feat: update gnark to v0.9.1

Author: mattstam

go.mod

@@ -3,26 +3,31 @@ module github.com/worldcoin/semaphore-mtb-setup
 go 1.19
 
 require (
-	github.com/consensys/gnark v0.8.0
-	github.com/consensys/gnark-crypto v0.9.1
+	github.com/consensys/gnark v0.9.1
+	github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/worldcoin/ptau-deserializer v0.1.3
 )
 
 require (
+	github.com/bits-and-blooms/bitset v1.8.0 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/consensys/bavard v0.1.13 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
-	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fxamacker/cbor/v2 v2.5.0 // indirect
+	github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mmcloughlin/addchain v0.4.0 // indirect
-	github.com/rs/zerolog v1.29.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rs/zerolog v1.30.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/stretchr/testify v1.8.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	rsc.io/tmplfunc v0.0.3 // indirect
 )

go.sum

@@ -1,22 +1,27 @@
+github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c=
+github.com/bits-and-blooms/bitset v1.8.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
 github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
-github.com/consensys/gnark v0.8.0 h1:0bQ2MyDG4oNjMQpNyL8HjrrUSSL3yYJg0Elzo6LzmcU=
-github.com/consensys/gnark v0.8.0/go.mod h1:aKmA7dIiLbTm0OV37xTq0z+Bpe4xER8EhRLi6necrm8=
-github.com/consensys/gnark-crypto v0.9.1 h1:mru55qKdWl3E035hAoh1jj9d7hVnYY5pfb6tmovSmII=
-github.com/consensys/gnark-crypto v0.9.1/go.mod h1:a2DQL4+5ywF6safEeZFEPGRiiGbjzGFRUN2sg06VuU4=
+github.com/consensys/gnark v0.9.1 h1:aTwBp5469MY/2jNrf4ABrqHRW3+JytfkADdw4ZBY7T0=
+github.com/consensys/gnark v0.9.1/go.mod h1:udWvWGXnfBE7mn7BsNoGAvZDnUhcONBEtNijvVjfY80=
+github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb h1:f0BMgIjhZy4lSRHCXFbQst85f5agZAjtDMixQqBWNpc=
+github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
-github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE=
+github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
+github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b h1:h9U78+dx9a4BKdQkBBos92HalKpaGKHrp+3Uo6yTodo=
+github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
@@ -30,12 +35,15 @@ github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqky
 github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.29.1 h1:cO+d60CHkknCbvzEWxP0S9K6KqyTjrCNUy1LdQLCGPc=
-github.com/rs/zerolog v1.29.1/go.mod h1:Le6ESbR7hc+DP6Lt1THiV8CQSdkkNrd3R0XbEgp3ZBU=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.30.0 h1:SymVODrcRsaRaSInD9yQtKbtWqwsfoPcRff/oRXLj4c=
+github.com/rs/zerolog v1.30.0/go.mod h1:/tk+P47gFdPXq4QYjvCmT5/Gsug2nagsFWBWhAiSi1w=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
 github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/worldcoin/ptau-deserializer v0.1.3 h1:VU9k9EaEZ6tSpfqf11md9eoyglOEmuNaEOA0btcM5yI=
@@ -44,14 +52,19 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=
 rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA=

keys/keys.go

@@ -26,7 +26,7 @@ type VerifyingKey struct {
 		Beta, Delta, Gamma bn254.G2Affine
 	}
 
-	CommitmentKey  pedersen.Key
+	CommitmentKey  pedersen.VerifyingKey
 	CommitmentInfo constraint.Commitment // since the verifier doesn't input a constraint system, this needs to be provided here
 }
 
