From proof (#367)

* feat(circom-prover): simplify `point_to_biguint` interface

* feat: add `from_ethereum_proof` and `from_ethereum_inputs` in mopro-ffi

* feat: add `fromEthereumProof`, `fromEthereumInputs` in test-e2e

* fix: fix clippy

* chore: add comment

Author: vivianjeng

Diff for: circom-prover/src/prover/ethereum.rs

@@ -3,37 +3,60 @@
 //! Helpers for converting Arkworks types to BigUint-tuples as expected by the
 //! Solidity Groth16 Verifier smart contracts
 use ark_bls12_381::{
-    Bls12_381, Fq as bls12_381_fq, Fq2 as bls12_381_Fq2, G1Affine as bls12_381_G1Affine,
-    G2Affine as bls12_381_G2Affine,
+    Bls12_381, Fq as bls12_381_fq, Fq2 as bls12_381_Fq2, Fr as bls12_381_Fr,
+    G1Affine as bls12_381_G1Affine, G2Affine as bls12_381_G2Affine,
 };
 use ark_ec::AffineRepr;
 use ark_ff::{BigInteger, PrimeField};
 use num::BigUint;
 use num_traits::Zero;
 
 use ark_bn254::{
-    Bn254, Fq as bn254_Fq, Fq2 as bn254_Fq2, Fr, G1Affine as bn254_G1Affine,
+    Bn254, Fq as bn254_Fq, Fq2 as bn254_Fq2, Fr as bn254_Fr, G1Affine as bn254_G1Affine,
     G2Affine as bn254_G2Affine,
 };
 use ark_serialize::CanonicalDeserialize;
 
-const BN254_BUF_SIZE: usize = 32;
-const BLS12_381_BUF_SIZE: usize = 48;
-
 pub const PROTOCOL_GROTH16: &str = "groth16";
 pub const CURVE_BN254: &str = "bn128";
 pub const CURVE_BLS12_381: &str = "bls12381";
 
 pub struct Inputs(pub Vec<BigUint>);
 
-impl From<&[Fr]> for Inputs {
-    fn from(src: &[Fr]) -> Self {
+impl From<&[bn254_Fr]> for Inputs {
+    fn from(src: &[bn254_Fr]) -> Self {
         let els = src.iter().map(|point| point_to_biguint(*point)).collect();
+        Self(els)
+    }
+}
 
+impl From<&[bls12_381_Fr]> for Inputs {
+    fn from(src: &[bls12_381_Fr]) -> Self {
+        let els = src.iter().map(|point| point_to_biguint(*point)).collect();
         Self(els)
     }
 }
 
+impl From<Inputs> for Vec<bn254_Fr> {
+    fn from(inputs: Inputs) -> Self {
+        inputs
+            .0
+            .iter()
+            .map(|biguint| biguint_to_point(biguint.clone()))
+            .collect()
+    }
+}
+
+impl From<Inputs> for Vec<bls12_381_Fr> {
+    fn from(inputs: Inputs) -> Self {
+        inputs
+            .0
+            .iter()
+            .map(|biguint| biguint_to_point(biguint.clone()))
+            .collect()
+    }
+}
+
 // Follow the interface: https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/snarkjs/index.d.cts
 #[derive(Default, Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
 pub struct G1 {
@@ -51,8 +74,8 @@ impl G1 {
 
     // BN254
     pub fn to_bn254(self) -> bn254_G1Affine {
-        let x: bn254_Fq = biguint_to_point(self.x, BN254_BUF_SIZE);
-        let y: bn254_Fq = biguint_to_point(self.y, BN254_BUF_SIZE);
+        let x: bn254_Fq = biguint_to_point(self.x);
+        let y: bn254_Fq = biguint_to_point(self.y);
         if x.is_zero() && y.is_zero() {
             bn254_G1Affine::identity()
         } else {
@@ -71,8 +94,8 @@ impl G1 {
 
     // BLS12-381
     pub fn to_bls12_381(self) -> bls12_381_G1Affine {
-        let x: bls12_381_fq = biguint_to_point(self.x, BLS12_381_BUF_SIZE);
-        let y: bls12_381_fq = biguint_to_point(self.y, BLS12_381_BUF_SIZE);
+        let x: bls12_381_fq = biguint_to_point(self.x);
+        let y: bls12_381_fq = biguint_to_point(self.y);
         if x.is_zero() && y.is_zero() {
             bls12_381_G1Affine::identity()
         } else {
@@ -111,12 +134,12 @@ impl G2 {
 
