search

anoma / vamp-ir

Vamp-IR is a proof-system-agnostic language for writing arithmetic circuits
https://anoma.github.io/VampIR-Book/
Apache License 2.0
156 stars 44 forks source link

Add halo2 proof and verify API #120

Closed paulcadman closed 1 year ago

paulcadman commented 1 year ago

This PR adds API for prove and verify

pub fn prove(
    circuit_data: &HaloCircuitData,
    named_assignments: &HashMap<impl AsRef<str>, Fp>,
    config: &Config,
) -> Result<ProofDataHalo2, Error>
pub fn verify(
    proof_data: &ProofDataHalo2,
    named_public_assignments: &HashMap<impl AsRef<str>, Fp>,
    _config: &Config,
) -> Result<(), Error>

The prove API returns ProofDataHalo2 does not contain the public inputs or the circuit, it does contain the verifyingkey.

pub struct ProofDataHalo2 {
    pub proof: Vec<u8>,
    pub verifying_key: VerifyingKey<EqAffine>,
    pub public_fields: Vec<String>,
    pub params: Params<EqAffine>,
}

This does not affect the prove CLI, which still writes out the public inputs within the proof file.

Callers of the verify API must provide the proof_data and the public assignments. The public_fields field is used to pass the public instances in the correct order to the halo2 verify API.

paulcadman commented 1 year ago

Perhaps the Params should be an input to the API, rather than computed by vamp-ir for each proof call? If the Params argument is common to all circuits, perhaps it could be computed and reused statically by vamp-ir?

AHartNtkn commented 1 year ago

I'm probably not the best person to review this since I'm not super familiar with interacting with halo2. I've looked through all the code and it seems reasonable to me. I also built the repo and ran the tests; the tests seem reasonable, but I'm not the right person to assess coverage, and they do pass.

lopeetall commented 1 year ago

Perhaps the Params should be an input to the API, rather than computed by vamp-ir for each proof call? If the Params argument is common to all circuits, perhaps it could be computed and reused statically by vamp-ir?

I agree with this---this would help to unify the APIs for Halo2 and Plonk and should be suitable for any conceivable future backend. There should be an option to generate new params, or load params from somewhere else.

This PR is good as is, so I will merge it so it isn't blocking Taiga stuff any longer.