diff --git a/docs/co-circom-cli/generate-witness.md b/docs/co-circom-cli/generate-witness.md deleted file mode 100644 index 6c97733..0000000 --- a/docs/co-circom-cli/generate-witness.md +++ /dev/null @@ -1,29 +0,0 @@ -# generate-witness - -The aim of the `generate-witness` command is to generate a secret-shared witness file in MPC using secret shares of the input. - -## Example - -```bash -co-circom generate-witness --input test_vectors/poseidon/input.json.0.shared --circuit test_vectors/poseidon/circuit.circom --protocol REP3 --curve BN254 --config configs/party1.toml --out test_vectors/poseidon/witness.wtns.0.shared --config test_vectors/poseidon/config.toml -``` - -The above command takes a shared input file `input.json.0.shared` for the circuit `circuit.circom` with the [network config](./config.md) and outputs the witness share to `test_vectors/poseidon/witness.wtns.0.shared`. - -## Reference - -```txt -$ co-circom generate-witness --help -Evaluates the extended witness generation for the specified circuit and input share in MPC - -Usage: co-circom generate-witness [OPTIONS] - -Options: - --config The path to the config file - --input The path to the input share file - --circuit The path to the circuit file - --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] - --curve The pairing friendly curve to be used [possible values: BN254, BLS12-381] - --out The output file where the final witness share is written to - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-circom-cli/co-circom.md b/docs/co-circom/cli/cli.md similarity index 55% rename from docs/co-circom-cli/co-circom.md rename to docs/co-circom/cli/cli.md index 0faacf4..ec6159a 100644 --- a/docs/co-circom-cli/co-circom.md +++ b/docs/co-circom/cli/cli.md @@ -1,6 +1,10 @@ -# co-circom CLI +# coCircom Command-Line Interface -```txt +This section expands on using the coCircom CLI to perform witness extension and proof generation in MPC including preparation steps thereof. As mentioned earlier, coCircom is best used alongside circom and snarkjs for generating intermediate artifacts. + +The [interactive workshop at ZK12](https://www.youtube.com/watch?v=w2HJxrDE01k) demonstrates the usage and workflow of the coCircom CLI (some background in the beginning, using the coCircom CLI starts around [28:58](https://youtu.be/w2HJxrDE01k?si=QcHRR-V8tXX6FPmw&t=1738)), as well as the coNoir CLI later on in the video. + +```text Usage: co-circom Commands: @@ -17,3 +21,5 @@ Options: -h, --help Print help -V, --version Print version ``` + +The subsections go into detail for each of `co-circom`'s commands. \ No newline at end of file diff --git a/docs/co-circom-cli/generate-proof.md b/docs/co-circom/cli/generate-proof.md similarity index 87% rename from docs/co-circom-cli/generate-proof.md rename to docs/co-circom/cli/generate-proof.md index e1f2cad..b9f74ec 100644 --- a/docs/co-circom-cli/generate-proof.md +++ b/docs/co-circom/cli/generate-proof.md @@ -8,12 +8,11 @@ The aim of the `generate-proof` command is to run proof generation in MPC using co-circom generate-proof --witness test_vectors/poseidon/witness.wtns.0.shared --zkey test_vectors/poseidon/poseidon.zkey --protocol REP3 --config configs/party1.toml --out proof.json --public-input public_input.json ``` -The above command takes a witness share `test_vectors/poseidon/witness.wtns.0.shared`, a traditional circom `.zkey` file and a [networking config](./config.md) and produces a circom-compatible proof `proof.json`, with a circom-compatible public input file `public_input.json`. +The above command takes a witness share `test_vectors/poseidon/witness.wtns.0.shared`, a traditional circom `.zkey` file and a [networking config](../../network-config.md) and produces a circom-compatible proof `proof.json`, with a circom-compatible public input file `public_input.json`. ## Reference ```txt -$ co-circom generate-proof --help Evaluates the prover algorithm for the specified circuit and witness share in MPC Usage: co-circom generate-proof [OPTIONS] @@ -25,6 +24,7 @@ Options: --config The path to the config file --witness The path to the witness share file --zkey The path to the proving key (.zkey) file, generated by snarkjs setup phase + --check-zkey Perform checks on the zkey elements (can take a long time) --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] --curve The pairing friendly curve to be used [possible values: BN254, BLS12-381] --out The output file where the final proof is written to. If not passed, this party will not write the proof to a file diff --git a/docs/co-circom/cli/generate-witness.md b/docs/co-circom/cli/generate-witness.md new file mode 100644 index 0000000..662bc2c --- /dev/null +++ b/docs/co-circom/cli/generate-witness.md @@ -0,0 +1,29 @@ +# generate-witness + +The aim of the `generate-witness` command is to generate a secret-shared witness file in MPC using secret shares of the input. + +## Example + +```bash +co-circom generate-witness --input test_vectors/poseidon/input.json.0.shared --circuit test_vectors/poseidon/circuit.circom --protocol REP3 --curve BN254 --config configs/party1.toml --out test_vectors/poseidon/witness.wtns.0.shared --config test_vectors/poseidon/config.toml +``` + +The above command takes a shared input file `input.json.0.shared` for the circuit `circuit.circom` with the [network config](../../network-config.md) and outputs the witness share to `test_vectors/poseidon/witness.wtns.0.shared`. + +## Reference + +```txt +Evaluates the extended witness generation for the specified circuit and input share in MPC + +Usage: co-circom generate-witness [OPTIONS] + +Options: + --config The path to the config file + --input The path to the input share file + --circuit The path to the circuit file + --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] + --curve The pairing friendly curve to be used [possible values: BN254, BLS12-381] + --out The output file where the final witness share is written to + -O The simplification level passed to the circom compiler (0-2) [default: 1] + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-circom-cli/merge-input-shares.md b/docs/co-circom/cli/merge-input-shares.md similarity index 97% rename from docs/co-circom-cli/merge-input-shares.md rename to docs/co-circom/cli/merge-input-shares.md index 2c55c1d..4e157db 100644 --- a/docs/co-circom-cli/merge-input-shares.md +++ b/docs/co-circom/cli/merge-input-shares.md @@ -15,7 +15,6 @@ The above command takes the two input shares `input0.json.0.shared` and `input1. ## Reference ```txt -co-circom merge-input-shares --help Merge multiple shared inputs received from multiple parties into a single one Usage: co-circom merge-input-shares [OPTIONS] diff --git a/docs/co-circom-cli/split-input.md b/docs/co-circom/cli/split-input.md similarity index 61% rename from docs/co-circom-cli/split-input.md rename to docs/co-circom/cli/split-input.md index 31f404b..2843b77 100644 --- a/docs/co-circom-cli/split-input.md +++ b/docs/co-circom/cli/split-input.md @@ -15,17 +15,16 @@ These shares can be handed to the 3 different MPC parties for the witness genera ## Reference ```txt -$ co-circom split-input --help Splits a JSON input file into secret shares for use in MPC Usage: co-circom split-input [OPTIONS] Options: - --config The path to the config file - --input The path to the input JSON file - --circuit The path to the circuit file - --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] - --curve The pairing friendly curve to be used [possible values: BN254, BLS12-381] - --out-dir The path