feat: add PLONK in-circuit verifier #880

ivokub · 2023-10-20T11:20:38Z

Description

This PR adds in-circuit verifier supporting commitments for both 2-chain and emulated computations.

Fixes #847

Type of change

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
This change requires a documentation update

How has this been tested?

2-chain test without commitments TestBLS12InBW6WoCommit
emulated test without commitments TestBW6InBN254WoCommit
2-chain test with commitments TestBLS12InBW6Commit
emulated test with commitments TestBW6InBN254Commit

How has this been benchmarked?

Checklist:

I have performed a self-review of my code
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have added tests that prove my fix is effective or that my feature works
I did not modify files generated from templates
golangci-lint does not output errors locally
New and existing unit tests pass locally with my changes
Any dependent changes have been merged and published in downstream modules

github-actions · 2023-10-20T11:22:49Z

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bls12381
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bn254
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bw6761
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_emulated
❌ TestScalarMulBase4 0s

📦 github.com/consensys/gnark/std/commitments/kzg
❌ TestKZGVerificationEmulated 0s

❌ TestKZGVerificationEmulated/bn254 0s

📦 github.com/consensys/gnark/std/evmprecompiles
❌ TestECRecoverCircuitShortLax 0s

📦 github.com/consensys/gnark/std/gkr
❌ TestMiMCFullDepthNoDepSolve 0s

📦 github.com/consensys/gnark/std/hash/sha3
❌ TestSHA3 0s

❌ TestSHA3/Keccak-512 0s

❌ TestSHA3/SHA3-256 0s

📦 github.com/consensys/gnark/std/internal/logderivprecomp
❌ TestXor 0s

❌ TestXor/bn254 0s

❌ TestXor/bn254/groth16 0s

📦 github.com/consensys/gnark/std/math/emulated
❌ TestIsZero 0s

❌ TestIsZero/Goldilocks/limb=64 0s

❌ TestIsZero/Goldilocks/limb=64/bn254 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/groth16 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/groth16/valid_witness 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/plonk 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/plonk/valid_witness 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/groth16 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/groth16/valid_witness 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/plonk 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/plonk/valid_witness 0s

❌ TestIsZero/Secp256k1Fp/limb=64 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254/groth16 0s

🚧 TestIssue348UnconstrainedLimbs 0s

    element_test.go:820: regression #348

📦 github.com/consensys/gnark/std/permutation/keccakf
❌ TestKeccakf 0s

❌ TestKeccakf/bn254 0s

📦 github.com/consensys/gnark/std/permutation/sha2
❌ TestBlockGeneric 0s

📦 github.com/consensys/gnark/std/polynomial
❌ ExampleMultiLin_Evaluate 0s

📦 github.com/consensys/gnark/std/rangecheck
❌ TestCheck 0s

github-actions · 2023-10-20T13:16:24Z

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bls12381
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bn254
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bw6761
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_emulated
❌ TestScalarMulBase4 0s

📦 github.com/consensys/gnark/std/commitments/kzg
❌ TestKZGVerificationEmulated 0s

❌ TestKZGVerificationEmulated/bn254 0s

📦 github.com/consensys/gnark/std/evmprecompiles
❌ TestECRecoverCircuitShortLax 0s

📦 github.com/consensys/gnark/std/gkr
❌ TestMiMCFullDepthNoDepSolve 0s

📦 github.com/consensys/gnark/std/hash/sha3
❌ TestSHA3 0s

❌ TestSHA3/SHA3-256 0s

❌ TestSHA3/SHA3-384 0s

📦 github.com/consensys/gnark/std/internal/logderivprecomp
❌ TestXor 0s

❌ TestXor/bn254 0s

❌ TestXor/bn254/groth16 0s

📦 github.com/consensys/gnark/std/math/emulated
❌ TestIsZero 0s

❌ TestIsZero/BN254Fp/limb=64 0s

❌ TestIsZero/BN254Fp/limb=64/bn254 0s

❌ TestIsZero/BN254Fp/limb=64/bn254/groth16 0s

❌ TestIsZero/BN254Fp/limb=64/bn254/groth16/valid_witness 0s

❌ TestIsZero/BN254Fp/limb=64/bn254/plonk 0s

❌ TestIsZero/BN254Fp/limb=64/bn254/plonk/valid_witness 0s

❌ TestIsZero/BN254Fp/limb=64/bn254#01 0s

❌ TestIsZero/BN254Fp/limb=64/bn254#01/groth16 0s

❌ TestIsZero/Goldilocks/limb=64 0s

❌ TestIsZero/Goldilocks/limb=64/bn254 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/groth16 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/groth16/valid_witness 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/plonk 0s

❌ TestIsZero/Goldilocks/limb=64/bn254/plonk/valid_witness 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/groth16 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/groth16/valid_witness 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/plonk 0s

❌ TestIsZero/Goldilocks/limb=64/bn254#01/plonk/valid_witness 0s

❌ TestIsZero/Secp256k1Fp/limb=64 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254/groth16 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254/groth16/valid_witness 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254/plonk 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254/plonk/valid_witness 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254#01 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254#01/groth16 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254#01/groth16/valid_witness 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254#01/plonk 0s

❌ TestIsZero/Secp256k1Fp/limb=64/bn254#01/plonk/valid_witness 0s

🚧 TestIssue348UnconstrainedLimbs 0s

    element_test.go:820: regression #348

📦 github.com/consensys/gnark/std/permutation/keccakf
❌ TestKeccakf 0s

❌ TestKeccakf/bn254 0s

📦 github.com/consensys/gnark/std/permutation/sha2
❌ TestBlockGeneric 0s

📦 github.com/consensys/gnark/std/polynomial
❌ ExampleMultiLin_Evaluate 0s

📦 github.com/consensys/gnark/std/rangecheck
❌ TestCheck 0s

github-actions · 2023-10-23T10:10:14Z

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bls12381
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bn254
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_bw6761
❌ TestFinalExponentiationTestSolve 0s

📦 github.com/consensys/gnark/std/algebra/emulated/sw_emulated
❌ TestScalarMulBase4 0s

📦 github.com/consensys/gnark/std/commitments/kzg
❌ TestKZGVerificationEmulated 0s

❌ TestKZGVerificationEmulated/bn254 0s

📦 github.com/consensys/gnark/std/evmprecompiles
❌ TestECRecoverCircuitFull 0s

❌ TestECRecoverCircuitFull/bn254 0s

📦 github.com/consensys/gnark/std/gkr
❌ TestMiMCFullDepthNoDepSolve 0s

📦 github.com/consensys/gnark/std/hash/sha3
❌ TestSHA3 0s

❌ TestSHA3/SHA3-256 0s

❌ TestSHA3/SHA3-384 0s

📦 github.com/consensys/gnark/std/math/emulated
❌ ExampleField_NewHint 0s

🚧 TestIssue348UnconstrainedLimbs 0s

    element_test.go:820: regression #348

📦 github.com/consensys/gnark/std/permutation/keccakf
❌ TestKeccakf 0s

❌ TestKeccakf/bn254 0s

📦 github.com/consensys/gnark/std/polynomial
❌ ExampleMultiLin_Evaluate 0s

📦 github.com/consensys/gnark/std/rangecheck
❌ TestCheck 0s

github-actions · 2023-10-23T23:09:43Z

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 630ms

    verifier_test.go:51: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:51
        	            				/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:83
        	Error:      	Received unexpected error:
        	            	invalid fr.Element encoding
        	Test:       	TestBLS12InBW6

github-actions · 2023-10-25T00:42:38Z

📦 github.com/consensys/gnark/std/gkr
❌ TestSqNoDependencyCircuit 0s

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xb762aa]

goroutine 21862 [running]:
github.com/consensys/gnark-crypto/ecc/bn254/fr/iop.(*Polynomial).ToCanonical(0x0, 0xc00023fb00?, {0xc000c74f60?, 0xc0?, 0xfc6e00?})
	/home/runner/go/pkg/mod/github.com/consensys/gnark-crypto@v0.12.2-0.20231023220848-538dff926c15/ecc/bn254/fr/iop/polynomial.go:338 +0x2a
github.com/consensys/gnark/backend/plonk/bn254.(*instance).computeNumerator.func6(0x0)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:996 +0xc5
github.com/consensys/gnark/backend/plonk/bn254.batchApply.func1(0xc00050c040?)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1092 +0x31
created by github.com/consensys/gnark/backend/plonk/bn254.batchApply in goroutine 20920
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1091 +0x12b

