From 967376e92877a6a596a82d2a95c50a8a0a96d2dc Mon Sep 17 00:00:00 2001 From: Ignasi Date: Tue, 29 Oct 2024 09:27:43 +0100 Subject: [PATCH] Upgrade sp1 verifier to v3 + improve comment at bridgev2 --- contracts/verifiers/PlonkVerifier.sol | 148 +++++++++--------- contracts/verifiers/SP1Verifier.sol | 5 +- docker/scripts/v2/deploy-docker.sh | 4 + docker/scripts/v2/deploy-dockerv2.sh | 1 + .../real-prover-sp1/test-inputs/input.json | 31 ++-- 5 files changed, 92 insertions(+), 97 deletions(-) diff --git a/contracts/verifiers/PlonkVerifier.sol b/contracts/verifiers/PlonkVerifier.sol index 3edd967b0..01efcba16 100644 --- a/contracts/verifiers/PlonkVerifier.sol +++ b/contracts/verifiers/PlonkVerifier.sol @@ -16,7 +16,7 @@ // Code generated by gnark DO NOT EDIT -pragma solidity ^0.8.20; +pragma solidity ^0.8.0; contract PlonkVerifier { uint256 private constant R_MOD = @@ -51,59 +51,62 @@ contract PlonkVerifier { // ----------------------- vk --------------------- uint256 private constant VK_NB_PUBLIC_INPUTS = 2; - uint256 private constant VK_DOMAIN_SIZE = 33554432; + uint256 private constant VK_DOMAIN_SIZE = 16777216; uint256 private constant VK_INV_DOMAIN_SIZE = - 21888242219518804655518433051623070663413851959604507555939307129453691614729; + 21888241567198334088790460357988866238279339518792980768180410072331574733841; uint256 private constant VK_OMEGA = - 19200870435978225707111062059747084165650991997241425080699860725083300967194; + 5709868443893258075976348696661355716898495876243883251619397131511003808859; uint256 private constant VK_QL_COM_X = - 7407214510609079145773511377600669946182675406099819935159338773180963032920; + 6698926252499501918627049539857227069908963353308522713401817428479361568440; uint256 private constant VK_QL_COM_Y = - 3889572140636551481918367605181004843678060827549237388417633453568279634611; + 390398004416183979452133282904065487059356531982837080656872214854553489350; uint256 private constant VK_QR_COM_X = - 13185587283948207039104909600533393134642892790477195397204788972655935187034; + 15880456667347413803865543437928881464825011023890441259779169206403913363151; uint256 private constant VK_QR_COM_Y = - 6451325745723191433786431885069978482139162540042467099835998301383703554688; + 3767941190808440189902161405604124601331914695906424222482338276374206831132; uint256 private constant VK_QM_COM_X = - 7831121084190844355678123756695098161028116896368533348735307958954908573570; + 5880611536603228408869722577745139096541545452210666651972026582265463007511; uint256 private constant VK_QM_COM_Y = - 21423217261232968699613611347737906259833622177052298937517042548376276313438; + 1224143639924163872305752448189325623163513756607992331286640139697358890946; uint256 private constant VK_QO_COM_X = - 12419033777431380552505290008781347497974878014421729798707093080965200361938; + 10784511595954287406993173499667136603239479748310285717260107338983244276060; uint256 private constant VK_QO_COM_Y = - 14405784914363318893588095549313718460584773062530955039336108755620243930516; + 18906558344705317932195383600423433585385784884571943386801247393368669782537; uint256 private constant VK_QK_COM_X = - 4811396650865004697225019631507960299372172242731495526799354745511476203569; + 8180704256866827100696103553863514644647533905025339515563713328928483788032; uint256 private constant VK_QK_COM_Y = - 10570898863026195981286955019805202755257962416067906968977768446967627177077; + 747878568663636575539538121119102874439625248674411200631787363393534765215; uint256 private constant VK_S1_COM_X = - 6968952419837705449998661901501008975958799249703100090180103311190010965871; + 