to the (existing) output directory - -h, --help Print help (see more with '--help') + --config The path to the config file + --input The path to the input JSON file + --circuit The path to the circuit file + --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] + --curve The pairing friendly curve to be used [possible values: BN254, BLS12-381] + --out-dir The path to the (existing) output directory + -h, --help Print help (see more with '--help') ``` diff --git a/docs/co-circom-cli/split-witness.md b/docs/co-circom/cli/split-witness.md similarity index 95% rename from docs/co-circom-cli/split-witness.md rename to docs/co-circom/cli/split-witness.md index 55302b1..4fe2b14 100644 --- a/docs/co-circom-cli/split-witness.md +++ b/docs/co-circom/cli/split-witness.md @@ -15,15 +15,14 @@ These shares can be handed to the 3 different MPC parties for the proof generati ## Reference ```txt -$ co-circom split-witness --help Splits an existing witness file generated by circom into secret shares for use in MPC Usage: co-circom split-witness [OPTIONS] Options: --config The path to the config file - --witness The path to the input witness file generated by circom - --r1cs The path to the r1cs file, generated by circom compiler + --witness The path to the input witness file generated by Circom + --r1cs The path to the r1cs file, generated by Circom compiler --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] --curve The pairing friendly curve to be used [possible values: BN254, BLS12-381] --out-dir The path to the (existing) output directory diff --git a/docs/co-circom-cli/translate-witness.md b/docs/co-circom/cli/translate-witness.md similarity index 93% rename from docs/co-circom-cli/translate-witness.md rename to docs/co-circom/cli/translate-witness.md index 369e854..756e745 100644 --- a/docs/co-circom-cli/translate-witness.md +++ b/docs/co-circom/cli/translate-witness.md @@ -8,12 +8,11 @@ The aim of the `translate-witness` command is to take a witness file `witness.wt co-circom translate-witness --witness test_vectors/poseidon/witness.wtns --src-protocol REP3 --target-protocol SHAMIR --curve BN254 --config configs/party1.toml --out test_vectors/poseidon/shamir_witness.wtns ``` -The above command takes the witness file `test_vectors/poseidon/witness.wtns` which was generated with the source MPC protocol `REP3` and translates it to the witness file `test_vectors/poseidon/shamir_witness.wtns` which is suitable for the target MPC protocol `SHAMIR`. The translation process requires network interaction, thus a [networking config](./config.md) is required as well. +The above command takes the witness file `test_vectors/poseidon/witness.wtns` which was generated with the source MPC protocol `REP3` and translates it to the witness file `test_vectors/poseidon/shamir_witness.wtns` which is suitable for the target MPC protocol `SHAMIR`. The translation process requires network interaction, thus a [networking config](../../network-config.md) is required as well. ## Reference ```txt -$ co-circom translate-witness --help Translates the witness generated with one MPC protocol to a witness for a different one Usage: co-circom translate-witness [OPTIONS] diff --git a/docs/co-circom-cli/verify.md b/docs/co-circom/cli/verify.md similarity index 100% rename from docs/co-circom-cli/verify.md rename to docs/co-circom/cli/verify.md diff --git a/docs/co-circom/co-circom.md b/docs/co-circom/co-circom.md new file mode 100644 index 0000000..f0ea14b --- /dev/null +++ b/docs/co-circom/co-circom.md @@ -0,0 +1,7 @@ +# coCircom + +coCircom enables us perform [circom](../resources/circom)'s witness extension and proof generation with MPC. circom and coCircom and their artifacts may be used interchangeably, e.g. a proof generated by coCircom verifies using circom and vice-versa. coCircom also relies on artifacts generated by circom, e.g. the R1CS file, the zkey, and the vkey. + +To get started with the coCircom workflow, we require some circuit alongside an input. Based on these files we can create a proof according the workflow depicted below. For more details the Circom setup have a look at the circom docs [extending the witness](https://docs.circom.io/getting-started/computing-the-witness/) and [generating a proof](https://docs.circom.io/getting-started/proving-circuits/). + +overview drawing \ No newline at end of file diff --git a/docs/co-circom/figures/co-circom-workflow.png b/docs/co-circom/figures/co-circom-workflow.png new file mode 100644 index 0000000..4ebfdf0 Binary files /dev/null and b/docs/co-circom/figures/co-circom-workflow.png differ diff --git a/docs/co-circom/lib/example.md b/docs/co-circom/lib/example.md new file mode 100644 index 0000000..6c4403e --- /dev/null +++ b/docs/co-circom/lib/example.md @@ -0,0 +1,41 @@ +# Example + +The following is a incomplete example of how to use the `co-circom` lib crate. +For complete and working example see [here](https://github.com/TaceoLabs/co-snarks/tree/main/co-circom/co-circom/examples). + +```rust +// connect to network +let network_config = NetworkConfig::new(/* ... */); +let mut net = Rep3MpcNet::new(network_config)?; + +// parse circuit file & put through our compiler +let circuit = + CoCircomCompiler::::parse(dir.join("circuit.circom"), CompilerConfig::default())?; + +// split inputs +let mut input = Input::new(); +input.insert("a".to_string(), Value::String("2".to_string())); +input.insert("b".to_string(), Value::String("3".to_string())); +let [share0, share1, share2] = co_circom::split_input::(input, circuit.public_inputs())?; + +// parse zkey, without performing extra checks (only advised for zkeys knwon to be valid) +let zkey = Arc::new(Groth16ZKey::::from_reader( + std::fs::read(dir.join("multiplier2.zkey"))?.as_slice(), + CheckElement::No, +)?); + +// generate witness +let (witness, net) = + co_circom::generate_witness_rep3::(circuit, share0, net, VMConfig::default())?; +let public_inputs = witness.public_inputs_for_verify(); + +// generate proof +let (proof, _) = Rep3CoGroth16::prove(net, zkey, witness)?; + +// verify proof +let vk = Groth16JsonVerificationKey::::from_reader( + std::fs::read(dir.join("verification_key.json"))?.as_slice(), +)?; +Groth16::verify(&vk, &proof, &public_inputs)?; +``` + diff --git a/docs/co-circom/lib/lib.md b/docs/co-circom/lib/lib.md new file mode 100644 index 0000000..01d88d3 --- /dev/null +++ b/docs/co-circom/lib/lib.md @@ -0,0 +1,7 @@ +# coCircom Rust Library + +The coCircom Rust library provides the same set of features as the [CLI](../cli/cli.md) variant of coCircom, where the [CLI](../cli/cli.md) essentially exposes the library functions to the user on the command line. + +The library is meant to support you in developing your own application that makes use of coCircom's functionality. The next pages will guide you through setting up and including coCircom in your project. + +To view the more detailed docs, clone the repo and run `cargo doc --open --no-deps -p co-circom` to generate the rustdoc. diff --git a/docs/co-noir-cli/co-noir-cli.md b/docs/co-noir-cli/co-noir-cli.md deleted file mode 100644 index b469d76..0000000 --- a/docs/co-noir-cli/co-noir-cli.md +++ /dev/null @@ -1,143 +0,0 @@ -# Getting Started With Co-Noir - -## UltraHonk - -Our co-Noir implementation currently supports the UltraHonk prover (with Keccak and Poseidon2 as transcript) from Barretenberg v0.66.0. To get Barretenberg with this version, use the following commands: - -```bash -curl -L https://raw.githubusercontent.com/AztecProtocol/aztec-packages/refs/heads/master/barretenberg/bbup/install | bash -bbup -v 0.66.0 -``` - -Our prover, i.e., ``UltraHonk::prove`` in `src/prover.rs`, is compatible with `UltraProver_/UltraProver_` (depending on the used transcript hasher) in Barretenberg. Similar, the ``Ultrahnok::verify`` verifier in `src/verifier.rs` is compatible with `UltraVerifier_/UltraVerifier_` in Barretenberg. - -Currently, the circuit builder related code in `co-builder` is only compatible with basic field arithmetic gates from Noir, stay tuned for more features. - -## Usage - -First, one needs to create the circuit file from a Noir source code. Your Noir project should have the following files/folders: - -- `src/main.nr`: Contains the code which should be executed in MPC and/or proven. -- `Nargo.toml`: Similar to Cargo.toml, just for Noir projects. -- `Prover.toml`: The inputs for the main function in `src/main.nr` used in proof generation. - -To create the circuit file used in Co-Noir, one needs to install Nargo following the instructions in [https://noir-lang.org/docs/getting_started/quick_start](https://noir-lang.org/docs/getting_started/quick_start). Our prover is compatible with Nargo version 1.0.0-beta.1. - -Then you can just execute the following command: - -```bash -nargo compile -``` - -The resulting circuit file (*.json) is then located in the `target` folder. - -Alternatively, if you want to create the extended witness from the input in `Prover.toml`, use - -```bash -nargo execute witness -``` - -This command then stores the resulting circuit file (*.json), alongside the extended witness (`witness.gz`) in the `target` folder. - -### Co-Noir Commands - -Currently the Co-Noir binary allows the following commands, which we illustrate on the Noir example of proving a Poseidon Hash computation. See the Nargo source code in `examples/test_vectors/poseidon/src/main.nr`. - -The following commands are all executed from the `examples` folder, just like the .sh examples. - -#### SplitInput - -If you want to calculate the extended witness and the prove from the input file `test_vectors/poseidon/Prover.toml` (i.e., if you want to hash the input ["0", "1", "2", "3", "4", "5", "6", "7"] in MPC and prove the computation), you first have to secret share this input file. This can be done using the SplitInput command: - -```bash -cargo run --release --bin co-noir -- split-input --circuit test_vectors/poseidon/poseidon.json --input test_vectors/poseidon/Prover.toml --protocol REP3 --out-dir test_vectors/poseidon -``` - -This command uses the *REP3* MPC protocol and produces the shares for 3 MPC in the `test_vectors/poseidon` folder. As input it takes the circuit file `poseidon.json` and the `Prover.toml` file which contains the preimage of the hash which we want to share. - -#### GenerateWitness - -After the SplitInput command, the computing parties engage in executing the circuit (in our case Poseidon) on the shared input in MPC. Each party thus executes the following command: - -```bash -cargo run --release --bin co-noir -- generate-witness --input test_vectors/poseidon/Prover.toml.shared --circuit test_vectors/poseidon/poseidon.json --protocol REP3 --config configs/party.toml --out test_vectors/poseidon/poseidon.gz.shared -``` - -Again, `poseidon.json` is the circuit file from Noir, while `Prover.toml.shared` is one output of SplitWitness and `party.toml` is a network configuration. As MPC protocol we currently only support *REP3* for the Witness extension. - -#### SplitWitness - -Instead of performing the witness extension in MPC, one can also secret share the .gz witness file computed by Noir. The command is the following: - -```bash -cargo run --release --bin co-noir -- split-witness --witness test_vectors/poseidon/poseidon.gz --circuit test_vectors/poseidon/poseidon.json --protocol REP3 --out-dir test_vectors/poseidon -``` - -Here, `poseidon.json` is the circuit file from Noir, `poseidon.gz` the extended witness from noir, and the output shares are stored in `test_vectors/poseidon`. The output shares are therebey indistinguishable from the output shares produced by the GenerateWitness command. -For SplitWitness, both REP3 and Shamir are supported. - -#### TranslateWitness - -This command can be used to translate extended witnesses (outputs of GenerateWitness or SplitWitness) from REP3 to 3-party Shamir secret sharing: - -```bash -cargo run --release --bin co-noir -- translate-witness --witness test_vectors/poseidon/poseidon.gz.shared --src-protocol REP3 --target-protocol SHAMIR --config configs/party.toml --out test_vectors/poseidon/shamir_poseidon.gz.shared -``` - -Here, `poseidon.gz.shared` is the REP3 input share, `shamir_poseidon.gz.shared` the Shamir output share, and `party.toml` is a network configuration. - -#### GenerateProof - -To create a proof in MPC, one needs the extended witness (from GenerateWitness, SplitWitness, or TranslateWitness): - -```bash -cargo run --release --bin co-noir -- build-and-generate-proof --witness test_vectors/poseidon/poseidon.gz.shared --circuit test_vectors/poseidon/poseidon.json --crs test_vectors/bn254_g1.dat --protocol REP3 --hasher POSEIDON --config configs/party.toml --out proof.proof --public-input public_input.json -``` - -Here, `poseidon.gz.shared` is the share of the witness, `poseidon.json` is the circuit file from Noir, `bn254_g1.dat` is the file storing the prover CRS and `party.toml` is the network configuration. As output, one creates the UltraHonk proof `proof.proof` and the output of the circuit `public_input.json`. The parameter `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher, the other implemented option would be Keccak256. - -The corresponding Barretenberg command (from `barretenberg/cpp/build/bin`) is: - -```bash -bb prove_ultra_honk -b poseidon.json -w poseidon.gz -o proof.proof -``` - -where poseidon.gz is the witness file created by Noir (which is equivalent to a non-secret-shared variant of `poseidon.gz.shared`). The generated proof key is the same, regardless of using Co-Noir or Barretenberg. -Note: Barretenberg does not require the file for storing the CRS, since Barretenberg automatically downloads it if it is not present. - -#### CreateVK - -To verify the created proof, we first need to create a verification key. This can be done with: - -```bash -cargo run --release --bin co-noir -- create-vk --circuit test_vectors/poseidon/poseidon.json --crs test_vectors/bn254_g1.dat --hasher POSEIDON --vk test_vectors/poseidon/verification_key -``` - -Here, `poseidon.json` is the circuit file from Noir, `bn254_g1.dat` is the file storing the prover CRS, and the output is written to `verification_key`. Again, `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher. - -The corresponding Barretenberg command (from `barretenberg/cpp/build/bin`) is: - -```bash -bb write_vk_ultra_honk -b poseidon.json -o verification_key -``` - -Here, `poseidon.json` is the circuit file from Noir. The output verification key is the same, regardless of using Co-Noir or Barretenberg. -Note: Barretenberg does not require the file for storing the CRS, since Barretenberg automatically downloads it if it is not present. - -#### Verify - -To verify the proof, just use: - -```bash -cargo run --release --bin co-noir -- verify --proof proof.proof --vk test_vectors/poseidon/verification_key --hasher POSEIDON --crs test_vectors/bn254_g2.dat -``` - -Here, `proof.proof` is the proof we want to verify, `verification_key` is the output of CreateVK, and `bn254_g2.dat` is the verifier