fix: verifying key serialization (#304)

* wip: add fix for verifying contexts Signed-off-by: Brandon H. Gomes <bhgomes@pm.me> * fix: use correct bounds for serialization Signed-off-by: Brandon H. Gomes <bhgomes@pm.me> * chore: upload last round trusted setup state Signed-off-by: Brandon H. Gomes <bhgomes@pm.me> * wip: recompute verifying keys Signed-off-by: Brandon H. Gomes <bhgomes@pm.me> * chore: remove circuit names file Signed-off-by: Brandon H. Gomes <bhgomes@pm.me> * chore: add ignored test Signed-off-by: Brandon H. Gomes <bhgomes@pm.me> Signed-off-by: Brandon H. Gomes <bhgomes@pm.me>
Manta-Network · Jan 12, 2023 · e657b16 · e657b16
1 parent 1c4ff09
commit e657b16
Show file tree

Hide file tree

Showing 14 changed files with 85 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - [\#293](https://github.com/Manta-Network/manta-rs/pull/293) Add decimals argument to AssetMetadata display
 
 ### Fixed
+- [\#304](https://github.com/Manta-Network/manta-rs/pull/302) Fix Verifying Key Serialization
 - [\#302](https://github.com/Manta-Network/manta-rs/pull/302) Fix fuzzing test bug
 - [\#296](https://github.com/Manta-Network/manta-rs/pull/296) Fix AssetMetadata display for values less than 1
 - [\#294](https://github.com/Manta-Network/manta-rs/pull/294) Distinguish between panic-errors and possible-fix-errors

diff --git a/manta-crypto/src/arkworks/groth16.rs b/manta-crypto/src/arkworks/groth16.rs
@@ -20,6 +20,7 @@ use crate::{
     arkworks::{
         constraint::R1CS,
         ec::PairingEngine,
+        relations::r1cs::SynthesisError,
         serialize::{
             ArkReader, ArkWriter, CanonicalDeserialize, CanonicalSerialize, HasDeserialization,
             HasSerialization, Read, SerializationError, Write,
@@ -29,7 +30,7 @@ use crate::{
     rand::{CryptoRng, RngCore, SizedRng},
 };
 use alloc::vec::Vec;
-use ark_groth16::{Groth16 as ArkGroth16, PreparedVerifyingKey, ProvingKey};
+use ark_groth16::{Groth16 as ArkGroth16, PreparedVerifyingKey, ProvingKey, VerifyingKey};
 use ark_snark::SNARK;
 use core::marker::PhantomData;
 use manta_util::codec::{self, DecodeError};
@@ -202,6 +203,12 @@ where
     pub fn new(proving_key: ProvingKey<E>) -> Self {
         Self(proving_key)
     }
+
+    /// Returns the [`VerifyingContext`] for `self`.
+    #[inline]
+    pub fn get_verifying_context(&self) -> Result<VerifyingContext<E>, SynthesisError> {
+        VerifyingContext::from_proving_context(self)
+    }
 }
 
 impl<E> codec::Decode for ProvingContext<E>
@@ -248,6 +255,31 @@ pub struct VerifyingContext<E>(pub PreparedVerifyingKey<E>)
 where
     E: PairingEngine;
 
+impl<E> VerifyingContext<E>
+where
+    E: PairingEngine,
+{
+    /// Builds a new [`VerifyingContext`] from `prepared_verifying_key`.
+    #[inline]
+    pub fn new_prepared(prepared_verifying_key: PreparedVerifyingKey<E>) -> Self {
+        Self(prepared_verifying_key)
+    }
+
+    /// Builds a new [`VerifyingContext`] from `verifying_key`.
+    #[inline]
+    pub fn new(verifying_key: &VerifyingKey<E>) -> Result<Self, SynthesisError> {
+        Ok(Self(ArkGroth16::process_vk(verifying_key)?))
+    }
+
+    /// Returns the [`VerifyingContext`] for `proving_context`.
+    #[inline]
+    pub fn from_proving_context(
+        proving_context: &ProvingContext<E>,
+    ) -> Result<Self, SynthesisError> {
+        Self::new(&proving_context.0.vk)
+    }
+}
+
 impl<E> CanonicalSerialize for VerifyingContext<E>
 where
     E: PairingEngine,

