chore: add serialization for groth16 (#138)

* chore: add serialization for groth16

* chore: polish code

* chore: add serialization for groth16

* chore: add serialization for groth16

---------

Co-authored-by: eigmax <[email protected]>

Author: ibmp33

groth16/src/json_utils.rs

@@ -0,0 +1,311 @@
+use crate::bellman_ce::pairing::{bls12_381::Bls12, bn256::Bn256};
+use algebraic::{errors::Result, utils::repr_to_big, PrimeField};
+use franklin_crypto::bellman::{
+    bls12_381::{
+        Fq2 as Fq2_bls12381, G1Affine as G1Affine_bls12381, G2Affine as G2Affine_bls12381,
+    },
+    bn256::{Fq2, G1Affine, G2Affine},
+    groth16::{Proof, VerifyingKey},
+    CurveAffine,
+};
+use num_bigint::BigUint;
+use num_traits::Num;
+use serde::{Deserialize, Serialize};
+use serde_json::to_string;
+#[derive(Debug, Serialize, Deserialize)]
+pub struct G1 {
+    pub x: String,
+    pub y: String,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct G2 {
+    pub x: [String; 2],
+    pub y: [String; 2],
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct VerifyingKeyFile {
+    #[serde(rename = "protocol")]
+    pub protocol: String,
+    #[serde(rename = "curve")]
+    pub curve: String,
+    #[serde(rename = "vk_alpha_1")]
+    pub alpha_g1: G1,
+    #[serde(rename = "vk_beta_1")]
+    pub beta_g1: G1,
+    #[serde(rename = "vk_beta_2")]
+    pub beta_g2: G2,
+    #[serde(rename = "vk_gamma_2")]
+    pub gamma_g2: G2,
+    #[serde(rename = "vk_delta_1")]
+    pub delta_g1: G1,
+    #[serde(rename = "vk_delta_2")]
+    pub delta_g2: G2,
+    #[serde(rename = "IC")]
+    pub ic: Vec<G1>,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ProofFile {
+    #[serde(rename = "pi_a")]
+    pub a: G1,
+    #[serde(rename = "pi_b")]
+    pub b: G2,
+    #[serde(rename = "pi_c")]
+    pub c: G1,
+    #[serde(rename = "protocol")]
+    pub protocol: String,
+    #[serde(rename = "curve")]
+    pub curve: String,
+}
+
+pub trait Parser: franklin_crypto::bellman::pairing::Engine {
+    fn parse_g1(e: &Self::G1Affine, to_hex: bool) -> (String, String);
+    fn parse_g2(e: &Self::G2Affine, to_hex: bool) -> (String, String, String, String);
+    fn parse_g1_json(e: &Self::G1Affine, to_hex: bool) -> G1 {
+        let parsed = Self::parse_g1(e, to_hex);
+        G1 {
+            x: parsed.0,
+            y: parsed.1,
+        }
+    }
+    fn parse_g2_json(e: &Self::G2Affine, to_hex: bool) -> G2 {
+        let parsed = Self::parse_g2(e, to_hex);
+        G2 {
+            x: (parsed.0, parsed.1).into(),
+            y: (parsed.2, parsed.3).into(),
+        }
+    }
+    fn to_g1(x: &str, y: &str) -> Self::G1Affine;
+    fn to_g2(x0: &str, x1: &str, y0: &str, y1: &str) -> Self::G2Affine;
+}
+
+pub fn render_scalar_to_str<F: PrimeField>(el: &F, to_hex: bool) -> String {
+    let repr = el.into_repr();
+    if to_hex {
+        repr.to_string()
+    } else {
+        repr_to_big(repr)
+    }
+}
+
+pub fn render_str_to_scalar<F: PrimeField>(value: &str) -> F {
+    let value = match value.starts_with("0x") {
+        true => BigUint::from_str_radix(&value[2..], 16)
+            .unwrap()
+            .to_str_radix(10),
+        _ => value.to_string(),
+    };
+    F::from_str(&value).unwrap()
+}
+
+pub fn to_public_input<T: PrimeField>(s: &str) -> Vec<T> {
+    let input: Vec<String> = serde_json::from_str(s).unwrap();
+    input
+        .iter()
+        .map(|hex_str| render_str_to_scalar::<T>(hex_str))
+        .collect()
+}
+
+impl Parser for Bn256 {
+    fn parse_g1(e: &Self::G1Affine, to_hex: bool) -> (String, String) {
+        let (x, y) = e.into_xy_unchecked();
+        (