CRS. Again, `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher. - -The corresponding Barretenberg command (from `barretenberg/cpp/build/bin`) is: - -```bash -bb verify_ultra_honk -k verification_key -p proof.proof -``` - -Note: Barretenberg does not require the file for storing the CRS, since Barretenberg automatically downloads it if it is not present. diff --git a/docs/co-noir-cli/create-vk.md b/docs/co-noir-cli/create-vk.md deleted file mode 100644 index 26c9aa6..0000000 --- a/docs/co-noir-cli/create-vk.md +++ /dev/null @@ -1,15 +0,0 @@ -## Reference - -```txt -Create a verification key for the specified circuit - -Usage: co-noir create-vk [OPTIONS] - -Options: - --config The path to the config file - --hasher The transcript hasher used for the proof [possible values: POSEIDON, KECCAK] - --circuit The path to the circuit file, generated by Noir - --crs The path to the prover crs file - --vk The output path to the verification key file - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-noir-cli/generate-proof.md b/docs/co-noir-cli/generate-proof.md deleted file mode 100644 index 9d06e7f..0000000 --- a/docs/co-noir-cli/generate-proof.md +++ /dev/null @@ -1,17 +0,0 @@ -## Reference - -```txt -Cli arguments for `generate_proof` - -Usage: co-noir generate-proof [OPTIONS] - -Options: - --config The path to the config file - --proving-key The path to the shared proving_key file - --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] - --hasher The transcript hasher to be used [possible values: POSEIDON, KECCAK] - --out The output file where the final proof is written to. If not passed, this party will not write the proof to a file - --public-input The output JSON file where the public inputs are written to. If not passed, this party will not write the public inputs to a file - -t, --threshold The threshold of tolerated colluding parties [default: 1] - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-noir-cli/generate-witness.md b/docs/co-noir-cli/generate-witness.md deleted file mode 100644 index 9ee2298..0000000 --- a/docs/co-noir-cli/generate-witness.md +++ /dev/null @@ -1,15 +0,0 @@ -## Reference - -```txt -Evaluates the extended witness generation for the specified circuit and input share in MPC - -Usage: co-noir generate-witness [OPTIONS] - -Options: - --config The path to the config file - --input The path to the input share file - --circuit The path to the circuit file - --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] - --out The output file where the final witness share is written to - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-noir-cli/merge-input-shares.md b/docs/co-noir-cli/merge-input-shares.md deleted file mode 100644 index 79b1c52..0000000 --- a/docs/co-noir-cli/merge-input-shares.md +++ /dev/null @@ -1,14 +0,0 @@ -## Reference - -```txt -Merge multiple shared inputs received from multiple parties into a single one - -Usage: co-noir merge-input-shares [OPTIONS] - -Options: - --config The path to the config file - --inputs The path to the input JSON file - --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] - --out The output file where the merged input share is written to - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-noir-cli/split-input.md b/docs/co-noir-cli/split-input.md deleted file mode 100644 index fee2774..0000000 --- a/docs/co-noir-cli/split-input.md +++ /dev/null @@ -1,15 +0,0 @@ -## Reference - -```txt -Splits a input toml file into secret shares for use in MPC - -Usage: co-noir split-input [OPTIONS] - -Options: - --config The path to the config file - --input The path to the input JSON file - --circuit The path to the circuit file - --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] - --out-dir The path to the (existing) output directory - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-noir-cli/verify.md b/docs/co-noir-cli/verify.md deleted file mode 100644 index e682b16..0000000 --- a/docs/co-noir-cli/verify.md +++ /dev/null @@ -1,15 +0,0 @@ -## Reference - -```txt -Verification of a Noir proof - -Usage: co-noir verify [OPTIONS] - -Options: - --hasher The transcript hasher used for the proof [possible values: POSEIDON, KECCAK] - --config The path to the config file - --proof The path to the proof file - --vk The path to the verification key file - --crs The path to the verifier crs file - -h, --help Print help (see more with '--help') -``` diff --git a/docs/co-noir-cli/build-and-generate-proof.md b/docs/co-noir/cli/build-and-generate-proof.md similarity index 50% rename from docs/co-noir-cli/build-and-generate-proof.md rename to docs/co-noir/cli/build-and-generate-proof.md index acb80c7..e6bb800 100644 --- a/docs/co-noir-cli/build-and-generate-proof.md +++ b/docs/co-noir/cli/build-and-generate-proof.md @@ -1,3 +1,19 @@ +# build-and-generate-proof + +This command first generates a proving key and then directly generates the proof. + +:::info +This is preferred over `generate-proving-key` and `generate-proof`, because the circuit is only parsed and built once instead of twice (For large circuits, this can take some time). +::: + +## Example + +```bash +co-noir build-and-generate-proof --witness test_vectors/poseidon/poseidon.gz.0.shared --circuit test_vectors/poseidon/poseidon.json --crs test_vectors/bn254_g1.dat --protocol REP3 --hasher KECCAK --config configs/party1.toml --out proof.0.proof --public-input public_input.json +``` + +Here, `poseidon.gz.shared` is the share of the witness, `poseidon.json` is the circuit file from Noir, `bn254_g1.dat` is the file storing the prover CRS and `party.toml` is the [network configuration](../../network-config.md). As output, one creates the UltraHonk proof `proof.proof` and the output of the circuit `public_input.json`. The parameter `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher, the other implemented option would be Keccak256. + ## Reference ```txt @@ -15,5 +31,6 @@ Options: --out The output file where the final proof is written to. If not passed, this party will not write the proof to a file --public-input The output JSON file where the public inputs are written to. If not passed, this party will not write the public inputs to a file -t, --threshold The threshold of tolerated colluding parties [default: 1] + --recursive Generate a recursive proof -h, --help Print help (see more with '--help') ``` diff --git a/docs/co-noir-cli/build-proving-key.md b/docs/co-noir/cli/build-proving-key.md similarity index 64% rename from docs/co-noir-cli/build-proving-key.md rename to docs/co-noir/cli/build-proving-key.md index 8d8a511..a2915ec 100644 --- a/docs/co-noir-cli/build-proving-key.md +++ b/docs/co-noir/cli/build-proving-key.md @@ -1,3 +1,13 @@ +# build-proving-key + +This command takes the shared witness and circuit, and builds a shared proving key. + +## Example + +```bash +co-noir build-proving-key --witness test_vectors/poseidon/poseidon.gz.0.shared --circuit test_vectors/poseidon/poseidon.json --protocol REP3 --config configs/party1.toml --out proving_key.0.shared +``` + ## Reference ```txt @@ -9,9 +19,9 @@ Options: --config The path to the config file --witness The path to the witness share file --circuit The path to the circuit file, generated by Noir - --crs The path to the prover crs file --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] --out The output file where the final proving key is written to -t, --threshold The threshold of tolerated colluding parties [default: 1] + --recursive Generate a recursive proof -h, --help Print help (see more with '--help') ``` diff --git a/docs/co-noir-cli/co-noir.md