Skip to content

A set of tooling related to halo2 circuits verification inside Solidity contracts

License

Notifications You must be signed in to change notification settings

bezze/halo2-solidity-verifier

 
 

Repository files navigation

Halo2 Solidity Verifier

⚠️ This repo has NOT been audited and is NOT intended for a production environment yet.

Solidity verifier generator for halo2 proof with KZG polynomial commitment scheme on BN254

Usage

Generate verifier and verifying key separately as 2 solidity contracts

let generator = SolidityGenerator::new(&params, &vk, Bdfg21, num_instances);
let (verifier_solidity, vk_solidity) = generator.render_separately().unwrap();

Check examples/separately.rs for more details.

Generate verifier and verifying key in a single solidity contract

let generator = SolidityGenerator::new(&params, &vk, Bdfg21, num_instances);
let verifier_solidity = generator.render().unwrap();

Encode proof into calldata to invoke verifyProof

let calldata = encode_calldata(vk_address, &proof, &instances);

Note that function selector is already included.

Limitations

  • It only allows circuit with exact 1 instance column and no rotated query to this instance column.
  • Currently even the configure is same, the selector compression might lead to different configuration when selector assignments are different. After PR privacy-scaling-explorations/halo2#212 is merged we will have an alternative API to do key generation without selector compression.
  • Now it only supports BDFG21 batch open scheme (aka SHPLONK), GWC19 is not yet implemented.

Compatibility

The Keccak256Transcript behaves exactly same as the EvmTranscript in snark-verifier.

Acknowledgement

The template is heavily inspired by Aztec's BaseUltraVerifier.sol.

About

A set of tooling related to halo2 circuits verification inside Solidity contracts

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 79.7%
  • Solidity 20.3%