15880661300853021639231473742380264628736914186438251569837407188944320716554; uint256 private constant VK_S1_COM_Y = - 1249467605411785301185223257548811095553790625974289413299263690359522154232; + 17368402498745842963461937676623436150527636742807769735472062133579682935390; uint256 private constant VK_S2_COM_X = - 4146220958340634117711137018067570486438638661164597634569826319047340086504; + 17774064061947492896572463203478116570275709112580707484534909374676668977524; uint256 private constant VK_S2_COM_Y = - 11514940594097180306355347346721706752308488755168473282895462849476778731992; + 10372960929593342938703206496348658292612468496655535789104353649836524032299; uint256 private constant VK_S3_COM_X = - 9448994237127116300590468875689047378195790180478128432750829709164772937855; + 21131795236225698179116006663026974130944823263770762203882565449801882913775; uint256 private constant VK_S3_COM_Y = - 19105625469644071502486127957107459666205424766333120347163247063872894908167; + 6122699356523015511637022172421089077159502502652656594712329899009208296070; uint256 private constant VK_COSET_SHIFT = 5; uint256 private constant VK_QCP_0_X = - 17454416295032677617185412985505503605684799782830882030707498476438392095244; + 9522352021536039370701096527024757579826875694034309808870403911322444208289; uint256 private constant VK_QCP_0_Y = - 19541761788913122331184139395510543772651753333302925962600032923013908029361; + 18911718139779028078468950841548487462498208718101892018848709759471198128993; - uint256 private constant VK_INDEX_COMMIT_API_0 = 18030217; + uint256 private constant VK_INDEX_COMMIT_API_0 = 8957791; uint256 private constant VK_NB_CUSTOM_GATES = 1; // ------------------------------------------------ + // size of the proof without call custom gate + uint256 private constant FIXED_PROOF_SIZE = 0x300; + // offset proof uint256 private constant PROOF_L_COM_X = 0x0; @@ -114,14 +117,14 @@ contract PlonkVerifier { uint256 private constant PROOF_O_COM_Y = 0xa0; // h = h_0 + x^{n+2}h_1 + x^{2(n+2)}h_2 - uint256 private constant PROOF_H_0_X = 0xc0; - uint256 private constant PROOF_H_0_Y = 0xe0; - uint256 private constant PROOF_H_1_X = 0x100; - uint256 private constant PROOF_H_1_Y = 0x120; - uint256 private constant PROOF_H_2_X = 0x140; - uint256 private constant PROOF_H_2_Y = 0x160; - - // wire values at zeta + uint256 private constant PROOF_H_0_COM_X = 0xc0; + uint256 private constant PROOF_H_0_COM_Y = 0xe0; + uint256 private constant PROOF_H_1_COM_X = 0x100; + uint256 private constant PROOF_H_1_COM_Y = 0x120; + uint256 private constant PROOF_H_2_COM_X = 0x140; + uint256 private constant PROOF_H_2_COM_Y = 0x160; + + // "evaluations of wire polynomials at zeta uint256 private constant PROOF_L_AT_ZETA = 0x180; uint256 private constant PROOF_R_AT_ZETA = 0x1a0; uint256 private constant PROOF_O_AT_ZETA = 0x1c0; @@ -146,9 +149,6 @@ contract PlonkVerifier { uint256 private constant PROOF_OPENING_QCP_AT_ZETA = 0x300; uint256 private constant PROOF_BSB_COMMITMENTS = 0x320; - // -> next part of proof is - // [ openings_selector_commits || commitments_wires_commit_api] - // -------- offset state // challenges to check the claimed quotient @@ -164,7 +164,7 @@ contract PlonkVerifier { uint256 private constant STATE_LINEARISED_POLYNOMIAL_Y = 0x100; uint256 private constant STATE_OPENING_LINEARISED_POLYNOMIAL_ZETA = 0x120; uint256 private constant STATE_FOLDED_CLAIMED_VALUES = 0x140; // Folded proof for the opening of H, linearised poly, l, r, o, s_1, s_2, qcp - uint256 private constant STATE_FOLDED_DIGESTS_X = 0x160; // folded digests of H, linearised