add README.md

README.md

@@ -0,0 +1,89 @@
+# sonobe
+
+Experimental folding schemes library implemented jointly by [0xPARC](https://0xparc.org/) and [PSE](https://pse.dev).
+
+<img align="right" style="width:30%;min-width:250px;margin-bottom:20px;" src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/sonobe.png">
+
+<b>Sonobe</b> is a modular library to fold arithmetic circuit instances in an Incremental Verifiable computation (IVC) style. It features multiple folding schemes and decider setups, allowing users to pick the scheme which best fit their needs.
+<br><br>
+Sonobe is conceived as an exploratory effort with the aim to push forward the practical side of folding schemes and advancing towards onchain (EVM) verification.
+<br><br>
+<i>"The <a href="https://en.wikipedia.org/wiki/Sonobe">Sonobe module</a> is one of the many units used to build modular origami. The popularity of Sonobe modular origami models derives from the simplicity of folding the modules, the sturdy and easy assembly, and the flexibility of the system."</i>
+
+<br>
+
+> **Warning**: experimental code, do not use in production.<br>
+> The code has not been audited. Several optimizations are also pending. Our focus so far has been on implementing the Nova and CycleFold schemes and achieving onchain (EVM) verification.
+
+## Schemes implemented
+
+Folding schemes implemented:
+
+- [Nova: Recursive Zero-Knowledge Arguments from Folding Schemes](https://eprint.iacr.org/2021/370.pdf), Abhiram Kothapalli, Srinath Setty, Ioanna Tzialla. 2021
+- [CycleFold: Folding-scheme-based recursive arguments over a cycle of elliptic curves](https://eprint.iacr.org/2023/1192.pdf), Abhiram Kothapalli, Srinath Setty. 2023
+
+Work in progress:
+
+- [HyperNova: Recursive arguments for customizable constraint systems](https://eprint.iacr.org/2023/573.pdf), Abhiram Kothapalli, Srinath Setty. 2023
+- [ProtoGalaxy: Efficient ProtoStar-style folding of multiple instances](https://eprint.iacr.org/2023/1106.pdf), Liam Eagen, Ariel Gabizon. 2023
+
+## Available frontends
+
+Available frontends to define the folded circuit:
+
+- [arkworks](https://github.com/arkworks-rs), arkworks contributors
+- [Circom](https://github.com/iden3/circom), iden3, 0Kims Association
+
+## Usage
+
+### Docs
+
+Detailed usage and design documentation can be found at [Sonobe docs](https://privacy-scaling-explorations.github.io/sonobe-docs/).
+
+### Folding Schemes introduction
+
+Folding schemes efficitently achieve incrementally verifiable computation (IVC), where the prover recursively proves the correct execution of the incremental computations.
+Once the IVC iterations are completed, the IVC proof is compressed into the Decider proof, a zkSNARK proof which proves that applying $n$ times the $F$ function (the circuit being folded) to the initial state ($z_0$) results in the final state ($z_n$).
+
+
+<p align="center">
+    <img src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/folding-main-idea-diagram.png" style="width:70%;" />
+</p>
+
+Where $w_i$ are the external witnesses used at each iterative step.
+
+In other words, it allows to prove efficiently that $z_n = F(...~F(F(F(F(z_0, w_0), w_1), w_2), ...), w_{n-1})$.
+
+
+### Overview of sonobe
+
+Sonobe is a folding schemes modular library to fold arithmetic circuit instances in an incremental verifiable computation (IVC) style. It also provides the tools required to generate a zkSNARK proof out of an IVC proof and to verify it on Ethereum's EVM.
+
+The development flow using Sonobe looks like:
+
+1. Define a circuit to be folded
+2. Set which folding scheme to be used (eg. Nova with CycleFold)
+3. Set a final decider to generate the final proof (eg. Spartan over Pasta curves)
+4. Generate the the decider verifier
+
+<p align="center">
+    <img src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/sonobe-lib-pipeline.png"/>
+</p>
+
+The folding scheme and decider used can be swapped with a few lines of code (eg. switching from a Decider that uses two Spartan proofs over a cycle of curves, to a Decider that uses a single Groth16 proof over the BN254 to be verified in an Ethereum smart contract).
+
+The [Sonobe docs](https://privacy-scaling-explorations.github.io/sonobe-docs/) contain more details about the usage and design of the library.
+
+Complete examples can be found at [folding-schemes/examples](https://github.com/privacy-scaling-explorations/sonobe/tree/main/folding-schemes/examples)
+
+## License
+
+Sonobe is [MIT Licensed](https://github.com/privacy-scaling-explorations/sonobe/blob/main/LICENSE).
+
+## Acknowledgments
+
+This project builds on top of multiple [arkworks](https://github.com/arkworks-rs) libraries. It uses Espresso system's [virtual polynomial](https://github.com/EspressoSystems/hyperplonk/blob/main/arithmetic/src/virtual_polynomial.rs) abstraction and its [SumCheck](https://github.com/EspressoSystems/hyperplonk/tree/main/subroutines/src/poly_iop/sum_check) implementation.
+
+The Solidity templates used in `nova_cyclefold_verifier.sol`, use [iden3](https://github.com/iden3/snarkjs/blob/master/templates/verifier_groth16.sol.ejs)'s Groth16 implementation and a KZG10 Solidity template adapted from [weijiekoh/libkzg](https://github.com/weijiekoh/libkzg).
+
+In addition to the direct code contributors who make this repository possible, this project has been made possible by many conversations with [Srinath Setty](https://github.com/srinathsetty), [Lev Soukhanov](https://github.com/levs57), [Matej Penciak](https://github.com/mpenciak), [Adrian Hamelink](https://github.com/adr1anh), [François Garillot](https://github.com/huitseeker), [Daniel Marin](https://github.com/danielmarinq), [Han Jian](https://github.com/han0110), [Wyatt Benno](https://github.com/wyattbenno777), [Nikkolas Gailly](https://github.com/nikkolasg) and [Nalin Bhardwaj](https://github.com/nalinbhardwaj), to whom we are grateful.

