+// Licensor as expressly required by this License).
+
+// TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+// AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+// EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+// TITLE.
+
+module zkgm::events {
+    use sui::event;
+
+    public struct CreateWrappedToken has copy, drop, store {
+        path: u256,
+        channel_id: u32,
+        base_token: vector<u8>,
+        quote_token: vector<u8>,
+        native_token: vector<u8>,
+        metadata: vector<u8>,
+        kind: u8
+    }
+
+    public(package) fun emit_create_wrapped_token(
+        path: u256,
+        channel_id: u32,
+        base_token: vector<u8>,
+        quote_token: vector<u8>,
+        native_token: vector<u8>,
+        metadata: vector<u8>,
+        kind: u8
+    ) {
+        event::emit(
+            CreateWrappedToken {
+                path,
+                channel_id,
+                base_token,
+                quote_token,
+                native_token,
+                metadata,
+                kind
+            }
+        )
+    }
+}

sui/ucs03_zkgm/sources/zkgm.move

@@ -66,7 +66,6 @@ module zkgm::zkgm {
     use sui::bcs;
     use sui::clock::Clock; 
     use sui::coin::{Self, Coin};
-    use sui::event;
     use sui::object_bag::{Self, ObjectBag};
     use sui::table::{Self, Table};
 
@@ -81,6 +80,7 @@ module zkgm::zkgm {
     use zkgm::ack::{Self, Ack};
     use zkgm::batch;
     use zkgm::batch_ack;
+    use zkgm::events;
     use zkgm::forward::{Self, Forward};
     use zkgm::token_metadata::{Self, TokenMetadata};
     use zkgm::token_order::{Self, TokenOrderV2};
@@ -158,25 +158,13 @@ module zkgm::zkgm {
         object_store: ObjectBag,
     }
 
-    public struct CreateWrappedToken has copy, drop, store {
-        path: u256,
-        channel_id: u32,
-        base_token: vector<u8>,
-        quote_token: vector<u8>,
-        native_token: vector<u8>,
-        metadata: vector<u8>,
-        kind: u8
-    }
-
     public struct ChannelBalancePair has copy, drop, store {
         channel: u32,
         path: u256,
         token: vector<u8>,
         metadata_image: vector<u8>,
     }
 
-    public struct Session {}
-
     public struct ZkgmPacketCtx has drop {
         instruction_set: vector<Instruction>,
         // not by instruction but by set
@@ -1224,15 +1212,15 @@ module zkgm::zkgm {
         if (quote_token == wrapped_token && base_amount_covers_quote_amount) {
             // TODO: rate limit
             if (!zkgm.save_token_origin(wrapped_token, path, ibc_packet.destination_channel_id())) {
-                event::emit(CreateWrappedToken {
+                events::emit_create_wrapped_token(
                     path,
-                    channel_id: ibc_packet.destination_channel_id(), 
-                    base_token: *order.base_token(),
+                    ibc_packet.destination_channel_id(), 
+                    *order.base_token(),
                     quote_token,
-                    native_token: type_name::with_defining_ids<T>().into_string().into_bytes(),
-                    metadata: *order.metadata(),
-                    kind: order.kind()
-                });
+                    type_name::with_defining_ids<T>().into_string().into_bytes(),
+                    *order.metadata(),
+                    order.kind()
+                );
             };
 
             // We expect the token to be deployed already here and the treasury cap is registered previously with type T