poly, l, r, o, s_1, s_2, qcp + uint256 private constant STATE_FOLDED_DIGESTS_X = 0x160; // linearised poly, l, r, o, s_1, s_2, qcp uint256 private constant STATE_FOLDED_DIGESTS_Y = 0x180; uint256 private constant STATE_PI = 0x1a0; uint256 private constant STATE_ZETA_POWER_N_MINUS_ONE = 0x1c0; @@ -193,6 +193,7 @@ contract PlonkVerifier { uint8 private constant HASH_FR_TWO = 2; // -------- precompiles + uint8 private constant SHA2 = 0x2; uint8 private constant MOD_EXP = 0x5; uint8 private constant EC_ADD = 0x6; uint8 private constant EC_MUL = 0x7; @@ -239,7 +240,7 @@ contract PlonkVerifier { mstore(add(mem, STATE_PI), l_pi) compute_alpha_square_lagrange_0() - verify_opening_linearised_polynomial(proof.offset) + compute_opening_linearised_polynomial(proof.offset) fold_h(proof.offset) compute_commitment_linearised_polynomial(proof.offset) compute_gamma_kzg(proof.offset) @@ -259,6 +260,16 @@ contract PlonkVerifier { revert(ptError, 0x64) } + /// Called when an exponentiation mod r fails + function error_mod_exp() { + let ptError := mload(0x40) + mstore(ptError, ERROR_STRING_ID) // selector for function Error(string) + mstore(add(ptError, 0x4), 0x20) + mstore(add(ptError, 0x24), 0xc) + mstore(add(ptError, 0x44), "error mod exp") + revert(ptError, 0x64) + } + /// Called when an operation on Bn254 fails /// @dev for instance when calling EcMul on a point not on Bn254. function error_ec_op() { @@ -351,7 +362,7 @@ contract PlonkVerifier { /// Checks if the proof is of the correct size /// @param actual_proof_size size of the proof (not the expected size) function check_proof_size(actual_proof_size) { - let expected_proof_size := add(0x300, mul(VK_NB_CUSTOM_GATES, 0x60)) + let expected_proof_size := add(FIXED_PROOF_SIZE, mul(VK_NB_CUSTOM_GATES, 0x60)) if iszero(eq(actual_proof_size, expected_proof_size)) { error_proof_size() } } @@ -415,9 +426,6 @@ contract PlonkVerifier { let state := mload(0x40) let mPtr := add(state, STATE_LAST_MEM) - // gamma - // gamma in ascii is [0x67,0x61,0x6d, 0x6d, 0x61] - // (same for alpha, beta, zeta) mstore(mPtr, FS_GAMMA) // "gamma" mstore(add(mPtr, 0x20), VK_S1_COM_X) @@ -458,7 +466,7 @@ contract PlonkVerifier { let size := add(0x2c5, size_pi_in_bytes) size := add(size, mul(VK_NB_CUSTOM_GATES, 0x40)) - let l_success := staticcall(gas(), 0x2, add(mPtr, 0x1b), size, mPtr, 0x20) //0x1b -> 000.."gamma" + let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1b), size, mPtr, 0x20) //0x1b -> 000.."gamma" if iszero(l_success) { error_verify() } gamma_not_reduced := mload(mPtr) mstore(add(state, STATE_GAMMA), mod(gamma_not_reduced, R_MOD)) @@ -476,7 +484,7 @@ contract PlonkVerifier { // beta mstore(mPtr, FS_BETA) // "beta" mstore(add(mPtr, 0x20), gamma_not_reduced) - let l_success := staticcall(gas(), 0x2, add(mPtr, 0x1c), 0x24, mPtr, 0x20) //0x1b -> 000.."gamma" + let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1c), 0x24, mPtr, 0x20) //0x1b -> 000.."gamma" if iszero(l_success) { error_verify() } beta_not_reduced := mload(mPtr) mstore(add(state, STATE_BETA), mod(beta_not_reduced, R_MOD)) @@ -509,7 +517,7 @@ contract PlonkVerifier { // [Z], the commitment to the grand product polynomial calldatacopy(_mPtr, add(aproof, PROOF_GRAND_PRODUCT_COMMITMENT_X), 0x40) - let l_success := staticcall(gas(), 0x2, add(mPtr, 0x1b), full_size, mPtr, 0x20) + let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1b), full_size, mPtr, 0x20) if iszero(l_success) { error_verify() } alpha_not_reduced := mload(mPtr) @@ -528,8 +536,8 @@ contract PlonkVerifier { // zeta mstore(mPtr, FS_ZETA) // "zeta" mstore(add(mPtr, 0x20), alpha_not_reduced) - calldatacopy(add(mPtr, 