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 550ms

panic: TODO [recovered]
	panic: TODO

goroutine 19 [running]:
testing.tRunner.func1.2({0x9d0de0, 0xb7ece0})
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1545 +0x238
testing.tRunner.func1()
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1548 +0x397
panic({0x9d0de0?, 0xb7ece0?})
	/opt/hostedtoolcache/go/1.21.3/x64/src/runtime/panic.go:914 +0x21f
github.com/consensys/gnark/std/recursion/plonk.ValueOfVerifyingKey[...](...)
	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier.go:64
github.com/consensys/gnark/std/recursion/plonk.TestBLS12InBW6(0xc000103d40)
	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:86 +0x90
testing.tRunner(0xc000103d40, 0xae43e0)
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1595 +0xff
created by testing.(*T).Run in goroutine 1
	/opt/hostedtoolcache/go/1.21.3/x64/src/testing/testing.go:1648 +0x3ad

github-actions · 2023-10-25T23:28:06Z

📦 github.com/consensys/gnark/std/gkr
❌ TestDoubleNoDependencyCircuit 0s

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xb762aa]

goroutine 14064 [running]:
github.com/consensys/gnark-crypto/ecc/bn254/fr/iop.(*Polynomial).ToCanonical(0x0, 0xc0002c3380?, {0xc000338760?, 0xc0?, 0xfc6e00?})
	/home/runner/go/pkg/mod/github.com/consensys/gnark-crypto@v0.12.2-0.20231023220848-538dff926c15/ecc/bn254/fr/iop/polynomial.go:338 +0x2a
github.com/consensys/gnark/backend/plonk/bn254.(*instance).computeNumerator.func6(0x0)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:996 +0xc5
github.com/consensys/gnark/backend/plonk/bn254.batchApply.func1(0x0?)
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1092 +0x31
created by github.com/consensys/gnark/backend/plonk/bn254.batchApply in goroutine 13126
	/home/runner/work/gnark/gnark/backend/plonk/bn254/prove.go:1091 +0x12b

github-actions · 2023-11-03T10:13:54Z

📦 github.com/consensys/gnark/std/commitments/fri
❌ TestFriVerification 380ms

    fri_test.go:128: [assertIsEqual] 10143962279866096754939274742091438846054446069363875312934954770438259016160 == 12728612357088466211075361665205415143201191108558212015308061573735919765935
        merkle.(*MerkleProof).VerifyProof
        	verify.go:106
        fri.RadixTwoFri.verifyProofOfProximitySingleRound
        	fri.go:181
        fri.RadixTwoFri.VerifyProofOfProximity
        	fri.go:231
        fri.(*ProofOfProximityTest).Define
        	fri_test.go:40

📦 github.com/consensys/gnark/std/fiat-shamir
❌ TestFiatShamir 70ms

❌ TestFiatShamir/bls12_377 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 3163888562371428093593618221793359294972156157684584935827002276768762058485 == 5303862187967141007985180745379160188857636083947327329330907206381618369881
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["6291300163970378290634550750052374931460828599673123801691548691174718402048","7906539547372309426722992846560604421922154724194538385200692220974258769956","3549857784597046223916185596666343261419633339184216329392545589951688765606","101383321449339439121212731153325265791307783045265928890282976641972056382"],["1815135838668298247765352902939425258757803492272416198250250210245464192361","5071857529627951707838038750563454916726902704596727994584725919179250572984","4032094196279148218543717435873280079819424450795985234480850316001228949824","1300348927825061413402309457575821357136587432593338951081321637951717689745"],["5425192024740364400046267066352482960735381981412414432073990519002750381944","3188837926985574803620132485082388180957876793823589270148515462362427381579","3955523470322280490183232283126198531015048777411103318458973976432766982470","318755067267743706618597160988406967417097609591303871297580539643399901653"]],"Challenges":["5303862187967
141007985180745379160188857636083947327329330907206381618369881","2925899173502819949783941743904339582241885703020466684961276501986793232235","7748600032351080752459402768121102982775136548857922841968266652631512129845"]}
        	Test:       	TestFiatShamir/bls12_377

❌ TestFiatShamir/bls12_381 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 8696261718507777874422940675183796970688869201363951395369968226203794201289 == 5038966129905068384566280789872198845654100939943664748032998790711433717366
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["9391878985204293843246815406043355128663487663884213717864740814237180732421","30280909550882172713872972823846757926194781059199623012832373346392637004564","3932735292395239191736070259682861866406065970138743358294377384494621264455","13884141915506871491009370938540523084599223774138630644372914556673125501793"],["42503948158124107232356884605398838104158374381128805096606837198890244646701","36741750726148825040279983827499755372943964142182761971282733771337320986452","23768829278150777150739177161409562690091354540630781535222511138517542944662","28371295834624796675373055442311682602757087513768396953619136161871868218344"],["46324195837181634877850755620492354509644009985657669814372028862350457859496","9498647394034631688668923978204160888032133300085148794255527940694200558804","20528163023876810070819565278619897356833145664566547521906422298204407448969","1575107519948188940094826152794498297032197279869320139642075225193140949874"]],"Challenges":["503
8966129905068384566280789872198845654100939943664748032998790711433717366","18895313745035330202239304197877629206091077885394435073883642452521835788188","35286704864657592067245443796527822573351683839922075970588927567871743650011"]}
        	Test:       	TestFiatShamir/bls12_381

❌ TestFiatShamir/bls24_315 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 2359179430821968354184234031394932597477330536560107271435799337242705237533 == 9884243649614624108838134730344466738017321927296759039412304362476292178667
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["2198128240669689316787754711667666319719740031109946991893031608413414473111","3296567216737832499536884502018528187027939314923429305592083544203108993987","10292838815259732041301031190710103591456025395080539870856479116630222270686","5218345630339555201426174440312936300723943003514428226202201295492144951512"],["1983454648999166633156704713135109739126009598312913806675556197709828872982","5742887290338284881647232797701047613145007440862387722515607515639506361027","6925475754576784735751961718951581570958452184828420886884480414856146318887","2240989890792884842541000897627317756381920878951008824632432250739378839181"],["577740837901196244993839760166399523882114120704386641560829776823090015923","4918834379557413735143144587229902008123849203046522680979707645560497330300","9971999469857050064352459005007593511079302760678195857208172718175700257387","9966155939345140814558183903981236307103450761506879379862224882925549880162"]],"Challenges":["98842436496
14624108838134730344466738017321927296759039412304362476292178667","11398620813508854652363537080460318073097481894438388753799727206842712433704","9321536512427710998898024731197907166140976337591400960298208211638289239879"]}
        	Test:       	TestFiatShamir/bls24_315

❌ TestFiatShamir/bls24_317 20ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 24470135421085567986037135534090829682886137962048430268674195640794157519518 == 23826843743354467619154411902437927204404990202710438610605521547252520642696
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["12629955706893136513475473078513477631257086656770085153923101957489733302730","9330796712475762700370899245902198312772390750305013985624676565647869470083","24851326899543838818117724524775252402879635569960434693346341694443672222900","770772383832774376461831994409263265290179330938143470342373786354940171424"],["10436324015327596409366252187625659330788663857805374970051784500276310866183","252258590300624661374300583101318112214182133233177706027045119617766332592","24066326997870464497350362302892118005563990460625010238066579605149722317826","3943076652646080737830556684640912420244420238071508564103327589629049422141"],["15145907488421821499254812195788217531113343745427767731740259415984442900314","6043711222462020671227554979423982724061333728187659067381242614822277652442","11349629588121235245209424264489239041799748345546955593371161347851632798946","26219122209225338948401468501462681135574201105457748878921351974358387986622"]],"Challenges":["238268
43743354467619154411902437927204404990202710438610605521547252520642696","6982253999963435270470561326231279338995279707264267410876288314410193992768","10989469211956918598133731787544634185579985658162137417656479388956725773901"]}
        	Test:       	TestFiatShamir/bls24_317