b/docs/co-noir/cli/cli.md similarity index 63% rename from docs/co-noir-cli/co-noir.md rename to docs/co-noir/cli/cli.md index a91be1f..fe98e93 100644 --- a/docs/co-noir-cli/co-noir.md +++ b/docs/co-noir/cli/cli.md @@ -1,3 +1,9 @@ +# Command-Line Interface + +This section expands on using the coNoir CLI to perform witness extension and proof generation in MPC including preparation steps thereof. As mentioned earlier, coNoir is best used alongside [Noir](https://aztec.network/noir)'s package manager [nargo](https://docs.aztec.network/aztec/glossary#nargo) and Aztec's proof system [barretenberg](https://github.com/AztecProtocol/barretenberg) for generating intermediate artifacts. + +The [interactive workshop at ZK12](https://www.youtube.com/watch?v=w2HJxrDE01k) demonstrates the usage and workflow of the coNoir CLI (at the end of the video, starting at [44:45](https://youtu.be/w2HJxrDE01k?si=HshhExrhce4KCgzG&t=2685)), as well as the coCircom CLI (at the beginning of the video). + ## Reference ```txt @@ -16,6 +22,7 @@ Commands: build-and-generate-proof Builds the proving key and evaluates the prover algorithm for the specified circuit and witness share in MPC create-vk Create a verification key for the specified circuit verify Verification of a Noir proof + download-crs Download a CRS with a given number of points help Print this message or the help of the given subcommand(s) Options: diff --git a/docs/co-noir/cli/create-vk.md b/docs/co-noir/cli/create-vk.md new file mode 100644 index 0000000..2eeb499 --- /dev/null +++ b/docs/co-noir/cli/create-vk.md @@ -0,0 +1,37 @@ +# generate-vk + +## Example + +To verify the created proof, we first need to create a verification key. This can be done with: + +```bash +co-noir create-vk --circuit test_vectors/poseidon/poseidon.json --crs test_vectors/bn254_g1.dat --hasher POSEIDON --vk test_vectors/poseidon/verification_key +``` + +Here, `poseidon.json` is the circuit file from Noir, `bn254_g1.dat` is the file storing the prover CRS, and the output is written to `verification_key`. Again, `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher. + +The corresponding Barretenberg command (from `barretenberg/cpp/build/bin`) is: + +```bash +bb write_vk_ultra_honk -b poseidon.json -o verification_key +``` + +Here, `poseidon.json` is the circuit file from Noir. The output verification key is the same, regardless of using Co-Noir or Barretenberg. +Note: Barretenberg does not require the file for storing the CRS, since Barretenberg automatically downloads it if it is not present. + +## Reference + +```txt +Create a verification key for the specified circuit + +Usage: co-noir create-vk [OPTIONS] + +Options: + --config The path to the config file + --hasher The transcript hasher used for the proof [possible values: POSEIDON, KECCAK] + --circuit The path to the circuit file, generated by Noir + --crs The path to the prover crs file + --vk The output path to the verification key file + --recursive Generate a recursive proof + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-noir/cli/download-crs.md b/docs/co-noir/cli/download-crs.md new file mode 100644 index 0000000..88126fe --- /dev/null +++ b/docs/co-noir/cli/download-crs.md @@ -0,0 +1,23 @@ +# download-crs + +This command can be sued to download the prover CRS with a given number of points. + +## Example + +```bash +co-noir download-crs --crs ./bn254_g1.dat --num-points 1024 +``` + +## Reference + +```txt +Download a CRS with a given number of points + +Usage: co-noir download-crs [OPTIONS] + +Options: + --config The path to the config file + --crs The path to the prover crs file + -n, --num-points The number of points to download [default: 1] + -h, --help Print help +``` diff --git a/docs/co-noir/cli/generate-proof.md b/docs/co-noir/cli/generate-proof.md new file mode 100644 index 0000000..87bb620 --- /dev/null +++ b/docs/co-noir/cli/generate-proof.md @@ -0,0 +1,40 @@ +# generate-proof + +To create a proof in MPC, one needs the extended witness (from GenerateWitness, SplitWitness, or TranslateWitness): + +## Example + +```bash +co-noir build-and-generate-proof --witness test_vectors/poseidon/poseidon.gz.shared --circuit test_vectors/poseidon/poseidon.json --crs test_vectors/bn254_g1.dat --protocol REP3 --hasher POSEIDON --config configs/party.toml --out proof.proof --public-input public_input.json +``` + +Here, `poseidon.gz.shared` is the share of the witness, `poseidon.json` is the circuit file from Noir, `bn254_g1.dat` is the file storing the prover CRS and `party.toml` is the [network configuration](../../network-config.md). As output, one creates the UltraHonk proof `proof.proof` and the output of the circuit `public_input.json`. The parameter `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher, the other implemented option would be Keccak256. + +The corresponding Barretenberg command (from `barretenberg/cpp/build/bin`) is: + +```bash +bb prove_ultra_honk -b poseidon.json -w poseidon.gz -o proof.proof +``` + +where poseidon.gz is the witness file created by Noir (which is equivalent to a non-secret-shared variant of `poseidon.gz.shared`). The generated proof key is the same, regardless of using Co-Noir or Barretenberg. +Note: Barretenberg does not require the file for storing the CRS, since Barretenberg automatically downloads it if it is not present. + +## Reference + +```txt +Cli arguments for `generate_proof` + +Usage: co-noir generate-proof [OPTIONS] + +Options: + --config The path to the config file + --proving-key The path to the shared proving_key file + --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] + --hasher The transcript hasher to be used [possible values: POSEIDON, KECCAK] + --out The output file where the final proof is written to. If not passed, this party will not write the proof to a file + --public-input The output JSON file where the public inputs are written to. If not passed, this party will not write the public inputs to a file + -t, --threshold The threshold of tolerated colluding parties [default: 1] + --recursive Generate a recursive friendly proof + --crs The path to the prover crs file + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-noir/cli/generate-witness.md b/docs/co-noir/cli/generate-witness.md new file mode 100644 index 0000000..508f686 --- /dev/null +++ b/docs/co-noir/cli/generate-witness.md @@ -0,0 +1,27 @@ +# generate-witness + +After the SplitInput command, the computing parties engage in executing the circuit (in our case Poseidon) on the shared input in MPC. Each party thus executes the following command: + +## Example + +```bash +co-noir generate-witness --input test_vectors/poseidon/Prover.toml.shared --circuit test_vectors/poseidon/poseidon.json --protocol REP3 --config configs/party.toml --out test_vectors/poseidon/poseidon.gz.shared +``` + +Again, `poseidon.json` is the circuit file from Noir, while `Prover.toml.shared` is one output of SplitWitness and `party.toml` is a [network configuration](../../network-config.md). As MPC protocol we currently only support *REP3* for the Witness extension. + +## Reference + +```txt +Evaluates the extended witness generation for the specified circuit and input share in MPC + +Usage: co-noir generate-witness [OPTIONS] + +Options: + --config The path to the config file + --input The path to the input share file + --circuit The path to the circuit file + --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] + --out The output file where the final witness share is written to + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-noir/cli/merge-input-shares.md b/docs/co-noir/cli/merge-input-shares.md new file mode 100644 index 0000000..a070c65 --- /dev/null +++ b/docs/co-noir/cli/merge-input-shares.md @@ -0,0 +1,28 @@ +# merge-input-shares + +The aim of the `merge-input-shares` command is to take input shares originating from multiple parties and merge them into a single input share file to be used for witness generation. + +A use case for this would be to have multiple parties provide different parts of the input to the MPC computation parties. + +## Example + +```bash +co-noir merge-input-shares --inputs test_vectors/poseidon_input2/Prover1.toml.0.shared --inputs test_vectors/poseidon_input2/Prover2.toml.0.shared --protocol REP3 --out test_vectors/poseidon_input2/Prover.toml.0.shared +``` + +The above command takes the two input shares `Prover1.toml.0.shared` and `Prover2.toml.0.shared` (note both are intended for party 0) and combines them into a single input share `Prover.toml.0.shared`. + +## Reference + +```txt +Merge multiple shared inputs received from multiple parties into a single one + +Usage: co-noir merge-input-shares [OPTIONS] + +Options: + --config The path to the config file + --inputs The path to the input JSON file + --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] + --out The output file where the merged input share is written to + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-noir/cli/split-input.md b/docs/co-noir/cli/split-input.md new file mode 100644 index 0000000..b2ba355 --- /dev/null +++ b/docs/co-noir/cli/split-input.md @@ -0,0 +1,27 @@ +# split-input + +If you want to calculate the extended witness and the prove from the input file `test_vectors/poseidon/Prover.toml` (i.e., if you want to hash the input ["0", "1", "2", "3", "4", "5", "6", "7"] in MPC and prove the computation), you first have to secret share this input file. This can be done using the SplitInput command: + +## Example + +```bash +co-noir split-input --circuit test_vectors/poseidon/poseidon.json --input test_vectors/poseidon/Prover.toml --protocol REP3 --out-dir test_vectors/poseidon +``` + +This command uses the *REP3* MPC protocol and produces the shares for 3 MPC in the `test_vectors/poseidon` folder. As input it takes the circuit file `poseidon.json` and the `Prover.toml` file which contains the preimage of the hash which we want to share. + +## Reference + +```txt +Splits a input toml file into secret shares for use in MPC + +Usage: co-noir split-input [OPTIONS] + +Options: + --config The path to the config file + --input The path to the input JSON file + --circuit The path to the circuit file + --protocol The MPC protocol to be used [possible values: REP3, SHAMIR] + --out-dir The path to the (existing) output directory + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-noir-cli/split-proving-key.md b/docs/co-noir/cli/split-proving-key.md similarity index 67% rename from docs/co-noir-cli/split-proving-key.md rename to docs/co-noir/cli/split-proving-key.md index a17a742..86345bb 100644 --- a/docs/co-noir-cli/split-proving-key.md +++ b/docs/co-noir/cli/split-proving-key.md @@ -1,3 +1,13 @@ +# split-proving-key + +Instead of building the proving key in MPC, one can also take the secret share computed by Noir. The command is the following: + +## Example + +```bash +co-noir split-proving-key --witness test_vectors/poseidon/poseidon.gz --circuit test_vectors/poseidon/poseidon.json --crs test_vectors/bn254_g1.dat --protocol REP3 --out-dir . +``` + ## Reference ```txt @@ -14,5 +24,6 @@ Options: --out-dir The path to the (existing) output directory -t, --threshold The threshold of tolerated colluding parties [default: 1] -n, --num-parties The number of parties [default: 3] + --recursive Generate a recursive proof -h, --help Print help (see more with '--help') ``` diff --git a/docs/co-noir-cli/split-witness.md b/docs/co-noir/cli/split-witness.md similarity index 54% rename from docs/co-noir-cli/split-witness.md rename to docs/co-noir/cli/split-witness.md index 55666a1..fc81e5c 100644 --- a/docs/co-noir-cli/split-witness.md +++ b/docs/co-noir/cli/split-witness.md @@ -1,3 +1,16 @@ +# split-witness + +Instead of performing the witness extension in MPC, one can also secret share the .gz witness file computed by Noir. The command is the following: + +## Example + +```bash +co-noir split-witness --witness test_vectors/poseidon/poseidon.gz --circuit test_vectors/poseidon/poseidon.json --protocol REP3 --out-dir test_vectors/poseidon +``` + +Here, `poseidon.json` is the circuit file from Noir, `poseidon.gz` the extended witness from noir, and the output shares are stored in `test_vectors/poseidon`. The output shares are thereby indistinguishable from the output shares produced by the GenerateWitness command. +For SplitWitness, both REP3 and Shamir are supported. + ## Reference ```txt diff --git a/docs/co-noir-cli/translate-proving-key.md b/docs/co-noir/cli/translate-proving-key.md similarity index 72% rename from docs/co-noir-cli/translate-proving-key.md rename to docs/co-noir/cli/translate-proving-key.md index 679957f..aecccd9 100644 --- a/docs/co-noir-cli/translate-proving-key.md +++ b/docs/co-noir/cli/translate-proving-key.md @@ -1,3 +1,13 @@ +# translate-proving-key + +Translates the given REP3 proving key into a Shamir proving key. + +## Example + +```bash +co-noir translate-proving-key --proving-key proving_key.0.shared --src-protocol REP3 --target-protocol SHAMIR --config configs/party1.toml --out shamir_proving_key.0.shared +``` + ## Reference ```txt diff --git a/docs/co-noir-cli/translate-witness.md b/docs/co-noir/cli/translate-witness.md similarity index 55% rename from docs/co-noir-cli/translate-witness.md rename to docs/co-noir/cli/translate-witness.md index d4c13c2..8c7c138 100644 --- a/docs/co-noir-cli/translate-witness.md +++ b/docs/co-noir/cli/translate-witness.md @@ -1,3 +1,15 @@ +# translate-witness + +This command can be used to translate extended witnesses (outputs of GenerateWitness or SplitWitness) from REP3 to 3-party Shamir secret sharing. + +## Example + +```bash +co-noir translate-witness --witness test_vectors/poseidon/poseidon.gz.shared --src-protocol REP3 --target-protocol SHAMIR --config configs/party.toml --out test_vectors/poseidon/shamir_poseidon.gz.shared +``` + +Here, `poseidon.gz.shared` is the REP3 input share, `shamir_poseidon.gz.shared` the Shamir output share, and `party.toml` is a [network configuration](../../network-config.md). + ## Reference ```txt diff --git a/docs/co-noir/cli/verify.md b/docs/co-noir/cli/verify.md new file mode 100644 index 0000000..c411ffc --- /dev/null +++ b/docs/co-noir/cli/verify.md @@ -0,0 +1,33 @@ +# verify + +## Example + +```bash +co-noir verify --proof proof.proof --vk test_vectors/poseidon/verification_key --hasher POSEIDON --crs test_vectors/bn254_g2.dat +``` + +Here, `proof.proof` is the proof we want to verify, `verification_key` is the output of CreateVK, and `bn254_g2.dat` is the verifier CRS. Again, `--hasher POSEIDON` defines that Poseidon2 is used as the transcript hasher. + +The corresponding Barretenberg command (from `barretenberg/cpp/build/bin`) is: + +```bash +bb verify_ultra_honk -k verification_key -p proof.proof +``` + +Note: Barretenberg does not require the file for storing the CRS, since Barretenberg automatically downloads it if it is not present. + +## Reference + +```txt +Verification of a Noir proof + +Usage: co-noir verify [OPTIONS] + +Options: + --hasher The transcript hasher used for the proof [possible