diff --git a/manta-parameters/data.checkfile b/manta-parameters/data.checkfile
@@ -29,7 +29,10 @@ d9a787351d03f048494160a90c9895b629f34a5ef12129e937d23f4adef73b97  data/pay/param
 607db6514075bd2be038dcbad897dda52b07d3d87c75477560207de88773c748  data/pay/proving/private-transfer.lfs
 eef0801ca4f5cba1d38af88264217b002c12e3b4e428b340e916a7513c161738  data/pay/proving/to-private.lfs
 fdd8c77c83965f69ddbf33efdab3b396dd7cc8cd073a76482864ca505ce50853  data/pay/proving/to-public.lfs
-6c5255a77a6a06fcf5ed556348432860129b7f30e74e41cf5b7109a6208bdd81  data/pay/verifying/private-transfer.dat
-543bc8711ba68e306660a33c37e630513e4bf341d2e7c6bb5171432571c3c95a  data/pay/verifying/to-private.dat
-967013d7798b4963612143d57a66d5fe5e8afa709eb69c4d274bca99b6e9be96  data/pay/verifying/to-public.dat
+b2aaa44c2bdc27c6814a173af869d3af146fbe9fa66115379f606ae575012ae2  data/pay/trusted-setup/private_transfer_state_4382.lfs
+769704ca37c34a5f7b99130eff4e09ed92b1fbdaff60a992972b14971741b1aa  data/pay/trusted-setup/to_private_state_4382.lfs
+0bb522026e5f0b2e2c1a6c0a04325b9e1d0b2e1c0b03631cbb89592cc4245411  data/pay/trusted-setup/to_public_state_4382.lfs
+117d2789bd52fcc66b39f1526a876c23570ae39fcc67b27ba2846e9767e458e2  data/pay/verifying/private-transfer.dat
+c9c8333f74f83c600c37f18f5c64538c99450a317c0ecb3eef9eb43ac58817b2  data/pay/verifying/to-private.dat
+399e3b65fdc16e068472c429315964bd5a12683c3e67fdfe2b2aede92b164887  data/pay/verifying/to-public.dat
 25d2368d77dc834774504ca9b001fd4b5926c24c51e87f8e208db5fe40040075  data/ppot/round72powers19.lfs
diff --git a/manta-parameters/data/pay/README.md b/manta-parameters/data/pay/README.md
@@ -11,4 +11,5 @@ The current parameters are the result of the MantaPay trusted setup ceremony aft
 ## Archived Parameters
 
 ### Testnet
-The parameters in `manta-parameters/data/archive/testnet` are those used for the Dolphin testnet v3. The base parameters for cryptographic hash functions and accumulators were randomly sampled. The Groth16 proving and verifying keys were computed relative to these base parameters and one round of randomly sampled contribution. These proving and verifying keys are not secure for use in production.
+
+The parameters in `manta-parameters/data/archive/testnet` are those used for the Dolphin testnet v3. The base parameters for cryptographic hash functions and accumulators were randomly sampled. The Groth16 proving and verifying keys were computed relative to these base parameters and one round of randomly sampled contribution. These proving and verifying keys are not secure for use in production.
diff --git a/manta-parameters/data/pay/trusted-setup/.gitignore b/manta-parameters/data/pay/trusted-setup/.gitignore
@@ -0,0 +1,10 @@
+circuit_names
+private_transfer_computed_challenges
+private_transfer_pk
+private_transfer_vk
+to_private_computed_challenges
+to_private_pk
+to_private_vk
+to_public_computed_challenges
+to_public_pk
+to_public_vk
diff --git a/manta-parameters/data/pay/trusted-setup/private_transfer_state_4382.lfs b/manta-parameters/data/pay/trusted-setup/private_transfer_state_4382.lfs
diff --git a/manta-parameters/data/pay/trusted-setup/to_private_state_4382.lfs b/manta-parameters/data/pay/trusted-setup/to_private_state_4382.lfs
diff --git a/manta-parameters/data/pay/trusted-setup/to_public_state_4382.lfs b/manta-parameters/data/pay/trusted-setup/to_public_state_4382.lfs
diff --git a/manta-parameters/data/pay/verifying/private-transfer.dat b/manta-parameters/data/pay/verifying/private-transfer.dat
diff --git a/manta-parameters/data/pay/verifying/to-private.dat b/manta-parameters/data/pay/verifying/to-private.dat
diff --git a/manta-parameters/data/pay/verifying/to-public.dat b/manta-parameters/data/pay/verifying/to-public.dat
diff --git a/manta-pay/src/test/compatibility.rs b/manta-pay/src/test/compatibility.rs
@@ -29,20 +29,22 @@ use crate::{
 use manta_crypto::rand::OsRng;
 