+            render_scalar_to_str(&x, to_hex),
+            render_scalar_to_str(&y, to_hex),
+        )
+    }
+
+    fn parse_g2(e: &Self::G2Affine, to_hex: bool) -> (String, String, String, String) {
+        let (x, y) = e.into_xy_unchecked();
+        (
+            render_scalar_to_str(&x.c0, to_hex),
+            render_scalar_to_str(&x.c1, to_hex),
+            render_scalar_to_str(&y.c0, to_hex),
+            render_scalar_to_str(&y.c1, to_hex),
+        )
+    }
+
+    fn to_g1(x: &str, y: &str) -> Self::G1Affine {
+        G1Affine::from_xy_unchecked(render_str_to_scalar(x), render_str_to_scalar(y))
+    }
+
+    fn to_g2(x0: &str, x1: &str, y0: &str, y1: &str) -> Self::G2Affine {
+        let x = Fq2 {
+            c0: render_str_to_scalar(x0),
+            c1: render_str_to_scalar(x1),
+        };
+        let y = Fq2 {
+            c0: render_str_to_scalar(y0),
+            c1: render_str_to_scalar(y1),
+        };
+        G2Affine::from_xy_unchecked(x, y)
+    }
+}
+
+impl Parser for Bls12 {
+    fn parse_g1(e: &Self::G1Affine, to_hex: bool) -> (String, String) {
+        let (x, y) = e.into_xy_unchecked();
+        (
+            render_scalar_to_str(&x, to_hex),
+            render_scalar_to_str(&y, to_hex),
+        )
+    }
+
+    fn parse_g2(e: &Self::G2Affine, to_hex: bool) -> (String, String, String, String) {
+        let (x, y) = e.into_xy_unchecked();
+        (
+            render_scalar_to_str(&x.c0, to_hex),
+            render_scalar_to_str(&x.c1, to_hex),
+            render_scalar_to_str(&y.c0, to_hex),
+            render_scalar_to_str(&y.c1, to_hex),
+        )
+    }
+
+    fn to_g1(x: &str, y: &str) -> Self::G1Affine {
+        G1Affine_bls12381::from_xy_unchecked(render_str_to_scalar(x), render_str_to_scalar(y))
+    }
+
+    fn to_g2(x0: &str, x1: &str, y0: &str, y1: &str) -> Self::G2Affine {
+        let x = Fq2_bls12381 {
+            c0: render_str_to_scalar(x0),
+            c1: render_str_to_scalar(x1),
+        };
+        let y = Fq2_bls12381 {
+            c0: render_str_to_scalar(y0),
+            c1: render_str_to_scalar(y1),
+        };
+        G2Affine_bls12381::from_xy_unchecked(x, y)
+    }
+}
+
+pub fn serialize_vk<P: Parser>(
+    vk: &VerifyingKey<P>,
+    curve_type: &str,
+    to_hex: bool,
+) -> Result<String> {
+    let verifying_key_file = VerifyingKeyFile {
+        protocol: "groth16".to_string(),
+        curve: curve_type.to_string(),
+        alpha_g1: P::parse_g1_json(&vk.alpha_g1, to_hex),
+        beta_g1: P::parse_g1_json(&vk.beta_g1, to_hex),
+        beta_g2: P::parse_g2_json(&vk.beta_g2, to_hex),
+        gamma_g2: P::parse_g2_json(&vk.gamma_g2, to_hex),
+        delta_g1: P::parse_g1_json(&vk.delta_g1, to_hex),
+        delta_g2: P::parse_g2_json(&vk.delta_g2, to_hex),
+        ic: vk
+            .ic
+            .iter()
+            .map(|e| P::parse_g1_json(e, to_hex))
+            .collect::<Vec<_>>(),
+    };
+
+    Ok(to_string(&verifying_key_file)?)
+}
+
+pub fn serialize_proof<P: Parser>(p: &Proof<P>, curve_type: &str, to_hex: bool) -> Result<String> {
+    let proof_file = ProofFile {
+        a: P::parse_g1_json(&p.a, to_hex),
+        b: P::parse_g2_json(&p.b, to_hex),
+        c: P::parse_g1_json(&p.c, to_hex),
+        protocol: "groth16".to_string(),
+        curve: curve_type.to_string(),
+    };
+
+    Ok(to_string(&proof_file)?)
+}
+
+pub fn to_verification_key<P: Parser>(s: &str) -> VerifyingKey<P> {
+    let vk_file: VerifyingKeyFile =
+        serde_json::from_str(s).expect("Error during deserialization of the JSON data");
+
+    let convert_g1 = |point: &G1| P::to_g1(&point.x, &point.y);
