Gc 304 companion

[Tabaie]

Reflecting the changes in Consensys/gnark-crypto#308 including tests and stats related to MiMC and Fiat-Shamir challenge name hashing, as well as things depending on it (EdDSA, Merkle Trees, GKR test vectors)

[Tabaie]

Introducing GKR API and making tests pass in light of recent MiMC changes

[gbotrel]

staticcheck --> seems this branch is not merged with develop since some time (missing the constraint/ package version for R1CS and SparseR1CS.

Just to clarify, what is the description of the PR? A mix of GKR api (#425) + fix MiMC interface ?

[Tabaie]

Yes exactly. It was originally the mimc fixes but since that broke GKR as well I had to merge in the GKR API stuff as well.

[Tabaie]

It's currently up to date with develop.

[gbotrel]

TestFiatShamir failing locally:

 FAIL: TestFiatShamir (0.77s)
    --- FAIL: TestFiatShamir/bls12_377/groth16 (0.02s)
        assert.go:537: 
                Error Trace:    /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:537
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:299
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:307
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:288
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:74
                Error:          groth16(bls12_377): [assertIsEqual] 2248481674936889848344681279637786769404236779047702341353974298124900307652 == 1804893092514988653572234391207087360545562016624205485159213979627814772119
                                fiat-shamir.(*FiatShamirCircuit).Define
                                        transcript_test.go:78
                            
                                witness:{"Bindings":[[0,0,0,0],[0,1,2,3],[0,2,4,6]],"Challenges":["1804893092514988653572234391207087360545562016624205485159213979627814772119","1367924371156947165337824263043973441016476277020777135048110731039246126174","666493180360088706893004815140289115642905272546227043905595213473311661997"]}
                Test:           TestFiatShamir/bls12_377/groth16
    --- FAIL: TestFiatShamir/bls12_377/plonk (0.02s)
        assert.go:537: 
                Error Trace:    /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:537
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:299
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:307
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:288
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:74
                Error:          plonk(bls12_377): [assertIsEqual] 2248481674936889848344681279637786769404236779047702341353974298124900307652 == 1804893092514988653572234391207087360545562016624205485159213979627814772119
                                fiat-shamir.(*FiatShamirCircuit).Define
                                        transcript_test.go:78
                            
                                witness:{"Bindings":[[0,0,0,0],[0,1,2,3],[0,2,4,6]],"Challenges":["1804893092514988653572234391207087360545562016624205485159213979627814772119","1367924371156947165337824263043973441016476277020777135048110731039246126174","666493180360088706893004815140289115642905272546227043905595213473311661997"]}
                Test:           TestFiatShamir/bls12_377/plonk
    --- FAIL: TestFiatShamir/bls12_377/plonkFRI (0.02s)
        assert.go:537: 
                Error Trace:    /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:537
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:299
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:307
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:288
                                                        /Users/gbotrel/dev/go/src/github.com/consensys/gnark/std/fiat-shamir/assert.go:74
                Error:          plonkFRI(bls12_377): [assertIsEqual] 2248481674936889848344681279637786769404236779047702341353974298124900307652 == 1804893092514988653572234391207087360545562016624205485159213979627814772119
                                fiat-shamir.(*FiatShamirCircuit).Define
                                        transcript_test.go:78
                            
                                witness:{"Bindings":[[0,0,0,0],[0,1,2,3],[0,2,4,6]],"Challenges":["1804893092514988653572234391207087360545562016624205485159213979627814772119","1367924371156947165337824263043973441016476277020777135048110731039246126174","666493180360088706893004815140289115642905272546227043905595213473311661997"]}

[gbotrel]

test shouldn't depend on bn254.fr.Element

[gbotrel]

is it generated ?

[Tabaie]

Yes because of the big switch case

[gbotrel]

don't understand the package name and the function name -- nor while it is a fullblown package in the std ? a package in the stdshould read as "here is a circuit component that anyone can use"

[Tabaie]

The purpose of this is to cleanly and easily (from the user's POV at least) convert strings to frontend.Variables in a way compatible with what gnark-crypto does. I get that the large switch-case doesn't feel very std-like and that it's not really a "gadget" though.
Does the idea of this function make sense and just not where it's placed?

[gbotrel]

mmhh if it is something we want to do often, then it makes sense to expose it in its own package, but to me "hardcoded_strings.String" is not the right semantic. Maybe in a bytes package, so that it reads bytes.ToVariable(api, b []byte) ? Or, since it's applicable to constants only, a constant pacakge with constant.FromString() or constant.FromByte().

If we only use it at one place for now, I would make it package private there.

[Tabaie]

I think constant.FromString() is the best option.

[Tabaie]

The main reason I avoided more straightforward names was that we already have standard ways of turning a string or []byte into a variable so I wanted to avoid creating confusion between this way of converting and the existing ones. How's constant.HashToVariable?

[gbotrel]

what is that? comment?

[Tabaie]

That's for the GKR API. In the specification of a circuit, we don't pass an actual hash object, but a string identifier which can later be used to construct a hash object both in the SNARK (for the GKR verifier) and in pure Go (for the GKR prover.) So this would be used to "register" hash functions in a similar way to hints.

[gbotrel]

would it be possible to split this PR in 2? 🙄

1. for the MiMC stuff and adding a t.Skip() on the GKR tests
2. for the GKR api and builder / GKR info / algo_utils modifications

I think 1. is straightforward and would unblock gnark v0.8.0 release, and the second one needs a bit more cosmetic work, GKR api is not needed for v0.8.0.

[Tabaie]

Yes I can break it up again. The fixes for the GKR tests didn't have anything to do with the API so that merge turned out to be unnecessary.
That being said, I think GKR without the API is close to unusable as the user will have to solve their subcircuit and construct the proof themselves, using gnark-crypto packages and depending what curves their SNARK would be on, might have to import many such packages.