@izi-noir/sdk 0.1.13 → 0.1.15

package/dist/index.js

@@ -120,10 +120,13 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
       NEG_ONE = "0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000";
+      // Number of bits for range checks (64 bits handles values up to ~18 quintillion)
+      COMPARISON_BITS = 64;
       /**
        * Build R1CS definition from the parsed circuit
        */
@@ -136,7 +139,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -233,13 +237,18 @@ var init_R1csBuilder = __esm({
             throw new Error(
               `Arithmetic operator ${operator} must be part of an equality assertion. Use: assert(a ${operator} b == c)`
             );
-          case "<":
+          case ">=":
+            this.processGreaterThanOrEqual(left, right);
+            break;
           case ">":
+            this.processGreaterThan(left, right);
+            break;
           case "<=":
-          case ">=":
-            throw new Error(
-              `Comparison operators (${operator}) require range proofs which are not yet supported. Use the Barretenberg backend for comparison operations.`
-            );
+            this.processGreaterThanOrEqual(right, left);
+            break;
+          case "<":
+            this.processGreaterThan(right, left);
+            break;
           case "&":
           case "|":
             throw new Error(
@@ -346,6 +355,105 @@ var init_R1csBuilder = __esm({
           // = c
         });
       }
+      /**
+       * Process greater than or equal: assert(a >= b)
+       * Uses bit decomposition to prove that a - b is non-negative.
+       *
+       * The approach:
+       * 1. Create diff = a - b
+       * 2. Decompose diff into COMPARISON_BITS bits
+       * 3. For each bit: bit_i * (1 - bit_i) = 0 (ensures 0 or 1)
+       * 4. Sum of bits * powers of 2 = diff
+       *
+       * If decomposition succeeds, diff is in [0, 2^COMPARISON_BITS - 1], so a >= b
+       */
+      processGreaterThanOrEqual(left, right) {
+        const leftIdx = this.getOrCreateWitness(left);
+        const rightIdx = this.getOrCreateWitness(right);
+        const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
+        this.constraints.push({
+          a: [
+            ["0x1", leftIdx],
+            [this.NEG_ONE, rightIdx]
+          ],
+          b: [["0x1", 0]],
+          // * 1
+          c: [["0x1", diffIdx]]
+        });
+        this.addBitDecompositionConstraints(diffIdx);
+      }
+      /**
+       * Process greater than: assert(a > b)
+       * Equivalent to assert(a - b - 1 >= 0), or assert(a >= b + 1)
+       */
+      processGreaterThan(left, right) {
+        const leftIdx = this.getOrCreateWitness(left);
+        const rightIdx = this.getOrCreateWitness(right);
+        const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
+        this.constraints.push({
+          a: [
+            ["0x1", leftIdx],
+            [this.NEG_ONE, rightIdx],
+            [this.NEG_ONE, 0]
+            // -1 (using w_0 = 1)
+          ],
+          b: [["0x1", 0]],
+          // * 1
+          c: [["0x1", diffIdx]]
+        });
+        this.addBitDecompositionConstraints(diffIdx);
+      }
+      /**
+       * Add bit decomposition constraints for a value.
+       * Creates COMPARISON_BITS witnesses for the bits and constrains:
+       * 1. Each bit is 0 or 1: bit * (1 - bit) = 0
+       * 2. Sum of bits * 2^i = value
+       */
+      addBitDecompositionConstraints(valueIdx) {
+        const bitIndices = [];
+        for (let i = 0; i < this.COMPARISON_BITS; i++) {
+          const bitIdx = this.nextWitnessIdx++;
+          bitIndices.push(bitIdx);
+          this.constraints.push({
+            a: [["0x1", bitIdx]],
+            b: [["0x1", bitIdx]],
+            c: [["0x1", bitIdx]]
+          });
+        }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
+        const sumTerms = [];
+        for (let i = 0; i < this.COMPARISON_BITS; i++) {
+          const coeff = (1n << BigInt(i)).toString(16);
+          sumTerms.push([`0x${coeff}`, bitIndices[i]]);
+        }
+        this.constraints.push({
+          a: sumTerms,
+          b: [["0x1", 0]],
+          // * 1
+          c: [["0x1", valueIdx]]
+        });
+      }
       /**
        * Process a variable declaration: let x = expr
        * Creates a new witness for x and adds constraint if needed
@@ -766,6 +874,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -818,6 +935,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/providers/arkworks.cjs

