Home

Awesome

Halo2 Solidity Verifier

⚠️ This repo has NOT been audited and is NOT intended for a production environment yet.

Solidity verifier generator for halo2 proof with KZG polynomial commitment scheme on BN254.

For audited solidity verifier generator and proof aggregation toolkits, please refer to snark-verifier.

Usage

Generate verifier and verifying key separately as 2 solidity contracts

let generator = SolidityGenerator::new(&params, &vk, Bdfg21, num_instances);
let (verifier_solidity, vk_solidity) = generator.render_separately().unwrap();

Check examples/separately.rs for more details.

[!NOTE] Currently example run only with rust 1.77.0 version due to a cargo update (rust-lang/rust#123285).

The rust toolchain version is specified in rust-toolchain.toml file.

Run example with the following command:

cargo run --all-features --example separately

Generate verifier and verifying key in a single solidity contract

let generator = SolidityGenerator::new(&params, &vk, Bdfg21, num_instances);
let verifier_solidity = generator.render().unwrap();

Encode proof into calldata to invoke verifyProof

let calldata = encode_calldata(vk_address, &proof, &instances);

Note that function selector is already included.

Test

To run tests, use the following command:

cargo test --workspace --all-features --all-targets -- --nocapture

[!NOTE] Currently tests run only with rust 1.77.0 version due to a cargo update (rust-lang/rust#123285).

The rust toolchain version is specified in rust-toolchain.toml file.

Limitations & Caveats

Compatibility

The Keccak256Transcript behaves exactly same as the EvmTranscript in snark-verifier.

Design Rationale

The current solidity verifier generator within snark-verifier faces a couple of issues:

This repository is a ground-up rebuild, addressing these concerns while maintaining a focus on code size and readability. Remarkably, the gas cost is comparable, if not slightly lower, than the one generated by snark-verifier.

Acknowledgement

The template is heavily inspired by Aztec's BaseUltraVerifier.sol.