feat: split public inputs from proof

barretenberg/acir_tests/bbjs-test/src/index.ts

@@ -12,7 +12,8 @@ const BYTES_PER_FIELD = 32;
 const UH_PROOF_LENGTH_IN_BYTES = UH_PROOF_FIELDS_LENGTH * BYTES_PER_FIELD;
 
 const proofPath = (dir: string) => path.join(dir, "proof");
-const publicInputsPath = (dir: string) => path.join(dir, "public-inputs");
+const publicInputsAsFieldsPath = (dir: string) =>
+  path.join(dir, "public_inputs_fields.json");
 const vkeyPath = (dir: string) => path.join(dir, "vk");
 
 async function generateProof({
@@ -33,19 +34,33 @@ async function generateProof({
   debug(`Generating proof for ${bytecodePath}...`);
   const circuitArtifact = await fs.readFile(bytecodePath);
   const bytecode = JSON.parse(circuitArtifact.toString()).bytecode;
-  const backend = new UltraHonkBackend(bytecode, { threads: multiThreaded ? 8 : 1 });
+  const backend = new UltraHonkBackend(bytecode, {
+    threads: multiThreaded ? 8 : 1,
+  });
 
   const witness = await fs.readFile(witnessPath);
-  const proof = await backend.generateProof(new Uint8Array(witness), { keccak: (oracleHash === "keccak") });
-  assert(proof.proof.length === UH_PROOF_LENGTH_IN_BYTES, `Unexpected proof length ${proof.proof.length} for ${bytecodePath}`);
+  const proof = await backend.generateProof(new Uint8Array(witness), {
+    keccak: oracleHash === "keccak",
+  });
+  assert(
+    proof.proof.length === UH_PROOF_LENGTH_IN_BYTES,
+    `Unexpected proof length ${proof.proof.length} for ${bytecodePath}`
+  );
 
   await fs.writeFile(proofPath(outputDirectory), Buffer.from(proof.proof));
   debug("Proof written to " + proofPath(outputDirectory));
 
-  await fs.writeFile(publicInputsPath(outputDirectory), JSON.stringify(proof.publicInputs));
-  debug("Public inputs written to " + publicInputsPath(outputDirectory));
+  await fs.writeFile(
+    publicInputsAsFieldsPath(outputDirectory),
+    JSON.stringify(proof.publicInputs)
+  );
+  debug(
+    "Public inputs written to " + publicInputsAsFieldsPath(outputDirectory)
+  );
 
-  const verificationKey = await backend.getVerificationKey({ keccak: (oracleHash === "keccak") });
+  const verificationKey = await backend.getVerificationKey({
+    keccak: oracleHash === "keccak",
+  });
   await fs.writeFile(vkeyPath(outputDirectory), Buffer.from(verificationKey));
   debug("Verification key written to " + vkeyPath(outputDirectory));
 
@@ -58,9 +73,14 @@ async function verifyProof({ directory }: { directory: string }) {
   const verifier = new BarretenbergVerifier();
 
   const proof = await fs.readFile(proofPath(directory));
-  assert(proof.length === UH_PROOF_LENGTH_IN_BYTES, `Unexpected proof length ${proof.length}`);
+  assert(
+    proof.length === UH_PROOF_LENGTH_IN_BYTES,
+    `Unexpected proof length ${proof.length}`
+  );
 
-  const publicInputs = JSON.parse(await fs.readFile(publicInputsPath(directory), "utf8"));
+  const publicInputs = JSON.parse(
+    await fs.readFile(publicInputsAsFieldsPath(directory), "utf8")
+  );
   const vkey = await fs.readFile(vkeyPath(directory));
 
   const verified = await verifier.verifyUltraHonkProof(

barretenberg/acir_tests/bootstrap.sh

@@ -38,12 +38,10 @@ function run_proof_generation {
   dump_fail "$prove_cmd"
 
   local vk_fields=$(cat "$outdir/vk_fields.json")
+  local public_inputs_fields=$(cat "$outdir/public_inputs_fields.json")
   local proof_fields=$(cat "$outdir/proof_fields.json")
-  local num_inner_public_inputs=$(( 16#$(echo "$vk_fields" | jq -r '.[1] | ltrimstr("0x")') - adjustment ))
 