values: POSEIDON, KECCAK] + --config The path to the config file + --proof The path to the proof file + --vk The path to the verification key file + --crs The path to the verifier crs file + -h, --help Print help (see more with '--help') +``` diff --git a/docs/co-noir/co-noir.md b/docs/co-noir/co-noir.md new file mode 100644 index 0000000..1f5a90f --- /dev/null +++ b/docs/co-noir/co-noir.md @@ -0,0 +1,7 @@ +# coNoir + +coNoir enables Noir's witness extension and proof generation inside MPC. Intermediate artifacts of Noir's toolchain and coNoir's toolchain may be used interchangeably, i.e. proofs generated with coNoir verify with Noir and vice-versa. We assume you are already familiar with [Noir](https://aztec.network/noir), its package manager [nargo](https://docs.aztec.network/aztec/glossary#nargo) and Aztec's proof system [barretenberg](https://github.com/AztecProtocol/barretenberg). + +The following drawing serves as an overview on how coNoir fits into the existing Noir ecosystem. + +overview drawing diff --git a/docs/co-noir/figures/co-noir-workflow.png b/docs/co-noir/figures/co-noir-workflow.png new file mode 100644 index 0000000..455ba8c Binary files /dev/null and b/docs/co-noir/figures/co-noir-workflow.png differ diff --git a/docs/co-noir/lib/example.md b/docs/co-noir/lib/example.md new file mode 100644 index 0000000..9d7c950 --- /dev/null +++ b/docs/co-noir/lib/example.md @@ -0,0 +1,46 @@ +# Example + +The following is a incomplete example of how to use the `co-noir` lib crate. +For complete and working example see [here](https://github.com/TaceoLabs/co-snarks/tree/main/co-noir/co-noir/examples). + +```rust +// connect to network +let network_config = NetworkConfig::new(/* ... */); +let mut net = Rep3MpcNet::new(network_config)?; + +// parse constraint system +let program_artifact = + Utils::get_program_artifact_from_file(dir.join("poseidon/poseidon.json")) + .context("while parsing program artifact")?; +let constraint_system = Utils::get_constraint_system_from_artifact(&program_artifact, true); + +// read the input file +let inputs = co_noir::parse_input(dir.join("poseidon/Prover.toml"), &program_artifact)?; + +let recursive = true; + +// parse crs +let crs_size = co_noir::compute_circuit_size::(&constraint_system, recursive)?; +let (prover_crs, verifier_crs) = + CrsParser::::get_crs(dir.join("bn254_g1.dat"), dir.join("bn254_g2.dat"), crs_size)? + .split(); + +// create input shares +let mut rng = rand::thread_rng(); +let [share0, share1, share2] = + co_noir::split_input_rep3::(inputs, &mut rng); + +// generate witness +let (witness_share, net) = co_noir::generate_witness_rep3(share0, program_artifact, net)?; + +// generate proving key and vk +let (pk, net) = + co_noir::generate_proving_key_rep3(net, &constraint_system, witness_share, recursive)?; +let vk = pk.create_vk(&prover_crs, verifier_crs)?; + +// generate proof +let (proof, _) = Rep3CoUltraHonk::<_, _, Poseidon2Sponge>::prove(net, pk, &prover_crs)?; + +// verify proof +assert!(UltraHonk::<_, Poseidon2Sponge>::verify(proof, vk).context("while verifying proof")?); +``` diff --git a/docs/co-noir/lib/lib.md b/docs/co-noir/lib/lib.md new file mode 100644 index 0000000..5214bdc --- /dev/null +++ b/docs/co-noir/lib/lib.md @@ -0,0 +1,8 @@ +# coNoir Rust Library + +The coNoir Rust library provides the same set of features as the [CLI](../cli/cli.md) variant of coNoir, where the [CLI](../cli/cli.md) essentially exposes the library functions to the user on the command line. + +The library is meant to support you in developing your own application that makes use of coNoir's functionality. The next pages will guide you through setting up and including coNoir in your project. + +To view the more detailed docs, clone the repo and run `cargo doc --open --no-deps -p co-noir` to generate the rustdoc. + diff --git a/docs/examples/examples.md b/docs/examples/examples.md index 57d6b30..12378f9 100644 --- a/docs/examples/examples.md +++ b/docs/examples/examples.md @@ -5,5 +5,4 @@ circuits. Example bash scripts are available in the `examples` directory of the [co-circom repository](https://github.com/TaceoLabs/collaborative-circom/tree/main/co-circom/co-circom/examples) and the [co-noir repository](https://github.com/TaceoLabs/collaborative-circom/tree/main/co-noir/co-noir/examples). -You will also find [configs](../co-circom-cli/config.md), TLS keys, and sample -inputs for these circuits. +You will also find configs, TLS keys, and sample inputs for these circuits. diff --git a/docs/examples/multiplier2.md b/docs/examples/multiplier2.md index 485dfac..2f3ab1a 100644 --- a/docs/examples/multiplier2.md +++ b/docs/examples/multiplier2.md @@ -5,7 +5,7 @@ parties to jointly compute a ZK proof for private shared state. This example illustrates generating a proof for a simple multiplication circuit involving two parties, each providing inputs. -We reuse the circuit introduced in our [Quick Start](../getting-started/quick-start.md) guide +We reuse the circuit introduced in our [coCircom Quick Start](../getting-started/quick-start-co-circom.md) guide [^1]. In this scenario, two input files are needed, one from each party. Both parties @@ -35,7 +35,7 @@ cargo run --release --bin co-circom -- merge-input-shares --inputs test_vectors/ ``` This sequence illustrates the secret-sharing of inputs by both parties and the -subsequent [merging](../co-circom-cli/merge-input-shares.md) of these inputs into a single file, executed by the computing +subsequent [merging](../co-circom/cli/merge-input-shares.md) of these inputs into a single file, executed by the computing nodes. [^1]: diff --git a/docs/getting-started/install.md b/docs/getting-started/install.md index 59c37aa..74b77ec 100644 --- a/docs/getting-started/install.md +++ b/docs/getting-started/install.md @@ -19,20 +19,18 @@ These resources will provide the necessary information to get your environment s ## Compile from Source -First, download the source from [GitHub](https://github.com/TaceoLabs/collaborative-circom). We tested the compilation on Ubuntu 22.04. +- coCircom ```bash -git clone git@github.com:TaceoLabs/collaborative-circom.git +cargo install --git https://github.com/TaceoLabs/co-snarks --branch main co-circom ``` -After downloading the source, build the toolchain simply by typing: +- coNoir ```bash -cargo build --release +cargo install --git https://github.com/TaceoLabs/co-snarks --branch main co-noir ``` -You can find the `co-circom` binary under `target/release/`. - ## Download Binary from Release 1. You can find the latest release diff --git a/docs/getting-started/quick-start.md b/docs/getting-started/quick-start-co-circom.md similarity index 97% rename from docs/getting-started/quick-start.md rename to docs/getting-started/quick-start-co-circom.md index 96cbbef..4caad1b 100644 --- a/docs/getting-started/quick-start.md +++ b/docs/getting-started/quick-start-co-circom.md @@ -1,4 +1,4 @@ -# coCircom Quick Start +# Quick Start coCircom coCircom is an implementation of [collaborative SNARKs](../resources/collsnarks.md), with a focus on the [circom](https://circom.io) framework. In contrast to traditional SNARKs, which are run by a single prover, collaborative SNARKs are executed using a [multiparty computation protocol](../resources/mpc.md). @@ -72,7 +72,7 @@ This command secret shares the private inputs (everything that is not explicitly Now we have to compute the extended witness. In a real-world setting you would have to send the input files from the previous step to the parties. -To achieve that