0x40), add(aproof, PROOF_H_0_X), 0xc0) - let l_success := staticcall(gas(), 0x2, add(mPtr, 0x1c), 0xe4, mPtr, 0x20) + calldatacopy(add(mPtr, 0x40), add(aproof, PROOF_H_0_COM_X), 0xc0) + let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1c), 0xe4, mPtr, 0x20) if iszero(l_success) { error_verify() } let zeta_not_reduced := mload(mPtr) mstore(add(state, STATE_ZETA), mod(zeta_not_reduced, R_MOD)) @@ -564,22 +572,22 @@ contract PlonkVerifier { /// batch_compute_lagranges_at_z computes [L_0(z), .., L_{n-1}(z)] /// @param z point at which the Lagranges are evaluated /// @param zpnmo ζⁿ-1 - /// @param n number of public inputs (number of Lagranges to compute) + /// @param n_pub number of public inputs (number of Lagranges to compute) /// @param mPtr pointer to which the results are stored - function batch_compute_lagranges_at_z(z, zpnmo, n, mPtr) { + function batch_compute_lagranges_at_z(z, zpnmo, n_pub, mPtr) { let zn := mulmod(zpnmo, VK_INV_DOMAIN_SIZE, R_MOD) // 1/n * (ζⁿ - 1) let _w := 1 let _mPtr := mPtr - for { let i := 0 } lt(i, n) { i := add(i, 1) } { + for { let i := 0 } lt(i, n_pub) { i := add(i, 1) } { mstore(_mPtr, addmod(z, sub(R_MOD, _w), R_MOD)) _w := mulmod(_w, VK_OMEGA, R_MOD) _mPtr := add(_mPtr, 0x20) } - batch_invert(mPtr, n, _mPtr) + batch_invert(mPtr, n_pub, _mPtr) _mPtr := mPtr _w := 1 - for { let i := 0 } lt(i, n) { i := add(i, 1) } { + for { let i := 0 } lt(i, n_pub) { i := add(i, 1) } { mstore(_mPtr, mulmod(mulmod(mload(_mPtr), zn, R_MOD), _w, R_MOD)) _mPtr := add(_mPtr, 0x20) _w := mulmod(_w, VK_OMEGA, R_MOD) @@ -633,7 +641,6 @@ contract PlonkVerifier { z, zpnmo, add(nb_public_inputs, VK_INDEX_COMMIT_API_0), mPtr ) pi_commit := addmod(pi_commit, mulmod(h_fr, ith_lagrange, R_MOD), R_MOD) - p := add(p, 0x40) } /// Computes L_i(zeta) = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) where: @@ -689,7 +696,7 @@ contract PlonkVerifier { // size domain mstore8(add(mPtr, 0x8e), HASH_FR_SIZE_DOMAIN) - let l_success := staticcall(gas(), 0x2, mPtr, 0x8f, mPtr, 0x20) + let l_success := staticcall(gas(), SHA2, mPtr, 0x8f, mPtr, 0x20) if iszero(l_success) { error_verify() } let b0 := mload(mPtr) @@ -711,7 +718,7 @@ contract PlonkVerifier { mstore8(add(mPtr, 0x2b), 0x6b) mstore8(add(mPtr, 0x2c), HASH_FR_SIZE_DOMAIN) // size domain - l_success := staticcall(gas(), 0x2, mPtr, 0x2d, mPtr, 0x20) + l_success := staticcall(gas(), SHA2, mPtr, 0x2d, mPtr, 0x20) if iszero(l_success) { error_verify() } // b1 is located at mPtr. We store b2 at add(mPtr, 0x20) @@ -736,12 +743,12 @@ contract PlonkVerifier { mstore8(add(mPtr, 0x4c), HASH_FR_SIZE_DOMAIN) // size domain let offset := add(mPtr, 0x20) - l_success := staticcall(gas(), 0x2, offset, 0x2d, offset, 0x20) + l_success := staticcall(gas(), SHA2, offset, 0x2d, offset, 0x20) if iszero(l_success) { error_verify() } // at this point we have mPtr = [ b1 || b2] where b1 is on 32byes and b2 in 16bytes. // we interpret it as a big integer mod r in big endian (similar to regular decimal notation) - // the result is then 2**(8*16)*mPtr[32:] + mPtr[32:48] + // the result is then 2**(8*16)*mPtr[:32] + mPtr[32:48] res := mulmod(mload(mPtr), HASH_FR_BB, R_MOD) // <- res = 2**128 * mPtr[:32] let b1 := shr(128, mload(add(mPtr, 0x20))) // b1 <- [0, 0, .., 0 || b2[:16] ] res := addmod(res, b1, R_MOD) @@ -781,7 +788,7 @@ contract PlonkVerifier { // derive a random number. As there is no random generator, we // do an FS like challenge derivation, depending on both digests and - // ζ to ensure that the prover cannot control the random numger. + // ζ to ensure that the prover cannot control the random number. // Note: adding the other point ζω is