Skip to content

Commit e2fb0e2

Browse files
olesHolemolesHolem
committed
added docs
1 parent 8ba322e commit e2fb0e2

File tree

5 files changed

+86
-27
lines changed

5 files changed

+86
-27
lines changed

README.md

Lines changed: 2 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -5,34 +5,10 @@ It takes the zkos proof (in json format), and returns the snark proof going thro
55

66
![diagram](diagram.svg)
77

8-
You can use it as a library, or as a cli tool:
98

10-
```
11-
cargo run --bin wrapper --release -- prove --input testing_data/risc_proof --output-dir tmp.json
12-
```
9+
## Docs
1310

14-
Also you should update generated files:
15-
```
16-
cargo run --bin wrapper_generator --release
17-
```
18-
19-
## CRS file
20-
21-
For production - please make sure to use the real CRS file:
22-
23-
https://storage.googleapis.com/matterlabs-setup-keys-us/setup-keys/setup_2^24.key
24-
25-
The tool also offers to use the 'fake' file - that works for local testing, but must NEVER be used for production cases.
26-
27-
## Generating verification key
28-
29-
30-
```shell
31-
cargo run --bin wrapper_generator --release generate-vk --input-binary ../air_compiler/examples/hashed_fibonacci/app.bin --output-dir /tmp --trusted-setup-file crs/setup.key --universal-verifier
32-
```
33-
34-
This will generate the verification key (and verification key hash) - that can be put into the solidity code.
35-
Or you can use era-boojum-verifier-cli tool to verify the proofs manually.
11+
See the [docs](./docs/README.md).
3612

3713
## Security
3814

diagram.svg

Lines changed: 1 addition & 1 deletion
Loading

docs/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
# Documentation
2+
3+
This directory contains documentation and descriptions of the logic and design behind this repository:
4+
5+
- [zkos-wrapper overview](./overview.md)
6+
- [Running end to end](./end_to_end.md)

docs/end_to_end.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# Running end to end wrapper
2+
3+
Firstly, you should get these three files:
4+
- base.bin - file that contains your base program in binary format
5+
- risc_proof.json - file that contains the proof of the last airbender circuit (use airbender cli to generate it)
6+
- setup.key - file that contains the trusted setup for the final Snark (see [Crs](./overview.md##Crs) section)
7+
8+
### Running full wrapper
9+
10+
Now you can generate the final Snark proof and VK with the following command:
11+
```bash
12+
cargo run --bin wrapper --release -- prove --input-binary {path to base.bin} --input {path to risc_proof.json} --trusted-setup-file {path to setup.key} --output-dir {output directory}
13+
```
14+
15+
### Generating final Snark VK
16+
17+
With this command you can generate the final Snark VK:
18+
```bash
19+
cargo run --bin wrapper --release -- generate-vk --input-binary {path to base.bin} --trusted-setup-file {path to setup.key} --output-dir {output directory}
20+
```
21+
22+
Generated VK can be put into the solidity code.
23+
Or you can use era-boojum-verifier-cli tool to verify the proofs manually.
24+
25+
### Regenerating wrapper
26+
If you need to regenerate the wrapper, due to changes in the last airbender recursion circuit you can use the following command:
27+
```bash
28+
cargo run --bin wrapper_generator --release
29+
```

docs/overview.md

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
# ZKOS Wrapper - Overview
2+
3+
## Why do we need this wrapper?
4+
5+
In airbender we can proof an arbitrary number of RiscV cycles with multiple proofs and compress them into a single proof with recursion. But when it come to L1 verification it could be expensive. So our purpose is to wrap the last airbender proof into Snark.
6+
We already use [Snark wrapper](https://github.com/matter-labs/zksync-crypto/tree/main/crates/snark-wrapper) to wrap boojum Stark proofs into Snark. So we only need to implement airbender -> boojum wrapper. So in the end our full wrapping pipeline will look like this:
7+
![diagram](../diagram.svg)
8+
9+
**Note:** we also use `Compression` step, which is just boojum -> boojum wrapper, to make proof smaller to fit it into `SnarkWrapper`.
10+
11+
## ZKOS Wrapper parts
12+
13+
This repository contains the following main components:
14+
- [wrapper](../wrapper/) - the main part with wrapper itself
15+
- [wrapper-inner-verifier](../wrapper/src/wrapper_inner_verifier/) contains the inner `verify` function used for verification last airbender proof
16+
- [wrapper-utils](../wrapper/src/wrapper_utils/) contains circuit representation of airbender structs and traits used for verification
17+
- [transcript](../wrapper/src/transcript/) contains blake hash (for merkle trees and transcript) and transcript (for random challenges)
18+
- [circuits](../wrapper/src/circuits/) contains defined circuits for all three parts of the pipeline: `risc_wrapper`, `compression` and `snark_wrapper`
19+
- [wrapper-generator](../wrapper_generator/) - generates code used in the inner `verify` function
20+
- [circuit-mersenne-field](../circuit-mersenne-field/) - circuit representation of Mersenne field used in the wrapper
21+
22+
## Why do we need `wrapper-generator`?
23+
24+
Usually, verification function takes VK (verification key) as an argument to specify what exact circuit we want to verify. However, in our case we are going to hardcode all the inner airbender circuit parameters into the wrapper itself. This is done for optimization purposes. So we use `wrapper-generator` to generate two files located in [wrapper-inner-verifier/imports/](../wrapper/src/wrapper_inner_verifier/imports/) folder:
25+
- `circuit_layout.rs` - contains the constants specifying geometry of airbender circuit
26+
- `circuit_quotient.rs` - contains the quotient part of verification
27+
28+
These two files completely define the machine of the last airbender circuit. But we also need to verify that the correct code was run during the execution. For this purpose we have `final_state_constants.rs` file that contains two constants:
29+
- `FINAL_RISC_CIRCUIT_END_PARAMS` - the expected commitment of the program run on the last airbender circuit
30+
- `FINAL_RISC_CIRCUIT_AUX_REGISTERS_VALUES` - the expected commitment of all programs run on the previous layers (base program + recursion programs)
31+
32+
**Note:** While `circuit_layout.rs` and `circuit_quotient.rs` are always generated by `wrapper_generator` and used during wrapping, `final_state_constants.rs` are not as necessary to update, as inner constants could be generated during proving/creating vk process.
33+
34+
## Crs
35+
Crs (common reference string) is a trusted setup required for the final Snark (in the inner KZG commitment). You can download it with this command:
36+
```
37+
curl https://storage.googleapis.com/matterlabs-setup-keys-us/setup-keys/setup_2\^24.key --output setup.key
38+
```
39+
The tool also offers to use the 'fake' file - that works for local testing, but must NEVER be used for production cases.
40+
41+
## Testing
42+
43+
You can find the main tests for running all the pipeline in the [wrapper/tests/mod.rs](../wrapper/src/tests/mod.rs). These tests will use fibonachi as a base program and take the last airbender circuit proof as an input. In the end you will get all the intermediate proofs up to the final snark proof.
44+
45+
## Running the wrapper
46+
You can find instructions for running the full pipeline here: [Running end to end](./end_to_end.md).
47+
48+
### Happy wrapping :]

0 commit comments

Comments
 (0)