Recurssive light client commit inputs

beacon-light-client/circom/circuits/compute_domain.circom

@@ -4,11 +4,11 @@ include "hash_two.circom";
 
 template ComputeDomain() {
   signal input fork_version[32];
-  signal output domain[256];
-
   signal input GENESIS_VALIDATORS_ROOT[256];
   signal input DOMAIN_SYNC_COMMITTEE[32];
 
+  signal output domain[256];
+
   signal concated_fork_version[256];
 
   for(var i = 0; i < 32; i++) {

beacon-light-client/circom/circuits/hash_tree_root_poseidon.circom

@@ -0,0 +1,29 @@
+pragma circom 2.1.5;
+
+include "../../../node_modules/circomlib/circuits/poseidon.circom";
+
+template HashTreeRootPoseidon(N) {
+  signal input leaves[N];
+  signal output out;
+
+  component hashers[N - 1];
+
+  for(var i = 0; i < N - 1; i++) {
+    hashers[i] = Poseidon(2);
+  }
+
+  for(var i = 0; i < N / 2; i++) {
+    hashers[i].inputs[0] <== leaves[i * 2];
+    hashers[i].inputs[1] <== leaves[i * 2 + 1];
+  }
+
+  var k = 0;
+  for(var i = N / 2; i < N - 1; i++) {
+    hashers[i].inputs[0] <== hashers[k * 2].out;
+    hashers[i].inputs[1] <== hashers[k * 2 + 1].out;
+
+    k++;
+  }
+
+  out <== hashers[N - 2].out;
+}

beacon-light-client/circom/circuits/hash_verifier_poseidon.circom

@@ -0,0 +1,96 @@
+pragma circom 2.1.5;
+
+include "../../../node_modules/circomlib/circuits/poseidon.circom";
+
+template VerifierPoseidon(pubInpCount, k) {
+    signal input originator[2];
+    signal input nextHeaderHashNum[2];
+    signal input historicSyncCommitteeHashTreeRoot;
+    signal input syncCommitteeHistoricParticipationIndex;
+
+    // Verification Key
+    signal input negalfa1xbeta2[6][2][k]; // e(-alfa1, beta2)
+    signal input gamma2[2][2][k];
+    signal input delta2[2][2][k];
+    signal input IC[pubInpCount+1][2][k];
+    signal input domain[256];
+
+    signal output out;
+
+    var negalfa1xbeta2_index = 6 * 2 * k;
+    var gamma2_index =  2 * 2 * k;
+    var delta2_index = 2 * 2 * k;
+    var IC_index = (pubInpCount + 1) * 2 * k;
+
+    var cummulative_index = 0;
+
+    var commitment_size = 2 + 2 + 1 + negalfa1xbeta2_index + gamma2_index + delta2_index + IC_index;
+
+    component commitment = HashTreeRootPoseidon(185); 
+
+    for (var i = 0; i < 6; i++) { 
+        for (var j = 0; j < 2; j++) {
+            for (var q = 0; q < k; q++) {
+                commitment.in[cummulative_index + i*2*k + j*k + q] <== negalfa1xbeta2[i][j][q];
+            }
+        }
+    }
+
+    cummulative_index += 6 * 2 * k;
+
+    for (var i = 0; i < 2; i++) { 
+        for (var j = 0; j < 2; j++) {
+            for (var q = 0; q < k; q++) {
+                commitment.in[cummulative_index + i*2*k + j*k + q] <== gamma2[i][j][q];
+            }
+        }
+    }
+
+    cummulative_index += 2 * 2 * k;
+
+    for (var i = 0; i < 2; i++) { 
+        for (var j = 0; j < 2; j++) {
+            for (var q = 0; q < k; q++) {
+                commitment.in[cummulative_index + i*2*k + j*k + q] <== delta2[i][j][q];
+            }
+        }
+    }
+
+    cummulative_index += 2 * 2 * k;
+
+    for (var i = 0; i < pubInpCount + 1; i++) { 
+        for (var j = 0; j < 2; j++) {
+            for (var q = 0; q < k; q++) {
+                commitment.in[cummulative_index + i*2*k + j*k + q] <== IC[i][j][q];
+            }
+        }
+    }
+
+    cummulative_index += (pubInpCount + 1)*2*k;
+
+    for (var i = 0; i < 2; i++) {
+        commitment.in[cummulative_index + i] <== originator[i];
+    }
+
+    cummulative_index += 2;
+
+    for (var i = 0; i < 2; i++) {
+        commitment.in[cummulative_index + i] <== nextHeaderHashNum[i];
+    }
+
+    cummulative_index += 2;
+
+    for (var i = 0; i < 256; i++) {
+        commitment.in[cummulative_index + i] <== domain[i];
+    }
+
+    cummulative_index += 256;
+
+    commitment.in[cummulative_index] <== historicSyncCommitteeHashTreeRoot;
+
+    cummulative_index += 1;
+
+    commitment.in[cummulative_index] <== syncCommitteeHistoricParticipationIndex;
+
+    out <== commitment.out;
+}

beacon-light-client/circom/circuits/light_client_recursive.circom

@@ -1,6 +1,8 @@
 pragma circom 2.1.5;
 