-  echo "num_inner_public_inputs for $program = $num_inner_public_inputs"
-
-  generate_toml "$program" "$vk_fields" "$proof_fields" "$num_inner_public_inputs"
+  generate_toml "$program" "$vk_fields" "$proof_fields" "$public_inputs_fields"
 }
 
 function generate_toml {
@@ -56,15 +54,15 @@ function generate_toml {
 
   jq -nr \
       --arg key_hash "$key_hash" \
-      --argjson vkf "$vk_fields" \
-      --argjson prooff "$proof_fields" \
-      --argjson num_inner_public_inputs "$num_inner_public_inputs" \
+      --argjson vk_f "$vk_fields" \
+      --argjson public_inputs_f "$public_inputs_fields" \
+      --argjson proof_f "$proof_fields" \
       '[
         "key_hash = \($key_hash)",
-        "proof = [\($prooff | .[$num_inner_public_inputs:] | map("\"" + . + "\"") | join(", "))]",
-        "public_inputs = [\($prooff | .[:$num_inner_public_inputs] | map("\"" + . + "\"") | join(", "))]",
-        "verification_key = [\($vkf | map("\"" + . + "\"") | join(", "))]"
-        '"$( [[ $program == *"double"* ]] && echo ',"proof_b = [\($prooff | .[$num_inner_public_inputs:] | map("\"" + . + "\"") | join(", "))]"' )"'
+        "proof = [\($proof_f | map("\"" + . + "\"") | join(", "))]",
+        "public_inputs = [\($public_inputs_f | map("\"" + . + "\"") | join(", "))]",
+        "verification_key = [\($vk_f | map("\"" + . + "\"") | join(", "))]"
+        '"$( [[ $program == *"double"* ]] && echo ',"proof_b = [\($proof_f | map("\"" + . + "\"") | join(", "))]"' )"'
       ] | join("\n")' > "$output_file"
 }
 

barretenberg/acir_tests/flows/bb_prove_bbjs_verify.sh

@@ -36,7 +36,7 @@ $BIN write_vk \
 PROOF_FIELDS_LENGTH=$(jq 'length' $output_dir/proof_fields.json)
 UH_PROOF_FIELDS_LENGTH=440
 NUM_PUBLIC_INPUTS=$((PROOF_FIELDS_LENGTH - UH_PROOF_FIELDS_LENGTH))
-jq ".[:$NUM_PUBLIC_INPUTS]" $output_dir/proof_fields.json > $output_dir/public-inputs
+jq ".[:$NUM_PUBLIC_INPUTS]" $output_dir/proof_fields.json > $output_dir/public_inputs_fields.json
 
 # Remove public inputs from the proof (first NUM_PUBLIC_INPUTS*32 bytes)
 # Also remove the first 4 bytes, which is the proof length in fields

barretenberg/acir_tests/flows/bbjs_prove_bb_verify.sh

@@ -13,7 +13,7 @@ output_dir=$artifact_dir/bb-bbjs-tmp
 mkdir -p $output_dir
 
 # Cleanup on exit
-trap "rm -rf $output_dir" EXIT
+# trap "rm -rf $output_dir" EXIT
 
 # Writes the proof, public inputs ./target; this also writes the VK
 node ../../bbjs-test prove \
@@ -24,25 +24,34 @@ node ../../bbjs-test prove \
 # Join the proof and public inputs to a single file
 # this will not be needed after #11024
 
