Merge branch 'main' into main

hydra/garaga/precompiled_circuits/compilable_circuits/ultra_honk.py

@@ -168,11 +168,10 @@ def input_map(self) -> dict:
         imap["p_public_inputs"] = (structs.u256Span, self.vk.public_inputs_size)
         imap["p_public_inputs_offset"] = structs.u384
 
-        for i in range(self.vk.log_circuit_size):
-            imap[f"sumcheck_univariate_{i}"] = (
-                structs.u256Span,
-                hk.BATCHED_RELATION_PARTIAL_LENGTH,
-            )
+        imap["sumcheck_univariates_flat"] = (
+            structs.u256Span,
+            self.vk.log_circuit_size * hk.BATCHED_RELATION_PARTIAL_LENGTH,
+        )
 
         imap["sumcheck_evaluations"] = (
             structs.u256Span,
@@ -208,9 +207,16 @@ def _execute_circuit_logic(
             vars["p_public_inputs_offset"],
         )
 
+        sumcheck_univariates_flat = vars["sumcheck_univariates_flat"]
         sumcheck_univariates = []
         for i in range(self.vk.log_circuit_size):
-            sumcheck_univariates.append(vars[f"sumcheck_univariate_{i}"])
+            sumcheck_univariates.append(
+                sumcheck_univariates_flat[
+                    i
+                    * hk.BATCHED_RELATION_PARTIAL_LENGTH : (i + 1)
+                    * hk.BATCHED_RELATION_PARTIAL_LENGTH
+                ]
+            )
 
         assert len(sumcheck_univariates) == self.vk.log_circuit_size
         assert len(sumcheck_univariates[0]) == hk.BATCHED_RELATION_PARTIAL_LENGTH
@@ -249,7 +255,7 @@ def __init__(
         auto_run: bool = True,
         compilation_mode: int = 1,
     ) -> None:
-        name = f"honk_prepare_msm_scalars_size_{vk.log_circuit_size}"
+        name = f"honk_prep_msm_scalars_size_{vk.log_circuit_size}"
         self.vk = vk
         self.scalar_indexes = []
         super().__init__(
@@ -261,7 +267,7 @@ def input_map(self) -> dict:
         imap = {}
 
         imap["p_sumcheck_evaluations"] = (structs.u256Span, hk.NUMBER_OF_ENTITIES)
-        imap["p_gemini_a_evaluations"] = (structs.u256Span, hk.CONST_PROOF_SIZE_LOG_N)
+        imap["p_gemini_a_evaluations"] = (structs.u256Span, self.vk.log_circuit_size)
         imap["tp_gemini_r"] = structs.u384
         imap["tp_rho"] = structs.u384
         imap["tp_shplonk_z"] = structs.u384

hydra/garaga/precompiled_circuits/honk.py

@@ -1,4 +1,5 @@
 import copy
+import math
 from dataclasses import dataclass, fields
 from enum import Enum, auto
 
@@ -58,6 +59,10 @@ class HonkProof:
     shplonk_q: G1Point
     kzg_quotient: G1Point
 
+    @property
+    def log_circuit_size(self) -> int:
+        return int(math.log2(self.circuit_size))
+
     def __post_init__(self):
         assert len(self.sumcheck_univariates) == CONST_PROOF_SIZE_LOG_N
         assert all(
@@ -243,18 +248,12 @@ def format_array(elements: list, span: bool = False) -> str:
         code += f"lookup_read_tags: {g1_to_g1point256(self.lookup_read_tags)},\n"
         code += f"lookup_inverses: {g1_to_g1point256(self.lookup_inverses)},\n"
 