cli/README.md

@@ -1,4 +1,4 @@
-# Solidity Verifier
+# Solidity Verifiers CLI
                                     _____  ______  ______  ______  ______  ______  ______ 
                                     | |__| || |__| || |__| || |__| || |__| || |__| || |__| |
                                     |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
@@ -20,9 +20,9 @@
                                     |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
                                     |______||______||______||______||______||______||______|
 
-Welcome to Solidity Verifier, a powerful Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
+Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
 
-As an open-source project, Solidity Verifier is released under the GPL3 license.
+Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.
 
 ## Supported Protocols
 
@@ -37,36 +37,35 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
   - Example credit: [weijiekoh - KZG10 Verifier Contract](https://github.com/weijiekoh/libkzg/blob/master/sol/KZGVerifier.sol)
 
 - **Nova + CycleFold Decider:**
-  - Implements the decider circuit verification for the Nova zero-knowledge proof system in conjunction with the CycleFold protocol optimization.
+  - Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
   - Template inspiration and setup credit: [Han - revm/Solidity Contract Testing Functions](https://github.com/privacy-scaling-explorations/halo2-solidity-verifier/tree/main)
 
 ## Usage
 
 ```bash
-solidity-verifier [OPTIONS] -p <PROTOCOL> -pd <PROTOCOL_DATA> -o <OUTPUT_PATH>
+solidity-verifiers-cli [OPTIONS] -p <PROTOCOL> -d <PROTOCOL_DATA> -o <OUTPUT_PATH>
 ```
 
 A real use case (which was used to test the tool itself):
-`solidity-verifier -p groth16 -pd ./folding-verifier-solidity/assets/G16_test_vk_data`
+`solidity-verifiers-cli -p groth16 -d ./solidity-verifiers/assets/G16_test_vk_data`
 This would generate a Groth16 verifier contract for the given G16 data (which consists on the G16_Vkey only) and store this contract in `$pwd`.
 
 ### Options:
     -v, --verbose: Increase logging verbosity
     -q, --quiet: Decrease logging verbosity
     -p, --protocol <PROTOCOL>: Selects the protocol for which to generate the Decider circuit Solidity Verifier (possible values: groth16, kzg, nova-cyclefold)
-    -o, --out <OUT>: Sets the output path for all generated artifacts (default: /home/kr0/Desktop/HDD/ethereum/folding-schemes/verifier.sol)
+    -o, --out <OUT>: Sets the output path for all generated artifacts
     -d, --protocol-data <PROTOCOL_DATA>: Sets the input path for the file containing all the data required by the chosen protocol for verification contract generation
     --pragma <PRAGMA>: Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact
     -h, --help: Print help (see a summary with '-h')
     -V, --version: Print version
 
 ## License
-Solidity Verifier is released under the GPL3 license for any of the protocols that include `Groth16`. See the LICENSE file in the project repository for more details.
-For the rest of contracts/protocols and the CLI itself, this tooling is released under MIT/Apache license.
+Solidity Verifier CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers will have that license too.
 