not needed, as ω is known beforehand. mstore(mPtr, mload(add(state, STATE_FOLDED_DIGESTS_X))) mstore(add(mPtr, 0x20), mload(add(state, STATE_FOLDED_DIGESTS_Y))) @@ -793,7 +800,7 @@ contract PlonkVerifier { mstore(add(mPtr, 0xe0), calldataload(add(aproof, PROOF_OPENING_AT_ZETA_OMEGA_Y))) mstore(add(mPtr, 0x100), mload(add(state, STATE_ZETA))) mstore(add(mPtr, 0x120), mload(add(state, STATE_GAMMA_KZG))) - let random := staticcall(gas(), 0x2, mPtr, 0x140, mPtr, 0x20) + let random := staticcall(gas(), SHA2, mPtr, 0x140, mPtr, 0x20) if iszero(random) { error_random_generation() } random := mod(mload(mPtr), R_MOD) // use the same variable as we are one variable away from getting stack-too-deep error... @@ -854,6 +861,7 @@ contract PlonkVerifier { mstore(folded_quotients_y, sub(P_MOD, mload(folded_quotients_y))) mstore(mPtr, mload(folded_digests)) + mstore(add(mPtr, 0x20), mload(add(folded_digests, 0x20))) mstore(add(mPtr, 0x40), G2_SRS_0_X_0) // the 4 lines are the canonical G2 point on BN254 mstore(add(mPtr, 0x60), G2_SRS_0_X_1) @@ -883,7 +891,7 @@ contract PlonkVerifier { /// @notice Fold the opening proofs at ζ: /// * at state+state_folded_digest we store: [Linearised_polynomial]+γ[L] + γ²[R] + γ³[O] + γ⁴[S₁] +γ⁵[S₂] + ∑ᵢγ⁵⁺ⁱ[Pi_{i}] - /// * at state+state_folded_claimed_values we store: H(ζ) + γLinearised_polynomial(ζ)+γ²L(ζ) + γ³R(ζ)+ γ⁴O(ζ) + γ⁵S₁(ζ) +γ⁶S₂(ζ) + ∑ᵢγ⁶⁺ⁱPi_{i}(ζ) + /// * at state+state_folded_claimed_values we store: Linearised_polynomial(ζ)+γL(ζ) + γ²R(ζ)+ γ³O(ζ) + γ⁴S₁(ζ) +γ⁵S₂(ζ) + ∑ᵢγ⁵⁺ⁱPi_{i}(ζ) /// @param aproof pointer to the proof /// acc_gamma stores the γⁱ function fold_state(aproof) { @@ -896,10 +904,7 @@ contract PlonkVerifier { let acc_gamma := l_gamma_kzg let state_folded_digests := add(state, STATE_FOLDED_DIGESTS_X) - mstore( - add(state, STATE_FOLDED_DIGESTS_X), - mload(add(state, STATE_LINEARISED_POLYNOMIAL_X)) - ) + mstore(state_folded_digests, mload(add(state, STATE_LINEARISED_POLYNOMIAL_X))) mstore( add(state, STATE_FOLDED_DIGESTS_Y), mload(add(state, STATE_LINEARISED_POLYNOMIAL_Y)) @@ -910,7 +915,7 @@ contract PlonkVerifier { ) point_acc_mul_calldata( - add(state, STATE_FOLDED_DIGESTS_X), add(aproof, PROOF_L_COM_X), acc_gamma, mPtr + state_folded_digests, add(aproof, PROOF_L_COM_X), acc_gamma, mPtr ) fr_acc_mul_calldata( add(state, STATE_FOLDED_CLAIMED_VALUES), add(aproof, PROOF_L_AT_ZETA), acc_gamma @@ -1012,12 +1017,12 @@ contract PlonkVerifier { mstore(_mPtr, calldataload(add(aproof, PROOF_GRAND_PRODUCT_AT_ZETA_OMEGA))) let start_input := 0x1b // 00.."gamma" - let size_input := add(0x14, mul(VK_NB_CUSTOM_GATES, 3)) // number of 32bytes elmts = 0x17 (zeta+3*6 for the digests+openings) + 3*VK_NB_CUSTOM_GATES (for the commitments of the selectors) + 1 (opening of Z at ζω) + let size_input := add(0x14, mul(VK_NB_CUSTOM_GATES, 3)) // number of 32bytes elmts = 0x14 (zeta+3*6 for the digests+openings) + 3*VK_NB_CUSTOM_GATES (for the commitments of the selectors) + 1 (opening of Z at ζω) size_input := add(0x5, mul(size_input, 0x20)) // size in bytes: 15*32 bytes + 5 bytes for gamma let check_staticcall := staticcall( gas(), - 0x2, + SHA2, add(mPtr, start_input), size_input, add(state, STATE_GAMMA_KZG), @@ -1164,7 +1169,7 @@ contract PlonkVerifier { compute_commitment_linearised_polynomial_ec(aproof, s1, s2) } - /// @notice compute -z_h(ζ)*([H₁] + ζᵐ⁺²[H₂] + ζ²⁽ᵐ⁺²⁾[H₃]) and store the result at + /// @notice compute -z_h(ζ)*([H₁] + ζⁿ⁺²[H₂] + ζ²⁽ⁿ⁺²⁾[H₃]) and store the result at /// state + state_folded_h /// @param aproof pointer to the proof function fold_h(aproof) { @@ -1174,14 +1179,14 @@ contract PlonkVerifier { let zeta_power_n_plus_two := pow(mload(add(state, STATE_ZETA)), n_plus_two, mPtr) point_mul_calldata( add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_2_X), + add(aproof, PROOF_H_2_COM_X), zeta_power_n_plus_two, mPtr ) point_add_calldata( add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_1_X), + add(aproof, PROOF_H_1_COM_X), mPtr ) point_mul( @@ -1193,7 +1198,7 @@ contract PlonkVerifier { point_add_calldata( add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_0_X), + add(aproof, PROOF_H_0_COM_X), mPtr ) point_mul( @@ -1210,7 +1215,7 @@ contract PlonkVerifier { /// @notice check that the opening of the linearised polynomial at zeta is equal to /// - [ PI(ζ) - α²*L₁(ζ) + α(l(ζ)+β*s1(ζ)+γ)(r(ζ)+β*s2(ζ)+γ)(o(ζ)+γ)*z(ωζ) ] /// @param aproof pointer to the proof - function verify_opening_linearised_polynomial(aproof) { + function compute_opening_linearised_polynomial(aproof) { let state := mload(0x40) // (l(ζ)+β*s1(ζ)+γ) @@ -1335,7 +1340,6 @@ contract PlonkVerifier { /// @param s scalar /// @mPtr free memory function point_acc_mul_calldata(dst, src, s, mPtr) { - let state := mload(0x40) mstore(mPtr, calldataload(src)) mstore(add(mPtr, 0x20), calldataload(add(src, 0x20))) mstore(add(mPtr, 0x40), s) @@ -1367,7 +1371,7 @@ contract PlonkVerifier { mstore(add(mPtr, 0x80), e) mstore(add(mPtr, 0xa0), R_MOD) let check_staticcall := staticcall(gas(), MOD_EXP, mPtr, 0xc0, mPtr, 0x20) - if eq(check_staticcall, 0) {} + if eq(check_staticcall, 0) { error_mod_exp() } res := mload(mPtr) } } diff --git a/contracts/verifiers/SP1Verifier.sol b/contracts/verifiers/SP1Verifier.sol index 46e07b096..c89b00d48 100644 --- a/contracts/verifiers/SP1Verifier.sol +++ b/contracts/verifiers/SP1Verifier.sol @@ -4,7 +4,6 @@ pragma solidity ^0.8.20; import {ISP1Verifier, ISP1VerifierWithHash} from "../v2/interfaces/ISP1Verifier.sol"; import {PlonkVerifier} from "./PlonkVerifier.sol"; - // Current deployments: https://github.com/succinctlabs/sp1-contracts/tree/main/contracts/deployments // Local deployments should deploy this contract. Any existing chain should use already deployed contracts by SP1 @@ -22,12 +21,12 @@ contract SP1Verifier is PlonkVerifier, ISP1VerifierWithHash { error InvalidProof(); function VERSION() external pure returns (string memory) { - return "v2.0.0"; + return "v3.0.0"; } /// @inheritdoc ISP1VerifierWithHash function VERIFIER_HASH() public pure returns (bytes32) { - return 0x4aca240a3e5296e6a565f98dc728c6f48f8de4792a8fa365038c3b86952176f5; + return 0x54bdcae3adb83d4ce9ed91d99a31da3086e2b117abf3685164e9f28d78670b05; } /// @notice Hashes the public values to a field elements inside Bn254. diff --git a/docker/scripts/v2/deploy-docker.sh b/docker/scripts/v2/deploy-docker.sh index c9effbda9..9c74a686a 100755 --- a/docker/scripts/v2/deploy-docker.sh +++ b/docker/scripts/v2/deploy-docker.sh @@ -1,4 +1,6 @@ #!/bin/bash +# Set the -e option to stop the script if any command fails +set -e sudo rm -rf docker/gethData/geth_data sudo DEV_PERIOD=1 docker-compose -f docker/docker-compose.yml up -d geth sleep 5 @@ -6,9 +8,11 @@ node docker/scripts/fund-accounts.js cp docker/scripts/v2/deploy_parameters_docker.json deployment/v2/deploy_parameters.json cp docker/scripts/v2/create_rollup_parameters_docker.json deployment/v2/create_rollup_parameters.json npm run deploy:testnet:v2:localhost +rm -rf docker/deploymentOutput mkdir docker/deploymentOutput sudo mv deployment/v2/deploy_output.json docker/deploymentOutput sudo mv deployment/v2/genesis.json docker/deploymentOutput +[ -f deployment/v2/genesis_sovereign.json ] && sudo mv deployment/v2/genesis_sovereign.json docker/deploymentOutput sudo mv