Merge pull request #250 from o1-labs/feature/recursion-2

Recursion, Pt 2

MINA_COMMIT

@@ -1,2 +1,2 @@
 The mina commit used to generate the backends for node and chrome is
-67a5fc9d0e02e722b09add09740659ba76e7d714
+7897c4f2b952bb16c8724440b75bc8fe76ad04c4

src/examples/program.ts

@@ -0,0 +1,38 @@
+import { SelfProof, Field, ZkProgram } from 'snarkyjs';
+
+let MyProgram = ZkProgram({
+  publicInput: Field,
+
+  methods: {
+    baseCase: {
+      privateInputs: [],
+
+      method(publicInput: Field) {
+        publicInput.assertEquals(Field.zero);
+      },
+    },
+
+    inductiveCase: {
+      privateInputs: [SelfProof],
+
+      method(publicInput: Field, earlierProof: SelfProof<Field>) {
+        earlierProof.verify();
+        earlierProof.publicInput.add(1).assertEquals(publicInput);
+      },
+    },
+  },
+});
+
+console.log('compiling MyProgram...');
+await MyProgram.compile();
+
+console.log('proving base case...');
+let proof = await MyProgram.baseCase(Field.zero);
+
+console.log('proving step 1...');
+proof = await MyProgram.inductiveCase(Field.one, proof);
+
+console.log('proving step 2...');
+proof = await MyProgram.inductiveCase(Field(2), proof);
+
+console.log('ok?', proof.publicInput.toString() === '2');

src/examples/simple_zkapp_with_proof.ts

@@ -11,14 +11,11 @@ import {
   ZkappPublicInput,
   Proof,
   Ledger,
+  SelfProof,
 } from 'snarkyjs';
 
 await isReady;
 
-class SimpleZkappProof extends Proof<ZkappPublicInput> {
-  static publicInputType = ZkappPublicInput;
-  static tag = () => NotSoSimpleZkapp;
-}
 class TrivialProof extends Proof<ZkappPublicInput> {
   static publicInputType = ZkappPublicInput;
   static tag = () => TrivialZkapp;
@@ -34,7 +31,7 @@ class NotSoSimpleZkapp extends SmartContract {
 
   @method update(
     y: Field,
-    oldProof: SimpleZkappProof,
+    oldProof: SelfProof<ZkappPublicInput>,
     trivialProof: TrivialProof
   ) {
     oldProof.verify();

src/index.ts

@@ -20,7 +20,7 @@ export * from './lib/int';
 export * as Mina from './lib/mina';
 export * from './lib/zkapp';
 export { state, State, declareState } from './lib/state';
-export * from './lib/proof_system';
+export { Proof, SelfProof, ZkProgram } from './lib/proof_system';
 export * from './lib/party';
 export {
   fetchAccount,

src/lib/global-context.ts

@@ -15,7 +15,7 @@ export {
 let mainContext = undefined as
   | {
       witnesses?: unknown[];
-      self: Party;
+      self?: Party;
       expectedAccesses: number | undefined;
       actualAccesses: number;
       inProver?: boolean;
@@ -24,7 +24,7 @@ let mainContext = undefined as
   | undefined;
 type PartialContext = {
   witnesses?: unknown[];
-  self: Party;
+  self?: Party;
   expectedAccesses?: number;
   actualAccesses?: number;
   inProver?: boolean;

src/lib/party.ts

@@ -879,6 +879,14 @@ type PartiesProved = {
   memo: string;
 };
 
+/**
+ * The public input for zkApps consists of certain hashes of the transaction and of the proving Party which is constructed during method execution.
+
+  In SmartContract.prove, a method is run twice: First outside the proof, to obtain the public input, and once in the prover,
+  which takes the public input as input. The current transaction is hashed again inside the prover, which asserts that the result equals the input public input,
+  as part of the snark circuit. The block producer will also hash the transaction they receive and pass it as a public input to the verifier.
+  Thus, the transaction is fully constrained by the proof - the proof couldn't be used to attest to a different transaction.
+ */
 type ZkappPublicInput = [transaction: Field, atParty: Field];
 let ZkappPublicInput = circuitValue<ZkappPublicInput>([Field, Field]);