-        # Format nested arrays for sumcheck_univariates
-        univariates_arrays = [
-            format_array(univariate, span=True)
-            for univariate in self.sumcheck_univariates
-        ]
-        code += (
-            f"sumcheck_univariates: array![{','.join(univariates_arrays)}].span(),\n"
-        )
+        # Flatten sumcheck_univariates array
+        code += f"sumcheck_univariates: {format_array(io.flatten(self.sumcheck_univariates)[:self.log_circuit_size * BATCHED_RELATION_PARTIAL_LENGTH], span=True)},\n"
 
         code += f"sumcheck_evaluations: {format_array(self.sumcheck_evaluations, span=True)},\n"
-        code += f"gemini_fold_comms: array![{', '.join(g1_to_g1point256(comm) for comm in self.gemini_fold_comms)}].span(),\n"
-        code += f"gemini_a_evaluations: {format_array(self.gemini_a_evaluations, span=True)},\n"
+        code += f"gemini_fold_comms: array![{', '.join(g1_to_g1point256(comm) for comm in self.gemini_fold_comms[:self.log_circuit_size - 1])}].span(),\n"
+        code += f"gemini_a_evaluations: {format_array(self.gemini_a_evaluations[:self.log_circuit_size], span=True)},\n"
         code += f"shplonk_q: {g1_to_g1point256(self.shplonk_q)},\n"
         code += f"kzg_quotient: {g1_to_g1point256(self.kzg_quotient)},\n"
         code += "};"
@@ -283,27 +282,35 @@ def serialize_G1Point256(g1_point: G1Point) -> list[int]:
         cd.extend(serialize_G1Point256(self.lookup_read_counts))
         cd.extend(serialize_G1Point256(self.lookup_read_tags))
         cd.extend(serialize_G1Point256(self.lookup_inverses))
-        cd.append(len(self.sumcheck_univariates))
-        for univariate in self.sumcheck_univariates:
-            cd.extend(
-                io.bigint_split_array(
-                    x=univariate, n_limbs=2, base=2**128, prepend_length=True
-                )
+        cd.extend(
+            io.bigint_split_array(
+                x=io.flatten(self.sumcheck_univariates)[
+                    : BATCHED_RELATION_PARTIAL_LENGTH * self.log_circuit_size
+                ],  # The rest is 0.
+                n_limbs=2,
+                base=2**128,
+                prepend_length=True,
             )
+        )
 
         cd.extend(
             io.bigint_split_array(
                 x=self.sumcheck_evaluations, n_limbs=2, base=2**128, prepend_length=True
             )
         )
 
-        cd.append(len(self.gemini_fold_comms))
-        for pt in self.gemini_fold_comms:
+        cd.append(self.log_circuit_size - 1)
+        for pt in self.gemini_fold_comms[
+            : self.log_circuit_size - 1
+        ]:  # The rest is G(1, 2)
             cd.extend(serialize_G1Point256(pt))
 
         cd.extend(
             io.bigint_split_array(
-                x=self.gemini_a_evaluations, n_limbs=2, base=2**128, prepend_length=True
+                x=self.gemini_a_evaluations[: self.log_circuit_size],
+                n_limbs=2,
+                base=2**128,
+                prepend_length=True,
             )
         )
         cd.extend(serialize_G1Point256(self.shplonk_q))
@@ -1685,16 +1692,16 @@ def compute_shplemini_msm_scalars(
                     batching_challenge, inverse_vanishing_evals[i + 2]
                 )
                 scalars[NUMBER_OF_ENTITIES + i + 1] = self.neg(scaling_factor)
+                constant_term_accumulator = self.add(
+                    constant_term_accumulator,
+                    self.mul(scaling_factor, p_gemini_a_evaluations[i + 1]),
+                )
             else:
                 # print(
                 #     f"dummy round {i}, index {NUMBER_OF_ENTITIES + i + 1} is set to 0"
                 # )
                 pass
 
-            constant_term_accumulator = self.add(
-                constant_term_accumulator,
-                self.mul(scaling_factor, p_gemini_a_evaluations[i + 1]),
-            )
             # skip last round:
             if i < self.log_n - 2:
                 batching_challenge = self.mul(batching_challenge, tp_shplonk_nu)