     // BN254
     pub fn to_bn254(self) -> bn254_G2Affine {
-        let c0 = biguint_to_point(self.x[0].clone(), BN254_BUF_SIZE);
-        let c1 = biguint_to_point(self.x[1].clone(), BN254_BUF_SIZE);
+        let c0 = biguint_to_point(self.x[0].clone());
+        let c1 = biguint_to_point(self.x[1].clone());
         let x = bn254_Fq2::new(c0, c1);
 
-        let c0 = biguint_to_point(self.y[0].clone(), BN254_BUF_SIZE);
-        let c1 = biguint_to_point(self.y[1].clone(), BN254_BUF_SIZE);
+        let c0 = biguint_to_point(self.y[0].clone());
+        let c1 = biguint_to_point(self.y[1].clone());
         let y = bn254_Fq2::new(c0, c1);
 
         if x.is_zero() && y.is_zero() {
@@ -137,12 +160,12 @@ impl G2 {
 
     // BLS12-381
     pub fn to_bls12_381(self) -> bls12_381_G2Affine {
-        let c0 = biguint_to_point(self.x[0].clone(), BLS12_381_BUF_SIZE);
-        let c1 = biguint_to_point(self.x[1].clone(), BLS12_381_BUF_SIZE);
+        let c0 = biguint_to_point(self.x[0].clone());
+        let c1 = biguint_to_point(self.x[1].clone());
         let x = bls12_381_Fq2::new(c0, c1);
 
-        let c0 = biguint_to_point(self.y[0].clone(), BLS12_381_BUF_SIZE);
-        let c1 = biguint_to_point(self.y[1].clone(), BLS12_381_BUF_SIZE);
+        let c0 = biguint_to_point(self.y[0].clone());
+        let c1 = biguint_to_point(self.y[1].clone());
         let y = bls12_381_Fq2::new(c0, c1);
 
         if x.is_zero() && y.is_zero() {
@@ -222,7 +245,8 @@ impl From<Proof> for ark_groth16::Proof<Bls12_381> {
 }
 
 // Helper for converting a PrimeField to its BigUint representation for Ethereum compatibility
-fn biguint_to_point<F: PrimeField>(point: BigUint, buf_size: usize) -> F {
+fn biguint_to_point<F: PrimeField>(point: BigUint) -> F {
+    let buf_size: usize = ((F::MODULUS_BIT_SIZE + 7) / 8).try_into().unwrap(); // Rounds up the division
     let mut buf = point.to_bytes_le();
     buf.resize(buf_size, 0u8);
     let bigint = F::BigInt::deserialize_uncompressed(&buf[..]).expect("always works");
@@ -239,9 +263,8 @@ fn point_to_biguint<F: PrimeField>(point: F) -> BigUint {
 
 #[cfg(test)]
 mod tests {
-    use crate::prover::ethereum::{
-        biguint_to_point, point_to_biguint, Proof, BLS12_381_BUF_SIZE, BN254_BUF_SIZE, G1, G2,
-    };
+    use crate::prover::ethereum::{biguint_to_point, point_to_biguint, Inputs, Proof, G1, G2};
+    use num::BigUint;
 
     mod bn254 {
         use super::*;
@@ -270,7 +293,7 @@ mod tests {
         fn convert_fq() {
             let el = fq();
             let el2 = point_to_biguint(el);
-            let el3: Fq = biguint_to_point(el2.clone(), BN254_BUF_SIZE);
+            let el3: Fq = biguint_to_point(el2.clone());
             let el4 = point_to_biguint(el3);
             assert_eq!(el, el3);
             assert_eq!(el2, el4);
@@ -280,7 +303,7 @@ mod tests {
         fn convert_fr() {
             let el = fr();
             let el2 = point_to_biguint(el);
-            let el3: Fr = biguint_to_point(el2.clone(), BN254_BUF_SIZE);
+            let el3: Fr = biguint_to_point(el2.clone());
             let el4 = point_to_biguint(el3);
             assert_eq!(el, el3);
             assert_eq!(el2, el4);
@@ -317,6 +340,40 @@ mod tests {
             let p3 = ark_groth16::Proof::from(p2);
             assert_eq!(p, p3);
         }
+
+        #[test]
+        fn convert_fr_inputs_to_biguint() {
+            let bn254_1 = Fr::from(1u32);
+            let bn254_2 = Fr::from(2u32);
+            let bn254_3 = Fr::from(3u32);
+
+            let bn254_slice: &[Fr] = &[bn254_1, bn254_2, bn254_3];
+
+            let result: Inputs = bn254_slice.into();
+
+            assert_eq!(result.0.len(), 3);
+
+            assert_eq!(result.0[0], BigUint::from(1u32));
+            assert_eq!(result.0[1], BigUint::from(2u32));
+            assert_eq!(result.0[2], BigUint::from(3u32));
+        }
+
+        #[test]
+        fn convert_biguint_to_fr_inputs() {
+            let biguint1 = BigUint::from(1u32);
+            let biguint2 = BigUint::from(2u32);
+            let biguint3 = BigUint::from(3u32);
+
+            let inputs = Inputs(vec![biguint1, biguint2, biguint3]);
+
+            let result: Vec<Fr> = inputs.into();
+
+            assert_eq!(result.len(), 3);
+
+            assert_eq!(result[0], Fr::from(BigUint::from(1u32)));
+            assert_eq!(result[1], Fr::from(BigUint::from(2u32)));
+            assert_eq!(result[2], Fr::from(BigUint::from(3u32)));
+        }
     }
 