+    let convert_g2 = |point: &G2| P::to_g2(&point.x[0], &point.x[1], &point.y[0], &point.y[1]);
+
+    VerifyingKey {
+        alpha_g1: convert_g1(&vk_file.alpha_g1),
+        beta_g1: convert_g1(&vk_file.beta_g1),
+        beta_g2: convert_g2(&vk_file.beta_g2),
+        gamma_g2: convert_g2(&vk_file.gamma_g2),
+        delta_g1: convert_g1(&vk_file.delta_g1),
+        delta_g2: convert_g2(&vk_file.delta_g2),
+        ic: vk_file.ic.iter().map(convert_g1).collect(),
+    }
+}
+
+pub fn to_proof<P: Parser>(s: &str) -> Proof<P> {
+    let proof: ProofFile =
+        serde_json::from_str(s).expect("Error during deserialization of the JSON data");
+
+    let convert_g1 = |point: &G1| P::to_g1(&point.x, &point.y);
+    let convert_g2 = |point: &G2| P::to_g2(&point.x[0], &point.x[1], &point.y[0], &point.y[1]);
+
+    Proof {
+        a: convert_g1(&proof.a),
+        b: convert_g2(&proof.b),
+        c: convert_g1(&proof.c),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::bellman_ce::groth16::{Proof, VerifyingKey};
+    use crate::bellman_ce::pairing::{bls12_381::Bls12, bn256::Bn256};
+
+    #[test]
+    fn test_serialize_vk() {
+        let mut reader = std::io::BufReader::with_capacity(
+            1 << 24,
+            std::fs::File::open("./test-vectors/verification_key.bin").unwrap(),
+        );
+        let vk_from_bin = VerifyingKey::<Bn256>::read(&mut reader).unwrap();
+        let result = serialize_vk(&vk_from_bin, "bn128", false).unwrap();
+        std::fs::write("./test-vectors/verification_key.json", result)
+            .expect("Unable to write data to file");
+
+        let json_data = std::fs::read_to_string("./test-vectors/verification_key.json")
+            .expect("Unable to read the JSON file");
+        let verifying_key_from_json = to_verification_key::<Bn256>(&json_data);
+        assert_eq!(
+            vk_from_bin.alpha_g1, verifying_key_from_json.alpha_g1,
+            "VerificationKey are not equal"
+        );
+    }
+
+    #[test]
+    fn test_serialize_vk_bls12381() {
+        let mut reader = std::io::BufReader::with_capacity(
+            1 << 24,
+            std::fs::File::open("./test-vectors/verification_key_bls12381.bin").unwrap(),
+        );
+        let vk_from_bin = VerifyingKey::<Bls12>::read(&mut reader).unwrap();
+        let result = serialize_vk(&vk_from_bin, "bls12381", false).unwrap();
+        std::fs::write("./test-vectors/verification_key_bls12381.json", result)
+            .expect("Unable to write data to file");
+        let json_data = std::fs::read_to_string("./test-vectors/verification_key_bls12381.json")
+            .expect("Unable to read the JSON file");
+        let verifying_key_from_json = to_verification_key::<Bls12>(&json_data);
+        assert_eq!(
+            vk_from_bin.alpha_g1, verifying_key_from_json.alpha_g1,
+            "VerificationKey are not equal"
+        );
+    }
+
+    #[test]
+    fn test_serialize_proof() {
+        let mut reader = std::io::BufReader::with_capacity(
+            1 << 24,
+            std::fs::File::open("./test-vectors/proof.bin").unwrap(),
+        );
+        let proof_from_bin = Proof::<Bn256>::read(&mut reader).unwrap();
+        let result = serialize_proof(&proof_from_bin, "bn128", false).unwrap();
+        std::fs::write("./test-vectors/proof.json", result).expect("Unable to write data to file");
+
+        let json_data = std::fs::read_to_string("./test-vectors/proof.json")
+            .expect("Unable to read the JSON file");
+        let proof_from_json = to_proof::<Bn256>(&json_data);
+        assert_eq!(proof_from_bin.a, proof_from_json.a, "Proofs are not equal");
+    }
+}