❌ TestFiatShamir/bn254 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 3796935116167748471942166145793596519651128497273976398414188149351362499104 == 20724595094432976631835710626927786556187472458566207992305806867487125290725
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["1676980996228780107238068323920417170832219792090394809897120601625035524339","5447682647749328434613116024225313696913171774349701498050890867232681425607","2691518689036150882080322045571972800297737067339635116752943083016374126039","5403784750430382824119088784462127714781160300682693585390839537046832557430"],["1209528016041266309495173814769851459296262753986606358243577713456077532871","15463039324304123905260978481590996151072410798735736278302307682983869276847","18142503582348694673944410285313835004294361464633435939462744787875163478409","8862380238909944010941991665466463749753903440709074818110887406157940985628"],["270519456509555543972948331421079594885730580783304552872908312589890854314","18197100796970964047745835411988512013760618216279658985067317237329544965182","6661586594534419233734872839971444947066935931616053821585991057792436126111","13368322664696295582731699801607664361162557964045396532229203093588380515804"]],"Challenges":["20724595
094432976631835710626927786556187472458566207992305806867487125290725","3781906352106464750555502188108172730257404755465779415581100632511715152560","12118197161733147328306639330027267950944005272809888593046666750697102986607"]}
        	Test:       	TestFiatShamir/bn254

❌ TestFiatShamir/bw6_633 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 4508429985267206112545932946741473832093196980287798912777852843131805242919125539980307504390 == 32561104289712216457971152338467849761730538544309146304204408970906928212382736248505372658728
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["4828408093586476358007686529634062099778834097027180848566497493075566991074097614410732890370","6454150834326426073276736101489265187737365967701407522131599290758409985427984223805815662269","19775543321802352964718849891928308789823798340680588383640754846720924619181403310795623371620","6358703640520588561088665171593460713854674288304992340189871668377040196016703136648732246507"],["19035180068553943052269983334644509619054732252807322011793022425650194649105621989177700360741","12621300327343586993167376282184568075651967067782976278149828749033232595258010683014098137861","16303817727095306261311457051061239832922029819749078437182950073512072409686373459828910370817","23599904661653903086105693638420965041420230429093890902336771176178770399415760048112217403793"],["39473306974940492008616033009828962939390179844699456932406647142023457204323360953386375468282","39046121002446934726795059600575061060739448613086364455216588091352287295449334077408152052864"
,"7881954047306544613536330912464313169485619949454105410568017334403687207418940521308613061132","9770378181828516718814932307820941173652217135695139684368284880619671023576968359494864994231"]],"Challenges":["32561104289712216457971152338467849761730538544309146304204408970906928212382736248505372658728","31813661360999231115369184843613329345537182287861152242346853542916268829253297789771875359279","37875095360103425435601308813753704904321041208548393900993161947576086005081697399122117204731"]}
        	Test:       	TestFiatShamir/bw6_633

❌ TestFiatShamir/bw6_761 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 58643728296573478344445451045297754502205386348408702842265087709365155626258926248679847234247653517423754267888 == 19135851982861533992158655111543281317947729710626961660625851881007837021475524633239883922834729055005194814924
        	            	fiat-shamir.(*FiatShamirCircuit).Define
        	            		transcript_test.go:79
        	            	
        	            	witness:{"Bindings":[["131786283179681204313711389172440827170842642790147454589985247184620903722608058246206270988135027896320260142262","190488604032644345698279519199086970058028552814675383834750176269481474258927866439146917021805407850077025453872","1454786076985381089026432953764106759219828631310620780694357041598566968069189657234869201421952112013247170355","52000114051638911805598945790018529138078193098235329856094297797661684676535510190034059631837516354245051805645"],["74835038568659812850278433069878453562555640193755200669940444083546621295221558524634416265451155223699996601946","147928058349231213473721987613509385198351743349311637229843607919496141338409886643244613398584606871791961343882","222738178286898975312522421102136361776991534783583273908639323483547310808835899395532973966768245609222219704713","131763635637800422232543398264965384849905384098687355877954755083715834958479649047218022283306761830968885731376"],["1026602408727867654934180942950866529837467
59842303452321039375575868316155867533681460988926289111092466839184393","204781753482336581950336423239184205306153176876792073267655259739877706350953773474840897248923754968742169201976","199173048286990963404822030189871406340427129827761986132215207139910455222379943582635988391055662603909880819518","67986233940672701127169374173694639135780607691402982184362768995287704007551386461866776249101950753921817053837"]],"Challenges":["19135851982861533992158655111543281317947729710626961660625851881007837021475524633239883922834729055005194814924","160616971098496206694191062434645687958947737072855977448369526275018364508478077275321706468879739391683998170738","123200620317255831072790580327897531002291515429751205976994168155720538237268961649502345194674813461961457577226"]}
        	Test:       	TestFiatShamir/bw6_761

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 730ms

❌ TestBLS12InBW6/bw6_761 10ms

ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Proof_BatchedProof_Points []frontend.Variable
ignoring uninitialized slice: Points []frontend.Variable
    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsBoolean] 444016192865
        	            	bits.fromBinary
        	            		conversion_binary.go:36
        	            	bits.FromBase
        	            		conversion.go:42
        	            	bits.FromBinary
        	            		conversion_binary.go:16
        	            	recursion.(*shortCircuitHash).Write
        	            		wrapped_hash.go:244
        	            	fiat-shamir.(*Transcript).ComputeChallenge
        	            		transcript.go:153
        	            	plonk.(*Verifier[...]).deriveRandomness
        	            		verifier.go:573
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:291
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:84
        	            	