deployment/v2/create_rollup_output.json docker/deploymentOutput sudo DEV_PERIOD=1 docker-compose -f docker/docker-compose.yml down sudo docker build -t hermeznetwork/geth-zkevm-contracts -f docker/Dockerfile . diff --git a/docker/scripts/v2/deploy-dockerv2.sh b/docker/scripts/v2/deploy-dockerv2.sh index bd744334b..68ed1f94c 100755 --- a/docker/scripts/v2/deploy-dockerv2.sh +++ b/docker/scripts/v2/deploy-dockerv2.sh @@ -12,6 +12,7 @@ rm -rf docker/deploymentOutput mkdir docker/deploymentOutput sudo mv deployment/v2/deploy_output.json docker/deploymentOutput sudo mv deployment/v2/genesis.json docker/deploymentOutput +[ -f deployment/v2/genesis_sovereign.json ] && sudo mv deployment/v2/genesis_sovereign.json docker/deploymentOutput sudo mv deployment/v2/create_rollup_output.json docker/deploymentOutput sudo DEV_PERIOD=1 docker compose -f docker/docker-compose.yml down sudo docker build -t hermeznetwork/geth-zkevm-contracts -f docker/Dockerfile . diff --git a/test/contractsv2/real-prover-sp1/test-inputs/input.json b/test/contractsv2/real-prover-sp1/test-inputs/input.json index 83805f3ee..f462eb7c7 100644 --- a/test/contractsv2/real-prover-sp1/test-inputs/input.json +++ b/test/contractsv2/real-prover-sp1/test-inputs/input.json @@ -1,28 +1,15 @@ { - "bridge-exits": [ - { - "leaf_type": "Transfer", - "token_info": { - "origin_network": 0, - "origin_token_address": "0x0000000000000000000000000000000000000000" - }, - "dest_network": 1, - "dest_address": "0x31bc2a964c8cc585ef366e225ea3a5e2a352c287", - "amount": "0x2880dc0e310148", - "metadata": [] - } - ], "pp-inputs": { - "prev-local-exit-root": "0x27ae5ba08d7291c96c8cbddcc148bf48a6d68c7974b94356f53754ef6171d757", - "prev-pessimistic-root": "0x2152f3808cb81b33b5a47a7a256d61ab9ea916c66030c405ca9b2aaad3b00f0a", + "prev-local-exit-root": "0xf99fbc86af88be1a031b1d3aa12352bbc35c660f84f127100d98c722980dd5d7", + "prev-pessimistic-root": "0xdbce3d53e4f7551510236a0dd8a1ee781960c63aeeeab50bc1fd908ef9688611", "l1-info-root": "0x9f1d0c7713a6a5f1e79222623c0687242c3feed74ebecb6f9d0e87e7572cdeca", "origin-network": 1, - "consensus-hash": "0x1ef9f46a148e3ed26c4f25e1eda10fbbd137695aec0b6df56cbe45111c38fc8f", - "new-local-exit-root": "0x062ceaf957ff72ca68a79fd0b1df2a0a942eaaa790b64f8843f6826a0cb0893b", - "new-pessimistic-root": "0x8cbdfd2e979a425d37b3aec1b3f1d050faf45e5a77811cbfaa435fdc91c9b2ec" + "consensus-hash": "0x6211a56c70450e029ed047d17b2daa3103e48398704a39ab69c1dec653a615ea", + "new-local-exit-root": "0xb5033e429c24ab50f015fcd198fc86daee93a2112211589ac76dfdc97499d19c", + "new-pessimistic-root": "0x744299d54cd4ef721a6325a10ed2cb63fb3d1b758df913182e3c1d07728e2dfa" }, - "signer": "0x8049f41a5c1794fe230054ec16b08844bce6a8e6", - "vkey": "0x00c74571524172c084366264f2a1e00307c6203bb60bb330052bbcf99b431424", - "public-values": "0x27ae5ba08d7291c96c8cbddcc148bf48a6d68c7974b94356f53754ef6171d7572152f3808cb81b33b5a47a7a256d61ab9ea916c66030c405ca9b2aaad3b00f0a9f1d0c7713a6a5f1e79222623c0687242c3feed74ebecb6f9d0e87e7572cdeca000000011ef9f46a148e3ed26c4f25e1eda10fbbd137695aec0b6df56cbe45111c38fc8f062ceaf957ff72ca68a79fd0b1df2a0a942eaaa790b64f8843f6826a0cb0893b8cbdfd2e979a425d37b3aec1b3f1d050faf45e5a77811cbfaa435fdc91c9b2ec", - "proof": "0x4aca240a0b97952ecb1a0e71fba2ff570f093fa6d60ec76a8dfccc2220c9deb19191195b0f3ff28450a4e731eec136fce1b25e24aced5d57ba76e185bc732061e078b4fa254219fe4e2b287eb4751950410355e31ce3dd6a99b229e659d911cb5fc757ac2d070af68aa4189bcb0138d6f169b3d7c4db8d151db1a86c3844d8930c78b8f8206cf79464ccccee11f63143025b0a840d841da2f7fadc563cba29b3733e2baa1f17261067f6326a649eebff82db4230b4a70c7691db32b57e55b7b90cdcbea1226d960751ca8c7b48f36d87fbe49f0af796336f91c15d