From 39ecc673d0f914669c62ce05625de65a29a78885 Mon Sep 17 00:00:00 2001
From: Zhuo Zhang <mycinbrin@gmail.com>
Date: Thu, 26 Dec 2024 07:32:55 +0000
Subject: [PATCH 1/4] fix halo2 verifier guest code

---
 Cargo.toml                                    |  1 +
 extensions/verifier/Cargo.toml                |  2 +-
 extensions/verifier/src/verifier/loader.rs    | 67 ++++++++++++++++---
 .../verifier/src/verifier/transcript.rs       | 24 ++++++-
 4 files changed, 82 insertions(+), 12 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index de780d8d5a..a27bd3f934 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -137,6 +137,7 @@ openvm-rv32-adapters = { path = "extensions/rv32-adapters", default-features = f
 openvm-rv32im-circuit = { path = "extensions/rv32im/circuit", default-features = false }
 openvm-rv32im-transpiler = { path = "extensions/rv32im/transpiler", default-features = false }
 openvm-rv32im-guest = { path = "extensions/rv32im/guest", default-features = false }
+openvm-snark-verifier = { path = "extensions/verifier", default-features = false }
 
 # Plonky3
 p3-air = { git = "https://github.com/Plonky3/Plonky3.git", rev = "9b267c4" }
diff --git a/extensions/verifier/Cargo.toml b/extensions/verifier/Cargo.toml
index fd22ecdfbd..ff3558840f 100644
--- a/extensions/verifier/Cargo.toml
+++ b/extensions/verifier/Cargo.toml
@@ -14,7 +14,7 @@ openvm-keccak256-guest = { workspace = true, default-features = false }
 openvm-ecc-guest = { workspace = true, features = ["halo2curves"] }
 snark-verifier = { git = "https://github.com/axiom-crypto/snark-verifier.git", tag = "v0.1.7-git", default-features = false, features = ["halo2-axiom"] }
 ff = { workspace = true }
-halo2curves-axiom = { workspace = true }
+halo2curves-axiom = { version = "0.5.3" } 
 itertools.workspace = true
 rand_core = "0.6.4"
 num-bigint = { workspace = true, features = ["std"] }
diff --git a/extensions/verifier/src/verifier/loader.rs b/extensions/verifier/src/verifier/loader.rs
index 6a37562739..0d117c193f 100644
--- a/extensions/verifier/src/verifier/loader.rs
+++ b/extensions/verifier/src/verifier/loader.rs
@@ -3,6 +3,7 @@
 use std::{fmt::Debug, marker::PhantomData};
 
 use halo2curves_axiom::bn256::{Bn256, Fq as Halo2Fp, Fr as Halo2Fr, G1Affine, G2Affine};
+use itertools::Itertools;
 use lazy_static::lazy_static;
 use openvm_ecc_guest::{
     algebra::{field::FieldExtension, IntMod},
@@ -16,9 +17,10 @@ use openvm_pairing_guest::{
 use snark_verifier::{
     loader::{EcPointLoader, Loader, ScalarLoader},
     pcs::{
-        kzg::{KzgAccumulator, KzgAs, KzgDecidingKey},
-        AccumulationDecider,
+        kzg::{KzgAccumulator, KzgAs, KzgDecidingKey, LimbsEncoding},
+        AccumulationDecider, AccumulatorEncoding,
     },
+    util::arithmetic::fe_from_limbs,
     Error,
 };
 
@@ -31,13 +33,62 @@ lazy_static! {
 #[derive(Clone, Debug)]
 pub struct OpenVmLoader;
 