 /// Tests that the circuit is compatible with the current known parameters in `manta-parameters`.
-#[ignore = "This would fail because it'd download the data from main before merging."]
 #[test]
 fn compatibility() {
     let directory = tempfile::tempdir().expect("Unable to generate temporary test directory.");
     let mut rng = OsRng;
+    println!("Loading Parameters");
     let (proving_context, verifying_context, parameters, utxo_accumulator_model) =
         load_parameters(directory.path()).expect("Failed to load parameters");
+    println!("Checking to-private Circuit");
     let _ = &prove_to_private(
         &proving_context.to_private,
         &parameters,
         &utxo_accumulator_model,
         &mut rng,
     )
     .assert_valid_proof(&verifying_context.to_private);
+    println!("Checking private-transfer Circuit");
     let mut utxo_accumulator = UtxoAccumulator::new(utxo_accumulator_model);
     let _ = &prove_private_transfer(
         &proving_context.private_transfer,
@@ -51,6 +53,7 @@ fn compatibility() {
         &mut rng,
     )
     .assert_valid_proof(&verifying_context.private_transfer);
+    println!("Checking to-public Circuit");
     let _ = &prove_to_public(
         &proving_context.to_public,
         &parameters,

diff --git a/manta-trusted-setup/src/bin/groth16_phase2_verifier.rs b/manta-trusted-setup/src/bin/groth16_phase2_verifier.rs
@@ -18,6 +18,7 @@
 
 use clap::Parser;
 use core::fmt::Debug;
+use manta_crypto::arkworks::serialize::HasSerialization;
 use manta_trusted_setup::{
     ceremony::util::deserialize_from_file,
     groth16::{
@@ -69,6 +70,7 @@ fn main() {
 fn verify_ceremony<C>(path: &Path, start: u64) -> Result<(), CeremonyError<C>>
 where
     C: Ceremony<Challenge = Array<u8, 64>>,
+    for<'s> C::G2Prepared: HasSerialization<'s>,
 {
     // Need to read from files, so get circuit names
     let names: Vec<String> =
@@ -139,7 +141,7 @@ where
                 }
                 _ => {
                     println!("Writing final {name} prover and verifier key to file.");
-                    extract_keys(&path.join("foo"), name.clone(), Some(state))
+                    extract_keys(&path.join("keys"), name.clone(), Some(state))
                         .expect("Key extraction error");
                     break;
                 }

diff --git a/manta-trusted-setup/src/groth16/mpc.rs b/manta-trusted-setup/src/groth16/mpc.rs
@@ -559,7 +559,8 @@ where
 pub mod util {
     use super::*;
     use crate::{ceremony::util::deserialize_from_file, groth16::ceremony::UnexpectedError};
-    use manta_crypto::arkworks::serialize::CanonicalSerialize;
+    use manta_crypto::arkworks::{groth16::ProvingContext, serialize::HasSerialization};
+    use manta_util::codec::{Encode, IoWriter};
     use std::{fs::OpenOptions, path::Path};
 
     /// Extracts prover key and verifier key from state located at `path` and writes
@@ -573,8 +574,9 @@ pub mod util {
     ) -> Result<(), UnexpectedError>
     where
         C: Configuration,
+        for<'s> C::G2Prepared: HasSerialization<'s>,
     {
-        let mut pk_file = OpenOptions::new()
+        let pk_file = OpenOptions::new()
             .write(true)
             .create(true)
             .open(
@@ -585,7 +587,7 @@ pub mod util {
             .map_err(|_| UnexpectedError::Serialization {
                 message: "Unable to create file at desired location.".to_string(),
             })?;
-        let mut vk_file = OpenOptions::new()
+        let vk_file = OpenOptions::new()
             .write(true)
             .create(true)
             .open(
@@ -602,16 +604,19 @@ pub mod util {
                 message: "Unable to deserialize state at provided path".to_string(),
             })?,
         };
-        CanonicalSerialize::serialize_uncompressed(&state.0, &mut pk_file).map_err(|_| {
-            UnexpectedError::Serialization {
-                message: "Unable to serialize prover key.".to_string(),
-            }
-        })?;
-        CanonicalSerialize::serialize_uncompressed(&state.0.vk, &mut vk_file).map_err(|_| {
-            UnexpectedError::Serialization {
+        let proving_context = ProvingContext(state.0);
+        proving_context
+            .encode(IoWriter(pk_file))
+            .map_err(|_| UnexpectedError::Serialization {
                 message: "Unable to serialize prover key.".to_string(),
-            }
-        })?;
+            })?;
+        proving_context
+            .get_verifying_context()
+            .expect("Should be able to extract verifying context.")
+            .encode(IoWriter(vk_file))
+            .map_err(|_| UnexpectedError::Serialization {
+                message: "Unable to serialize verifier key.".to_string(),
+            })?;
         Ok(())
     }
 }