- go.mod: go version upgrade 1.16 --> go1.17
- update to gnark-crpto v0.7.0
- adds gnark logger. closes #202
- added internal/stats package: measure number of constraints of circuit snippets for regression
- adds std/math/bits/ToNAF ToBinary ToTernary
- enables recursive hints solving #293 and
- move init() behind sync.Once. remove verbose option in stats binary
- fixes #266 by adding constant path in Lookup2 and Select
- incorrect handling of nbBits == 1 in api.ToBinary
- restored frontend.WithCapacity option...
- plonk: IsConstant -> ConstantValue
- sw: no need for Lookup2 in constScalarMul
- remove offset shifts in plonk compile
- remove post-compile offset id in R1CS builder
frontend.Compilenow takes a builder instead of backendID as parameterstd/signature/eddsaVerifyapi now takes explicit hash and curve objects- make nboutputs of a hint explicit at compile time
- std/pairing have more consistent apis
- remove StaticHint wrapper, log duplicate hints (#289)
- backend.WithOutput -> backend.WithCircuitLogger
- remove all internal circuits from stats, keep important snippets only
- frontend: split compiler, api and builder interface into interfaces
- remove IsBoolean from R1CS variables
- moved internal/compiled to frontend/compiled
- Merge pull request #295 from ConsenSys/fix/test-println
- Merge pull request #294 from ConsenSys/fix/recursivehhints
- Merge pull request #291 from ConsenSys/refactor/std/pairing
- Merge pull request #281 from ConsenSys/feat/logger
- Merge pull request #280 from ConsenSys/simplify-r1cs-compile
- Merge pull request #279 from ConsenSys/feat/statistics
- Merge pull request #276 from ConsenSys/feat-math-bits
- Merge pull request #278 from ConsenSys/perf-constant-lookup2
- Merge pull request #272 from ConsenSys/refactor-hint
- Merge pull request #275 from ConsenSys/refactor-compiler-builder
- Merge pull request #271 from ConsenSys/refactor-compiled
- Merge pull request #267 from ConsenSys/perf/tEd-add
- Merge pull request #265 from ConsenSys/perf/SW-constScalarMul
- update to gnark-crpto v0.6.1
- Constraint system solvers (Groth16 and PlonK) now run in parallel
api.DivUncheckedwith PlonK between 2 constants was incorrect
- EdDSA:
std/algebra/twistededwardstakes ~2K less constraints (Groth16). Bandersnatch benefits from same improvments.
- Merge pull request #259 from ConsenSys/perf-parallel-solver
- Merge pull request #261 from ConsenSys/feat/kzg_updated
- Merge pull request #257 from ConsenSys/perf/EdDSA
- Merge pull request #253 from ConsenSys/feat/fft_cosets
- MiMC changes: api doesn't take a "seed" parameter. MiMC impl matches Ethereum one.
- fixes #255 variable visibility inheritance regression
- counter was set with PLONK backend ID in R1CS
- R1CS Solver was incorrectly calling a "MulByCoeff" instead of "DivByCoeff" (no impact, coeff was always 1 or -1)
- SparseR1CS cbor unmarshal failed #247 for compiled.Term
- Merge pull request #256 from ConsenSys/fix-bug-compile-visibility
- Merge pull request #249 from ConsenSys/perf-ccs-hint
- Merge pull request #248 from ConsenSys/perf-ccs-solver
- Merge pull request #247 from ConsenSys/fix/plonk_cbor
- go version dependency bumped from 1.16 to 1.17
- added witness.MarshalJSON and witness.MarshalBinary
- added
ccs.GetSchema()- the schema of a circuit is required for witness json (de)serialization - added
ccs.GetConstraints()- returns a list of human-readable constraints - added
ccs.IsSolved()- moved from groth16 / plonk to the CompiledConstraintSystem interface - added
witness.Public()to return Public part of the witness - addition of
Cmpin the circuit API
- compiled.Visbility -> schema.Visibiility
- witness.WriteSequence -> schema.WriteSequence
- killed
ReadAndProveandReadAndVerify(plonk) - killed
ReadAndProveandReadAndVerify(groth16) - remove embbed struct tag for frontend.Variable fields
- backend: unify documentation for options
- frontend: unify docs for options
- test: unify documentation for options
- Merge pull request #244 from ConsenSys/plonk-human-readable
- Merge pull request #237 from ConsenSys/ccs-get-constraints
- Merge pull request #233 from ConsenSys/feat/api_cmp
- Merge pull request #235 from ConsenSys/witness-public-api
- Merge pull request #232 from ConsenSys/cleanup-231-group-options
- Merge pull request #230 from ConsenSys/ccs-schema
- Merge pull request #229 from ConsenSys/ccs-issolved-api
- Merge pull request #228 from ConsenSys/witness-json
- Merge pull request #226 from ConsenSys/feat-circuit-schema
- Merge pull request #227 from ConsenSys/build-update-go1.17
- Merge pull request #222 from ConsenSys/perf/std-sw-glv
Important: next release (v0.7.0) will be compatible with Go1.18+ only