+impl<const LIMBS: usize, const BITS: usize> AccumulatorEncoding<G1Affine, OpenVmLoader>
+    for LimbsEncoding<LIMBS, BITS>
+{
+    type Accumulator = KzgAccumulator<G1Affine, OpenVmLoader>;
+
+    fn from_repr(limbs: &[&OpenVmScalar<Halo2Fr, Fr>]) -> Result<Self::Accumulator, Error> {
+        assert_eq!(limbs.len(), 4 * LIMBS);
+
+        let loader = &*LOADER;
+
+        let [lhs_x, lhs_y, rhs_x, rhs_y]: [_; 4] = limbs
+            .chunks(LIMBS)
+            .map(|limbs| {
+                let v: [Halo2Fr; LIMBS] = limbs
+                    .iter()
+                    .map(|limb| {
+                        let mut buf = limb.0.to_be_bytes();
+                        buf.reverse();
+                        Halo2Fr::from_bytes(&buf).expect("Halo2Fr::from_bytes")
+                    })
+                    .collect_vec()
+                    .try_into()
+                    .unwrap();
+                fe_from_limbs::<_, Halo2Fp, LIMBS, BITS>(v)
+            })
+            .collect_vec()
+            .try_into()
+            .unwrap();
+
+        let accumulator = KzgAccumulator::new(
+            OpenVmEcPoint(
+                EcPoint {
+                    x: Fp::from_le_bytes(&lhs_x.to_bytes()),
+                    y: Fp::from_le_bytes(&lhs_y.to_bytes()),
+                },
+                PhantomData,
+            ),
+            OpenVmEcPoint(
+                EcPoint {
+                    x: Fp::from_le_bytes(&rhs_x.to_bytes()),
+                    y: Fp::from_le_bytes(&rhs_y.to_bytes()),
+                },
+                PhantomData,
+            ),
+        );
+        Ok(accumulator)
+    }
+}
+
 impl EcPointLoader<G1Affine> for OpenVmLoader {
     type LoadedEcPoint = OpenVmEcPoint<G1Affine, EcPoint>;
 
     fn ec_point_load_const(&self, value: &G1Affine) -> Self::LoadedEcPoint {
         let point = EcPoint {
-            x: Fp::from_be_bytes(&value.x().to_bytes()),
-            y: Fp::from_be_bytes(&value.y().to_bytes()),
+            x: Fp::from_le_bytes(&value.x.to_bytes()),
+            y: Fp::from_le_bytes(&value.y.to_bytes()),
         };
         // new(value.x(), value.y());
         OpenVmEcPoint(point, PhantomData)
@@ -74,7 +125,7 @@ impl ScalarLoader<Halo2Fr> for OpenVmLoader {
     type LoadedScalar = OpenVmScalar<Halo2Fr, Fr>;
 
     fn load_const(&self, value: &Halo2Fr) -> Self::LoadedScalar {
-        let value = Fr::from_be_bytes(&value.to_bytes());
+        let value = Fr::from_le_bytes(&value.to_bytes());
         OpenVmScalar(value, PhantomData)
     }
 
@@ -89,7 +140,7 @@ impl ScalarLoader<Halo2Fp> for OpenVmLoader {
     type LoadedScalar = OpenVmScalar<Halo2Fp, Fp>;
 
     fn load_const(&self, value: &Halo2Fp) -> Self::LoadedScalar {
-        let value = Fp::from_be_bytes(&value.to_bytes());
+        let value = Fp::from_le_bytes(&value.to_bytes());
         OpenVmScalar(value, PhantomData)
     }
 
@@ -122,8 +173,8 @@ where
         let mut P = Vec::with_capacity(2);
         let mut Q = Vec::with_capacity(2);
         for t in terms {
-            let x = t.1.x().to_bytes();
-            let y = t.1.y().to_bytes();
+            let x = t.1.x.to_bytes();
+            let y = t.1.y.to_bytes();
             let point = AffinePoint { x: t.0.x, y: t.0.y };
             P.push(point);
             let point = AffinePoint {
diff --git a/extensions/verifier/src/verifier/transcript.rs b/extensions/verifier/src/verifier/transcript.rs
index d31d750b4e..2e6b76ec6f 100644
--- a/extensions/verifier/src/verifier/transcript.rs
+++ b/extensions/verifier/src/verifier/transcript.rs
@@ -15,6 +15,7 @@ use openvm_pairing_guest::{
     bn254::{Bn254G1Affine as EcPoint, Fp, Scalar as Fr},
 };
 use snark_verifier::{
+    loader::evm::{u256_to_fe, U256},
     util::transcript::{Transcript, TranscriptRead},
     Error,
 };
@@ -31,6 +32,17 @@ pub struct OpenVmTranscript<C: CurveAffine, S, B> {
     _marker: PhantomData<C>,
 }
 