hydra/garaga/starknet/groth16_contract_generator/examples/proof_risc0.json

@@ -1,5 +1,5 @@
 {
-    "seal": "0x50bd1769096d29a4e342d93785757cde64ef07c09f317481f0ee9274f14281dc501c1b2e036ee070b7bd75b4f0253f7349afaa4074d73f77b09de60dd82d3fbeba8cc4a10dab619b389ed53ddfc3113e055729ff430a82f57d7edc24821e782653b9f1ba00558126e75bcb392a9a58d45af8489f4441d77e91d10c11dcea70c33c93f3ba03dab52a25735bb04f2526ec7289c1ee8912f921c4f5d380a5f906782f60044a0d44d7005528e1821e458e7bf108777452b2327ba1998710aa62e1e106858a302c0fe02760c5fda0000e039d263b2cc918eb2539da008bbbe7007f767d45d22d18f589ab466da35e0d0bfc300af4b0bc941a9897a863b48a2deb5f057c2f512c",
-    "image_id": "0xd01c15afa768a05b213a9e5fcdcc5724a2947e00098c7ec34ccbe2946bbc0013",
+    "seal": "0xc101b42b25016dc12080c5100a9841f324669460144c96d23619bb9e828e3a192c80ecfd1140eb491e6ba0b4b81afb4ff447e32cb9be3cecf003dc14959d680ae60dc11e040b0a98edd1abab11587de8a32f0095c37c7e43c03d7e5a709e0807c9c53a39127863b8b8ab606ee7527f4d1ff30a497b9c5c716b27946b68aad4408b6ab4d52bba359168a56baabe40a0da71463ccbeccab13c67e2029feb661b9e582cd1902fed2fbba2aa46f12326baf8e2b3bc85a413b25fed59692c4db8f6c3368bdbba2e0a48d161ea889d685b4ac1bd82c8ae190d35e656fd42d1086b362ad521acd22a62b65806ae08d4ca6ad0d6665bf8f4c9bd84717dc200adcd24e0cada3a621c",
+    "image_id": "0x01ebed7f56116d9fdbae4a81c29c07daf43b17a1d5e4dd6eb0e971d689ccf88a",
     "journal": "0x6a75737420612073696d706c652072656365697074"
 }

hydra/garaga/starknet/groth16_contract_generator/generator.py

@@ -8,7 +8,7 @@
 from garaga.starknet.cli.utils import create_directory, get_package_version
 from garaga.starknet.groth16_contract_generator.parsing_utils import Groth16VerifyingKey
 
-ECIP_OPS_CLASS_HASH = 0xC4B7AA28A27B5FB8D7D43928B2A3EE960CF5B4E06CB9AE1EE3F102400B1700
+ECIP_OPS_CLASS_HASH = 0x684D2756A4440C190A5FE54E367C0ABE33AEFA75084DEC2FFFC791B620C80E3
 
 
 def precompute_lines_from_vk(vk: Groth16VerifyingKey) -> StructArray:

hydra/garaga/starknet/groth16_contract_generator/parsing_utils.py

@@ -18,9 +18,9 @@
 from garaga.precompiled_circuits.multi_miller_loop import MultiMillerLoopCircuit
 
 # https://github.com/risc0/risc0-ethereum/blob/main/contracts/src/groth16/ControlID.sol
-RISC0_CONTROL_ROOT = 0x8B6DCF11D463AC455361B41FB3ED053FEBB817491BDEA00FDB340E45013B852E
+RISC0_CONTROL_ROOT = 0x8CDAD9242664BE3112ABA377C5425A4DF735EB1C6966472B561D2855932C0469
 RISC0_BN254_CONTROL_ID = (
-    0x05A022E1DB38457FB510BC347B30EB8F8CF3EDA95587653D0EAC19E1F10D164E
+    0x04446E66D300EB7FB45C9726BB53C793DDA407A62E9601618BB43C5C14657AC0
 )
 
