diff --git a/README.md b/README.md index 2e1f63f..a176927 100644 --- a/README.md +++ b/README.md @@ -17,14 +17,28 @@ ## Overview This repo is a reference on correctly testing and constraining circom circuits, with example workflows and reference patterns. -todo: discuss tools - -WIP -### Circomkit - - -### Prerequisites -todo +### Tools and resources considered + +#### tools +- [circomkit circom testing suite](https://github.com/erhant/circomkit) + - [examples](https://github.com/erhant/circomkit-examples) +- [circomspect static analyzer and linter for circom](https://github.com/trailofbits/circomspect) + - [ToB blog: it pays to be circomspect](https://blog.trailofbits.com/2022/09/15/it-pays-to-be-circomspect/) + - [ToB blog: circomspect has more passes](https://blog.trailofbits.com/2023/03/21/circomspect-static-analyzer-circom-more-passes/) +- [zksecurity circomscribe - demo playground, visualize constraints ](https://www.circomscribe.dev/) + - [blog post about circomscribe](https://www.zksecurity.xyz/blog/posts/circomscribe/) +- [Picus QED uniqueness property underconstraint checker](https://github.com/Veridise/Picus) +- [circom-mutator](https://github.com/aviggiano/circom-mutator) - test whether mutations of correct circuit actually fail by fuzzing + +#### more reading about underconstrained circuits +- [circom constraining docs](https://docs.circom.io/circom-language/constraint-generation/) +- [circom docs: --inspect option](https://docs.circom.io/circom-language/code-quality/inspect/) +- [veridise blog: circom pairing](https://medium.com/veridise/circom-pairing-a-million-dollar-zk-bug-caught-early-c5624b278f25) +- [dacian: exploiting under-constrained zk circuits](https://dacian.me/exploiting-under-constrained-zk-circuits) +- [blockdev: tips for safe circom circuits](https://hackmd.io/@blockdev/Bk_-jRkXa) +- [circom101 book by erhant, author of circomkit](https://github.com/erhant/circom101/tree/main) +- [0xparc: circom workshop series](https://learn.0xparc.org/materials/circom/learning-group-1/intro-zkp) +- [paper by veridise on underconstrained circuits](https://eprint.iacr.org/2023/512.pdf) ## License diff --git a/circuits/multiplier.circom b/circuits/multiplier.circom index d824bd6..dd3ca8b 100644 --- a/circuits/multiplier.circom +++ b/circuits/multiplier.circom @@ -4,7 +4,6 @@ template Multiplier() { signal input a; signal input b; signal output c; - signal intermediary; // Constraint: a * b should equal c @@ -15,4 +14,36 @@ template Multiplier() { assert(c == a * b); } -// component main = Multiplier(); +template UnderconstrainedMultiplier1() { + signal input a; + signal input b; + signal output c; + signal intermediary; + + intermediary <-- a * b; + c <== intermediary; + assert(c == a * b); +} + +template UnderconstrainedMultiplier2() { + signal input a; + signal input b; + signal output c; + signal intermediary; + + intermediary <== a * b; + c <-- intermediary; + assert(c == a * b); +} + +template UnderconstrainedMultiplier3() { + signal input a; + signal input b; + signal output c; + signal intermediary; + + intermediary <== a * b; + c <== intermediary; + // assert(c == a * b); +} +