circuit.Define(curveID, api)->circuit.Define(api); addedapi.Curve()to retrieve curve infoapi.Constant(...)was removed. Can now directy assign values with=operator in the circuit definition and the witness assignment.frontend.Variableis now an alias forinterface{}- assert helper is now under
gnark/test. Instead of taking aCompiledConstraintSystemit takes aCircuitas input, enabling easier tests accross curves and proving schemes through the use oftest/TestingOption(WithBackends(backend.GROTH16),WithCurves(ecc.BN254), ...) api.NewHinthandles multiple outputs and custom solverHintdefinition has changed
- added explicit warning when parser encounters unadressable struct field #169
FromInterfacesupports uintXX and intXX types closes #197- lighter stack trace by default for circuits, more verbose when
-tags=debugprovided - added
api.Tagandapi.AddCounterto measure number of constraints in portion of circuit api.DivUncheckeddoes not handle zero divisor.api.Divdoes.- added
frontend.IsConstantandConstantValueapis - add support for bw6-633 curve
- added
api.Lookup2method (2-bit lookup) - frontend: plonk frontend directly implements the
frontend.APIinterface instead of building on top of theR1CSbuilder - std: fields and pairing over BLS24-315 in BW6-633 circuit
- test: add
Runfor running circuit test configurations as subtests - test: add
Logmethod for logging in subtests - test: assert helper cross check constraint system solver results with
big.Inttest execution engine
- std: verifying a Pairing (bls12-377, Groth16) inside a circuit went from ~40k constraints to less than <12k constraints
- fixes #169 ensure frontend.Circuit methods are defined on pointer receiver
- fixes #178 by adding cbor.MaxMapPairs options when reading R1CS
- fixed
AssertIsBooleanin plonk (mul by constant failed) - fixes #168 adds context to a non-deterministic compilation error in the Assert object
- frontend: reduce constant by modulus
- frontend: plonk compiler now outputs a reasonable number of constraints #186
- updated to gnark-crypto v0.6.0
- Merge pull request #192 from ConsenSys/multi-hint
- Merge pull request #220 from ConsenSys/feat-from-interface
- Merge pull request #217 from ConsenSys/fix-internal-compiled
- Merge pull request #191 from ConsenSys/assert-subtests
- Merge pull request #200 from ConsenSys/refactor/frontend
- Merge pull request #205 from ConsenSys/fix/constant-mod-reduction
- Merge pull request #186 from ConsenSys/fix/plonk_constraints
- Merge pull request #185 from ConsenSys/feat/bw6-633
- Merge pull request #189 from ConsenSys/lookup2
- Merge pull request #183 from ivokub/hint-registry
- Merge pull request #182 from ConsenSys/std/pairing
- Merge pull request #176 from ConsenSys/feat-constraint-counter
- Merge pull request #180 from ConsenSys/refactor-variable-interface
- Merge pull request #173 from ConsenSys/feat-debug-tag
- circuit
Define(... cs *frontend.ConstraintSystem)now takes an interfaceDefine( ... api frontend.API) - assert helper is now under
backend/(instead ofbackend/groth16andbackend/plonk)
- updated to gnark-crypto v0.5.3
- added
api.DivUncheckedandapi.Div.DivUncheckedwill accept 0 / 0 == 0 as valid. api.Subtakes a variadic list of input (same asapi.Add)- plonk: kzg test srs is cached up to a certain size for faster tests
- removed hardcoded bit size in ToBinary, which now depends by default on
fr.Elementbit size - api.ToBinary: constraint unsatisfied now has debugInfo
- unset variables: error message comes with a stack trace
- added bandersnatch circuit component under
std/ frontend.Compilenow check that all secret and public inputs are constrained. Check can be ignore through compile option (frontend.IgnoreUnconstrainedInputs)- added UnsafeReadFrom for groth16 Proving and Verifying keys, which doesn't perform subgroup checks on the decoded points
- incorrect formula in api.Select when parameters are constant
- plonk: reduce duplicate constraint when splitting r1c in the frontend
- plonk: build permutation index out of bounds
- added a
test/package with a test execution engine cross checking constraint system withbig.Intarithmetic - bases for
Fuzzingwitness and cross checking constraint system output with test execution engine
api.AssertIsLessOrEqual: reduced redundant constraints in range check- std/groth16: ml with short addition chain (13245cs -> 12297, marginal gain)
- all circuits use frontend.API in place of *frontend.ConstraintSystem
- use ecc.Info() where possible to get modulus or field size
- Merge pull request #159 from ConsenSys/std/bandersnatch
- Merge pull request #164 from ConsenSys/perf-scs-compile