 

hydra/garaga/starknet/honk_contract_generator/generator_honk.py

@@ -38,15 +38,14 @@ def gen_honk_circuits_code(vk: HonkVk) -> str:
     """
     header = """
 use core::circuit::{
-    RangeCheck96, AddMod, MulMod, u384, u96, circuit_add, circuit_sub, circuit_mul, circuit_inverse,
-    EvalCircuitTrait, CircuitOutputsTrait, CircuitModulus, AddInputResultTrait, CircuitInputs,
+    u384, circuit_add, circuit_sub, circuit_mul, circuit_inverse,
+    EvalCircuitTrait, CircuitOutputsTrait, CircuitInputs,
 };
 use garaga::core::circuit::AddInputResultTrait2;
 use garaga::ec_ops::FunctionFelt;
 use core::circuit::CircuitElement as CE;
 use core::circuit::CircuitInput as CI;
-use garaga::definitions::{
-    get_b, G1Point, u288, get_GRUMPKIN_modulus, get_BN254_modulus};
+use garaga::definitions::{G1Point, get_GRUMPKIN_modulus, get_BN254_modulus};
 use core::option::Option;\n
 """
     code = header
@@ -121,7 +120,7 @@ def gen_honk_verifier(
     precomputed_lines = precompute_lines_honk()
 
     constants_code = f"""
-    use garaga::definitions::{{G1Point, G2Point, G2Line, u384, u288}};
+    use garaga::definitions::{{G1Point, G2Line, u384, u288}};
     use garaga::utils::noir::HonkVk;
 
     {vk.serialize_to_cairo()}\n
@@ -156,16 +155,15 @@ def gen_honk_verifier(
 
 #[starknet::contract]
 mod UltraKeccakHonkVerifier {{
-    use garaga::definitions::{{G1Point, G1G2Pair, BN254_G1_GENERATOR, get_a, get_modulus, u384}};
+    use garaga::definitions::{{G1Point, G1G2Pair, BN254_G1_GENERATOR, get_a, get_modulus}};
     use garaga::pairing_check::{{multi_pairing_check_bn254_2P_2F, MPCheckHintBN254}};
-    use garaga::ec_ops::{{G1PointTrait, ec_safe_add, FunctionFelt,FunctionFeltTrait, DerivePointFromXHint, MSMHintBatched, compute_rhs_ecip, derive_ec_point_from_X, SlopeInterceptOutput}};
-    use garaga::ec_ops_g2::{{G2PointTrait}};
-    use garaga::basic_field_ops::{{add_mod_p, mul_mod_p}};
+    use garaga::ec_ops::{{G1PointTrait, ec_safe_add,FunctionFeltTrait, DerivePointFromXHint, MSMHintBatched, compute_rhs_ecip, derive_ec_point_from_X, SlopeInterceptOutput}};
+    use garaga::basic_field_ops::{{batch_3_mod_p}};
     use garaga::circuits::ec;
     use garaga::utils::neg_3;
     use super::{{vk, precomputed_lines, {sumcheck_function_name}, {prepare_scalars_function_name}, {lhs_ecip_function_name}}};
     use garaga::utils::noir::{{HonkProof, remove_unused_variables_sumcheck_evaluations, G2_POINT_KZG_1, G2_POINT_KZG_2}};
-    use garaga::utils::noir::keccak_transcript::{{HonkTranscriptTrait, Point256IntoCircuitPoint}};
+    use garaga::utils::noir::keccak_transcript::{{HonkTranscriptTrait, Point256IntoCircuitPoint, BATCHED_RELATION_PARTIAL_LENGTH}};
     use garaga::core::circuit::U64IntoU384;
     use core::num::traits::Zero;
     use core::poseidon::hades_permutation;
@@ -202,7 +200,7 @@ def gen_honk_verifier(
             let (sum_check_rlc, honk_check) = {sumcheck_function_name}(
                 p_public_inputs: full_proof.proof.public_inputs,
                 p_public_inputs_offset: full_proof.proof.public_inputs_offset.into(),
-                {', '.join([f'sumcheck_univariate_{i}: (*full_proof.proof.sumcheck_univariates.at({i}))' for i in range(vk.log_circuit_size)])},
+                sumcheck_univariates_flat: full_proof.proof.sumcheck_univariates.slice(0, log_n * BATCHED_RELATION_PARTIAL_LENGTH),
                 sumcheck_evaluations: remove_unused_variables_sumcheck_evaluations(
                     full_proof.proof.sumcheck_evaluations
                 ),
@@ -271,9 +269,8 @@ def gen_honk_verifier(
                                                     full_proof.proof.z_perm.into(),
                                                     ];
 
