Optimized BN254 Groth16 Solidity template with compressed proof support

[recmo]

New verifier BN254 Groth16 Solidity template that is more gas efficient and supports compressed proofs (efficient on rollups).

External audit scheduled for this week.

It has two public functions verifyProof and verifyCompressedProof.

The verifyProof is heavily gas optimized and should be drop-in replacement for the existing function (except it will always revert on invalid proof, instead of sometimes returning false).

The verifyCompressedProof is optimized for reducing calldata, and less optimized for compute. This is to keep readability in the much more complex math. The intended use case is rollups where calldata is relatively much more expensive than compute.

[CLAassistant]

All committers have signed the CLA.

[gbotrel]

Hi -- thanks for the contrib! FYI; there is something planned (not started yet) to update the Groth16 verifier to support the api.Commit feature (on develop branch). This PR could serve as a better basis 👍

[gbotrel]

External audit scheduled for this week.
hi @recmo --> when is the report due?

[recmo]

Received the first iteration yesterday and am now implementing the three suggestions (there where no issues):

• Suggestion 1: Use Custom Error Messages
• Suggestion 2: Collaborate With Gnark To Implement the Compress Function
• Suggestion 3: Adhere to Natspec Guidelines

I've asked if I can share the report.

[recmo]

Final audit report:

Least Authority- Worldcoin Groth16 Verifier in EVM Smart Contract Final Audit Report.pdf

[recmo]

@gbotrel From my side this is ready to merge. LMK what next steps are.

[kustosz]

@gbotrel I also have a wip branch on gnark-tests to run against this version (https://github.com/kustosz/gnark-tests/tree/evm-verifier), though I had to make some other changes due to version mismatch between gnark master and whatever gnark-test is building against. Please let me know how and when to best PR the test changes.

[gbotrel]

@kustosz so, we are now running solidity integration test within gnark main repo CI;

gnark/test/assert_solidity.go

Line 21 in 0896fe1

func (assert *Assert) solidityVerification(b backend.ID, vk interface {

so if you can add the test for the compress proof in there and it passes the CI looks good to merge on our side.

Q: @Tabaie @ThomasPiellard I suspect plugging the multi commit on top of that shouldn't be an issue?

[kustosz]

Thanks for the pointer, will get this sorted tomorrow!

[kustosz]

@gbotrel here's a PR to the solidity checker that makes the tests here pass locally – can you please verify against your CI?

[kustosz]

just to be clear: the CI here won't pass until Consensys/gnark-solidity-checker#1 gets merged (or at least put on a branch in that repo so we can refer to it in CI config here)