Merge pull request #67 from 0xPolygonHermez/feature/multipleVerifier

StarkVerifier to support different verifiers same circom
0xPolygonHermez · Mar 14, 2024 · 50e9e61 · 50e9e61
2 parents 6ffd28c + 8571b6c
commit 50e9e61
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 16 deletions.
diff --git a/circuits.gl/stark_verifier.circom.ejs b/circuits.gl/stark_verifier.circom.ejs
@@ -13,6 +13,8 @@ include "merklehash_gpu.circom";
 <% } else { -%>
 include "merklehash.circom";
 <% } -%>
+
+<% let index = options.index; -%>
 <%
 class Transcript {
     constructor() {
@@ -249,7 +251,7 @@ class Transcript {
 /* 
     Calculate the transcript
 */ 
-template Transcript() {
+template Transcript<%- index %>() {
 
     signal input publics[<%- starkInfo.nPublics %>];
     signal input rootC[4];
@@ -306,7 +308,7 @@ template Transcript() {
 /*
     Verify that FRI polynomials are built properly
 */
-template parallel VerifyFRI(nBitsExt, prevStepBits, currStepBits, nextStepBits, e0) {
+template parallel VerifyFRI<%- index %>(nBitsExt, prevStepBits, currStepBits, nextStepBits, e0) {
     var nextStep = currStepBits - nextStepBits; 
     var step = prevStepBits - currStepBits;
 
@@ -341,7 +343,7 @@ template parallel VerifyFRI(nBitsExt, prevStepBits, currStepBits, nextStepBits,
 /* 
     Verify that all committed polynomials are calculated correctly
 */
-template parallel VerifyEvaluations() {
+template parallel VerifyEvaluations<%- index %>() {
 <% if (starkInfo.mapSectionsN.cm2_2ns > 0) { -%>
     signal input challenges0[3];
     signal input challenges1[3];
@@ -402,7 +404,7 @@ template parallel VerifyEvaluations() {
     Verify that the initial FRI polynomial, which is the lineal combination of the committed polynomials
     during the STARK phases, is built properly
 */
-template parallel VerifyQuery(currStepBits, nextStepBits) {
+template parallel VerifyQuery<%- index %>(currStepBits, nextStepBits) {
     var nextStep = currStepBits - nextStepBits; 
     signal input ys[<%- starkStruct.steps[0].nBits %>];
     signal input challenges5[3];
@@ -425,7 +427,7 @@ template parallel VerifyQuery(currStepBits, nextStepBits) {
 
     // Map the s0_vals so that they are converted either into single vars (if they belong to base field) or arrays of 3 elements (if 
     // they belong to the extended field). 
-    component mapValues = MapValues();
+    component mapValues = MapValues<%- index %>();
     mapValues.vals1 <== tree1;
 <% if (starkInfo.mapSectionsN.cm2_2ns > 0) { -%>
     mapValues.vals2 <== tree2;
@@ -468,7 +470,7 @@ template parallel VerifyQuery(currStepBits, nextStepBits) {
 // Q (quotient) or h_i (plookup) will have dim 3.
 // This function processes the values, which are stored in an array vals[n] and splits them in multiple signals of size 1 (vals_i) 
 // or 3 (vals_i[3]) depending on its dimension.
-template MapValues() {
+template MapValues<%- index %>() {
     signal input vals1[<%- starkInfo.mapSectionsN.cm1_2ns %>];
 <% if (starkInfo.mapSectionsN.cm2_2ns > 0) { -%>
     signal input vals2[<%- starkInfo.mapSectionsN.cm2_2ns %>];
@@ -502,7 +504,7 @@ template MapValues() {
 <% }                                                                             -%>
 }
 
-template parallel VerifyFinalPol() {
+template parallel VerifyFinalPol<%- index %>() {
     ///////
     // Check Degree last pol
     ///////
@@ -529,7 +531,7 @@ template parallel VerifyFinalPol() {
         _ <== lastIFFT[k];
     }
 }
-template StarkVerifier() {
+template StarkVerifier<%- index %>() {
     signal input publics[<%- starkInfo.nPublics %>]; // constant polynomials
     signal input root1[4]; // Merkle tree root of the evaluations of all trace polynomials
     signal input root2[4]; // Merkle tree root of the evaluations of polynomials h1 and h2 used for the plookup
@@ -621,7 +623,7 @@ template StarkVerifier() {
     // Calculate challenges, s_i special and queries
     ///////////
 