-include "hash_tree_root.circom";
+include "hash_verifier_poseidon.circom";
+include "sync_committee_historic_participation.circom"
+include "sync_commitee_hash_tree_root.circom";
 include "compress.circom";
 include "aggregate_bitmask.circom";
 include "is_supermajority.circom";
@@ -14,17 +16,20 @@ include "../../../vendor/circom-pairing/circuits/bls_signature.circom";
 include "../../../vendor/circom-pairing/circuits/bn254/groth16.circom";
 
 template LightClientRecursive(N, K) {
-  var pubInpCount = 4;
+  var pubInpCount = 1;
+  var PERIODS = 1024;
 
   // BN254 facts
   var k = 6;
 
   // public inputs
   signal input originator[2];
   signal input nextHeaderHashNum[2];
+  signal input syncCommitteeHistoricParticipation[PERIODS];
 
   // private inputs
   signal input prevHeaderHashNum[2];
+  signal input syncCommitteeHistoricParticipationIndex;
 
   // verification key
   signal input negalfa1xbeta2[6][2][k]; // e(-alfa1, beta2)
@@ -43,7 +48,10 @@ template LightClientRecursive(N, K) {
   signal input state_root[256];
   signal input body_root[256];
 
+  // Exposed as public via domain
   signal input fork_version[32];
+  signal input GENESIS_VALIDATORS_ROOT[256];
+  signal input DOMAIN_SYNC_COMMITTEE[32];
 
   signal input points[N][2][K];
   signal input aggregatedKey[384];
@@ -52,6 +60,8 @@ template LightClientRecursive(N, K) {
   signal input bitmask[N];
   signal input signature[2][2][K];
 
+  signal output out; // Poseidon Hash of inputs & verification key
+
   var prevHeaderHash[256];
   var nextHeaderHash[256];
 
@@ -89,8 +99,6 @@ template LightClientRecursive(N, K) {
     isSuperMajority.bitmask[i] <== bitmask[i];
   }
 
-  isSuperMajority.out === 1;
-
   component hash_tree_root_beacon = HashTreeRootBeaconHeader();
 
   for(var i = 0; i < 256; i++) {
@@ -114,32 +122,30 @@ template LightClientRecursive(N, K) {
   }
 
   for(var i = 0; i < 256; i++) {
-    hash_tree_root_beacon.blockHash[i] === prevHeaderHash[i];
+    hash_tree_root_beacon.out[i] === prevHeaderHash[i];
   }
 
   component computeDomain = ComputeDomain();
 
-  for(var i = 0; i < 32; i++) {
-    computeDomain.fork_version[i] <== fork_version[i];
-  }
+  computeDomain.fork_version <== fork_version;
+  computeDomain.GENESIS_VALIDATORS_ROOT <== GENESIS_VALIDATORS_ROOT;
+  computeDomain.DOMAIN_SYNC_COMMITTEE <== DOMAIN_SYNC_COMMITTEE;
 
   component computeSigningRoot = ComputeSigningRoot();
 
-  for(var i = 0; i < 256; i++) {
-    computeSigningRoot.headerHash[i] <== nextHeaderHash[i];
-  }
+  computeSigningRoot.domain <== computeDomain.domain;
 
   for(var i = 0; i < 256; i++) {
-    computeSigningRoot.domain[i] <== computeDomain.domain[i];
+    computeSigningRoot.headerHash[i] <== nextHeaderHash[i];
   }
 
-  component hashToField = HashToField();
+  component hashToField = HashToField(K);
 
   for(var i = 0; i < 256; i++) {
     hashToField.in[i] <== computeSigningRoot.signing_root[i];
   }
 
-  component hasher = HashTreeRoot(N);
+  component hasher = SyncCommiteeHashTreeRoot(N);
   component compress[N];
 
   for(var i = 0; i < N; i++) {
@@ -178,9 +184,7 @@ template LightClientRecursive(N, K) {
 
   isValidMerkleBranch.index <== 55;
 
-  isValidMerkleBranch.out === 1;
-
-  component aggregateKeys = AggregateKeysBitmask(N);
+  component aggregateKeys = AggregateKeysBitmask(N,K);
 
   for(var i = 0; i < N; i++) {
     for(var j = 0; j < 2; j++) {
@@ -212,7 +216,7 @@ template LightClientRecursive(N, K) {
   }
 
   // check recursive snark
-  component groth16Verifier = verifyProof(pubInpCount);
+  component groth16Verifier = verifyProof(1);
   for (var i = 0;i < 6;i++) {
       for (var j = 0;j < 2;j++) {
           for (var idx = 0;idx < k;idx++) {
@@ -243,11 +247,30 @@ template LightClientRecursive(N, K) {
       }
   }
 
