feat(acir)!: Verify Proof

acir/src/circuit/black_box_functions.rs

@@ -21,6 +21,7 @@ pub enum BlackBoxFunc {
     EcdsaSecp256k1,
     FixedBaseScalarMul,
     Keccak256,
+    VerifyProof,
 }
 
 impl std::fmt::Display for BlackBoxFunc {
@@ -44,6 +45,7 @@ impl BlackBoxFunc {
             BlackBoxFunc::XOR => "xor",
             BlackBoxFunc::RANGE => "range",
             BlackBoxFunc::Keccak256 => "keccak256",
+            BlackBoxFunc::VerifyProof => "verify_proof",
         }
     }
     pub fn lookup(op_name: &str) -> Option<BlackBoxFunc> {
@@ -60,6 +62,7 @@ impl BlackBoxFunc {
             "xor" => Some(BlackBoxFunc::XOR),
             "range" => Some(BlackBoxFunc::RANGE),
             "keccak256" => Some(BlackBoxFunc::Keccak256),
+            "verify_proof" => Some(BlackBoxFunc::VerifyProof),
             _ => None,
         }
     }

acir/src/circuit/opcodes/black_box_function_call.rs

@@ -76,6 +76,16 @@ pub enum BlackBoxFuncCall {
         inputs: Vec<FunctionInput>,
         outputs: Vec<Witness>,
     },
+    VerifyProof {
+        key: Vec<FunctionInput>,
+        proof: Vec<FunctionInput>,
+        public_inputs: Vec<FunctionInput>,
+        key_hash: FunctionInput,
+        input_aggregation_object: Vec<FunctionInput>,
+        // This is the recursive verification output aggregation object.
+        // The name `outputs` was kept to simplify code reuse with the other BlackBoxFuncCall's
+        outputs: Vec<Witness>,
+    },
 }
 
 impl BlackBoxFuncCall {
@@ -122,6 +132,14 @@ impl BlackBoxFuncCall {
             BlackBoxFunc::Keccak256 => {
                 BlackBoxFuncCall::Keccak256 { inputs: vec![], outputs: vec![] }
             }
+            BlackBoxFunc::VerifyProof => BlackBoxFuncCall::VerifyProof {
+                key: vec![],
+                proof: vec![],
+                public_inputs: vec![],
+                key_hash: FunctionInput::dummy(),
+                input_aggregation_object: vec![],
+                outputs: vec![],
+            },
         }
     }
 
@@ -139,6 +157,7 @@ impl BlackBoxFuncCall {
             BlackBoxFuncCall::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1,
             BlackBoxFuncCall::FixedBaseScalarMul { .. } => BlackBoxFunc::FixedBaseScalarMul,
             BlackBoxFuncCall::Keccak256 { .. } => BlackBoxFunc::Keccak256,
+            BlackBoxFuncCall::VerifyProof { .. } => BlackBoxFunc::VerifyProof,
         }
     }
 
@@ -192,6 +211,32 @@ impl BlackBoxFuncCall {
                 inputs.extend(hashed_message.iter().copied());
                 inputs
             }
+            BlackBoxFuncCall::VerifyProof {
+                key,
+                proof,
+                public_inputs,
+                key_hash,
+                input_aggregation_object,
+                ..
+            } => {
+                let mut inputs = Vec::with_capacity(
+                    key.len()
+                        + proof.len()
+                        + public_inputs.len()
+                        + 1
+                        + input_aggregation_object.len(),
+                );
+                inputs.extend(key.iter().copied());
+                inputs.extend(proof.iter().copied());
+                inputs.extend(public_inputs.iter().copied());
+                inputs.push(*key_hash);
+                // If we do not have an input aggregation object assigned
+                // do not return it as part of the input vector as to not trigger
+                if !input_aggregation_object.iter().any(|v| v.witness == Witness(0)) {
+                    inputs.extend(input_aggregation_object.iter().copied());
+                }
+                inputs
+            }
         }
     }
 
@@ -202,7 +247,8 @@ impl BlackBoxFuncCall {
             | BlackBoxFuncCall::Blake2s { outputs, .. }
             | BlackBoxFuncCall::FixedBaseScalarMul { outputs, .. }
             | BlackBoxFuncCall::Pedersen { outputs, .. }
-            | BlackBoxFuncCall::Keccak256 { outputs, .. } => outputs.to_vec(),
+            | BlackBoxFuncCall::Keccak256 { outputs, .. }
+            | BlackBoxFuncCall::VerifyProof { outputs, .. } => outputs.to_vec(),
             BlackBoxFuncCall::AND { output, .. }
             | BlackBoxFuncCall::XOR { output, .. }
             | BlackBoxFuncCall::HashToField128Security { output, .. }

acvm/src/lib.rs

@@ -101,6 +101,15 @@ pub trait PartialWitnessGenerator {
         input: &FunctionInput,
         outputs: &[Witness],
     ) -> Result<OpcodeResolution, OpcodeResolutionError>;
+    fn verify_proof(
+        &self,
+        initial_witness: &mut WitnessMap,
+        key: &[FunctionInput],
+        proof: &[FunctionInput],
+        public_inputs: &[FunctionInput],
+        input_aggregation_object: &[FunctionInput],
+        outputs: &[Witness],
+    ) -> Result<OpcodeResolution, OpcodeResolutionError>;
 }
 
 pub trait SmartContract {
@@ -150,6 +159,7 @@ pub trait ProofSystemCompiler {
         circuit: &Circuit,
         witness_values: WitnessMap,
         proving_key: &[u8],
+        is_recursive: bool,
     ) -> Result<Vec<u8>, Self::Error>;
 
     /// Verifies a Proof, given the circuit description, the circuit's public inputs, and the verification key
@@ -160,5 +170,18 @@ pub trait ProofSystemCompiler {
         public_inputs: WitnessMap,
         circuit: &Circuit,
         verification_key: &[u8],
+        is_recursive: bool,
     ) -> Result<bool, Self::Error>;
+
+    fn proof_as_fields(
+        &self,
+        proof: &[u8],
+        public_inputs: WitnessMap,
+    ) -> Result<Vec<FieldElement>, Self::Error>;
+
+    fn vk_as_fields(
+        &self,
+        common_reference_string: &[u8],
+        verification_key: &[u8],
+    ) -> Result<(Vec<FieldElement>, FieldElement), Self::Error>;
 }

acvm/src/pwg.rs

@@ -300,6 +300,18 @@ mod test {
         ) -> Result<OpcodeResolution, OpcodeResolutionError> {
             panic!("Path not trodden by this test")
         }
+
+        fn verify_proof(
+            &self,
+            _initial_witness: &mut WitnessMap,
+            _key: &[FunctionInput],
+            _proof: &[FunctionInput],
+            _public_inputs: &[FunctionInput],
+            _input_aggregation_object: &[FunctionInput],
+            _outputs: &[Witness],
+        ) -> Result<OpcodeResolution, OpcodeResolutionError> {
+            panic!("Path not trodden by this test")
+        }
     }
 
     #[test]

acvm/src/pwg/blackbox.rs

@@ -99,5 +99,20 @@ pub(crate) fn solve(
         BlackBoxFuncCall::Keccak256 { inputs, outputs } => {
             keccak256(initial_witness, inputs, outputs)
         }
+        BlackBoxFuncCall::VerifyProof {
+            key,
+            proof,
+            public_inputs,
+            input_aggregation_object,
+            outputs,
+            ..
+        } => backend.verify_proof(
+            initial_witness,
+            key,
+            proof,
+            public_inputs,
+            input_aggregation_object,
+            outputs,
+        ),
     }
 }