groth16/src/lib.rs

@@ -1,4 +1,5 @@
 pub mod groth16;
+pub mod json_utils;
 
 pub use bellman_ce::pairing::ff;
 pub use ff::*;

groth16/test-vectors/proof.bin

@@ -0,0 +1 @@
+{"pi_a":{"x":"10905341685980874274150221450276555823153279022700815280793205712816544225051","y":"10202155762379182936716953236062961626111732205204299178900872478241297946341"},"pi_b":{"x":["1338445498107572340294993867641202566445851700348442510708274879828386296282","715960249206585599344782789507515384598794467188122779860104990233191718584"],"y":["16749821406279319102006597546165006262150274190725700131363414987974746028898","4186519700035121793525434458515698877463328002407700453041197661949232606762"]},"pi_c":{"x":"21017091347701602277900775955620322776855583460036942304761972046181453833874","y":"13183116007711244014066089262312410303264724202350283300596105680198265390734"},"protocol":"groth16","curve":"bn128"}

groth16/test-vectors/proof.json

@@ -0,0 +1 @@
+{"protocol":"groth16","curve":"bn128","vk_alpha_1":{"x":"5378666516679669030426253968554722017719204687506819500965191266972562704525","y":"11884127121600853383848213410541219000373777032449499459372628160563826160039"},"vk_beta_1":{"x":"11684926244523749803851436242880351598197401371414225641974167140429606592706","y":"16929741286104563251662568285622534504771343461093856493500590131159047726674"},"vk_beta_2":{"x":["3487033620976845212768103502495007972626150366523406838795608631173434737356","5722453597903794095057921124370073800968815052755180529625796448994959984379"],"y":["10903882886964858379024201093448298739802694041860707200919674705989363314697","13121135188883029175353353776774109279263558732251317411918854951587326451735"]},"vk_gamma_2":{"x":["10213376432339522327829270688979960667935166343925601749766190111213394028579","17878044364476259799411369024855905578579397570653322697041079920852293597018"],"y":["20127734937439354211605145692590108235858989985838133242865379337617277275201","16860366311030991434038951462895802172998962572015514313248458815738807835634"]},"vk_delta_1":{"x":"11812580675586360757509872483306998764270512859221872980162793084480574560007","y":"21631419003837427833755878016845991558820802094484003868757988133232300441323"},"vk_delta_2":{"x":["6392557126586047144123406811983722596643451132034573614997156650191062598459","13326523838708768392335568403673707724254513697314159846597127929687821406612"],"y":["17825290610532104898185648118085521929233132742972425269063635507516756760769","6800237991919287561797152453815129982788413863096002348269331496269366578862"]},"IC":[{"x":"929659533577207043539024015274672310073216612286646842606094101149765235360","y":"335827419452857986330203550224315599249726626406860618832604249213328631746"},{"x":"2686363498352366646252820900835025101354155989284038507478384410495100388581","y":"17555345507164622027374051645603070383629353375584143931251068248182858903287"}]}