-    (challenges,ys,<%- si_specials.join(",") %>) <== Transcript()(publics,rootC,root1,root2,root3,root4,evals, <%- si_roots.join(",") %>,finalPol);
+    (challenges,ys,<%- si_specials.join(",") %>) <== Transcript<%- index %>()(publics,rootC,root1,root2,root3,root4,evals, <%- si_roots.join(",") %>,finalPol);
 
     ///////////
     // Check constraints polynomial in the evaluation point
@@ -632,7 +634,7 @@ template StarkVerifier() {
         challengesEvaluations.unshift(...["challenges[0]", "challenges[1]"]);
     }
 -%> 
-    VerifyEvaluations()(<%- challengesEvaluations.join(", ") %>, evals, publics, enable);
+    VerifyEvaluations<%- index %>()(<%- challengesEvaluations.join(", ") %>, evals, publics, enable);
 
     ///////////
     // Preprocess s_i vals
@@ -745,7 +747,7 @@ template StarkVerifier() {
 -%>
         // Verify that the query is properly constructed. This is done by checking that the linear combination of the set of 
         // polynomials committed during the different rounds evaluated at z matches with the commitment of the FRI polynomial (unsure)
-        VerifyQuery(<%- starkStruct.steps[0].nBits %>, <%- nextStep %>)(ys[q], challenges[5], challenges[6], challenges[7], evals, <%- queryVals.join(", ") %>, <%- nextValsPol %>, enable);
+        VerifyQuery<%- index %>(<%- starkStruct.steps[0].nBits %>, <%- nextStep %>)(ys[q], challenges[5], challenges[6], challenges[7], evals, <%- queryVals.join(", ") %>, <%- nextValsPol %>, enable);
 
         ///////////
         // Verify FRI construction
@@ -761,13 +763,13 @@ template StarkVerifier() {
 <%  const nextPolFRI = s < starkStruct.steps.length-1 ? `s${s+1}_vals_p[q]` : "finalPol"; -%>
 <%  const nextStepFRI = s < starkStruct.steps.length-1 ? starkStruct.steps[s+1].nBits : 0; -%>
 <%  const e0 = F.inv(F.exp(F.shift, 1 << (starkStruct.nBitsExt -starkStruct.steps[s-1].nBits) ) ) -%>
-        VerifyFRI(<%- starkStruct.nBitsExt %>, <%- starkStruct.steps[s-1].nBits %>, <%- starkStruct.steps[s].nBits %>, <%- nextStepFRI %>, <%- e0 %>)(s<%- s %>_ys, s<%- s %>_specialX, s<%- s %>_vals_p[q], <%- nextPolFRI %>, enable);
+        VerifyFRI<%- index %>(<%- starkStruct.nBitsExt %>, <%- starkStruct.steps[s-1].nBits %>, <%- starkStruct.steps[s].nBits %>, <%- nextStepFRI %>, <%- e0 %>)(s<%- s %>_ys, s<%- s %>_specialX, s<%- s %>_vals_p[q], <%- nextPolFRI %>, enable);
 <% } -%>
     }
 
-    VerifyFinalPol()(finalPol, enable);
+    VerifyFinalPol<%- index %>()(finalPol, enable);
 }
 
 <% if (!options.skipMain) {  -%>
-component main {public [publics]}= StarkVerifier();
+component main {public [publics]}= StarkVerifier<%- index %>();
 <% } -%>
diff --git a/src/main_pil2circom.js b/src/main_pil2circom.js
@@ -15,11 +15,10 @@ const argv = require("yargs")
     .alias("v", "verkey")
     .alias("o", "output")
     .string("arity")
+    .string("index")
     .argv;
 
 async function run() {
-    const F = new F3g();
-
     const starkInfoFIle = typeof(argv.starkinfo) === "string" ?  argv.starkinfo.trim() : "starkinfo.json";
     const verKeyFile = typeof(argv.verkey) === "string" ?  argv.verkey.trim() : "mycircuit.verkey.json";
     const outputFile = typeof(argv.output) === "string" ?  argv.output.trim() : "mycircuit.verifier.circom";
@@ -40,6 +39,10 @@ async function run() {
         console.log(`Arity: ${options.arity}`);
     }
 
+    if(argv.index) {
+        options.index = Number(argv.index);
+    }
+
     const verifier = await pil2circom(constRoot, starkInfo, options);
 
     await fs.promises.writeFile(outputFile, verifier, "utf8");