release: v0.7.0 (#81)

* Update CHANGELOG.md * Update package.json * feat: optimized `HTTPVerification` (#82) * wip: better HTTP - Trying to reduce file size and constraints substantially - Also need to make this so it doesn't matter if there is padding around headers / etc. * WIP: improving HTTP digesting * WIP: http rewrite * WIP: almost working no-header test * WIP: working start/body * working tests! * cleanup * Update masker.circom * Update CHANGELOG.md * feat: hash-based JSON circuit (#41) * feat: hash based JSON verification * WIP: save * resetting for clearer approach * good save state * feat: working hash version Though this will be too expensive, the idea works! * WIP: need to clear after comma * WIP: good progress * WIP: getting keys also now * feat: (mostly?) working tree hasher * seems to be correct for spotify * perf: first optimization * wip: brain hurty left a note to myself * fix: tree hasher seems correct now * TODO: note to self * feat: hash based JSON verification * WIP: save * resetting for clearer approach * good save state * feat: working hash version Though this will be too expensive, the idea works! * WIP: need to clear after comma * WIP: good progress * WIP: getting keys also now * feat: (mostly?) working tree hasher * seems to be correct for spotify * perf: first optimization * wip: brain hurty left a note to myself * fix: tree hasher seems correct now * TODO: note to self * cleanup from rebase * cleanup * WIP: seems to monomial correctly * rename * add in value to eval at * WIP: start looking for matches * made some fixes * it may be working! * now i can write tests! * more tests * more JSON hasher tests * cleanup * remove excess stuff * adjust builds * fix: build * feat: manifest digest verification (#83) * feat: `PolynomialDigest` * WIP: working to get through NIVC * feat: HTTP circuit digesting * feat: ChaCha circuit digesting * feat: JSON circuit digesting * fix: `JSONExtraction` * IT WORKS * feat: TS init digest * feat: separate sequence/value * cleanup * fix: builds * fix: warnings * Update CHANGELOG.md * fix: PR feedback * Fix/http verification (#85) * fix: `zeroed_data` for `data_digest` in `http_verification` * add test for 1024 * cleanup readme --------- Co-authored-by: Sambhav Dusad <lonerapier@proton.me>
pluto · Dec 18, 2024 · 7457da0 · 7457da0
1 parent 26fc847
commit 7457da0
Show file tree

Hide file tree

Showing 63 changed files with 1,669 additions and 2,359 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,8 +5,37 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.7.0] - 2024-12-3
+
+### Added
+### Changed
+#### Circuit Builds
+#### Artifacts
+- **Circuit sizes:**
+    - `plaintext_authentication_1024b`: 
+        - non-linear constaints: `383,102`
+        - R1CS file: `123.4MB`
+        - Graph file: `19.9MB`
+    - `http_verification_1024b`: 
+        - non-linear constaints: `121,376`
+        - R1CS file: `80.7MB`
+        - Graph file: `4.4MB`
+        - **WARNING:** Extremely slow build with `--O2` flag. Need to investigate.
+    - `json_extraction_1024b`: 
+        - non-linear constaints: `452,683`
+        - R1CS file: `90.3MB`
+        - Graph file: `13.2MB`
+    - **Total size:** `243.7MB`
+- **Circuit param file sizes (SNARK):**
+    - `aux_params`: `62.2MB`
+    - `prover_key`: `50.3MB`
+    - `verifier_key`: `415.3MB`         
+
+### Notes
+
+--- 
 
-## [UNRELEASED] [0.6.0] - 2024-12-3
+## [0.6.0] - 2024-12-3
 
 ### Added
 
@@ -21,9 +50,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
         - Runs with `512b` per fold
     - `http_nivc` replaced with more suitable name: `http_verification`
 
-### Fixed
-- TODO
-
 ### Notes
 - **Total circuits:** 5
 - **Circuit sizes:**

diff --git a/README.md b/README.md
@@ -13,7 +13,10 @@
 
 ## Overview
 
-`web-prover-circuits` is a project focused on implementing parsers and extractors/selective-disclosure for various data formats inside zero-knowledge circuits.
+`web-prover-circuits` is a project focused on implementing parsers and extractors/selective-disclosure for various data formats inside zero-knowledge circuits. 
+Specifically, these are designed to be used in an NIVC folding scheme. 
+Currently, our program layout looks like this:
+![v0.7.0](docs/images/v0.7.0.png)
 