-NUM_PUBLIC_INPUTS=$(cat $output_dir/public-inputs | jq 'length')
+NUM_PUBLIC_INPUTS=$(cat $output_dir/public_inputs_fields.json | jq 'length')
 UH_PROOF_FIELDS_LENGTH=440
-PROOF_AND_PI_LENGTH_IN_FIELDS=$((NUM_PUBLIC_INPUTS + UH_PROOF_FIELDS_LENGTH))
+PROOF_LENGTH_IN_FIELDS=$((UH_PROOF_FIELDS_LENGTH))
+PI_LENGTH_IN_FIELDS=$((NUM_PUBLIC_INPUTS))
 # First 4 bytes is PROOF_AND_PI_LENGTH_IN_FIELDS
-proof_header=$(printf "%08x" $PROOF_AND_PI_LENGTH_IN_FIELDS)
+proof_header=$(printf "%08x" $PROOF_LENGTH_IN_FIELDS)
+pi_header=$(printf "%08x" $PI_LENGTH_IN_FIELDS)
 
 proof_bytes=$(cat $output_dir/proof | xxd -p)
-public_inputs=$(cat $output_dir/public-inputs | jq -r '.[]')
+public_inputs=$(cat $output_dir/public_inputs_fields.json | jq -r '.[]')
 
 public_inputs_bytes=""
 for input in $public_inputs; do
   public_inputs_bytes+=$input
 done
 
-# Combine proof header, public inputs, and the proof to a single file
-echo -n $proof_header$public_inputs_bytes$proof_bytes | xxd -r -p > $output_dir/proof
+# Combine proof header and the proof to a single file
+echo -n $proof_header$proof_bytes | xxd -r -p > $output_dir/proof
+echo -n $pi_header$public_inputs_bytes | xxd -r -p > $output_dir/public_inputs
+echo "$BIN verify \
+  --scheme ultra_honk \
+  -k $output_dir/vk \
+  -p $output_dir/proof \
+  -i $output_dir/public_inputs"
 
 # Verify the proof with bb cli
 $BIN verify \
   --scheme ultra_honk \
   -k $output_dir/vk \
-  -p $output_dir/proof
+  -p $output_dir/proof \
+  -i $output_dir/public_inputs

barretenberg/acir_tests/flows/bbjs_prove_sol_verify.sh

@@ -31,7 +31,7 @@ $BIN write_solidity_verifier --scheme ultra_honk -k $VK -o $VERIFIER_PATH
 
 # Verify the proof using the solidity verifier
 export PROOF=$output_dir/proof
-export PUBLIC_INPUTS=$output_dir/public-inputs
+export PUBLIC_INPUTS_AS_FIELDS=$output_dir/public_inputs_fields.json
 export TEST_PATH=$(realpath "../../sol-test/HonkTest.sol")
 export TESTING_HONK="true"
 export TEST_NAME=$(basename $(realpath ./))

barretenberg/acir_tests/flows/prove_then_verify.sh

@@ -45,9 +45,14 @@ case ${SYS:-} in
     FLAGS+=" --scheme $SYS --oracle_hash ${HASH:-poseidon2}"
     [ "${ROLLUP:-false}" = "true" ] && FLAGS+=" --ipa_accumulation"
     [ "${RECURSIVE}" = "true" ] && FLAGS+=" --init_kzg_accumulator"
+
+    OUTDIR=$(mktemp -d)
+    trap "rm -rf $OUTDIR" EXIT
+    $BIN prove $FLAGS $BFLAG -o $OUTDIR
     $BIN verify $FLAGS \
         -k <($BIN write_vk $FLAGS $BFLAG -o - ) \
-        -p <($BIN prove $FLAGS $BFLAG -o - )
+        -p $OUTDIR/proof \
+        -i $OUTDIR/public_inputs
   ;;
   "ultra_honk_deprecated")
     # deprecated flow is necessary until we finish C++ api refactor and then align ts api

barretenberg/acir_tests/flows/sol_honk.sh

@@ -12,14 +12,16 @@ outdir=$(mktemp -d)
 trap "rm -rf $outdir" EXIT
 
 # Export the paths to the environment variables for the js test runner
+export PUBLIC_INPUTS="$outdir/public_inputs"
+export PUBLIC_INPUTS_AS_FIELDS="$outdir/public_inputs_fields.json"
 export PROOF="$outdir/proof"
 export PROOF_AS_FIELDS="$outdir/proof_fields.json"
 export VK="$outdir/vk"
 export VERIFIER_CONTRACT="$outdir/Verifier.sol"
 