@@ -45,10 +45,13 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
       NEG_ONE = "0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000";
+      // Number of bits for range checks (64 bits handles values up to ~18 quintillion)
+      COMPARISON_BITS = 64;
       /**
        * Build R1CS definition from the parsed circuit
        */
@@ -61,7 +64,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -158,13 +162,18 @@ var init_R1csBuilder = __esm({
             throw new Error(
               `Arithmetic operator ${operator} must be part of an equality assertion. Use: assert(a ${operator} b == c)`
             );
-          case "<":
+          case ">=":
+            this.processGreaterThanOrEqual(left, right);
+            break;
           case ">":
+            this.processGreaterThan(left, right);
+            break;
           case "<=":
-          case ">=":
-            throw new Error(
-              `Comparison operators (${operator}) require range proofs which are not yet supported. Use the Barretenberg backend for comparison operations.`
-            );
+            this.processGreaterThanOrEqual(right, left);
+            break;
+          case "<":
+            this.processGreaterThan(right, left);
+            break;
           case "&":
           case "|":
             throw new Error(
@@ -271,6 +280,105 @@ var init_R1csBuilder = __esm({
           // = c
         });
       }
+      /**
+       * Process greater than or equal: assert(a >= b)
+       * Uses bit decomposition to prove that a - b is non-negative.
+       *
+       * The approach:
+       * 1. Create diff = a - b
+       * 2. Decompose diff into COMPARISON_BITS bits
+       * 3. For each bit: bit_i * (1 - bit_i) = 0 (ensures 0 or 1)
+       * 4. Sum of bits * powers of 2 = diff
+       *
+       * If decomposition succeeds, diff is in [0, 2^COMPARISON_BITS - 1], so a >= b
+       */
+      processGreaterThanOrEqual(left, right) {
+        const leftIdx = this.getOrCreateWitness(left);
+        const rightIdx = this.getOrCreateWitness(right);
+        const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
+        this.constraints.push({
+          a: [
+            ["0x1", leftIdx],
+            [this.NEG_ONE, rightIdx]
+          ],
+          b: [["0x1", 0]],
+          // * 1
+          c: [["0x1", diffIdx]]
+        });
+        this.addBitDecompositionConstraints(diffIdx);
+      }
+      /**
+       * Process greater than: assert(a > b)
+       * Equivalent to assert(a - b - 1 >= 0), or assert(a >= b + 1)
+       */
+      processGreaterThan(left, right) {
+        const leftIdx = this.getOrCreateWitness(left);
+        const rightIdx = this.getOrCreateWitness(right);
+        const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
+        this.constraints.push({
+          a: [
+            ["0x1", leftIdx],
+            [this.NEG_ONE, rightIdx],
+            [this.NEG_ONE, 0]
+            // -1 (using w_0 = 1)
+          ],
+          b: [["0x1", 0]],
+          // * 1
+          c: [["0x1", diffIdx]]
+        });
+        this.addBitDecompositionConstraints(diffIdx);
+      }
+      /**
+       * Add bit decomposition constraints for a value.
+       * Creates COMPARISON_BITS witnesses for the bits and constrains:
+       * 1. Each bit is 0 or 1: bit * (1 - bit) = 0
+       * 2. Sum of bits * 2^i = value
+       */
+      addBitDecompositionConstraints(valueIdx) {
+        const bitIndices = [];
+        for (let i = 0; i < this.COMPARISON_BITS; i++) {
+          const bitIdx = this.nextWitnessIdx++;
+          bitIndices.push(bitIdx);
+          this.constraints.push({
+            a: [["0x1", bitIdx]],
+            b: [["0x1", bitIdx]],
+            c: [["0x1", bitIdx]]
+          });
+        }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
+        const sumTerms = [];
+        for (let i = 0; i < this.COMPARISON_BITS; i++) {
+          const coeff = (1n << BigInt(i)).toString(16);
+          sumTerms.push([`0x${coeff}`, bitIndices[i]]);
+        }
+        this.constraints.push({
+          a: sumTerms,
+          b: [["0x1", 0]],
+          // * 1
+          c: [["0x1", valueIdx]]
+        });
+      }
       /**
        * Process a variable declaration: let x = expr
        * Creates a new witness for x and adds constraint if needed
@@ -692,6 +800,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -744,6 +861,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/providers/arkworks.d.cts

@@ -70,6 +70,7 @@ interface ArkworksWasmConfig {
     /** Cache proving/verifying keys for repeated proofs */
     cacheKeys?: boolean;
 }
+
 /**
  * Extended CompiledCircuit for ArkworksWasm backend
  */
@@ -121,6 +122,11 @@ declare class ArkworksWasm implements IProvingSystem {
      * Verify a Groth16 proof
      */
     verifyProof(circuit: CompiledCircuit, proof: Uint8Array, publicInputs: string[]): Promise<boolean>;
+    /**
+     * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+     * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+     */
+    private computeAuxiliaryWitnesses;
     /**
      * Get the verifying key in gnark format for on-chain deployment
      */

package/dist/providers/arkworks.d.ts

@@ -70,6 +70,7 @@ interface ArkworksWasmConfig {
     /** Cache proving/verifying keys for repeated proofs */
     cacheKeys?: boolean;
 }
+
 /**
  * Extended CompiledCircuit for ArkworksWasm backend
  */
@@ -121,6 +122,11 @@ declare class ArkworksWasm implements IProvingSystem {
      * Verify a Groth16 proof
      */
     verifyProof(circuit: CompiledCircuit, proof: Uint8Array, publicInputs: string[]): Promise<boolean>;
+    /**
+     * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+     * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+     */
+    private computeAuxiliaryWitnesses;
     /**
      * Get the verifying key in gnark format for on-chain deployment
      */