fix halo2 verifier guest code

openvm-org · Dec 26, 2024 · 39ecc67 · 39ecc67
1 parent fda3859
commit 39ecc67
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 12 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -137,6 +137,7 @@ openvm-rv32-adapters = { path = "extensions/rv32-adapters", default-features = f
 openvm-rv32im-circuit = { path = "extensions/rv32im/circuit", default-features = false }
 openvm-rv32im-transpiler = { path = "extensions/rv32im/transpiler", default-features = false }
 openvm-rv32im-guest = { path = "extensions/rv32im/guest", default-features = false }
+openvm-snark-verifier = { path = "extensions/verifier", default-features = false }
 
 # Plonky3
 p3-air = { git = "https://github.com/Plonky3/Plonky3.git", rev = "9b267c4" }

diff --git a/extensions/verifier/Cargo.toml b/extensions/verifier/Cargo.toml
@@ -14,7 +14,7 @@ openvm-keccak256-guest = { workspace = true, default-features = false }
 openvm-ecc-guest = { workspace = true, features = ["halo2curves"] }
 snark-verifier = { git = "https://github.com/axiom-crypto/snark-verifier.git", tag = "v0.1.7-git", default-features = false, features = ["halo2-axiom"] }
 ff = { workspace = true }
-halo2curves-axiom = { workspace = true }
+halo2curves-axiom = { version = "0.5.3" } 
 itertools.workspace = true
 rand_core = "0.6.4"
 num-bigint = { workspace = true, features = ["std"] }

diff --git a/extensions/verifier/src/verifier/loader.rs b/extensions/verifier/src/verifier/loader.rs
@@ -3,6 +3,7 @@
 use std::{fmt::Debug, marker::PhantomData};
 
 use halo2curves_axiom::bn256::{Bn256, Fq as Halo2Fp, Fr as Halo2Fr, G1Affine, G2Affine};
+use itertools::Itertools;
 use lazy_static::lazy_static;
 use openvm_ecc_guest::{
     algebra::{field::FieldExtension, IntMod},
@@ -16,9 +17,10 @@ use openvm_pairing_guest::{
 use snark_verifier::{
     loader::{EcPointLoader, Loader, ScalarLoader},
     pcs::{
-        kzg::{KzgAccumulator, KzgAs, KzgDecidingKey},
-        AccumulationDecider,
+        kzg::{KzgAccumulator, KzgAs, KzgDecidingKey, LimbsEncoding},
+        AccumulationDecider, AccumulatorEncoding,
     },
+    util::arithmetic::fe_from_limbs,
     Error,
 };
 
@@ -31,13 +33,62 @@ lazy_static! {
 #[derive(Clone, Debug)]
 pub struct OpenVmLoader;
 
+impl<const LIMBS: usize, const BITS: usize> AccumulatorEncoding<G1Affine, OpenVmLoader>
+    for LimbsEncoding<LIMBS, BITS>
+{
+    type Accumulator = KzgAccumulator<G1Affine, OpenVmLoader>;
+
+    fn from_repr(limbs: &[&OpenVmScalar<Halo2Fr, Fr>]) -> Result<Self::Accumulator, Error> {
+        assert_eq!(limbs.len(), 4 * LIMBS);
+
+        let loader = &*LOADER;
+
+        let [lhs_x, lhs_y, rhs_x, rhs_y]: [_; 4] = limbs
+            .chunks(LIMBS)
+            .map(|limbs| {
+                let v: [Halo2Fr; LIMBS] = limbs
+                    .iter()
+                    .map(|limb| {
+                        let mut buf = limb.0.to_be_bytes();
+                        buf.reverse();
+                        Halo2Fr::from_bytes(&buf).expect("Halo2Fr::from_bytes")
+                    })
+                    .collect_vec()
+                    .try_into()
+                    .unwrap();
+                fe_from_limbs::<_, Halo2Fp, LIMBS, BITS>(v)
+            })
+            .collect_vec()
+            .try_into()
+            .unwrap();
+
+        let accumulator = KzgAccumulator::new(
+            OpenVmEcPoint(
+                EcPoint {
+                    x: Fp::from_le_bytes(&lhs_x.to_bytes()),
+                    y: Fp::from_le_bytes(&lhs_y.to_bytes()),
+                },
+                PhantomData,
+            ),
+            OpenVmEcPoint(
+                EcPoint {
+                    x: Fp::from_le_bytes(&rhs_x.to_bytes()),
+                    y: Fp::from_le_bytes(&rhs_y.to_bytes()),
+                },
+                PhantomData,
+            ),
+        );
+        Ok(accumulator)
+    }
+}
+
 impl EcPointLoader<G1Affine> for OpenVmLoader {
     type LoadedEcPoint = OpenVmEcPoint<G1Affine, EcPoint>;
 