@@ -308,7 +308,7 @@ func extractVK(phase2Path string) error {
 	if err := decEvals.Decode(&ckk); err != nil {
 		return err
 	}
-	vk.CommitmentKey, err = pedersen.Setup(ckk)
+	_, vk.CommitmentKey, err = pedersen.Setup(ckk)
 	if err != nil {
 		return err
 	}

phase2/utils.go

@@ -62,12 +62,23 @@ func processHeader(r1csPath string, phase1File, phase2File *os.File) (*phase1.He
 		return nil, nil, fmt.Errorf("phase 1 parameters can support up to %d, but the circuit #Constraints are %d", N, header2.Constraints)
 	}
 	// Initialize Domain, #Wires, #Witness, #Public, #PrivateCommitted
+
+	// Calculate number of private commitments
+	commitments, ok := r1cs.CommitmentInfo.(constraint.Groth16Commitments)
+	if !ok {
+		return nil, nil, errors.New("commitment info is not of type Groth16Commitments")
+	}
+	privateCommittedNum := 0
+	for _, commitment := range commitments {
+		privateCommittedNum += len(commitment.PrivateCommitted)
+	}
+
 	header2.Wires = r1cs.NbInternalVariables + r1cs.GetNbPublicVariables() + r1cs.GetNbSecretVariables()
-	header2.PrivateCommitted = r1cs.CommitmentInfo.NbPrivateCommitted
+	header2.PrivateCommitted = privateCommittedNum
 	header2.Public = r1cs.GetNbPublicVariables()
 	header2.Witness = r1cs.GetNbSecretVariables() + r1cs.NbInternalVariables - header2.PrivateCommitted
 
-	if r1cs.CommitmentInfo.Is() { // the commitment itself is defined by a hint so the prover considers it private
+	if Is(commitments) { // the commitment itself is defined by a hint so the prover considers it private
 		header2.Public++  // but the verifier will need to inject the value itself so on the groth16
 		header2.Witness-- // level it must be considered public
 	}
@@ -176,7 +187,7 @@ func processEvaluations(header1 *phase1.Header, header2 *Header, r1csPath string
 
 	// Accumlate {[A]₁}
 	buff := make([]bn254.G1Affine, header2.Wires)
-	for i, c := range r1cs.Constraints {
+	for i, c := range r1cs.GetR1Cs() {
 		for _, t := range c.L {
 			accumulateG1(&r1cs, &buff[t.WireID()], t, &tauG1[i])
 		}
@@ -189,7 +200,7 @@ func processEvaluations(header1 *phase1.Header, header2 *Header, r1csPath string
 	// Reset buff
 	buff = make([]bn254.G1Affine, header2.Wires)
 	// Accumlate {[B]₁}
-	for i, c := range r1cs.Constraints {
+	for i, c := range r1cs.GetR1Cs() {
 		for _, t := range c.R {
 			accumulateG1(&r1cs, &buff[t.WireID()], t, &tauG1[i])
 		}
@@ -213,7 +224,7 @@ func processEvaluations(header1 *phase1.Header, header2 *Header, r1csPath string
 		return err
 	}
 	// Accumlate {[B]₂}
-	for i, c := range r1cs.Constraints {
+	for i, c := range r1cs.GetR1Cs() {
 		for _, t := range c.R {
 			accumulateG2(&r1cs, &buff2[t.WireID()], t, &tauG2[i])
 		}
@@ -307,7 +318,7 @@ func processPVCKK(header1 *phase1.Header, header2 *Header, r1csPath string, phas
 		return err
 	}
 
-	for i, c := range r1cs.Constraints {
+	for i, c := range r1cs.GetR1Cs() {
 		// Output(Tau)
 		for _, t := range c.O {
 			accumulateG1(&r1cs, &L[t.WireID()], t, &buffSRS[i])
@@ -318,7 +329,7 @@ func processPVCKK(header1 *phase1.Header, header2 *Header, r1csPath string, phas
 	if err := dec.Decode(&buffSRS); err != nil {
 		return err
 	}
-	for i, c := range r1cs.Constraints {
+	for i, c := range r1cs.GetR1Cs() {
 		// Right(AlphaTauG1)
 		for _, t := range c.R {
 			accumulateG1(&r1cs, &L[t.WireID()], t, &buffSRS[i])
@@ -329,14 +340,19 @@ func processPVCKK(header1 *phase1.Header, header2 *Header, r1csPath string, phas
 	if err := dec.Decode(&buffSRS); err != nil {
 		return err
 	}
-	for i, c := range r1cs.Constraints {
+	for i, c := range r1cs.GetR1Cs() {
 		// Left(BetaTauG1)
 		for _, t := range c.L {
 			accumulateG1(&r1cs, &L[t.WireID()], t, &buffSRS[i])
 		}
 	}
 
