Circom for advent of code day 2

Author: spalladino

circom/.gitignore

@@ -1,3 +1,4 @@
 build/
 proofs/
-inputs/*.wtns
+inputs/*.wtns
+inputs/*.wtns.json

circom/Makefile

@@ -1,12 +1,15 @@
 all: multiplier2
 
-.PHONY: verify/% contracts test
+.PHONY: contracts test
+
+CIRCUITS := multiplier2 advent2
 
 # Build verifying contracts
-contracts: contracts/multiplier2.sol
+contracts: $(foreach circuit,$(CIRCUITS),contracts/$(circuit).sol)
 
 # Build circuit, create witness, create proof, and verify it
 multiplier2: verify/multiplier2
+advent2: verify/advent2
 
 # Do not delete intermediate files
 .SECONDARY:
@@ -15,8 +18,9 @@ multiplier2: verify/multiplier2
 build/%.r1cs: circuits/%.circom
 	@echo Building $@...
 	mkdir -p build/
-	circom $< --r1cs --wasm --sym --c -o build/
-	@echo
+	circom $< --r1cs --wasm --sym --c -l ../node_modules/circomlib/circuits -o build/
+	yarn -s snarkjs r1cs export json build/$*.r1cs build/$*.r1cs.json
+	@echo 
 
 # Creates a witness out of the circuit and input
 inputs/%.wtns: build/%.r1cs inputs/%.json
@@ -25,35 +29,39 @@ inputs/%.wtns: build/%.r1cs inputs/%.json
 		build/$*_js/$*.wasm \
 		inputs/$*.json \
 		inputs/$*.wtns
+	yarn -s snarkjs wtns export json inputs/$*.wtns inputs/$*.wtns.json
+	@echo
 
 # General phase 1 ceremony of powers of tau (trusted setup)
 proofs/pot12_0001.ptau:
 	@echo Powers of tau ceremony phase 1...
 	mkdir -p proofs
-	yarn snarkjs powersoftau new bn128 12 proofs/pot12_0000.ptau -v
-	yarn snarkjs powersoftau contribute proofs/pot12_0000.ptau proofs/pot12_0001.ptau --name="First contribution"
+	yarn -s snarkjs powersoftau new bn128 12 proofs/pot12_0000.ptau -v
+	yarn -s snarkjs powersoftau contribute proofs/pot12_0000.ptau proofs/pot12_0001.ptau --name="First contribution"
 	@echo
 
 # Circuit-specific phase 2 ceremony of powers of tau (trusted setup)
 proofs/%/verification_key.json: proofs/pot12_0001.ptau build/%.r1cs
 	@echo Phase two of the ceremony...
 	mkdir -p proofs/$*
-	yarn snarkjs powersoftau prepare phase2 proofs/pot12_0001.ptau proofs/$*/pot12.ptau
-	yarn snarkjs groth16 setup build/multiplier2.r1cs proofs/$*/pot12.ptau proofs/$*/key_0000.zkey
-	yarn snarkjs zkey contribute proofs/$*/key_0000.zkey proofs/$*/key_0001.zkey --name="First contribution"
-	yarn snarkjs zkey export verificationkey proofs/$*/key_0001.zkey proofs/$*/verification_key.json
+	yarn -s snarkjs powersoftau prepare phase2 proofs/pot12_0001.ptau proofs/$*/pot12.ptau
+	yarn -s snarkjs groth16 setup build/$*.r1cs proofs/$*/pot12.ptau proofs/$*/key_0000.zkey
+	yarn -s snarkjs zkey contribute proofs/$*/key_0000.zkey proofs/$*/key_0001.zkey --name="First contribution"
+	yarn -s snarkjs zkey export verificationkey proofs/$*/key_0001.zkey proofs/$*/verification_key.json
 	@echo
 
 # Create a verifier contract out of a verification key
 contracts/%.sol: proofs/%/verification_key.json
 	@echo Generating verifier contract...
 	mkdir -p contracts/
-	yarn snarkjs zkey export solidityverifier proofs/$*/key_0001.zkey contracts/$*.sol
+	yarn -s snarkjs zkey export solidityverifier proofs/$*/key_0001.zkey contracts/$*.sol
 