groth16/test-vectors/verification_key.bin

@@ -0,0 +1 @@
+{"protocol":"groth16","curve":"bls12381","vk_alpha_1":{"x":"3993993345820571719409140484493424675806554242871959810886408554601873918255137944101466903763679670262494407588537","y":"434040191028241100687156977701140181479584201136732810220853872204863441112594390241186214510334608184265116445585"},"vk_beta_1":{"x":"2658522315457059457702685926363609046135741594849552828870486944934279944961141450275825340584526857894276358305115","y":"2582005838098837795547524323127572178802259771861368949407021843932842062429470660339994124417267958467089029228208"},"vk_beta_2":{"x":["1939783643649439894411954639292380480325083064066514758489839949576264033790832222199855423207096319681311897764661","1706194026621083356193355989930697019816904718521063732670105129169394895826011607869652463796292903452110365836723"],"y":["2882059267594982145074446435968797036465922412810323976718195308381780496019512186549577150692215060085753645010613","136198744093121836373741155654870641457272202521015181684471622593886579271321371534413401906554696076306020983958"]},"vk_gamma_2":{"x":["883915147635496103065751910712693603416723586016635604322525380426346448467883988595045708410728643160808643307430","1403820781454575035887906376249698826847651524198721302059624628291164223855649425766388826978966815093121313704809"],"y":["3002767327899819554500200115686041250208298181561565918092043416357118574931590689217528083797982832546853161584202","2001179570787517787359145767693379279385541335622939643917241121822169717089689603171961190522553496833471813324630"]},"vk_delta_1":{"x":"1659961497396109626535052665703152028851925462843715619157065076818222268573743565376319420514796164275962013421560","y":"852108729501396447916216038007962962005725557350906076014199487385922217793757155770200106463874358957413139350609"},"vk_delta_2":{"x":["534020031473045642447278438034060292849838077327028015479069546006573823597593395712527205544556207541519503017828","2064747110497790950196077674120447901647089566913002796494296878869005423506584862817520132699626632921133930942162"],"y":["2967133054993642220270835199995585185539112985976514656438629952937248710482231341340574558822407593019383656325111","654893707336486517882533615152317327607862814027749808270768166648386292824429047505275119004528430330592501340375"]},"IC":[{"x":"3215149929540148867769058662590920228610393374201602848716041633020131250087002322681572748299373984475422616855135","y":"3287151148859427866027955777219844883556867208103719288841952355852695402988828398896226297623292986657704831321769"},{"x":"3101785521102172703202926785964685464915214511035452729284362122343456680282492999444404249489107531306726342138515","y":"3640628316062820719549136473192443101956906663205310473213544832255230166150243209243419141396800629848515623269532"}]}

groth16/test-vectors/verification_key.json

@@ -194,7 +194,6 @@ impl StarkInfo {
             self.map_sections.cm3_2ns.push(ppz_2ns);
             pil.cm_dims[self.n_cm1 + self.n_cm2 + i] = dim;
             self.exp2pol.insert(self.im_exps_list[i], ppz_n);
-            log::debug!("5 exp2pol {:?}", self.exp2pol)
         }
 
         self.q_dim = Self::get_exp_dim(pil, &pil.expressions[self.c_exp]);

groth16/test-vectors/verification_key_bls12381.bin

@@ -53,15 +53,15 @@ if [ $snark_type = "groth16" ]; then
     fi
 
     if [ $first_run = "true" ]; then
-        $ZKIT groth16_setup -c $CURVE --r1cs $WORK_DIR/$CIRCUIT_NAME.r1cs -p $WORK_DIR/g16.zkey -v $WORK_DIR/verification_key.bin
+        $ZKIT groth16_setup -c $CURVE --r1cs $WORK_DIR/$CIRCUIT_NAME.r1cs -p $WORK_DIR/g16.zkey -v $WORK_DIR/verification_key.json
     fi
 
     echo "2. groth16 fullprove"
-    $ZKIT groth16_prove -c $CURVE --r1cs $WORK_DIR/$CIRCUIT_NAME.r1cs -w $WORK_DIR/$CIRCUIT_NAME"_js"/$CIRCUIT_NAME.wasm -p $WORK_DIR/g16.zkey -i $SNARK_INPUT --input $WORK_DIR/public_input.bin --proof $WORK_DIR/proof.bin
+    $ZKIT groth16_prove -c $CURVE --r1cs $WORK_DIR/$CIRCUIT_NAME.r1cs -w $WORK_DIR/$CIRCUIT_NAME"_js"/$CIRCUIT_NAME.wasm -p $WORK_DIR/g16.zkey -i $SNARK_INPUT --public-input $WORK_DIR/public_input.json --proof $WORK_DIR/proof.json
 
     if [ $first_run = "true" ]; then
         echo "4. verify groth16 proof"
-        $ZKIT  groth16_verify -c $CURVE -v $WORK_DIR/verification_key.bin --input $WORK_DIR/public_input.bin --proof $WORK_DIR/proof.bin
+        $ZKIT  groth16_verify -c $CURVE -v $WORK_DIR/verification_key.json --public-input $WORK_DIR/public_input.json --proof $WORK_DIR/proof.json
 
         # TODO: add g16 solidity verifier
         #if [ $CURVE = "bn128" ]; then