     fn ec_point_load_const(&self, value: &G1Affine) -> Self::LoadedEcPoint {
         let point = EcPoint {
-            x: Fp::from_be_bytes(&value.x().to_bytes()),
-            y: Fp::from_be_bytes(&value.y().to_bytes()),
+            x: Fp::from_le_bytes(&value.x.to_bytes()),
+            y: Fp::from_le_bytes(&value.y.to_bytes()),
         };
         // new(value.x(), value.y());
         OpenVmEcPoint(point, PhantomData)
@@ -74,7 +125,7 @@ impl ScalarLoader<Halo2Fr> for OpenVmLoader {
     type LoadedScalar = OpenVmScalar<Halo2Fr, Fr>;
 
     fn load_const(&self, value: &Halo2Fr) -> Self::LoadedScalar {
-        let value = Fr::from_be_bytes(&value.to_bytes());
+        let value = Fr::from_le_bytes(&value.to_bytes());
         OpenVmScalar(value, PhantomData)
     }
 
@@ -89,7 +140,7 @@ impl ScalarLoader<Halo2Fp> for OpenVmLoader {
     type LoadedScalar = OpenVmScalar<Halo2Fp, Fp>;
 
     fn load_const(&self, value: &Halo2Fp) -> Self::LoadedScalar {
-        let value = Fp::from_be_bytes(&value.to_bytes());
+        let value = Fp::from_le_bytes(&value.to_bytes());
         OpenVmScalar(value, PhantomData)
     }
 
@@ -122,8 +173,8 @@ where
         let mut P = Vec::with_capacity(2);
         let mut Q = Vec::with_capacity(2);
         for t in terms {
-            let x = t.1.x().to_bytes();
-            let y = t.1.y().to_bytes();
+            let x = t.1.x.to_bytes();
+            let y = t.1.y.to_bytes();
             let point = AffinePoint { x: t.0.x, y: t.0.y };
             P.push(point);
             let point = AffinePoint {

diff --git a/extensions/verifier/src/verifier/transcript.rs b/extensions/verifier/src/verifier/transcript.rs
@@ -15,6 +15,7 @@ use openvm_pairing_guest::{
     bn254::{Bn254G1Affine as EcPoint, Fp, Scalar as Fr},
 };
 use snark_verifier::{
+    loader::evm::{u256_to_fe, U256},
     util::transcript::{Transcript, TranscriptRead},
     Error,
 };
@@ -31,6 +32,17 @@ pub struct OpenVmTranscript<C: CurveAffine, S, B> {
     _marker: PhantomData<C>,
 }
 
+impl<S> OpenVmTranscript<G1Affine, S, Vec<u8>> {
+    /// Initialize [`OpenVmTranscript`] given readable or writeable stream for
+    /// verifying or proving with [`OpenVmLoader`].
+    pub fn new(stream: S) -> Self {
+        Self {
+            stream,
+            buf: Vec::new(),
+            _marker: PhantomData,
+        }
+    }
+}
 impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec<u8>> {
     fn loader(&self) -> &OpenVmLoader {
         &LOADER
@@ -52,7 +64,10 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
             .collect_vec();
         let hash = keccak256(&data);
         self.buf = hash.to_vec();
-        OpenVmScalar(Fr::from_be_bytes(&hash), PhantomData)
+        let fr: Halo2Fr = u256_to_fe(U256::from_be_bytes(hash));
+        use halo2curves_axiom::ff::PrimeField;
+        let bytes: [u8; 32] = fr.to_repr();
+        OpenVmScalar(Fr::from_le_bytes(&bytes), PhantomData)
     }
 
     fn common_ec_point(
@@ -64,7 +79,11 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
         x.copy_from_slice(ec_point.0.x.as_le_bytes());
         y.copy_from_slice(ec_point.0.y.as_le_bytes());
         let coordinates = Option::<Coordinates<G1Affine>>::from(
-            G1Affine::new(Fq::from_bytes(&x).unwrap(), Fq::from_bytes(&y).unwrap()).coordinates(),
+            G1Affine {
+                x: Fq::from_bytes(&x).unwrap(),
+                y: Fq::from_bytes(&y).unwrap(),
+            }
+            .coordinates(),
         )
         .ok_or_else(|| {
             Error::Transcript(
@@ -108,7 +127,6 @@ where
             self.stream
                 .read_exact(repr.as_mut())
                 .map_err(|err| Error::Transcript(err.kind(), err.to_string()))?;
-            repr.as_mut().reverse();
         }
         let x = Fp::from_be_bytes(&x);
         let y = Fp::from_be_bytes(&y);