+impl<S> OpenVmTranscript<G1Affine, S, Vec<u8>> {
+    /// Initialize [`OpenVmTranscript`] given readable or writeable stream for
+    /// verifying or proving with [`OpenVmLoader`].
+    pub fn new(stream: S) -> Self {
+        Self {
+            stream,
+            buf: Vec::new(),
+            _marker: PhantomData,
+        }
+    }
+}
 impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec<u8>> {
     fn loader(&self) -> &OpenVmLoader {
         &LOADER
@@ -52,7 +64,10 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
             .collect_vec();
         let hash = keccak256(&data);
         self.buf = hash.to_vec();
-        OpenVmScalar(Fr::from_be_bytes(&hash), PhantomData)
+        let fr: Halo2Fr = u256_to_fe(U256::from_be_bytes(hash));
+        use halo2curves_axiom::ff::PrimeField;
+        let bytes: [u8; 32] = fr.to_repr();
+        OpenVmScalar(Fr::from_le_bytes(&bytes), PhantomData)
     }
 
     fn common_ec_point(
@@ -64,7 +79,11 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
         x.copy_from_slice(ec_point.0.x.as_le_bytes());
         y.copy_from_slice(ec_point.0.y.as_le_bytes());
         let coordinates = Option::<Coordinates<G1Affine>>::from(
-            G1Affine::new(Fq::from_bytes(&x).unwrap(), Fq::from_bytes(&y).unwrap()).coordinates(),
+            G1Affine {
+                x: Fq::from_bytes(&x).unwrap(),
+                y: Fq::from_bytes(&y).unwrap(),
+            }
+            .coordinates(),
         )
         .ok_or_else(|| {
             Error::Transcript(
@@ -108,7 +127,6 @@ where
             self.stream
                 .read_exact(repr.as_mut())
                 .map_err(|err| Error::Transcript(err.kind(), err.to_string()))?;
-            repr.as_mut().reverse();
         }
         let x = Fp::from_be_bytes(&x);
         let y = Fp::from_be_bytes(&y);

From 6f5e9ba6e55e2d67313189a8c68a8af8feea6cd5 Mon Sep 17 00:00:00 2001
From: Zhuo Zhang <mycinbrin@gmail.com>
Date: Thu, 26 Dec 2024 07:54:38 +0000
Subject: [PATCH 2/4] clean

---
 extensions/verifier/Cargo.toml                 |  4 ++--
 extensions/verifier/src/verifier/loader.rs     |  3 ---
 extensions/verifier/src/verifier/transcript.rs | 13 ++++---------
 3 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/extensions/verifier/Cargo.toml b/extensions/verifier/Cargo.toml
index ff3558840f..3f4f961006 100644
--- a/extensions/verifier/Cargo.toml
+++ b/extensions/verifier/Cargo.toml
@@ -12,9 +12,9 @@ openvm-pairing-guest = { workspace = true, features = [
 ] }
 openvm-keccak256-guest = { workspace = true, default-features = false }
 openvm-ecc-guest = { workspace = true, features = ["halo2curves"] }
-snark-verifier = { git = "https://github.com/axiom-crypto/snark-verifier.git", tag = "v0.1.7-git", default-features = false, features = ["halo2-axiom"] }
+snark-verifier = { git = "https://github.com/axiom-crypto/snark-verifier.git", tag = "v0.1.7-git", default-features = false, features = ["halo2-axiom", "loader_evm"] }
 ff = { workspace = true }
-halo2curves-axiom = { version = "0.5.3" } 
+halo2curves-axiom = { workspace = true }
 itertools.workspace = true
 rand_core = "0.6.4"
 num-bigint = { workspace = true, features = ["std"] }
diff --git a/extensions/verifier/src/verifier/loader.rs b/extensions/verifier/src/verifier/loader.rs
index 0d117c193f..e89078c746 100644
--- a/extensions/verifier/src/verifier/loader.rs
+++ b/extensions/verifier/src/verifier/loader.rs
@@ -10,7 +10,6 @@ use openvm_ecc_guest::{
     msm, AffinePoint,
 };
 use openvm_pairing_guest::{
-    affine_point::AffineCoords,
     bn254::{Bn254, Bn254Fp as Fp, Bn254G1Affine as EcPoint, Fp2, Scalar as Fr},
     pairing::PairingCheck,
 };
@@ -41,8 +40,6 @@ impl<const LIMBS: usize, const BITS: usize> AccumulatorEncoding<G1Affine, OpenVm
     fn from_repr(limbs: &[&OpenVmScalar<Halo2Fr, Fr>]) -> Result<Self::Accumulator, Error> {
         assert_eq!(limbs.len(), 4 * LIMBS);
 