     mod bls12_381 {
@@ -346,7 +403,7 @@ mod tests {
         fn convert_fq() {
             let el = fq();
             let el2 = point_to_biguint(el);
-            let el3: Fq = biguint_to_point(el2.clone(), BLS12_381_BUF_SIZE);
+            let el3: Fq = biguint_to_point(el2.clone());
             let el4 = point_to_biguint(el3);
             assert_eq!(el, el3);
             assert_eq!(el2, el4);
@@ -356,7 +413,7 @@ mod tests {
         fn convert_fr() {
             let el = fr();
             let el2 = point_to_biguint(el);
-            let el3: Fr = biguint_to_point(el2.clone(), BLS12_381_BUF_SIZE);
+            let el3: Fr = biguint_to_point(el2.clone());
             let el4 = point_to_biguint(el3);
             assert_eq!(el, el3);
             assert_eq!(el2, el4);
@@ -393,5 +450,39 @@ mod tests {
             let p3 = ark_groth16::Proof::from(p2);
             assert_eq!(p, p3);
         }
+
+        #[test]
+        fn convert_fr_inputs_to_biguint() {
+            let bn254_1 = Fr::from(1u32);
+            let bn254_2 = Fr::from(2u32);
+            let bn254_3 = Fr::from(3u32);
+
+            let bn254_slice: &[Fr] = &[bn254_1, bn254_2, bn254_3];
+
+            let result: Inputs = bn254_slice.into();
+
+            assert_eq!(result.0.len(), 3);
+
+            assert_eq!(result.0[0], BigUint::from(1u32));
+            assert_eq!(result.0[1], BigUint::from(2u32));
+            assert_eq!(result.0[2], BigUint::from(3u32));
+        }
+
+        #[test]
+        fn convert_biguint_to_fr_inputs() {
+            let biguint1 = BigUint::from(1u32);
+            let biguint2 = BigUint::from(2u32);
+            let biguint3 = BigUint::from(3u32);
+
+            let inputs = Inputs(vec![biguint1, biguint2, biguint3]);
+
+            let result: Vec<Fr> = inputs.into();
+
+            assert_eq!(result.len(), 3);
+
+            assert_eq!(result[0], Fr::from(BigUint::from(1u32)));
+            assert_eq!(result[1], Fr::from(BigUint::from(2u32)));
+            assert_eq!(result[2], Fr::from(BigUint::from(3u32)));
+        }
     }
 }

Diff for: mopro-ffi/src/circom/ethereum.rs

@@ -1,8 +1,12 @@
-use ark_bn254::Bn254;
+use ark_bn254::{Bn254, Fq, Fq2, Fr, G1Affine, G2Affine};
 use circom_prover::prover::{
-    ethereum,
-    serialization::{deserialize_inputs, deserialize_proof},
+    ethereum::{self, CURVE_BN254, PROTOCOL_GROTH16},
+    serialization::{
+        self, deserialize_inputs, deserialize_proof, SerializableInputs, SerializableProof,
+    },
 };
+use num_bigint::BigUint;
+use std::str::FromStr;
 
 #[derive(Debug, Clone, Default)]
 pub struct G1 {
@@ -51,6 +55,44 @@ pub fn to_ethereum_inputs(inputs: Vec<u8>) -> Vec<String> {
     inputs
 }
 