        	            	witness:{"Proof":{"LRO":[{"G1El":{"X":"193287807574155234665703987172556898856391565773452682083710449129334020624113076083752135236810081195944671505909","Y":"23065430555995554555920172814353530119825632757418747268386105420699503568089674674395052015766896038445612344060"}},{"G1El":{"X":"355094838535282191300241501520676381662223983398239332878840413935507552655638951998671185094455752274186212320","Y":"128746439451750983844611346823319226228828489600342712479488971730841129329375185344167865801022251733360838603673"}},{"G1El":{"X":"40072461756439445414430727995309704312595542632595279775796319822094261771160951055839989328252481527034497856772","Y":"30657191356029651361323668847599765912418203611767747919104164186435631504233504125183086653009461719827283707889"}}],"Z":{"G1El":{"X":"60721804516788057377984968955947889562327178820974388596811968785218101290666797041779694325814735479996424161070","Y":"2081246918424189669928183026379355472283734624594167277800806509996631286555599367041
57020170218154059650193129800"}},"H":[{"G1El":{"X":"23434526675361357119812361108093729000121567400091164794740238655901375694863755438341630007373782306802858100607","Y":"137460013709898812020158119592629905255636654601992476297103708496123848723572501074323758514423143129088194273309"}},{"G1El":{"X":"128069736999944306093075678022456853606886725616172239442510796428902226026812217356874136122269985639232562219806","Y":"136348144394645607875251138448732756914773077785993888189530339383101199678611985806189556472497367247030380363070"}},{"G1El":{"X":"123483938875050508011061745830384516920358592022296749286949889280077007474569715548960104533611635681128378369001","Y":"137538908022621727398262199833139927896370590649411566375086773236655373472665913495675669512976688589633714602185"}}],"BatchedProof":{"QuotientPoly":{"X":"222753019234202892988703165802167539306551943444212645930991587742048330218105447512964379251191871984278532557153","Y":"598975271225090248693622439220362812092081103826640504234755814564149
64546434110033507676050350578082590660241217"},"ClaimedValues":["880359431596862465442178865663168944978160319535121030552143283775242222581","2774161365298157845889880829207019485165404858946671557878730069315234200975","1080102532583576206553022602741445105969501703850844093619186257860805971853","7574653122525843764824022127854417689330968514353988617429781670846357167870","2212010931434901294691544575521410219067694405067295252588540919746770500612","337475976816557717144324355578167679181437707156209890102875041324631234513","5467961860065941771393904847628590872811027857787832310128922042919444268837"]},"ZShiftedOpening":{"QuotientPoly":{"X":"244328173805691593921498773871881418885391930947033360074513805583546937980860537949747991611462582819166135287099","Y":"33866411996519031471476146863031726930010564695969616559120379944503697095836920092854992215813299138882396483139"},"ClaimedValue":"901610211588746007530480127958128205478550901858300395351216094719325967305","Point":1}},"VerifyingKey":{"Size":4,
"SizeInv":"6333346312071277818186618704086159898531924501365547870951425091938056929281","Generator":"880904806456922042258150504921383618666682042621506879489","Kzg":{"SRS":[{"X":{"A0":"233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294","A1":"140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118"},"Y":{"A0":"63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423","A1":"149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491"}},{"X":{"A0":"197487989529169039797901372637203768568880620644243311534350504654042744861515916514902847752106582440975969154503","A1":"177834945064927985819232243246807186072907567000582911754536973694170033569559488642391102131508292683714627367750"},"Y":{"A0":"11831575641890263091606358135519685592366191832562880278528800879334471933093603678646
0765237134622877479754447920","A1":"211441955035634224716331256021389203792082246683722702766385406818890361901888977244646636300177825985071450890034"}}]},"CosetShift":22,"S":[{"G1El":{"X":"58818828082671107722040494270092989733604256797346944455839725142575816071573204087330897867143730761412582190906","Y":"89025995190463862316668137740226176488944348576425488390449504782223551567810320510977475059424447670035145831083"}},{"G1El":{"X":"41807256128783827327708795714494873039043551875495654186299694541759434439833242902410246209190857904531115900090","Y":"53802668449585277093387415462284304690276490336010688627283627561721091207319813653436478712522252607259733466786"}},{"G1El":{"X":"229357714275675823236048044509707664175686073040240495294224726389424695390586983695321225675418111482630164314112","Y":"3028683948223411206116162166086233135397815246810711328761190735918590082171070188783444899329774501605903380478"}}],"Ql":{"G1El":{"X":"18584085988870019159057457086724578789390594528911136053807372128401488063
9283441181920077440814468801210313340072","Y":"84153284364172426386658235732171307991629044814788303515031929116995622827438506753586872713110028512322246551604"}},"Qr":{"G1El":{"X":"185771601333162953706345135162471105707677286547564455895794446819262853490291303196317121388678720276293922935081","Y":"146682034915935479360452244285677333961765393311515727147282836117063326311852958278540876874456151808296469216410"}},"Qm":{"G1El":{"X":"244531027910978350350823970652213683991353072501205522126460344486951429889590131703916457967948555172930876760818","Y":"136810005735508215141777566891753514293694610649186116676915566318275437169306498005125991324755301114440048297786"}},"Qo":{"G1El":{"X":"244531027910978350350823970652213683991353072501205522126460344486951429889590131703916457967948555172930876760818","Y":"121854420277460878868875166803140019242698902105728543862968696348445031179034324769842896814818059010000273160391"}},"Qk":{"G1El":{"X":0,"Y":0}}},"InnerWitness":{"Public":[15]}}
        	Test:       	TestBLS12InBW6/bw6_761

github-actions · 2023-11-03T13:02:55Z

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 690ms

❌ TestBLS12InBW6/bw6_761 0s

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	runtime error: invalid memory address or nil pointer dereference
        	            	runtime.panicmem
        	            		panic.go:261
        	            	runtime.sigpanic
        	            		signal_unix.go:861
        	            	big.(*Int).Cmp
        	            		int.go:381
        	            	recursion.NewHash
        	            		wrapped_hash.go:168
        	            	recursion.NewTranscript
        	            		wrapped_hash.go:182
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:279
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:85
        	            	
        	            	witness:{"Proof":{"LRO":[{"G1El":{"X":"196548503668016044380133063126356121823036145057979704463462128987553090220077379198600266944685922625332703271824","Y":"214090964711194832115310848911819974164120898248629418319396812554477705496229217476365065682584103844408107484879"}},{"G1El":{"X":"235516964484035587485014088225517195825165153142992756676438865607836053383520734255759443949146598170808653068254","Y":"140469916693323861691688353692838399744128864523216827168617130974722514006426752894464150313562963042487983455439"}},{"G1El":{"X":"85084612998039316763995724964802150536468287625505921681713726575042312924611288348986301872502469227816304715107","Y":"227042921643688908174534191004931872078449609898130635394994773583742654933014986355165417712930394749554462191530"}}],"Z":{"G1El":{"X":"65174441907605058712443019187024287680425960809925525713590333946918589684919436974595151673165885745443807219901","Y":"16720982098492192178452282235683395003925528683185192880396768413585125407175935
5351382917082126923134394613389482"}},"H":[{"G1El":{"X":"115349902033088254677532519363402694647935581044859198602940173188741796431047103552562837838263753358799732717552","Y":"53998259376057978622077771667251242146174177685538392187359614346878908649920303763236897364320899426423685281859"}},{"G1El":{"X":"206569191951069780042542905816617062865936050184390406950515952955971426136563704315638562030799315318626161106570","Y":"181889573818608157996069390920836842216098263827785251343473351365384187243414173837281513360025659221660249648135"}},{"G1El":{"X":"19748671239673935332351668053662811872019735590758644977988534472734103874634539468457715198398379601916363915001","Y":"146290617204129276725621788183675349866809136081481717963179808406228117287730310351283967488819363990125352213046"}}],"BatchedProof":{"QuotientPoly":{"X":"58675858332608172082439213072120396717465381298892154049263873810175332923224511968786652979329174507463756293307","Y":"113031268647185475554424214961938379483878313711679541697675680228
555655994179929906619806815244997992802066872049"},"ClaimedValues":[{"Limbs":["33728202843085721132208179625129688786137987401920569417469937726550553473"]},{"Limbs":["5962989668634166451562915011530384505830588520780438327348319810359667585102"]},{"Limbs":["632905560565278898659171485792945034242428700831243731089078422217691480673"]},{"Limbs":["753086223445701762614583476754688711159954656484562768297576210090519153499"]},{"Limbs":["1770423897418043666850257310617243492992073299121092810955899098787516724148"]},{"Limbs":["4631150168019752962293064518283462366569885886037214051394065036728463502465"]},{"Limbs":["5806103312593245997570148884059907500670804098947240075856198083676526738359"]}]},"ZShiftedOpening":{"QuotientPoly":{"X":"115292622250029024810336942598037613075451783960090081557659343951172325124730389375680394424552808407049682875381","Y":"212853175100233419468559751535725792287339449275817363935515895014010873158637341895665896699995759960308441628403"},"ClaimedValue":{"Limbs":["57412963401203895
78367168075396421532439108413866494313942569251257451274675"]},"Point":{"Limbs":[1]}}},"VerifyingKey":{"Size":{"Limbs":[4]},"SizeInv":{"Limbs":["6333346312071277818186618704086159898531924501365547870951425091938056929281"]},"Generator":{"Limbs":["880904806456922042258150504921383618666682042621506879489"]},"Kzg":{"SRS":[{"X":{"A0":"233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294","A1":"140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118"},"Y":{"A0":"63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423","A1":"149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491"}},{"X":{"A0":"233647295443072603917851894882335667644508568003687271433256096835891725415827039625362656464009079263248056935698","A1":"384860111779721709921110729887619025681380484099300533688939855890
63647426306749633993326932722740719351680623001"},"Y":{"A0":"105631780992921028195213822994230469596989067730138052492747170432962014628087516546244063139793689161711715916554","A1":"86151188775497278236541480964281180813461871612950524871388102155253078471704841822704620812014532467876828041649"}}]},"CosetShift":{"Limbs":[22]},"S":[{"G1El":{"X":"164145496270958653362865457760044712760413824350881907199978717126940413120194454664945052735177074696901970548177","Y":"234365962377835610559168807266509551355724850502788973247982598923009085772461485437279734316412767791314508143121"}},{"G1El":{"X":"85335569928532006250442807036461492872351369027438435547251821945011432666461935349901411890184626843771575068724","Y":"55393204343543503315392259962336344513965087561507926435389580322264015523909437593800339836511027931756981418607"}},{"G1El":{"X":"44042344774100799675492339150919395407587940877711688671547038041828042201673239325323938683332831953352050001243","Y":"206181953580390988848066541626503747124296303304781
486339246289507667269358858533207014169453721536425433078505365"}}],"Ql":{"G1El":{"X":"71979890398417170200516132026454140917461190821488715289999195980139483406079931769733897537517298830024567733707","Y":"47976073820824640475703456566349053158412543619842529625552280023765180960907316380821159700407420292567172683032"}},"Qr":{"G1El":{"X":"31671898208112495294460451729061645210358119638985047702450656145518073960341563572475418306816101175358929493891","Y":"71942539187214378445880468265359578519689424748803708065655156098763350663979154476589953314057956123662087605875"}},"Qm":{"G1El":{"X":"85007969379210954589974643842614033102589094786156374528920676520480115079074125661470167899277947258783416543938","Y":"167962436744924620931255460756643204206797647797346587780396918836322098703165701006737466591520753164915909139862"}},"Qo":{"G1El":{"X":"85007969379210954589974643842614033102589094786156374528920676520480115079074125661470167899277947258783416543938","Y":"907019892680444730793972729382503293295958649575
68072759487343830398369645175121768231421548052606959524412318315"}},"Qk":{"G1El":{"X":0,"Y":0}}},"InnerWitness":{"Public":[{"Limbs":[15]}]}}
        	Test:       	TestBLS12InBW6/bw6_761