-        let loader = &*LOADER;
-
         let [lhs_x, lhs_y, rhs_x, rhs_y]: [_; 4] = limbs
             .chunks(LIMBS)
             .map(|limbs| {
diff --git a/extensions/verifier/src/verifier/transcript.rs b/extensions/verifier/src/verifier/transcript.rs
index 2e6b76ec6f..5af1a359b3 100644
--- a/extensions/verifier/src/verifier/transcript.rs
+++ b/extensions/verifier/src/verifier/transcript.rs
@@ -10,12 +10,8 @@ use halo2curves_axiom::{
 use itertools::Itertools;
 use openvm_ecc_guest::algebra::IntMod;
 use openvm_keccak256_guest::keccak256;
-use openvm_pairing_guest::{
-    affine_point::AffineCoords,
-    bn254::{Bn254G1Affine as EcPoint, Fp, Scalar as Fr},
-};
+use openvm_pairing_guest::bn254::{Bn254G1Affine as EcPoint, Fp, Scalar as Fr};
 use snark_verifier::{
-    loader::evm::{u256_to_fe, U256},
     util::transcript::{Transcript, TranscriptRead},
     Error,
 };
@@ -64,10 +60,9 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
             .collect_vec();
         let hash = keccak256(&data);
         self.buf = hash.to_vec();
-        let fr: Halo2Fr = u256_to_fe(U256::from_be_bytes(hash));
-        use halo2curves_axiom::ff::PrimeField;
-        let bytes: [u8; 32] = fr.to_repr();
-        OpenVmScalar(Fr::from_le_bytes(&bytes), PhantomData)
+        let fr = Fr::from_be_bytes(hash);
+        fr.reduce();
+        OpenVmScalar(fr, PhantomData)
     }
 
     fn common_ec_point(

From 8202116d959c85110517fb6ccb55a8fd5f751a0d Mon Sep 17 00:00:00 2001
From: Zhuo Zhang <mycinbrin@gmail.com>
Date: Thu, 26 Dec 2024 08:06:30 +0000
Subject: [PATCH 3/4] build

---
 extensions/verifier/src/verifier/transcript.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/verifier/src/verifier/transcript.rs b/extensions/verifier/src/verifier/transcript.rs
index 5af1a359b3..bef0498786 100644
--- a/extensions/verifier/src/verifier/transcript.rs
+++ b/extensions/verifier/src/verifier/transcript.rs
@@ -60,7 +60,7 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
             .collect_vec();
         let hash = keccak256(&data);
         self.buf = hash.to_vec();
-        let fr = Fr::from_be_bytes(hash);
+        let mut fr = Fr::from_be_bytes(&hash);
         fr.reduce();
         OpenVmScalar(fr, PhantomData)
     }

From bf48c5920046fd776c8077820a367302a010d9b1 Mon Sep 17 00:00:00 2001
From: Zhuo Zhang <mycinbrin@gmail.com>
Date: Fri, 27 Dec 2024 04:44:08 +0000
Subject: [PATCH 4/4] switch to workspace snark verifier