 # Create a proof, write the solidity contract, write the proof as fields in order to extract the public inputs
 $BIN prove $PROVE_FLAGS -o $outdir
-$BIN verify $VERIFY_FLAGS -k $VK -p $PROOF
+$BIN verify $VERIFY_FLAGS -i $PUBLIC_INPUTS -k $VK -p $PROOF
 $BIN write_solidity_verifier $FLAGS -k $VK -o $VERIFIER_CONTRACT
 
 # Export the paths to the environment variables for the js test runner

barretenberg/acir_tests/flows/sol_honk_zk.sh

@@ -11,14 +11,16 @@ outdir=$(mktemp -d)
 trap "rm -rf $outdir" EXIT
 
 # Export the paths to the environment variables for the js test runner
+export PUBLIC_INPUTS="$outdir/public_inputs"
+export PUBLIC_INPUTS_AS_FIELDS="$outdir/public_inputs_fields.json"
 export PROOF="$outdir/proof"
 export PROOF_AS_FIELDS="$outdir/proof_fields.json"
 export VK="$outdir/vk"
 export VERIFIER_CONTRACT="$outdir/Verifier.sol"
 
 # Create a proof, write the solidity contract, write the proof as fields in order to extract the public inputs
 $BIN prove -o $outdir $FLAGS $BFLAG $PROTOCOL_FLAGS --output_format bytes_and_fields --write_vk
-$BIN verify -k $VK -p $PROOF $FLAGS $PROTOCOL_FLAGS
+$BIN verify -i $PUBLIC_INPUTS -k $VK -p $PROOF $FLAGS $PROTOCOL_FLAGS
 $BIN write_solidity_verifier $FLAGS -k $VK -o $VERIFIER_CONTRACT --zk
 
 # Export the paths to the environment variables for the js test runner

barretenberg/acir_tests/sol-test/src/index.js

@@ -216,45 +216,54 @@ const killAnvil = () => {
   console.log(testName, " complete");
 };
 