github-actions · 2023-11-03T16:32:53Z

📦 github.com/consensys/gnark/std/recursion/plonk
🛑 build failed

📦 github.com/consensys/gnark/std/recursion/plonk [github.com/consensys/gnark/std/recursion/plonk.test]

std/recursion/plonk/verifier_test.go:82:52: too many arguments in call to NewVerifier
	have (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl], "github.com/consensys/gnark/std/hash".FieldHasher)
	want (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl])
std/recursion/plonk/verifier.go:5:2: "math/big" imported and not used
std/recursion/plonk/verifier.go:6:2: "strconv" imported and not used

github-actions · 2023-11-08T11:24:10Z

📦 github.com/consensys/gnark/std/recursion/plonk
🛑 build failed

📦 github.com/consensys/gnark/std/recursion/plonk [github.com/consensys/gnark/std/recursion/plonk.test]

std/recursion/plonk/verifier_test.go:82:52: too many arguments in call to NewVerifier
	have (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl], "github.com/consensys/gnark/std/hash".FieldHasher)
	want (frontend.API, algebra.Curve[FR, G1El], algebra.Pairing[G1El, G2El, GtEl])
std/recursion/plonk/verifier.go:5:2: "math/big" imported and not used
std/recursion/plonk/verifier.go:6:2: "strconv" imported and not used

github-actions · 2023-11-08T15:32:47Z

📦 github.com/consensys/gnark/backend/plonk
❌ TestProver 0s

❌ TestProver/bn254 0s

📦 github.com/consensys/gnark/internal/stats
❌ TestCircuitStatistics 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_377/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_377/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_377/plonkFRI 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_381/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_381/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls12_381/plonkFRI 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_315/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_315/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_315/plonkFRI 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_317/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_317/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bls24_317/plonkFRI 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bn254/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bn254/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bn254/plonkFRI 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_633/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_633/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_633/plonkFRI 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_761/groth16 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_761/plonk 0s

❌ TestCircuitStatistics/api/AssertIsLessOrEqual/bw6_761/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bls12_377/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bls12_377/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bls12_377/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bls12_381/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bls12_381/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bls12_381/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bls24_315/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bls24_315/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bls24_315/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bls24_317/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bls24_317/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bls24_317/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bn254/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bn254/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bn254/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bw6_633/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bw6_633/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bw6_633/plonkFRI 0s

❌ TestCircuitStatistics/api/Lookup2/bw6_761/groth16 0s

❌ TestCircuitStatistics/api/Lookup2/bw6_761/plonk 0s

❌ TestCircuitStatistics/api/Lookup2/bw6_761/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_377/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_377/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_377/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_381/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_381/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls12_381/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_315/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_315/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_315/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_317/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_317/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bls24_317/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bn254/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bn254/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bn254/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_633/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_633/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_633/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_761/groth16 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_761/plonk 0s

❌ TestCircuitStatistics/math/bits.ToBinary/unconstrained/bw6_761/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_377/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_377/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_377/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_381/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_381/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls12_381/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_315/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_315/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_315/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_317/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_317/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bls24_317/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bn254/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bn254/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bn254/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_633/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_633/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_633/plonkFRI 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_761/groth16 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_761/plonk 0s

❌ TestCircuitStatistics/math/bits.ToTernary/unconstrained/bw6_761/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls12_377/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls12_377/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls12_377/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls12_381/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls12_381/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls12_381/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls24_315/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls24_315/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls24_315/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls24_317/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls24_317/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bls24_317/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bn254/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bn254/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bn254/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bw6_633/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bw6_633/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bw6_633/plonkFRI 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bw6_761/groth16 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bw6_761/plonk 0s

❌ TestCircuitStatistics/math/emulated/secp256k1_64/bw6_761/plonkFRI 0s

❌ TestCircuitStatistics/pairing_bls12377/bw6_761/groth16 0s

📦 github.com/consensys/gnark/std/algebra/emulated/fields_bls12381
❌ TestFp12ExptTorus 0s

📦 github.com/consensys/gnark/std/algebra/emulated/fields_bn254
❌ TestDivFp12 0s

github-actions · 2023-11-09T09:14:02Z

📦 github.com/consensys/gnark/std/recursion/plonk
🛑 build failed

📦 github.com/consensys/gnark/std/recursion/plonk [github.com/consensys/gnark/std/recursion/plonk.test]

std/recursion/plonk/verifier.go:5:2: "math/big" imported and not used
std/recursion/plonk/verifier.go:7:2: "strconv" imported and not used