---
 extensions/verifier/Cargo.toml                 | 2 +-
 extensions/verifier/src/verifier/loader.rs     | 3 +--
 extensions/verifier/src/verifier/traits.rs     | 2 +-
 extensions/verifier/src/verifier/transcript.rs | 4 ++--
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/extensions/verifier/Cargo.toml b/extensions/verifier/Cargo.toml
index 3f4f961006..949e42d6e1 100644
--- a/extensions/verifier/Cargo.toml
+++ b/extensions/verifier/Cargo.toml
@@ -12,7 +12,7 @@ openvm-pairing-guest = { workspace = true, features = [
 ] }
 openvm-keccak256-guest = { workspace = true, default-features = false }
 openvm-ecc-guest = { workspace = true, features = ["halo2curves"] }
-snark-verifier = { git = "https://github.com/axiom-crypto/snark-verifier.git", tag = "v0.1.7-git", default-features = false, features = ["halo2-axiom", "loader_evm"] }
+snark-verifier-sdk = { workspace = true, default-features = false, features = ["halo2-axiom", "loader_evm"] }
 ff = { workspace = true }
 halo2curves-axiom = { workspace = true }
 itertools.workspace = true
diff --git a/extensions/verifier/src/verifier/loader.rs b/extensions/verifier/src/verifier/loader.rs
index e89078c746..94fee3b3a8 100644
--- a/extensions/verifier/src/verifier/loader.rs
+++ b/extensions/verifier/src/verifier/loader.rs
@@ -13,7 +13,7 @@ use openvm_pairing_guest::{
     bn254::{Bn254, Bn254Fp as Fp, Bn254G1Affine as EcPoint, Fp2, Scalar as Fr},
     pairing::PairingCheck,
 };
-use snark_verifier::{
+use snark_verifier_sdk::snark_verifier::{
     loader::{EcPointLoader, Loader, ScalarLoader},
     pcs::{
         kzg::{KzgAccumulator, KzgAs, KzgDecidingKey, LimbsEncoding},
@@ -58,7 +58,6 @@ impl<const LIMBS: usize, const BITS: usize> AccumulatorEncoding<G1Affine, OpenVm
             .collect_vec()
             .try_into()
             .unwrap();
-
         let accumulator = KzgAccumulator::new(
             OpenVmEcPoint(
                 EcPoint {
diff --git a/extensions/verifier/src/verifier/traits.rs b/extensions/verifier/src/verifier/traits.rs
index d73f9b3eb7..8af44cfc1e 100644
--- a/extensions/verifier/src/verifier/traits.rs
+++ b/extensions/verifier/src/verifier/traits.rs
@@ -11,7 +11,7 @@ use halo2curves_axiom::{
 };
 use openvm_ecc_guest::algebra::{ExpBytes, Field, IntMod};
 use openvm_pairing_guest::bn254::{Bn254G1Affine as EcPoint, Fp, Scalar as Fr};
-use snark_verifier::{
+use snark_verifier_sdk::snark_verifier::{
     loader::{LoadedEcPoint, LoadedScalar},
     util::arithmetic::FieldOps,
 };
diff --git a/extensions/verifier/src/verifier/transcript.rs b/extensions/verifier/src/verifier/transcript.rs
index bef0498786..ba0a411efc 100644
--- a/extensions/verifier/src/verifier/transcript.rs
+++ b/extensions/verifier/src/verifier/transcript.rs
@@ -11,7 +11,7 @@ use itertools::Itertools;
 use openvm_ecc_guest::algebra::IntMod;
 use openvm_keccak256_guest::keccak256;
 use openvm_pairing_guest::bn254::{Bn254G1Affine as EcPoint, Fp, Scalar as Fr};
-use snark_verifier::{
+use snark_verifier_sdk::snark_verifier::{
     util::transcript::{Transcript, TranscriptRead},
     Error,
 };
@@ -46,7 +46,7 @@ impl<S> Transcript<G1Affine, OpenVmLoader> for OpenVmTranscript<G1Affine, S, Vec
 
     fn squeeze_challenge(
         &mut self,
-    ) -> <super::loader::OpenVmLoader as snark_verifier::loader::ScalarLoader<Halo2Fr>>::LoadedScalar
+    ) -> <super::loader::OpenVmLoader as snark_verifier_sdk::snark_verifier::loader::ScalarLoader<Halo2Fr>>::LoadedScalar
     {
         let data = self
             .buf