+// TODO(https://github.com/AztecProtocol/barretenberg/issues/1316): Clean this code up. We are trying to use this logic for three different flows: bb plonk, bb honk, and bbjs honk, and all three have different setups.
 try {
   const proofPath = getEnvVar("PROOF");
-  let publicInputsPath;
+
+  let proofStr = "";
+
+  const proof = readFileSync(proofPath);
+  proofStr = proof.toString("hex");
+
+  let publicInputsAsFieldsPath; // PUBLIC_INPUTS_AS_FIELDS is not defined for bb plonk, but is for bb honk and bbjs honk.
   try {
-    publicInputsPath = getEnvVar("PUBLIC_INPUTS");
+    publicInputsAsFieldsPath = getEnvVar("PUBLIC_INPUTS_AS_FIELDS");
   } catch (e) {
     // noop
   }
-
-  let proofStr = '';
-  let publicInputs = [];
-
-  // If "path to public inputs" is provided, it means that the proof and public inputs are saved as separate files
-  // A bit hacky, but this can go away once BB CLI saves them as separate files - #11024
-  if (publicInputsPath) {
-    const proof = readFileSync(proofPath);
-    proofStr = proof.toString("hex");
-    publicInputs = JSON.parse(readFileSync(publicInputsPath).toString()); // assumes JSON array of PI hex strings
-  } else {
-    // Proof and public inputs are saved in a single file; we need to extract the PI from the proof
-    const proof = readFileSync(proofPath);
-    proofStr = proof.toString("hex");
-
-    const proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS");
+  var publicInputs;
+  let proofAsFieldsPath; // PROOF_AS_FIELDS is not defined for bbjs, but is for bb plonk and bb honk.
+  try {
+    proofAsFieldsPath = getEnvVar("PROOF_AS_FIELDS");
+  } catch (e) {
+    // noop
+  }
+  let numExtraPublicInputs = 0;
+  let extraPublicInputs = [];
+  if (proofAsFieldsPath) {
     const proofAsFields = readFileSync(proofAsFieldsPath);
-
-    let numPublicInputs;
-    [numPublicInputs, publicInputs] = readPublicInputs(
+    // We need to extract the public inputs from the proof. This might be empty, or just the pairing point object, or be the entire public inputs...
+    [numExtraPublicInputs, extraPublicInputs] = readPublicInputs(
       JSON.parse(proofAsFields.toString())
     );
-
-    proofStr = proofStr.substring(32 * 2 * numPublicInputs); // Remove the publicInput bytes from the proof
-
-    // Honk proof from the CLI have field length as the first 4 bytes. This should go away in the future
     if (testingHonk) {
+      // Honk proof from the CLI have field length as the first 4 bytes. This should go away in the future
       proofStr = proofStr.substring(8);
     }
   }
+  // We need to do this because plonk doesn't define this path
+  if (publicInputsAsFieldsPath) {
+    const innerPublicInputs = JSON.parse(
+      readFileSync(publicInputsAsFieldsPath).toString()
+    ); // assumes JSON array of PI hex strings
+
+    publicInputs = innerPublicInputs.concat(extraPublicInputs);
+  } else {
+    // for plonk, the extraPublicInputs are all of the public inputs
+    publicInputs = extraPublicInputs;
+  }
 
+  proofStr = proofStr.substring(64 * numExtraPublicInputs);
   proofStr = "0x" + proofStr;
 
   const key =

barretenberg/cpp/src/barretenberg/api/api.hpp

@@ -59,6 +59,7 @@ class API {
                        const std::filesystem::path& output_dir) = 0;
 
     virtual bool verify(const Flags& flags,
+                        const std::filesystem::path& public_inputs_path,
                         const std::filesystem::path& proof_path,
                         const std::filesystem::path& vk_path) = 0;
 

barretenberg/cpp/src/barretenberg/api/api_client_ivc.cpp

@@ -123,7 +123,9 @@ void write_standalone_vk(const std::string& output_data_type,
     auto proving_key = std::make_shared<DeciderProvingKey>(builder, trace_settings);
     Prover prover{ proving_key };
     init_bn254_crs(prover.proving_key->proving_key.circuit_size);
-    ProofAndKey<VerificationKey> to_write{ {}, std::make_shared<VerificationKey>(prover.proving_key->proving_key) };
+    PubInputsProofAndKey<VerificationKey> to_write{
+        PublicInputsVector{}, HonkProof{}, std::make_shared<VerificationKey>(prover.proving_key->proving_key)
+    };
 
     write(to_write, output_data_type, "vk", output_path);
 }
@@ -283,6 +285,7 @@ void ClientIVCAPI::prove(const Flags& flags,
 }
 
 bool ClientIVCAPI::verify([[maybe_unused]] const Flags& flags,
+                          [[maybe_unused]] const std::filesystem::path& public_inputs_path,
                           const std::filesystem::path& proof_path,
                           const std::filesystem::path& vk_path)
 {

barretenberg/cpp/src/barretenberg/api/api_client_ivc.hpp

@@ -16,6 +16,7 @@ class ClientIVCAPI : public API {
                const std::filesystem::path& output_dir) override;
 
     bool verify(const Flags& flags,
+                const std::filesystem::path& public_inputs_path,
                 const std::filesystem::path& proof_path,
                 const std::filesystem::path& vk_path) override;