github-actions · 2023-11-09T09:20:41Z

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 1.08s

MSM input
E([258618278724209285611851849132948908195012707530361089681070129433652228518316204497376809596443622613802295211378,140334735106941239160485080214324606453532092216871283616768725194182250348640885464128347562788892503106178238373])
2146406540857918237865578843785926273242030438707749098436688494278526093469
E([55326139862841378904450641229696688750646111785564068755942356439281089331229392687777953801014450769490290061020,250060215593771891398625126096229309599607384596288579548775512071711089172446820313503153211511752708233878409428])
3999113244465746569675590933553141533633301663853922109784140088122177688290
E([248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242,183814392839645442995650223385915395659471760288273849901343604959012928735370891271406471342556347827891531939152])
6903447453637311323998303144633435191133564589142533497285490497617601790471
E([248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242,74850033173323651015002510308978137876921752466640810638540657707707539612969931503562416797017012296548789519025])
3472817178521767514543705893566523544287198681856057587125953808632968955990
O
1
E([9825211791914993690312657590546014209147204593431368457054890377894235871542551312039708292976752739881721385125,82090757997907767999539621908872505188716691521681000211104047793191560017507213732585235385188551279493746353668])
5928333484623298087445035059582510466800272603715539480982140243704972531882
E([202601209786867752830240772289312449630913655171378355746986707468426240964175074682757352954530625217430369685767,33997091150883083381111491271572824605494467403340971734052161653982505311539887135830525498045041225654865700865])
5424009932483523022401733985733888715553320754567840414626602313584432421859
MSM output
E([164116021395424605742475300353803725477189323797482639960127878137699203886959823989621220842178782746999450653711,191899905181045652813342262363812247331749905598563260167277546087779602303910347681135448158187173315934430913445])
MSM input
(test.engine) pairing2.go:300 258618278724209285611851849132948908195012707530361089681070129433652228518316204497376809596443622613802295211378 140334735106941239160485080214324606453532092216871283616768725194182250348640885464128347562788892503106178238373 
2146406540857918237865578843785926273242030438707749098436688494278526093469
(test.engine) pairing2.go:300 55326139862841378904450641229696688750646111785564068755942356439281089331229392687777953801014450769490290061020 250060215593771891398625126096229309599607384596288579548775512071711089172446820313503153211511752708233878409428 
3999113244465746569675590933553141533633301663853922109784140088122177688290
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 183814392839645442995650223385915395659471760288273849901343604959012928735370891271406471342556347827891531939152 
6903447453637311323998303144633435191133564589142533497285490497617601790471
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 74850033173323651015002510308978137876921752466640810638540657707707539612969931503562416797017012296548789519025 
3472817178521767514543705893566523544287198681856057587125953808632968955990
(test.engine) pairing2.go:300 0 0 
1
(test.engine) pairing2.go:300 9825211791914993690312657590546014209147204593431368457054890377894235871542551312039708292976752739881721385125 82090757997907767999539621908872505188716691521681000211104047793191560017507213732585235385188551279493746353668 
5928333484623298087445035059582510466800272603715539480982140243704972531882
(test.engine) pairing2.go:300 202601209786867752830240772289312449630913655171378355746986707468426240964175074682757352954530625217430369685767 33997091150883083381111491271572824605494467403340971734052161653982505311539887135830525498045041225654865700865 
5424009932483523022401733985733888715553320754567840414626602313584432421859
scalarmul step 1
(test.engine) pairing2.go:300 55326139862841378904450641229696688750646111785564068755942356439281089331229392687777953801014450769490290061020 250060215593771891398625126096229309599607384596288579548775512071711089172446820313503153211511752708233878409428 
(test.engine) pairing2.go:300 31767517785301381912059066044118560445018638753061426989296160895763206549725226443003203640704579229004128766946 16341545270707960578363409797670391763005836715393957990592745229389479322524298498964031907326999556988008533293 
(test.engine) pairing2.go:300 176901414787357197151385744259346483031521467624150737234707185100708789503310986759122373753144788551790947268589 97877135160575184310856251837339036361795833812419030156841277187377303637019994046742008008756303225308970805064 
scalarmul step 2
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 183814392839645442995650223385915395659471760288273849901343604959012928735370891271406471342556347827891531939152 
(test.engine) pairing2.go:300 217653717162407488718821279292799567726829432831582545736766995482876015315193663266010977310994887930113787180296 77325280924544709073411669218730406327306782231612751100877115544898413476298665025899588756110801565816933570983 
(test.engine) pairing2.go:300 10700558984110735835301417048061301807444501506641141569448675788266293504597068807960536255090389288687548975178 113179290881212818966312531353861499235252849074217009847017274538393213478211947913757279137109716339481214584953 
scalarmul step 3
(test.engine) pairing2.go:300 248989999004271475643499125098761530692800663738244081822144438862122636294239894186373165971158480565138905924242 74850033173323651015002510308978137876921752466640810638540657707707539612969931503562416797017012296548789519025 
(test.engine) pairing2.go:300 1943924800302734330327604702384606641479038411657705771522362925256303307310738254504416633421883431411630449421 115921587659265584476750169674384128955782721532535480777386362078797666222814717255834848493942820276555334919062 
(test.engine) pairing2.go:300 179945338339851518044040336317424488913870308888308355138453578669455335370181077917866966743815839008013003081232 97541613384049711058679106058274433502746604232338133624348562724904077720790122598051540842459383739370848133051 
scalarmul step 4
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 147343719487591290254416043695259515680723154473357324307552810669926174515235380553758504019537648759826649242550 34237936367068495349673050060961090784992807821412679256221697120128356263114255199542415774621995288160546447149 
scalarmul step 5
(test.engine) pairing2.go:300 9825211791914993690312657590546014209147204593431368457054890377894235871542551312039708292976752739881721385125 82090757997907767999539621908872505188716691521681000211104047793191560017507213732585235385188551279493746353668 
(test.engine) pairing2.go:300 11780573288624104103079680879449632813307055855334373276605973748156161559288996513846913065752310303690223609667 184750510289659623187304275162622831058633787617446542658212588180517047362408495323060338062066349524285874906943 
(test.engine) pairing2.go:300 81129611742409389274128278515188436670526850677987040469255858426266353601314611311042963530891597681709896204607 212811153351860089616054011787223611025408109933120862330683786745518700493080831468921421929245846568726246179851 
scalarmul step 6
(test.engine) pairing2.go:300 202601209786867752830240772289312449630913655171378355746986707468426240964175074682757352954530625217430369685767 33997091150883083381111491271572824605494467403340971734052161653982505311539887135830525498045041225654865700865 
(test.engine) pairing2.go:300 86017958985955314359346187670225135785617662668815171068994729298978258913389993955119674861017850507327918058127 54997636954123333153736032198397495177629963544160754429921291317658241271583223740951684679524345598807110576849 
(test.engine) pairing2.go:300 82979180301159002123164902088584976997977052042289822791306550715733985702212400580485131316376124551217833986820 197139364198503146474924954134097830102301602532346441412487460322876309042733185566589749965675743654758954328980 
MSM output
(test.engine) pairing2.go:300 61428436339526920053125146526124310637696223934897386595378906826550418991289676218729363542126131826466141810965 163293203409896771594872536015298253756708476766928354621540858350872989347975512863303217059712726220062812660526 
    verifier_test.go:117: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:117
        	Error:      	Received unexpected error:
        	            	[assertIsEqual] 45642230551888635535892632415632154253271979889246112966183323678771839313414356715633471798260607272704816951426 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:560
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:205
        	            	kzg.(*Verifier[...]).BatchVerifyMultiPoints
        	            		verifier.go:481
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:552
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:90
        	Test:       	TestBLS12InBW6

github-actions · 2023-11-09T09:21:12Z

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 1.05s

E([239590018433899658927039574151039536957481631493201421927862200190777520220755175176254019114733956545926288288091,106964765183821332882538363787355890129858480614288592257809040137433414249548927752377798236229717647548457906080])
(test.engine) pairing2.go:129 1 
(test.engine) pairing2.go:300 221726091528959723636225903800261783588130931858628944548956933340883974093458689682436368616284958469252099813544 258637589621716111342025226009513971530738703783358246531060886970478746808836205007187338223248057761734692362863 
(test.engine) pairing2.go:300 110233397506727019578616885131607463062295378632411511448245905147138337645298684529001047283604567156357149329133 58983812637871963815582350032643199882404371500223932513549295798441080786185131632269106440265287733544910189603 
(test.engine) pairing2.go:300 153436877557365231864061578180678153883603222087099177038085256706723014283522277173241979961560276245768502928509 186212663695063459257110922493492545080650313866551056570442250414332140599026910212696703428246027757677699504412 
(test.engine) pairing2.go:129 2 
(test.engine) pairing2.go:300 20385779864330344651755217632337165600074128349935647660901503312535834886748658751461343213367046706502726394908 148971987470268447223349210276740002660762291514958607688532555207203375547450182886127135215616142869445569667625 
(test.engine) pairing2.go:300 254618730473472702094672844757089588187053195718441982156765129490018653769287871801960338430494734397229164566687 184262203611195456135867187395080691471430117069328444928225331555941564164418913631669978854475564177817347830049 
(test.engine) pairing2.go:300 58822644936217814185219203085597560156444477171962735087949067794963658195756410510724518868940832582944605618568 217362719324786118119063838237056813975984588059315750929218953700429647244540192280880788698826630403641442767623 
(test.engine) pairing2.go:129 3 
(test.engine) pairing2.go:300 20385779864330344651755217632337165600074128349935647660901503312535834886748658751461343213367046706502726394908 109692438542700646787303523418153530875631221239956052851351707459517092800890639888841752923957217254994751790552 
(test.engine) pairing2.go:300 98008166777066096399993949402670351035582606095594111817772238354188772139543740131927390021187835107505819354912 80549750637361823664716340525210670101231517880211940942367023402296259460276620981178364257085621065695960548342 
(test.engine) pairing2.go:300 156163226437666950471642515110645876964101034048574912488778783281756951822284821517744007134238670944773136540853 228131651417007131100159593608325865107333136046042398584028769722450138048791498052218128178832258589680597897917 
(test.engine) pairing2.go:129 4 
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 0 0 
(test.engine) pairing2.go:300 195644473939059817444447787864505532560890235276410196122199010116813850508424298496703885451541725627342369116225 257746148002600876770731318423740649921580325995777601526599948225781067219906369583971032849581564249655499693965 
(test.engine) pairing2.go:129 5 
(test.engine) pairing2.go:300 237846135123342408832535573761433722905186695279311108850674022444128093143830403467117662846326109102372710379108 79441464446749464649065841953657554910756516440585160644723484178864567166358655072341851017649071159297272791577 
(test.engine) pairing2.go:300 62445833047477337646308700383216904007065593288552263468639700653949551353706327873668623522223286225348109412033 97179109047783782317580436824922344318777778456039610342947499790016529935859788844563010203754699772598396098264 
(test.engine) pairing2.go:300 83064948347090649753574118132467057361493500707603096395158163641397850006643209158499019752571774483200731624294 217035699321582499254406112315172473548914671779857625820873777393664451577273907425615159156583223680186591808208 
(test.engine) pairing2.go:129 6 
(test.engine) pairing2.go:300 70591197046195004999491184996321207228951961947433722843433387465270016555588066562300335105256306540794100574527 163806718135413631722950341050401012563949857832603699664996143450871257284061531472527149673865944590132701992235 
(test.engine) pairing2.go:300 2921953991263866847232150137611123550245714688202139156844145045290938100356494589485599321939588967346839763013 218238951594075718832277498389854814368616165299271746525485329539639375585895617929738668374606489931566618578257 
(test.engine) pairing2.go:300 113894895562055113979662772030226829739507361240860577356729015115842460274547870049283322477631067829460803623351 217633115077091890219893741627932061096683071531322213162630177042685886745140655781843441015207417075018628487140 
(test.engine) pairing2.go:300 255185139513135322625114182058247280781004171004342088914668022900543952734654833251173418064405238148926309720082 11475600566797552315186074887772147775011382213725285677650091757100071440051355004196098665371477869675359707460 
    verifier_test.go:117: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:117
        	Error:      	Received unexpected error:
        	            	[assertIsEqual] 139097160712923751847620791370935717729881072878574095224516193171051207318139766276175867087671296596404763491920 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:560
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:205
        	            	kzg.(*Verifier[...]).BatchVerifyMultiPoints
        	            		verifier.go:481
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:550
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:90
        	Test:       	TestBLS12InBW6