-	pkk, vkk, ckk := filterL(L, header2, &r1cs.CommitmentInfo)
+	commitments, ok := r1cs.CommitmentInfo.(constraint.Groth16Commitments)
+	if !ok {
+		return errors.New("commitment info is not of type Groth16Commitments")
+	}
+
+	pkk, vkk, ckk := filterL(L, header2, commitments)
 	// Write PKK
 	for i := 0; i < len(pkk); i++ {
 		if err := enc.Encode(&pkk[i]); err != nil {
@@ -534,23 +550,42 @@ func aggregate(inputDecoder, originDecoder *bn254.Decoder, size int) (*bn254.G1A
 	return &inG, &orG, nil
 }
 
-func filterL(L []bn254.G1Affine, header2 *Header, cmtInfo *constraint.Commitment) ([]bn254.G1Affine, []bn254.G1Affine, []bn254.G1Affine) {
+func filterL(L []bn254.G1Affine, header2 *Header, cmtInfo constraint.Groth16Commitments) ([]bn254.G1Affine, []bn254.G1Affine, []bn254.G1Affine) {
 	pkk := make([]bn254.G1Affine, header2.Witness)
 	vkk := make([]bn254.G1Affine, header2.Public)
 	ckk := make([]bn254.G1Affine, header2.PrivateCommitted)
 	vI, cI := 0, 0
+
+	commitmentIndexes := make(map[int]struct{})
+	for _, c := range cmtInfo {
+		commitmentIndexes[c.CommitmentIndex] = struct{}{}
+	}
+
+	numPrivateCommitted := 0
+	for _, commitment := range cmtInfo {
+		numPrivateCommitted += len(commitment.PrivateCommitted)
+	}
+
 	for i := range L {
-		isCommittedPrivate := cI < cmtInfo.NbPrivateCommitted && i == cmtInfo.PrivateCommitted()[i]
-		isCommitment := cmtInfo.Is() && i == cmtInfo.CommitmentIndex
+		_, isCommitment := commitmentIndexes[i]
+		isCommittedPrivate := cI < numPrivateCommitted
 		isPublic := i < header2.Public
+
 		if isCommittedPrivate {
-			ckk[cI].Set(&L[i])
-			cI++
+			if cI < len(ckk) {
+				ckk[cI].Set(&L[i])
+				cI++
+			}
 		} else if isCommitment || isPublic {
-			vkk[vI].Set(&L[i])
-			vI++
+			if vI < len(vkk) {
+				vkk[vI].Set(&L[i])
+				vI++
+			}
 		} else {
-			pkk[i-cI-vI].Set(&L[i])
+			pIndex := i - cI - vI
+			if pIndex >= 0 && pIndex < len(pkk) {
+				pkk[pIndex].Set(&L[i])
+			}
 		}
 	}
 
@@ -594,3 +629,14 @@ func readPhase1(phase1File *os.File, power byte) (*bn254.G1Affine, *bn254.G1Affi
 	return &alpha, &beta1, &beta2, nil
 
 }
+
+func Is(commitments constraint.Groth16Commitments) bool {
+	var isCommitted bool
+	for _, commitment := range commitments {
+		if len(commitment.PublicAndCommitmentCommitted) > 0 || len(commitment.PrivateCommitted) > 0 {
+			isCommitted = true
+			break
+		}
+	}
+	return isCommitted
+}