 # Create proof for a given witness, given the verification key generated in phase 2
 proofs/%/proof.json: proofs/%/verification_key.json inputs/%.wtns
 	@echo Generating proof...
-	yarn snarkjs groth16 prove proofs/$*/key_0001.zkey inputs/$*.wtns proofs/$*/proof.json proofs/$*/public.json
+	yarn -s snarkjs groth16 prove proofs/$*/key_0001.zkey inputs/$*.wtns proofs/$*/proof.json proofs/$*/public.json
+	@echo Output:
+	@jq -c '.' proofs/$*/public.json
 	@echo
 
 # Create proof to be fed into verifier contract
@@ -65,11 +73,11 @@ proofs/%/solidity-args.json: proofs/%/proof.json
 # Verify the proof
 verify/%: proofs/%/proof.json
 	@echo Verifying proof for $*...
-	yarn snarkjs groth16 verify proofs/$*/verification_key.json proofs/$*/public.json proofs/$*/proof.json
+	yarn -s snarkjs groth16 verify proofs/$*/verification_key.json proofs/$*/public.json proofs/$*/proof.json
 	@echo
 
 # Test verifying contracts
-test: proofs/multiplier2/solidity-args.json
+test: $(foreach circuit,$(CIRCUITS),proofs/$(circuit)/solidity-args.json)
 	@echo Running hardhat tests...
-	yarn hardhat test
+	yarn -s hardhat test
 	@echo

circom/circuits/advent2.circom

@@ -0,0 +1,80 @@
+pragma circom 2.1.1;
+
+include "comparators.circom";
+
+/*
+ Rock=0
+ Paper=1
+ Scissors=2
+
+ x | y | out
+ -----------
+ 0 | 2 | 0
+ 0 | 0 | 1
+ 0 | 1 | 2
+ 1 | 0 | 0
+ 1 | 1 | 1
+ 1 | 2 | 2
+ 2 | 1 | 0
+ 2 | 2 | 1
+ 2 | 0 | 2
+*/ 
+
+// Checks if input x is a valid rock-paper-scissors value (0,1,2)
+template AssertIsRPS() {
+  signal input x;
+  signal isRP <== (x-0) * (x-1);
+  isRP * (x-2) === 0;
+}
+
+// Returns the score for a single round, given the plays by x and y
+template Round() {
+  signal input x, y;
+  signal output out;
+  
+  // ensure that each input is within 0,1,2
+  AssertIsRPS()(x);
+  AssertIsRPS()(y);
+
+  // check if match was a draw
+  signal isDraw <== IsEqual()([x, y]);
+  
+  signal diffYX <== (y+3)-x;
+
+  // y wins if y-x = 1 mod 3
+  signal yWins1 <== (diffYX-1) * (diffYX-4);
+  signal yWins <== IsZero()(yWins1);
+
+  // x wins if y-x = 2 mod 3
+  signal xWins1 <== (diffYX-2) * (diffYX-5);
+  signal xWins <== IsZero()(xWins1);
+
+  // check that exactly one of xWins, yWins, isDraw is true
+  // we probably can do without these constraints
+  signal xOrYWins <== (xWins - 1) * (yWins - 1);
+  xOrYWins * (isDraw - 1) === 0;
+  xWins + yWins + isDraw === 1;
+
+  // score is 6 if y wins, 3 if draw, 0 if x wins
+  // plus 1, 2, 3 depending on the choice of RPS
+  out <== yWins * 6 + isDraw * 3 + y + 1;
+}
+
+// Returns the score over all matches in a game with n rounds
+// Inputs are the plays by x and y
+template Game(n) {
+  signal input xs[n];
+  signal input ys[n];
+  signal scores[n];
+  signal output out;
+  
+  var score = 0;
+  for (var i = 0; i < n; i++) {
+    scores[i] <== Round()(xs[i], ys[i]);
+    score += scores[i];
+  }
+
+  out <== score;
+}
+
+component main = Game(3);