github-actions · 2023-11-10T11:37:06Z

📦 github.com/consensys/gnark/std/recursion/plonk
❌ TestBLS12InBW6 1.17s

MSM input
E([163599858427788436395159355242648579604641615078328394010995263004690372192112802932188342783243791014292704139562,52203338491555651554164379381705803125756218108998164366346849018158513871749933341361405664709709768002604042005])
2433119615273081480775713420181811698266071207184473408449909377156834058007
E([105673775204816984867090067056470053464117316433406559539849129189599676602681104065342619398689859026244826275387,221942997193771496586630170714158798069233586112552209646467658211032577242219780683026154846195140343423819776256])
6474495409460539141679075816378949526145434590030721621530961278684902934514
E([212399744341400757003412984774211579000194537356427744441882569400932875127683241020785128698368010703732748540195,9145133614724904161212925428551687728279505636852126097140531606212108411952428650244782959698353506808031065923])
922867878099810689886110362982400975103107461932158832061077797068569079355
E([212399744341400757003412984774211579000194537356427744441882569400932875127683241020785128698368010703732748540195,249519292398244189849439808266341845808114007118062534442743731060508359936388394124724105179875006617632290392254])
1043708910934129578101853620016246567941904951169190147666511270012636414403
O
1
E([69217444783365525890428505076972381694101865256715363809558391563088590428002819016833874383792989040002413846066,229132141541527791692499292255407707792077778627832681757267330444328873051155931565947514912385578383081917940618])
5061388742347176565060870311216201079791399925183093609187306422162315439255
E([74675835054876910979126035804428612146716908709168166414578129330036006084152049071406362230551665977501448940030,135668107058273201268947921547613357484010128143334317718349200972140746782979141414535495213821993228106567681561])
5404133523538812159692038485658278596538829530131921629519531933979010077287
MSM output
E([174391693457535977047508817806978604357085373820499742414339231124663432233139507028224346348631802179525740435980,222335180700273016132165070971785044461748466767346408754762036826260026747474290486889654431750698386068479677309])
    verifier_test.go:117: 
        	Error Trace:	/home/runner/work/gnark/gnark/std/recursion/plonk/verifier_test.go:117
        	Error:      	Received unexpected error:
        	            	[assertIsEqual] 211392648691077746883273275692098596020863176770229494567124714544056307546655649123138168340546079826182969470042 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:560
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:206
        	            	kzg.(*Verifier[...]).BatchVerifyMultiPoints
        	            		verifier.go:481
        	            	plonk.(*Verifier[...]).AssertProof
        	            		verifier.go:554
        	            	plonk.(*OuterCircuit[...]).Define
        	            		verifier_test.go:90
        	Test:       	TestBLS12InBW6

ivokub · 2023-11-20T16:49:38Z

Ready from my side. @ThomasPiellard - if you can confirm that also good from your side then I think it is good for review. I assigned @yelhousni for review as we both have worked on it :)

yelhousni

LGTM but I need a second round of review

std/algebra/emulated/sw_emulated/point.go

std/algebra/native/sw_bls12377/pairing2.go

std/algebra/native/sw_bls24315/pairing2.go

ivokub · 2023-11-23T11:00:01Z

Added MSM tests for emulated and 2-chain curves. This revealed another bug :)

I think the PR is done from my side. We could merge from my side after approving review. I think we can address additional optimisations in different PRs, to keep number of different open PRs small and avoid needing to rebase/merge.

Some other discussed optimisations:

unsafe additions for scalar mul
bounded scalar mul for KZG folding (not to use all bits)
endomorphisms for in circuit scalar mul
using precomputed lines (Perf: Groth16 verifier circuit with pre-computed lines #925/perf: use G2 precomputed lines for Miller loop #930). This should be almost drop-in fix without needing to modify this PR much.
for proof aggregation extending native PLONK prover to have uniform verifying key (only needing to switch between selector polynomial commitments, keeping SRS and Size fixed)
include perf: non-native modular multiplication #749
VDF for exponentiation

Ping @yelhousni for review.

yelhousni · 2023-11-28T15:10:45Z

Added MSM tests for emulated and 2-chain curves. This revealed another bug :)

I think the PR is done from my side. We could merge from my side after approving review. I think we can address additional optimisations in different PRs, to keep number of different open PRs small and avoid needing to rebase/merge.

Some other discussed optimisations:

unsafe additions for scalar mul

bounded scalar mul for KZG folding (not to use all bits)

endomorphisms for in circuit scalar mul

using precomputed lines (Perf: Groth16 verifier circuit with pre-computed lines #925/perf: use G2 precomputed lines for Miller loop #930). This should be almost drop-in fix without needing to modify this PR much.

for proof aggregation extending native PLONK prover to have uniform verifying key (only needing to switch between selector polynomial commitments, keeping SRS and Size fixed)

include perf: non-native modular multiplication #749

VDF for exponentiation

Ping @yelhousni for review.

Alright on my end. Let's merge this and address optimizations in other PRs. I gave the Wesolowski VDF approach a try to compute efficiently z^(2^T) mod n but it's not sound since n is a known prime (the root finding problem is easy). Also 2^T is small in our use-case compared to n so reducing the exponent modulo n-1 (the Euler totient) is not helpful neither. I would add to the list of optimizations:

MSM in-circuit
For 2-chains, use twisted Edwards complete formulae for windowed scalar multiplication might be worth it.

ivokub · 2023-11-28T15:21:26Z

Thanks for the review and co-authoring the PR! I gathered the ideas for improvements in #935.

