Compatibility with circom

[m0bi5]

Circom is a project founded by iden3 and can be used to define custom circuits. The circom library outputs an r1cs file which I wish to use with libspartan. However, I have a hard time porting the r1cs format outputted by circom to spartan. The circom r1cs format is defined here - https://github.com/iden3/r1csfile/blob/master/doc/r1cs_bin_format.md

[srinathsetty]

@m0bi5 Spartan just needs R1CS matrices (A, B, C) representing the constraint system. Have you looked at converting circom constraints (https://github.com/iden3/r1csfile/blob/master/doc/r1cs_bin_format.md#constraints) into the required matrices?

Note that Spartan uses constraints defined over a prime field where p = 2^{252}+27742317777372353535851937790883648493. Can circom output constraints over a given prime p?

[m0bi5]

I believe that is not possible with circom as they use their own field internally. Therefore, I was unable to get the constraints outputted by circom to work with spartan. Hope to see a gadgets library of sorts (similar to bulletproofs) that will make it easy to write spartan compatible constraints!

[srinathsetty]

I see, got it. Yes, we are working on a bellman-style gadget library for Spartan.

Can you point me to the bulletproofs gadget library that you mention?

[m0bi5]

Not officially released as a library, but I found this to have a lot of commonly used circuits - https://github.com/lovesh/bulletproofs-r1cs-gadgets

[qti3e]

Just wanted to point out that it's easy to add support for any other prime to circom as I've already done in this commit:

https://github.com/iden3/circom/compare/master...qti3e:circom:master

You only need to run circom of this fork with --prime "7237005577332262213973186563042994240857116359379907606001950938285454250989

and it will use generate r1cs which is compatible with the curve Spartan is using, however, I am still trying to figure out how to map Circom's r1cs format into the matrices for Spartan.