- Merge pull request #161 from ConsenSys/test-engine-with-hints
- Merge pull request #162 from ConsenSys/std/pairing
- Merge pull request #160 from ConsenSys/perf-unsafe-decoding
- Merge pull request #156 from ConsenSys/std/twistedEdwards
- Merge pull request #151 from ConsenSys/testable-circuits
- Merge pull request #153 from ConsenSys/fix/plonk_constraints_blowup
- Merge pull request #146 from ConsenSys/feat/ml-snark-pairing
- Merge pull request #148 from ConsenSys/perf-range-check
- updated to gnark-crypto@v0.5.1
- adds solver hints
cs.NewHint#139 - adds
cs.AssertIsDifferent#131 - consistent support of
cs.PrintlnanddebugInfo#142 - adds sanity check in
frontend.Compileto ensure constraint validity - adds
witness.WriteSequenceto export expected witness sequence - adds sanity checks in R1CS and SparseR1CS solvers
- adds ToHTML on SparseR1CS and R1CS
- add witness reconstruction methods. closes #135
- IsZero is now implemented with 3 constraints #134
- Groth16 maximize number of infinity points in G2 part of the ProvingKey #130
- can constraint linear expressions to be boolean fixes #136
- eddsa: addition of isOnCurve check
- eddsa: S not splitted (s<r) + 2,3 Double instead of [cofactor]G
groth16.Proveandplonk.Provetakesbackend.ProverOptionas parameter- factorized structs between
compiled.SparseR1CSandcompiled.R1CS - assertions -> constraints in
R1CSandSparseR1CS - removed
r1c.SolvingMethodin favor ofcs.NewHint cs.IsZerodoesn't need curveID anymore
- ensure
frontend.Compileis deterministic - added non regression for
cs.PrintlnanddebugInfotraces - added circuit statistic non regression tests
- added plonk path to
integration_test.go - added test from #136
- updated to latest gnark-crypto v0.5.0
- add bls24-315 to gnark
- PlonK implementation as-in-the-paper
- removed
gnarkdandexamples/benchmark - better errors for incorrect variable assignments #120
- call stack displayed when AssertIsEqual fails
- remove term.CoeffValue and use constant coeff ID for special values instead
- added NbG1 and NbG2 apis on groth16 Proving and Verifying keys closes #116
- addition of circuit component FiatShamir in std
- remove serialization test by default in assert helper
- addition of unit test for cyclo square in std/../e12.go
- LinearExpression implements Sort interface. replaced quickSort() by sort.Sort(...)
- SparseR1CS and PlonK objects implements io.ReaderFrom and io.WriterTo
- invalid gnark struct tag options return error at compile time fixes #111
- use of doubling formula instead of add(x,x) fixes #114
- create cbor decoder with MaxArrayElements set to max value
- fix #96
- r1cs compilation is deterministic, fixes #90
- plonk circuit compiled with no constraints #112
- frontend: compile takes optional expected constraint number to reserve memory and speed up compile time
- plonk: prover uses available CPUs, memory allocation clean up
- plonk: frontend have fast path for -1, 0, 1 and 2 coefficients. less mem allocs.
- replaced string concat in frontend with strings.Builder
- plonk: when doing fft on domainH with coset, don't scale zero values
- plonk: minor tweaks, removing un-needed bitreverse and mem allocs
- scs: sparse r1cs have fast path for special coeffs operations
- std: adds E2/E12 square and cyclo square in E12 (used FinalExp)
- mimc uses Write(data) then Sum() instead of Sum(data)
- Hash-->Sum in mimc gadget
- groth16: SizePublicWitness to NbPublicWitness
- renamed GetCurveID() to CurveID() on groth16 objects
- test for Fiat Shamir gadget
- added reference frontend.Compile benchmarks
- added
gnarkUser Documentation - updated Go package documentation
- gnarkd: exposing gnark APIs through RPCs (#54)
- PlonK: adding functionality to convert a constraint system to PlonK constraints (#56)
- PlonK: added experimental support for PlonK backend
- inverse and div in frontend had some variable ID offset issues (#62)
- cs.Println doesn't trigger panic anymore
- Split S in EdDSA signature to prevent overflow #88
- fft: fixed the ordering of cosets factor according to DIF/DIT
- VerifyingKey data structure change to ensure compatibility with other impl and Solidity in Ethereum. Serialization format change.
- added witness serialization tests
- gurvy -> gnark-crypto
- moved fft in gnark-crypto
- bn256 -> bn254, bls377 -> bls12-377, etc. following gnark-crypto v0.4.0
- removed the Curve field in the R part of eddsa signature
- added frontend and backend fuzz.go, go-fuzz compatible format
- added cs.Println must not panic base test
- moved solidity integration tests in github.com/consensys/gnark-tests
- added integration fuzz test in backend/groth16/fuzz_test.go