commit 6c05ea4 Author: Ivo Kubjas <ivo.kubjas@consensys.net> Date: Tue Nov 28 16:24:47 2023 +0100 perf: use G2 precomputed lines for Miller loop (#930) * feat: add lazy line eval for Miller loop * chore: go mod * fix: DoublePairFixed order * refactor: remove fixed Q specialized methods * chore: serialize lines for KZG key * chore: go generate * docs: add init docs * feat: add fixed KZG verification key init * test: add constant and fixed VK test cases * test: use fixed init * feat: add fixed Groth16 verification * fix: unused import * refactor: merge last manual iteration commit a99d198 Author: Ivo Kubjas <ivo.kubjas@consensys.net> Date: Tue Nov 28 16:20:44 2023 +0100 feat: add PLONK in-circuit verifier (#880) * test: add recursion hash tests * fix: accumulate MSM result * refactor: take emulated element for additional data * fix: handled infinity point in native multi scalar exp * fix: use only nbBits when creating scalar * feat: add PLONK verifier * feat: PlaceholderVerifyingKey takes the vk as argument * feat: f -> scalarApi * feat: addition of computeIthLagrangeAtZeta * feat: bsb commitments are added to pi * refactor: PlaceholderProof takes the proof as argument * fix: compute ith lagrange ok, hashToField failing * fix: native short hash output size * feat: add bw6 * docs: add package documentation * refactor: describe error in panic * refactor: init curve and pairing implicitly * refactor: remove comments * docs: add package examples * feat: add all supported witness assignments * test: add MSM test * fix: remove todo panic * feat: add option shortcuts * fix: include hash to field in shortcut option * feat: use only CCS for placeholder proof and verifyingkey * chore: typos and cleanup * docs: add KZG package documentation --------- Co-authored-by: Thomas Piellard <thomas.piellard@consensys.net> commit 62b52ea Merge: ec07217 97156f3 Author: Youssef El Housni <youssef.elhousni@consensys.net> Date: Fri Nov 24 10:44:33 2023 -0500 Merge pull request #933 from Consensys/perf/karabina-cycloSq Perf: variant of the Karabina cyclotomic squaring commit 97156f3 Author: Youssef El Housni <youssef.housni21@gmail.com> Date: Fri Nov 24 10:27:00 2023 -0500 refactor: apply PR review suggestions commit f52c4cb Author: Youssef El Housni <youssef.housni21@gmail.com> Date: Thu Nov 23 01:50:41 2023 -0500 perf(bls12-377): implement a variant of Karabina cyclo square commit d7e8d78 Author: Youssef El Housni <youssef.housni21@gmail.com> Date: Wed Nov 22 23:28:26 2023 -0500 perf(bw6): implement a variant of Karabina cyclo square commit ec07217 Merge: 3aa2559 5479586 Author: Youssef El Housni <youssef.elhousni@consensys.net> Date: Wed Nov 22 18:16:46 2023 -0500 Merge pull request #931 from Consensys/perf/bw6-finalExp Perf: optimize addition chains in BW6-761 final exponentiation commit 5479586 Author: Youssef El Housni <youssef.housni21@gmail.com> Date: Wed Nov 22 13:07:50 2023 -0500 perf(bw6/finalExp): replace Add(x,x) by MulConst(x,2) commit 65cd6ee Author: Youssef El Housni <youssef.housni21@gmail.com> Date: Tue Nov 21 21:39:55 2023 -0500 fix(linter): ineffectual assignment commit d948c7c Author: Youssef El Housni <youssef.housni21@gmail.com> Date: Tue Nov 21 21:27:02 2023 -0500 perf(bw6/finalExp): optimize addition chains commit 3aa2559 Author: Gautam Botrel <gautam.botrel@gmail.com> Date: Mon Nov 20 14:03:52 2023 -0600 feat: if we don't compress we don't need the dict (#929)

ivokub self-assigned this Oct 20, 2023

ivokub added new feature P1: High Issue priority: high labels Oct 20, 2023

ivokub added the zk-evm label Oct 20, 2023

ivokub force-pushed the feat/plonk-verifier branch from 6ecc547 to 42a4d5c Compare October 23, 2023 10:08

ivokub mentioned this pull request Oct 23, 2023

feat: add short-hash wrappers for recursion #884

Merged

10 tasks

ivokub force-pushed the feat/plonk-verifier branch from 42a4d5c to 54c2c35 Compare October 23, 2023 23:05

ivokub force-pushed the feat/plonk-verifier branch from f58117b to 7dba1bd Compare October 25, 2023 23:23

ivokub force-pushed the feat/plonk-verifier branch from 08e1a34 to 93ef51f Compare November 3, 2023 12:57

ivokub force-pushed the feat/plonk-verifier branch from 1592414 to 1667207 Compare November 8, 2023 11:17

ivokub force-pushed the feat/plonk-verifier branch from 1667207 to 0ac8f1c Compare November 8, 2023 15:31

ivokub force-pushed the feat/plonk-verifier branch from 0ac8f1c to 4e6454d Compare November 9, 2023 09:08

ivokub added 3 commits November 20, 2023 13:25

test: add recursion hash tests

53fee2d

fix: accumulate MSM result

e29589c

refactor: take emulated element for additional data

395a6d7

ivokub force-pushed the feat/plonk-verifier branch from 6bebdca to 5f8a060 Compare November 20, 2023 13:03

ivokub added 6 commits November 20, 2023 15:23

docs: add package documentation

b7cc8fb

refactor: describe error in panic

75bf361

refactor: init curve and pairing implicitly

01f28ce

refactor: remove comments

e608d57

docs: add package examples

16d88db

feat: add all supported witness assignments

5860e3a

ivokub marked this pull request as ready for review November 20, 2023 16:48

ivokub requested a review from yelhousni November 20, 2023 16:48

ivokub changed the title ~~feat: add PLONK in-circuit verifier (WIP)~~ feat: add PLONK in-circuit verifier Nov 20, 2023

yelhousni reviewed Nov 20, 2023

View reviewed changes

std/algebra/emulated/sw_emulated/point.go Show resolved Hide resolved

std/algebra/native/sw_bls12377/pairing2.go Show resolved Hide resolved

std/algebra/native/sw_bls24315/pairing2.go Show resolved Hide resolved

ivokub added 3 commits November 23, 2023 11:17

test: add MSM test

74145f9

fix: remove todo panic

f4fc463

feat: add option shortcuts

51846bf

ivokub requested review from yelhousni and ThomasPiellard November 23, 2023 11:00

ivokub added 4 commits November 28, 2023 11:13

fix: include hash to field in shortcut option

9e3d250

feat: use only CCS for placeholder proof and verifyingkey

a3ec483

chore: typos and cleanup

3608b29

docs: add KZG package documentation

f31664b

ivokub mentioned this pull request Nov 28, 2023

perf: bounded scalar multiplication #934

Merged

11 tasks

yelhousni approved these changes Nov 28, 2023

View reviewed changes

ivokub mentioned this pull request Nov 28, 2023

perf: improve PLONK in-circuit verification #935

Open

ivokub merged commit a99d198 into master Nov 28, 2023
7 checks passed

ivokub deleted the feat/plonk-verifier branch November 28, 2023 15:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add PLONK in-circuit verifier #880

feat: add PLONK in-circuit verifier #880

ivokub commented Oct 20, 2023 •

edited

Loading

github-actions bot commented Oct 20, 2023

github-actions bot commented Oct 20, 2023

github-actions bot commented Oct 23, 2023

github-actions bot commented Oct 23, 2023

github-actions bot commented Oct 25, 2023

github-actions bot commented Oct 25, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 8, 2023

github-actions bot commented Nov 8, 2023

github-actions bot commented Nov 9, 2023

github-actions bot commented Nov 9, 2023

github-actions bot commented Nov 9, 2023

github-actions bot commented Nov 10, 2023

ivokub commented Nov 20, 2023

yelhousni left a comment

ivokub commented Nov 23, 2023

yelhousni commented Nov 28, 2023 •

edited

Loading

ivokub commented Nov 28, 2023

feat: add PLONK in-circuit verifier #880

feat: add PLONK in-circuit verifier #880

Conversation

ivokub commented Oct 20, 2023 • edited Loading

Description

Type of change

How has this been tested?

How has this been benchmarked?

Checklist:

github-actions bot commented Oct 20, 2023

github-actions bot commented Oct 20, 2023

github-actions bot commented Oct 23, 2023

github-actions bot commented Oct 23, 2023

github-actions bot commented Oct 25, 2023

github-actions bot commented Oct 25, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 8, 2023

github-actions bot commented Nov 8, 2023

github-actions bot commented Nov 9, 2023

github-actions bot commented Nov 9, 2023

github-actions bot commented Nov 9, 2023

github-actions bot commented Nov 10, 2023

ivokub commented Nov 20, 2023

yelhousni left a comment

Choose a reason for hiding this comment

ivokub commented Nov 23, 2023

yelhousni commented Nov 28, 2023 • edited Loading

ivokub commented Nov 28, 2023

ivokub commented Oct 20, 2023 •

edited

Loading

yelhousni commented Nov 28, 2023 •

edited

Loading