 ## Repository Structure
 
@@ -94,12 +97,7 @@ npx circomkit compile plaintext_authentication_1024b
 ```
 which implicitly checks the `circuits.json` for an object that points to the circuit's code itself.
 
-If you are having trouble with `circomkit`, consider:
-
-##### SNARKJS
-Likewise, `snarkjs` is used to handle proofs and verification under the hood.
-There is [documentation](https://docs.circom.io/getting-started/compiling-circuits/) on Circom's usage to work with this.
-We suggest starting at that link and carrying through to "Proving circuits with ZK".
+If you are having trouble with `circomkit`, consider
 
 ##### Mocha
 `mocha` will also be installed from before.

diff --git a/builds/target_1024b/json_extract_value_1024b.circom b/builds/target_1024b/json_extract_value_1024b.circom
diff --git a/builds/target_1024b/json_extraction_1024b.circom b/builds/target_1024b/json_extraction_1024b.circom
@@ -0,0 +1,5 @@
+pragma circom 2.1.9;
+
+include "../../circuits/json/extraction.circom";
+
+component main { public [step_in] } = JSONExtraction(1024, 10);
diff --git a/builds/target_1024b/json_mask_array_index_1024b.circom b/builds/target_1024b/json_mask_array_index_1024b.circom
diff --git a/builds/target_1024b/json_mask_object_1024b.circom b/builds/target_1024b/json_mask_object_1024b.circom
diff --git a/builds/target_1024b/plaintext_authentication_1024b.circom b/builds/target_1024b/plaintext_authentication_1024b.circom
@@ -1,5 +1,5 @@
 pragma circom 2.1.9;
 
-include "../../circuits/chacha20/nivc/chacha20_nivc.circom";
+include "../../circuits/chacha20/authentication.circom";
 
-component main { public [step_in] } = ChaCha20_NIVC(1024);
+component main { public [step_in] } = PlaintextAuthentication(1024);
diff --git a/builds/target_512b/json_extract_value_512b.circom b/builds/target_512b/json_extract_value_512b.circom
diff --git a/builds/target_512b/json_extraction_512b.circom b/builds/target_512b/json_extraction_512b.circom
@@ -0,0 +1,5 @@
+pragma circom 2.1.9;
+
+include "../../circuits/json/extraction.circom";
+
+component main { public [step_in] } = JSONExtraction(512, 10);
diff --git a/builds/target_512b/json_mask_array_index_512b.circom b/builds/target_512b/json_mask_array_index_512b.circom
diff --git a/builds/target_512b/json_mask_object_512b.circom b/builds/target_512b/json_mask_object_512b.circom
diff --git a/builds/target_512b/plaintext_authentication_512b.circom b/builds/target_512b/plaintext_authentication_512b.circom
@@ -1,5 +1,5 @@
 pragma circom 2.1.9;
 
-include "../../circuits/chacha20/nivc/chacha20_nivc.circom";
+include "../../circuits/chacha20/authentication.circom";
 
-component main { public [step_in] } = ChaCha20_NIVC(512);
+component main { public [step_in] } = PlaintextAuthentication(512);
diff --git a/circuits.json b/circuits.json
@@ -14,29 +14,12 @@
       25
     ]
   },
-  "json_mask_object_1024b": {
-    "file": "json/nivc/masker",
-    "template": "JsonMaskObjectNIVC",
+  "json_extraction_1024b": {
+    "file": "json/extraction",
+    "template": "JSONExtraction",
     "params": [
       1024,
-      10,
       10
     ]
-  },
-  "json_mask_array_index_1024b": {
-    "file": "json/nivc/masker",
-    "template": "JsonMaskArrayIndexNIVC",
-    "params": [
-      1024,
-      10
-    ]
-  },
-  "json_extract_value_1024b": {
-    "file": "json/nivc/extractor",
-    "template": "MaskExtractFinal",
-    "params": [
-      1024,
-      50
-    ]
   }
 }