-            let n_gem_comms = vk.log_circuit_size-1;
-            for i in 0_u32..n_gem_comms {{
-                _points.append((*full_proof.proof.gemini_fold_comms.at(i)).into());
+            for gem_comm in full_proof.proof.gemini_fold_comms {{
+                _points.append((*gem_comm).into());
             }};
             _points.append(BN254_G1_GENERATOR);
             _points.append(full_proof.proof.kzg_quotient.into());
@@ -383,15 +380,7 @@ def gen_honk_verifier(
             );
 
             let mod_bn = get_modulus(0);
-            let c0: u384 = base_rlc_coeff.into();
-            let c1: u384 = mul_mod_p(c0, c0, mod_bn);
-            let c2 = mul_mod_p(c1, c0, mod_bn);
-
-            let zk_ecip_batched_rhs = add_mod_p(
-                add_mod_p(mul_mod_p(rhs_low, c0, mod_bn), mul_mod_p(rhs_high, c1, mod_bn), mod_bn),
-                mul_mod_p(rhs_high_shifted, c2, mod_bn),
-                mod_bn
-            );
+            let zk_ecip_batched_rhs = batch_3_mod_p(rhs_low, rhs_high, rhs_high_shifted, base_rlc_coeff.into(), mod_bn);
 
             let ecip_check = zk_ecip_batched_lhs == zk_ecip_batched_rhs;
 
@@ -456,11 +445,14 @@ def gen_honk_verifier(
     VK_PATH = (
         "hydra/garaga/starknet/honk_contract_generator/examples/vk_ultra_keccak.bin"
     )
-
+    VK_LARGE_PATH = (
+        "hydra/garaga/starknet/honk_contract_generator/examples/vk_large.bin"
+    )
     CONTRACTS_FOLDER = "src/contracts/"  # Do not change this
 
     FOLDER_NAME = (
         "noir_ultra_keccak_honk_example"  # '_curve_id' is appended in the end.
     )
 
     gen_honk_verifier(VK_PATH, CONTRACTS_FOLDER, FOLDER_NAME)
+    # gen_honk_verifier(VK_LARGE_PATH, CONTRACTS_FOLDER, FOLDER_NAME + "_large")

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "maturin"
 
 [project]
 name = "garaga"
-version = "0.15.0"
+version = "0.15.3"
 requires-python = ">=3.10,<3.11"
 dependencies = [
   "fastecdsa",

src/Scarb.toml

@@ -1,6 +1,6 @@
 [package]
 name = "garaga"
-version = "0.14.0"
+version = "0.15.3"
 edition = "2023_10"
 licence = "MIT"
 keywords = ["zk", "snarks", "curve", "pairing", "groth16", "plonk", "bls", "elliptic", "signature"]

src/contracts/groth16_example_bls12_381/src/groth16_verifier.cairo

@@ -18,7 +18,7 @@ mod Groth16VerifierBLS12_381 {
     use super::{N_PUBLIC_INPUTS, vk, ic, precomputed_lines};
 
     const ECIP_OPS_CLASS_HASH: felt252 =
-        0xc4b7aa28a27b5fb8d7d43928b2a3ee960cf5b4e06cb9ae1ee3f102400b1700;
+        0x684d2756a4440c190a5fe54e367c0abe33aefa75084dec2fffc791b620c80e3;
 
     #[storage]
     struct Storage {}

src/contracts/groth16_example_bn254/src/groth16_verifier.cairo

@@ -18,7 +18,7 @@ mod Groth16VerifierBN254 {
     use super::{N_PUBLIC_INPUTS, vk, ic, precomputed_lines};
 
     const ECIP_OPS_CLASS_HASH: felt252 =
-        0xc4b7aa28a27b5fb8d7d43928b2a3ee960cf5b4e06cb9ae1ee3f102400b1700;
+        0x684d2756a4440c190a5fe54e367c0abe33aefa75084dec2fffc791b620c80e3;
 
     #[storage]
     struct Storage {}