gnark-whir: Dump CCS to file, read PK/VK from file, update Gnark to v0.13

[wzmuda]

Overview

This PR is a part of the effort of creating a trusted setup ceremony tool. The tool will be universal (i.e. will work with all Gnark-based projects), but its first purpose will be providing a way to generate Proving and Verifying Keys in a trusted setup ceremony based on a multi-party computation.

This PR adds some required features to the gnark-whir project.

I suggest to review commit-by-commit, it should be easier than looking at diff for a handful of unrelated changes at once.

Changes

Command line interface

To allow adding more features to the project, implement a simple command line interface using the well known urfave/cli library.

The usage of the CLI is not mandatory - if there are any existing scripts relying on running the project with go run . or go build && ./whir-verifier-circuit, they will work as usual. This change does not break any existing compatibility.

Run go run . -h to see the help for the new interface:

✗ go run . -h
NAME:
   Verifier - Verifies proof with given parameters

USAGE:
   Verifier [global options] command [command options]

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --config value  Path to the config file (default: "../noir-examples/poseidon-rounds/params_for_recursive_verifier")
   --r1cs value    Path to the r1cs json file (default: "../noir-examples/poseidon-rounds/r1cs.json")
   --ccs value     Optional path to store the constraint system object
   --pk value      Optional path to load Proving Key from (if not provided, PK and VK will be generated unsafely)
   --vk value      Optional path to load Verifying Key from (if not provided, PK and VK will be generated unsafely)
   --help, -h      show help

Flags config and r1cs control which files are used by the already-exisitng features of the verifier program. Default values for the flags are the same paths that were already used in the program prior to this change. Therefore simple go run . before and after this PR will yield the same result.

Flags ccs, pk, and vk are new features described below.

CCS serialization

Use the ccs flag to provide a path to store the constraint system object generated in the Compile() step. The constraint system object is required for generating keys in the trusted setup ceremony.

Using the flag is not mandatory. If not used, the CCS object will not be serialized.

Example usage:

✗ go run . --ccs example-ccs.bin                                                     
21:32:55 INF compiling circuit
21:32:56 INF parsed circuit inputs nbPublic=4872 nbSecret=94731
21:33:19 INF building constraint builder nbConstraints=9186361
2025/07/07 21:33:22 ccs written to example-ccs.bin
2025/07/07 21:33:22 PK/VK not provided, generating new keys unsafely. Consider providing keys from an MPC ceremony.
21:41:06 DBG constraint system solver done nbConstraints=9186361 took=4100.989333
21:41:42 DBG prover done acceleration=none backend=groth16 curve=bn254 nbConstraints=9186361 took=35606.785166
21:41:42 DBG verifier done backend=groth16 curve=bn254 took=2.721625

Afterwards, the constraint system object is stored in example-ccs.bin and can be passed to the trusted ceremony tool.

PK/VK deserialization

Afer the keys are generated in the trusted setup ceremony, they can be fed back to the verifier with pk and vk flags and be used for generating proofs and verifying them.

Using the flag is not mandatory. if not used, PK and VK will be generated with Gnark's Setup() method, just like they were generated before this PR. In such case, the following warning will be printed:

2025/07/07 21:33:22 PK/VK not provided, generating new keys unsafely. Consider providing keys from an MPC ceremony.

Example usage:

✗ go run . --pk pk.bin --vk vk.bin
2025/07/07 21:38:20 Loading PK/VK from pk.bin, vk.bin
21:41:43 INF compiling circuit
21:41:44 INF parsed circuit inputs nbPublic=4872 nbSecret=94731
21:42:08 INF building constraint builder nbConstraints=9186361
21:42:13 DBG constraint system solver done nbConstraints=9186361 took=2559.199334
21:42:36 DBG prover done acceleration=none backend=groth16 curve=bn254 nbConstraints=9186361 took=23383.444583
21:42:36 DBG verifier done backend=groth16 curve=bn254 took=2.482875

Gnark update

Update Gnark from v0.11 to v0.13. This change is motivated by the fact that, Gnark v0.11 has a bug in the MPC API used in the trusted setup ceremony tool. The bug is fixed in v0.13, which forces the tool to be based at least on this Gnark version, which, in turn, requires projects using this tool to be based on the same Gnark version, as Gnark does not guarantee binary compatibility for its serialized objects between subsequent releases of the library.

Verification

Correctness of these changes have been verified by using the deserialized CCS to perform the trusted setup ceremony. Keys generated in the ceremony were lated passed back to the verified and the proof was generated and proven successfully.

At the same time, when the CLI flags are not used, the program behaves in the same way as before this PR.

[wzmuda]

The RPi5 benchmark CI step is failing, but it doesn't seem to be my fault - the same step fails on main already.

[veljkovranic]

Can you change the Readme to explain how to use it?

actually, maybe just contents of this PR description should stay to live somewhere inside of the codebase, perhaps a new README in gnark-whir

[batmendbar]

Looks good to me!