-  groth16Verifier.pubInput[0] <== originator[0];
-  groth16Verifier.pubInput[1] <== originator[1];
-  groth16Verifier.pubInput[2] <== prevHeaderHashNum[0];
-  groth16Verifier.pubInput[3] <== prevHeaderHashNum[1];
+  component prevHistoricParticipationRateHashTreeRoot = HashTreeRootPoseidon(PERIODS) (
+    syncCommitteeHistoricParticipation
+  );
 
+  signal prevSyncCommitteeHistoricParticipationIndex <== syncCommitteeHistoricParticipationIndex - 1;
+
+  signal prevVerifierCommitment <== VerifierPoseidon(pubInpCount, k)(
+    originator, prevHeaderHashNum, negalfa1xbeta2,
+    gamma2, delta2, IC,
+    historicParticipationRateHashTreeRoot, prevSyncCommitteeHistoricParticipationIndex, computeDomain.domain
+  );
+
+  component updateSyncCommitteeHistoricParticipation = UpdateSyncCommitteeHistoricParticipation(512,PERIODS) (
+    syncCommitteeHistoricParticipation, syncCommitteeHistoricParticipationIndex, bitmask
+  );
+
+  signal curSyncCommitteeHistoricParticipation <== updateSyncCommitteeHistoricParticipation.out;
+
+  component curHistoricParticipationRateHashTreeRoot = HashTreeRootPoseidon(PERIODS) (
+    curSyncCommitteeHistoricParticipation
+  );
+
+  groth16Verifier.pubInput[0] <== prevVerifierCommitment;
+
   component isFirst = IsFirst();
 
   isFirst.firstHash[0] <== originator[0];
@@ -260,4 +283,13 @@ template LightClientRecursive(N, K) {
   firstORcorrect.b <== groth16Verifier.out;
 
   firstORcorrect.out === 1;
+
+  component verifierPoseidon = VerifierPoseidon(pubInpCount, k) (
+    originator, nextHeaderHashNum, negalfa1xbeta2,
+    gamma2, delta2, IC,
+    curHistoricParticipationRateHashTreeRoot, syncCommitteeHistoricParticipationIndex, compute_domain.domain
+  );
+
+  prevVerifierCommitment === verifierPoseidon.out;
+  out <== verifierPoseidon.out;
 }

beacon-light-client/circom/circuits/sync_committee_historic_participation.circom

@@ -0,0 +1,51 @@
+pragma circom  2.1.5;
+
+include "../../../node_modules/circomlib/circuits/comparators.circom";
+
+template UpdateSyncCommitteeHistoricParticipation(N, PERIODS) {
+    signal input participationRateArray[PERIODS];
+    signal input currentIndex;
+    signal input bitmask[N];
+
+    signal output out[PERIODS];
+
+    var participationRate = 0;
+    for (var i=0;i<N;i++) {
+        participationRate += bitmask[i];
+    }
+
+    //Constrain
+    signal isValidIndex <== LessThan(32)([currentIndex, PERIODS]);
+    isValidIndex === 1;
+
+    component isZero[PERIODS];
+    for (var i=currentIndex;i<PERIODS;i++) {
+        isZero[i] = IsZero();
+        isZero[i].in <== participationRateArray[i];
+        isZero[i].out === 1;
+    }
+
+    for (var i=0;i<currentIndex;i++) {
+        isZero[i] = IsZero();
+        isZero[i].in <== participationRateArray[i];
+        isZero[i].out === 0;
+    }
+
+    //Calc. new entry
+    var bitmask_sum = 0;
+    for (var i=0;i<N;i++) {
+        bitmask_sum += bitmask[i];
+    }
+
+    // Assign
+    for (var i=0;i<currentIndex;i++) {
+        out[i] <== participationRateArray[i];
+    }
+
+    out[currentIndex] <== bitmask_sum;
+
+    for (var i=currentIndex + 1;i<PERIODS;i++) {
+        out[i] <== 0;
+    }
+
+}

beacon-light-client/circom/scripts/light_client_recursive/build_proof.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-PHASE1=../../../../../../pot28_final.ptau
+PHASE1=/storage/pot28_final.ptau
 CIRCUIT_NAME=light_client_recursive
 BUILD_DIR=../../build/"$CIRCUIT_NAME"
 
@@ -21,7 +21,7 @@ echo $PWD
 echo "****COMPILING CIRCUIT****"
 start=`date +%s`
 #circom "$CIRCUIT_NAME".circom --O0 --c --output "$BUILD_DIR"
-circom "$CIRCUIT_NAME".circom --O1 --r1cs --sym --c --output "$BUILD_DIR"
+circom "$CIRCUIT_NAME".circom --O2 --r1cs --sym --c --output "$BUILD_DIR"
 end=`date +%s`
 echo "DONE ($((end-start))s)"