 ## Contributing
-Feel free to explore, use, and contribute to Solidity Verifier as we strive to enhance privacy and scalability in the blockchain space!
-We welcome contributions to Solidity Verifier! If you encounter any issues, have feature requests, or want to contribute to the codebase, please check out the GitHub repository and follow the guidelines outlined in the contributing documentation.
+Feel free to explore, use, and contribute to Solidity Verifiers CLI as we strive to enhance privacy and scalability in the blockchain space!
+We welcome contributions to Solidity Verifiers CLI! If you encounter any issues, have feature requests, or want to contribute to the codebase, please check out the GitHub repository and follow the guidelines outlined in the contributing documentation.
 
 
 

cli/src/settings.rs

@@ -43,7 +43,7 @@ impl Protocol {
     }
 }
 
-const ABOUT: &str = "A powerful Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
+const ABOUT: &str = "A Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
 ";
 
 const LONG_ABOUT: &str = "
@@ -68,10 +68,9 @@ const LONG_ABOUT: &str = "
 |  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  ||  ()  |
 |______||______||______||______||______||______||______|
 
-Welcome to Solidity Verifier, a powerful Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
-for Zero Knowledge protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams. 
+Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
 
-As an open-source project, Solidity Verifier is released under the GPL3 license.
+Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.
 
 Solidity Verifier currently supports the generation of Solidity smart contracts for the verification of proofs in the following Zero Knowledge protocols:
 
@@ -82,13 +81,13 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
         Uses the Kate-Zaverucha-Goldberg polynomial commitment scheme.
 
     Nova + CycleFold Decider:
-        Implements the decider circuit verification for the Nova zero-knowledge proof system in conjunction with the CycleFold protocol optimization.
+        Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
 ";
 #[derive(Debug, Parser)]
 #[command(author = "0XPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
 #[command(propagate_version = true)]
 /// A tool to create Solidity Contracts which act as verifiers for the major Folding Schemes implemented
-/// within the `folding-schemes` repo.
+/// within the `sonobe` repo.
 pub(crate) struct Cli {
     #[command(flatten)]
     pub verbosity: clap_verbosity_flag::Verbosity,

folding-schemes/src/folding/nova/decider_eth_circuit.rs

@@ -493,7 +493,7 @@ where
         incircuit_c_E.enforce_equal(&kzg_c_E)?;
 
         // Check 7 is temporary disabled due
-        // https://github.com/privacy-scaling-explorations/folding-schemes/issues/80
+        // https://github.com/privacy-scaling-explorations/sonobe/issues/80
         //
         // 7. check eval_W==p_W(c_W) and eval_E==p_E(c_E)
         // let incircuit_eval_W = evaluate_gadget::<CF1<C1>>(W_i1.W, incircuit_c_W)?;
@@ -874,7 +874,7 @@ pub mod tests {
     }
 
     // The test test_polynomial_interpolation is temporary disabled due
-    // https://github.com/privacy-scaling-explorations/folding-schemes/issues/80
+    // https://github.com/privacy-scaling-explorations/sonobe/issues/80
     // for n<=11 it will work, but for n>11 it will fail with stack overflow.
     #[ignore]
     #[test]

solidity-verifiers/README.md

@@ -1,3 +1,6 @@
 # `solidity-verifiers`
 
-This crate implements templating logic to output verifier contracts for `folding-schemes`-generated decider proofs.
+This crate implements templating logic to output verifier contracts for `sonobe`-generated decider proofs.
+This crate is accompanied with the [cli](https://github.com/privacy-scaling-explorations/sonobe/tree/main/cli) crate, which allows to generate the Solidity contracts from the command line.
+
+To run the tests it needs [solc](https://docs.soliditylang.org/en/latest/installing-solidity.html) installed.

solidity-verifiers/templates/kzg10_verifier.askama.sol

@@ -1,7 +1,7 @@
 /**
  * @author  Privacy and Scaling Explorations team - pse.dev
  * @dev     Contains utility functions for ops in BN254; in G_1 mostly.
- * @notice  Forked from https://github.com/weijiekoh/libkzg/tree/master.
+ * @notice  Forked from https://github.com/weijiekoh/libkzg.
  * Among others, a few of the changes we did on this fork were:
  * - Templating the pragma version
  * - Removing type wrappers and use uints instead