diff --git a/circuits/chacha20/nivc/chacha20_nivc.circom → circuits/chacha20/authentication.circom b/circuits/chacha20/nivc/chacha20_nivc.circom → circuits/chacha20/authentication.circom
@@ -2,11 +2,12 @@
 // modified for our needs
 pragma circom 2.1.9;
 
-include "../chacha-round.circom";
-include "../chacha-qr.circom";
-include "../../utils/bits.circom";
-include "../../utils/hash.circom";
-include "../../utils/array.circom";
+include "chacha-round.circom";
+include "chacha-qr.circom";
+include "../utils/bits.circom";
+include "../utils/hash.circom";
+include "../utils/array.circom";
+include "circomlib/circuits/poseidon.circom";
 
 
 /** ChaCha20 in counter mode */
@@ -23,7 +24,7 @@ include "../../utils/array.circom";
 // | # | N | N | N |
 // +---+---+---+---+
 // paramaterized by `DATA_BYTES` which is the plaintext length in bytes
-template ChaCha20_NIVC(DATA_BYTES) {
+template PlaintextAuthentication(DATA_BYTES) {
   // key => 8 32-bit words = 32 bytes
   signal input key[8][32];
   // nonce => 3 32-bit words = 12 bytes
@@ -33,22 +34,22 @@ template ChaCha20_NIVC(DATA_BYTES) {
 
   // the below can be both ciphertext or plaintext depending on the direction
   // in => N 32-bit words => N 4 byte words
-  signal input plainText[DATA_BYTES];
+  signal input plaintext[DATA_BYTES];
 
-  // step_in should be the ciphertext digest
+  // step_in should be the ciphertext digest + the HTTP digests + JSON seq digest
   signal input step_in[1];
 
   // step_out should be the plaintext digest
   signal output step_out[1];
 
-  signal isPadding[DATA_BYTES];
+  signal isPadding[DATA_BYTES]; // == 1 in the case we hit padding number
   signal plaintextBits[DATA_BYTES / 4][32];
   component toBits[DATA_BYTES / 4];
   for (var i = 0 ; i < DATA_BYTES / 4 ; i++) {
     toBits[i] = fromWords32ToLittleEndian();
     for (var j = 0 ; j < 4 ; j++) {
-      isPadding[i * 4 + j]         <== IsEqual()([plainText[i * 4 + j], -1]);
-      toBits[i].words[j] <== (1 - isPadding[i * 4 + j]) * plainText[i*4 + j];
+      isPadding[i * 4 + j]         <== IsEqual()([plaintext[i * 4 + j], -1]);
+      toBits[i].words[j] <== (1 - isPadding[i * 4 + j]) * plaintext[i*4 + j];
     }
     plaintextBits[i] <== toBits[i].data;
   }
@@ -130,7 +131,7 @@ template ChaCha20_NIVC(DATA_BYTES) {
 
   component toCiphertextBytes[DATA_BYTES / 4];
   signal bigEndianCiphertext[DATA_BYTES];
-  
+
   for (var i = 0 ; i < DATA_BYTES / 4 ; i++) {
     toCiphertextBytes[i] = fromLittleEndianToWords32();
     for (var j = 0 ; j < 32 ; j++) {
@@ -141,9 +142,15 @@ template ChaCha20_NIVC(DATA_BYTES) {
     }
   }
 
-  signal ciphertext_hash <== DataHasher(DATA_BYTES)(bigEndianCiphertext);
-  step_in[0]             === ciphertext_hash;
+  signal ciphertext_digest <== DataHasher(DATA_BYTES)(bigEndianCiphertext);
 
-  signal plaintext_hash <== DataHasher(DATA_BYTES)(plainText);
-  step_out[0]           <== plaintext_hash;
+  signal zeroed_plaintext[DATA_BYTES];
+  for(var i = 0 ; i < DATA_BYTES ; i++) {
+     // Sets any padding bytes to zero (which are presumably at the end) so they don't accum into the poly hash
+    zeroed_plaintext[i] <== (1 - isPadding[i]) * plaintext[i];
+  }
+  signal plaintext_digest   <== PolynomialDigest(DATA_BYTES)(zeroed_plaintext, ciphertext_digest);
+  signal plaintext_digest_hashed <== Poseidon(1)([plaintext_digest]);
+  // TODO: I'm not sure we need to subtract the CT digest
+  step_out[0] <== step_in[0] - ciphertext_digest + plaintext_digest_hashed;
 }