we need a network config for every party (you can read an in-depth explanation about the config [here](../co-circom-cli/config.md)). You can copy-paste the config from here and call it `party0.toml` for party0 and so on: +To achieve that we need a network config for every party (you can read an in-depth explanation about the config [here](../network-config.md)). You can copy-paste the config from here and call it `party0.toml` for party0 and so on: ```toml [network] diff --git a/docs/getting-started/quick-start-co-noir.md b/docs/getting-started/quick-start-co-noir.md new file mode 100644 index 0000000..cd51668 --- /dev/null +++ b/docs/getting-started/quick-start-co-noir.md @@ -0,0 +1,40 @@ +# Quick Start coNoir + +## UltraHonk + +Our co-Noir implementation currently supports the UltraHonk prover (with Keccak and Poseidon2 as transcript) from Barretenberg v0.66.0. To get Barretenberg with this version, use the following commands: + +```bash +curl -L https://raw.githubusercontent.com/AztecProtocol/aztec-packages/refs/heads/master/barretenberg/bbup/install | bash +bbup -v 0.66.0 +``` + +Our prover, i.e., ``UltraHonk::prove`` in `src/prover.rs`, is compatible with `UltraProver_/UltraProver_` (depending on the used transcript hasher) in Barretenberg. Similar, the ``Ultrahnok::verify`` verifier in `src/verifier.rs` is compatible with `UltraVerifier_/UltraVerifier_` in Barretenberg. + +Currently, the circuit builder related code in `co-builder` is only compatible with basic field arithmetic gates from Noir, stay tuned for more features. + +## Usage + +First, one needs to create the circuit file from a Noir source code. Your Noir project should have the following files/folders: + +- `src/main.nr`: Contains the code which should be executed in MPC and/or proven. +- `Nargo.toml`: Similar to Cargo.toml, just for Noir projects. +- `Prover.toml`: The inputs for the main function in `src/main.nr` used in proof generation. + +To create the circuit file used in Co-Noir, one needs to install Nargo following the instructions in [https://noir-lang.org/docs/getting_started/quick_start/](https://noir-lang.org/docs/getting_started/quick_start/). Our prover is compatible with Nargo version 1.0.0-beta.1. + +Then you can just execute the following command: + +```bash +nargo compile +``` + +The resulting circuit file (*.json) is then located in the `target` folder. + +Alternatively, if you want to create the extended witness from the input in `Prover.toml`, use + +```bash +nargo execute witness +``` + +This command then stores the resulting circuit file (*.json), alongside the extended witness (`witness.gz`) in the `target` folder. diff --git a/docs/getting-started/usage.md b/docs/getting-started/usage.md index c95e9f8..90b399e 100644 --- a/docs/getting-started/usage.md +++ b/docs/getting-started/usage.md @@ -1,9 +1,7 @@ # Usage -This section is empty at the moment 😭 +There are two ways of interacting with TACEO's tooling: + 1. Standalone binaries that provide a command-line interface (CLI) + 2. Rust libraries that you can use in your projects -It will be updated in the course of the next weeks, so please be patient! - -For the time being we recommend checking out the [Quick Start Guide](./quick-start.md) or the [examples folder on our GitHub](https://github.com/TaceoLabs/collaborative-circom/tree/main/co-circom/co-circom/examples), where we provide different `bash` scripts to prove some circom files. - -Additionally, have a look at [the CLI commands](../co-circom-cli/co-circom.md) and the [additional material](../design/mpc-vm.md)! +As mentioned earlier, TACEO provides [coCircom](/co-circom/co-circom.md) and [coNoir](/co-noir/co-noir.md) at the moment. The docs for each tool are split into two main sections, covering the CLI usage and a library description. \ No newline at end of file diff --git a/docs/co-circom-cli/config.md b/docs/network-config.md similarity index 86% rename from docs/co-circom-cli/config.md rename to docs/network-config.md index 033f403..f56bcf7 100644 --- a/docs/co-circom-cli/config.md +++ b/docs/network-config.md @@ -1,6 +1,5 @@ -# Configuration - -`co-circom` uses a configuration for general settings and network configuration. +# Network Configuration +Out tools [coCircom CLI](./co-circom/cli/cli.md) and [coNoir CLI](./co-noir/cli/cli.md) both use a configuration for general settings and network configuration. The configuration can be done via a config file, environment variables, and cli arguments. Values are loaded in hierarchical order `file < environment variables < cli args`. @@ -43,10 +42,12 @@ dns_name = "127.0.0.1:10002" cert_path = "data/cert2.der" ``` -See the example configuration in the `collaborative-circom/examples/configs` folder, with pre-generated certificates and keys in the `collaborative-circom/examples/data` folder. +See the example configuration in the [configs](https://github.com/TaceoLabs/co-snarks/blob/main/co-circom/co-circom/examples/configs) directory, with pre-generated certificates and keys in the [data](https://github.com/TaceoLabs/co-snarks/blob/main/co-circom/co-circom/examples/data) directory. ## Env Variables +TODO check this and generalize to coNoir and coCircom. + Environment variables use the prefix `COCIRCOM_`. The different types can be set as follows: @@ -60,7 +61,7 @@ Structs such as the CompilerConfig can be set with `COCIRCOM_COMPILER={allow_lea ## Cli Arguments -See [co-circom CLI](./co-circom.md) +See [coCircom CLI](./co-circom/cli/cli.md) and [coNoir CLI](./co-noir/cli/cli.md). ## Compiler Configuration diff --git a/docs/overview.md b/docs/overview.md index dabb65d..ed451e4 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -5,10 +5,10 @@ TACEO is building tooling for collaborative zkSNARKs (coSNARKs), and the MPC env Here you will find documentation for tooling that lifts your code to work in MPC. So far, we have support for building collaborative SNARKs in -* Circom (see [coCircom](/co-circom-cli/co-circom.md)), and -* Noir (see [coNoir](/co-noir-cli/co-noir-cli.md)) +* Circom (see [coCircom](/co-circom/co-circom.md)), and +* Noir (see [coNoir](/co-noir/co-noir.md)) -If you are completely new to working in an MPC environment, it may be worth checking out the [coCircom quick start](/getting-started/quick-start.md) guide. It walks through compiling circuits, splitting the input, the witness extension, and proving and verifying the circuit. +If you are completely new to working in an MPC environment, it may be worth checking out the [coCircom quick start](/getting-started/quick-start-co-circom.md) guide. It walks through compiling circuits, splitting the input, the witness extension, and proving and verifying the circuit. If you wish to deploy your new coSNARK circuits, you'll need MPC nodes to run them on. You can either set this up yourself, or you can get in touch with us if you are interested to be an early tester of the coSNARK alphanet. @@ -18,7 +18,7 @@ Throughout the docs you will find many links to useful articles and talks, but i * [Overview of what we're doing at TACEO](https://www.youtube.com/watch?v=tlVFbr3_eEU) * [MPC-Enabled proof markets at ZK11](https://www.youtube.com/watch?v=4-W5nnsf9-A&pp=ygUMZGFuaWVsIGthbGVz) -* [Workshop to get started with coCircom at ZK12](https://www.youtube.com/watch?v=w2HJxrDE01k) +* [Workshop to get started with coCircom (and coNoir) at ZK12](https://www.youtube.com/watch?v=w2HJxrDE01k) Finally, if you have questions about anything here, we're always in the [discord](https://taceo.io/discord) to help you out.