5bbc8361151335b2350ef0589e1dc608b3ca0668cf2f1e80221f3ae0dfa2ce11f14cb00af278d1d7902fe9231cef1cab176be0b7d124ffe8a2c01246228baf7409fe1f97cc094c91742f7490fda3d1519d316b5b5bb50caa316f491e57e687a195c69c0732955b0cab0b9003eebd2dea760001e3760ad9104c470d8457a6a93b639a9cc95c66ccaea025aa4387891a51eacd841a25fc8dcfac6e4a3da7019a0b6c9961d4ef8c0ed9a81ff00a46e1bd4d35a804935647ff071574f3557ab23b8fc8bfb87f7bed2f79c11a60ef7434e0dec67ab562ac89f8bd5d99dd364e75716aad718a1c2a4795be9c054345206305e7dcd5b3349866aea2c5b7f4e8c79b4bf586004b551d35779bba0978977394d1530499b3c8c24350adf4760e5aa75c5fb8c96691607159a920f123d65c9818d07280ea34e6430f7fd6c496ea8219cec0283eb689f9e2a8f031dd1609da946a76277c324ace53da703dfce9efbee8bb8abd096dc3860e7acf7d0b186ea19421b85c4095e3c9a4f459509448d649d8540d51874bd3fb9b77c0eab518af7b37f9584c76b7b5ed9124689b75e8562cd0f4d4aad34f6b0ad3333a72fb0ac16aa40470780f88760678405832037671b27b4bf19dc8da74eddd8598740508fa9da973e2db26bfaec49dc52e8e8b0cacd4a288c55523cee293b3ab6897750495b66a5966d2e5123c9b49d3df1184742967c98a84ca2d699dc89afded763b27b690ad8295bb89e9f2cfbc6a52345365e472c88cdd0cdae349c13d7322f54b27e83d266932df954c5b11f699aefad24912437b2970fb3681e267ba548068b518790a5d1b71ff55425e2ca2b26242728ef060ad5bb23f23501e765685c5ad2a13c6c12646762ea1b1d73cda340140b26738e72e06b4e436d321e80fc00d22a0" + "signer": "0xe71deb4f1b0b20608b2a0c25bb68037517be18a9", + "vkey": "0x00ec5e02a7467f3da428d7a40b6be4d3f13e594ef3c7189b868ba4c5c9cd6c5f", + "public-values": "0xf99fbc86af88be1a031b1d3aa12352bbc35c660f84f127100d98c722980dd5d7dbce3d53e4f7551510236a0dd8a1ee781960c63aeeeab50bc1fd908ef96886119f1d0c7713a6a5f1e79222623c0687242c3feed74ebecb6f9d0e87e7572cdeca000000016211a56c70450e029ed047d17b2daa3103e48398704a39ab69c1dec653a615eab5033e429c24ab50f015fcd198fc86daee93a2112211589ac76dfdc97499d19c744299d54cd4ef721a6325a10ed2cb63fb3d1b758df913182e3c1d07728e2dfa", + "proof": "0x54bdcae304745f1eb62a64ae570541c831291e70c34b74c2e140d958bb52b66ead5b244f21cc3e8f4902ff5a4efdca3219c68eaee7f030c93e413812ec4d10b38d14f32d13d314cb9797286618f622d59bc35e969f595cee60ccdef228fb0a7184f785de200a69a106646d23ebd25b850f8d8c55b8e8e77208be0db9ae98ba632355a4e828bb04ec1e9b61bc81361623c536de1f26ef9b79460f5c766d1ac11dd874be081c79495a4604430c1403f0b243cc237eff600083fe488c03ae374b2d080e82de0b9527e44da4ccb3220e73660515b7dd980ff480db0d0dfa37979f7c706d6d3b21aff4444276439ec249bffcc19b7fa8d6941b8e3e2d43e07446c6a17bea0e79143ce9606c66c85fe48f756670cc2ce4a508dadaf5e5ed4776ee239ee4d3a87a20795436be8cea84666ebc7e70215145f2052c9b7edffa9697c5b122e8517aad08ada2806d452e464c2526972c2355fa314a0558c34af2101a28a69e86b891390323660011e6c4751e23288bf97a701b6960439c3be2aa85dbbbdebbeb5deaea10d1efa2dcefd8b9637ece7694045d7b6af03749a9a66cd99ae8b722c480ce6e00873079448b7893ec95aef2a08609c2dc25a4324b0217a35ca421458060fa1902a1c895aef984cb3dfc7d961db9582a72661b9639774385443a8889e2c974c4292f94c536b608cf97f4beaf7cc824b02b045b975f0de5fd0f99065e4ec074ee10a1e8fa5ecc5f96794ce4129c01e806b3064ca882c312949a3501443eeca49f1e2f8288dded11f62deefa973ff5bfa5744705b48fa190a2481d58cb0520aa4d000091ccf62166949559269420d54caeef8f11bc18dbbb5ea87a3e9e92508a3b2e1012540d19506796a8d4c39ea6484c874b7527a9de0c58f7e721994ea2180207aec3a5ad522ba9d107e7e5cbcd89af997f892eb444574e9020d95d237d9ebc0a36ac152a436f58f3b028e605f36cff6eb8bef7cd6e89d80676f39bf3ad66f204201f07e9503be1f6f09421827cb14ce3bd1012e2cfab1f8562665bdb0a24c71f0eaeb434fc35646f8c8202d9bd26267db61c201cf5f9164cc5fb8f360457be16ee1937d4933dca157fe3d8cd7d0d654b6229fc0c20d0291f97d7d7ad451f95242a848af2149caa64a4f767254fff78e2f5b9511f0e896e7693b9f64d6a9f572a1205eb54dcbed1d08cec67c14f8e7925ce918d29122f9488d15dc4a047d33e" } \ No newline at end of file