+// Only supports bn254 for now
+pub fn from_ethereum_inputs(inputs: Vec<String>) -> Vec<u8> {
+    let inputs = inputs
+        .iter()
+        .map(|x| BigUint::from_str(x).unwrap())
+        .collect::<Vec<BigUint>>();
+    let fr_inputs: Vec<Fr> = ethereum::Inputs(inputs).into();
+    serialization::serialize_inputs(&SerializableInputs::<Bn254>(fr_inputs))
+}
+
+// Only supports bn254 for now
+pub fn from_ethereum_proof(proof: ProofCalldata) -> Vec<u8> {
+    let a_x = Fq::from_str(&proof.a.x).unwrap();
+    let a_y = Fq::from_str(&proof.a.y).unwrap();
+    let a = G1Affine::new_unchecked(a_x, a_y);
+    let a_biguint = ethereum::G1::from_bn254(&a);
+    let c_x = Fq::from_str(&proof.c.x).unwrap();
+    let c_y = Fq::from_str(&proof.c.y).unwrap();
+    let c = G1Affine::new_unchecked(c_x, c_y);
+    let c_biguint = ethereum::G1::from_bn254(&c);
+    let b1_x = Fq::from_str(&proof.b.x[0]).unwrap();
+    let b1_y = Fq::from_str(&proof.b.x[1]).unwrap();
+    let b1 = Fq2::new(b1_x, b1_y);
+    let b2_x = Fq::from_str(&proof.b.y[0]).unwrap();
+    let b2_y = Fq::from_str(&proof.b.y[1]).unwrap();
+    let b2 = Fq2::new(b2_x, b2_y);
+    let b = G2Affine::new_unchecked(b1, b2);
+    let b_biguint = ethereum::G2::from_bn254(&b);
+    let proof = ethereum::Proof {
+        a: a_biguint,
+        b: b_biguint,
+        c: c_biguint,
+        protocol: PROTOCOL_GROTH16.to_string(),
+        curve: CURVE_BN254.to_string(),
+    };
+    serialization::serialize_proof(&SerializableProof::<Bn254>(proof.into()))
+}
+
 #[cfg(test)]
 mod tests {
 
@@ -79,13 +121,16 @@ mod tests {
                 109, 154,
             ];
 
-            let proof = to_ethereum_proof(raw_proof);
+            let proof = to_ethereum_proof(raw_proof.clone());
             assert!(!proof.a.x.is_empty());
             assert!(!proof.a.y.is_empty());
             assert!(!proof.b.x.is_empty());
             assert!(!proof.b.y.is_empty());
             assert!(!proof.c.x.is_empty());
             assert!(!proof.c.y.is_empty());
+
+            let converted_proof = from_ethereum_proof(proof);
+            assert_eq!(raw_proof, converted_proof);
         }
 
         #[test]
@@ -96,23 +141,29 @@ mod tests {
                 48, 0, 0, 0, 240, 147, 245, 225, 67, 145, 112, 185, 121, 72, 232, 51, 40, 93, 88,
                 129, 129, 182, 69, 80, 184, 41, 160, 49, 225, 114, 78, 100, 48,
             ];
-            let inputs = to_ethereum_inputs(raw_inputs);
+            let inputs = to_ethereum_inputs(raw_inputs.clone());
             let expected_inputs = vec![
                 "21888242871839275222246405745257275088548364400416034343698204186575808495616",
                 "21888242871839275222246405745257275088548364400416034343698204186575808495616",
             ];
             assert_eq!(inputs, expected_inputs);
+
+            let converted_inputs = from_ethereum_inputs(inputs);
+            assert_eq!(raw_inputs, converted_inputs);
         }
 
         #[test]
         fn test_to_ethereum_inputs_with_zero() {
             let raw_inputs = vec![
                 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
             ];
-            let inputs = to_ethereum_inputs(raw_inputs);
+            let inputs = to_ethereum_inputs(raw_inputs.clone());
             let expected_inputs = vec!["0".to_string()];
             assert_eq!(inputs, expected_inputs);
+
+            let converted_inputs = from_ethereum_inputs(expected_inputs);
+            assert_eq!(raw_inputs, converted_inputs);
         }
     }
 }

Diff for: mopro-ffi/src/circom/mod.rs

@@ -81,6 +81,18 @@ macro_rules! circom_app {
         fn to_ethereum_inputs(inputs: Vec<u8>) -> Vec<String> {
             mopro_ffi::to_ethereum_inputs(inputs)
         }
+
+        #[allow(dead_code)]
+        #[cfg_attr(not(disable_uniffi_export), uniffi::export)]
+        fn from_ethereum_proof(proof: $proof_call_data) -> Vec<u8> {
+            mopro_ffi::from_ethereum_proof(proof.into())
+        }
+
+        #[allow(dead_code)]
+        #[cfg_attr(not(disable_uniffi_export), uniffi::export)]
+        fn from_ethereum_inputs(inputs: Vec<String>) -> Vec<u8> {
+            mopro_ffi::from_ethereum_inputs(inputs)
+        }
     };
 }