@izi-noir/sdk 0.1.14 → 0.1.15

package/dist/index.cjs

@@ -142,6 +142,7 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
@@ -160,7 +161,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -391,6 +393,12 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -410,6 +418,14 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -440,6 +456,14 @@ var init_R1csBuilder = __esm({
             c: [["0x1", bitIdx]]
           });
         }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
         const sumTerms = [];
         for (let i = 0; i < this.COMPARISON_BITS; i++) {
           const coeff = (1n << BigInt(i)).toString(16);
@@ -873,6 +897,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -925,6 +958,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/index.d.cts

@@ -2,7 +2,7 @@ import { I as IChainFormatter } from './wasmInit-Wyynuk6r.cjs';
 export { C as ChainProofDataFor, D as DeployResult, a as IziNoir, S as SolanaDeployData, V as VerifyOnChainResult, W as WalletAdapter, i as initNoirWasm, b as isWasmInitialized, m as markWasmInitialized } from './wasmInit-Wyynuk6r.cjs';
 import { P as ProofData, S as SolanaProofData, a as CircuitFunction, I as InputValue, b as ProofResult } from './types-CxkI04bP.cjs';
 export { C as CompileResult, c as ProofTimings, d as ProverOptions, e as VerifierOptions, V as VerifyingKeyData } from './types-CxkI04bP.cjs';
-import { c as CircuitMetadata, S as SolanaChainMetadata, g as ParsedCircuit, I as IProvingSystem } from './IProvingSystem-SfzgcbqH.cjs';
+import { g as ParsedCircuit, c as CircuitMetadata, S as SolanaChainMetadata, I as IProvingSystem } from './IProvingSystem-SfzgcbqH.cjs';
 export { A as AssertStatement, B as BinaryExpr, o as BinaryOperator, e as Chain, b as ChainId, h as ChainMetadata, d as ChainMetadataFor, l as CircuitParam, C as CircuitPaths, f as CompileOptions, E as EthereumChainMetadata, m as Expr, i as ICompiler, j as IProver, k as IVerifier, n as IdentifierExpr, a as IziNoirConfig, L as LiteralExpr, M as MemberExpr, q as NETWORK_CONFIG, N as Network, t as NetworkConfig, P as Provider, p as Statement, s as getExplorerAccountUrl, r as getExplorerTxUrl } from './IProvingSystem-SfzgcbqH.cjs';
 import { ArkworksWasm, ArkworksWasmConfig } from './providers/arkworks.cjs';
 export { ArkworksCompiledCircuit, ArkworksProofResult, ArkworksSetupResult, ArkworksWasmModule, isArkworksCircuit } from './providers/arkworks.cjs';
@@ -11,60 +11,6 @@ export { CompiledCircuit, InputMap } from '@noir-lang/types';
 export { Barretenberg } from './providers/barretenberg.cjs';
 export { IZI_NOIR_PROGRAM_ID, buildInitVkFromBytesData, buildVerifyProofData, calculateVkAccountRent, calculateVkAccountSize, parseProof, parsePublicInputs, parseVerifyingKey } from './providers/solana.cjs';
 
-/**
- * Formatter for Solana-compatible proof data.
- *
- * Converts generic ProofData into SolanaProofData format with:
- * - Verifying key in gnark format (compatible with gnark-verifier-solana)
- * - Proof bytes (256 bytes Groth16)
- * - Public inputs as 32-byte arrays
- * - VK account size and rent estimates
- *
- * @example
- * ```typescript
- * const formatter = new SolanaFormatter(arkworksProvider);
- * const solanaProof = await formatter.formatProof(proofData, circuit, metadata);
- * ```
- */
-declare class SolanaFormatter implements IChainFormatter<'solana'> {
-    private arkworksProvider;
-    readonly chainId: "solana";
-    constructor(arkworksProvider: ArkworksWasm);
-    /**
-     * Format a generic proof for Solana on-chain verification.
-     *
-     * @param proofData - Generic proof data from Arkworks
-     * @param circuit - The compiled circuit (must be Arkworks circuit)
-     * @param metadata - Circuit metadata with public input count
-     * @returns SolanaProofData ready for on-chain verification
-     */
-    formatProof(proofData: ProofData, circuit: CompiledCircuit, metadata: CircuitMetadata): Promise<SolanaProofData>;
-    /**
-     * Get Solana-specific metadata for a circuit.
-     *
-     * @param publicInputCount - Number of public inputs in the circuit
-     * @returns Solana metadata with account size and rent estimates
-     */
-    getChainMetadata(publicInputCount: number): SolanaChainMetadata;
-    /**
-     * Calculate the size of a VK account for a given number of public inputs.
-     * Matches the Rust `vk_account_size` function in the Solana program.
-     */
-    private calculateVkAccountSize;
-    /**
-     * Calculate the minimum rent for a VK account.
-     */
-    private calculateVkAccountRent;
-    /**
-     * Convert Uint8Array to base64 string.
-     */
-    private uint8ArrayToBase64;
-    /**
-     * Convert hex string to Uint8Array.
-     */
-    private hexToBytes;
-}
-
 /**
  * R1csBuilder - Generates R1CS constraints from ParsedCircuit
  *
@@ -88,6 +34,28 @@ interface R1csConstraint {
     b: [string, number][];
     c: [string, number][];
 }
+/**
+ * Auxiliary witness computation instruction
+ * Tells the prover how to compute auxiliary witnesses from input witnesses
+ */
+interface AuxWitnessComputation {
+    /** Type of computation */
+    type: 'subtract' | 'bit_decompose';
+    /** Witness index to compute */
+    targetIdx: number;
+    /** For 'subtract': left operand witness index */
+    leftIdx?: number;
+    /** For 'subtract': right operand witness index */
+    rightIdx?: number;
+    /** For 'subtract': additional constant offset to subtract (e.g., -1 for > operator) */
+    offset?: number;
+    /** For 'bit_decompose': source value witness index */
+    sourceIdx?: number;
+    /** For 'bit_decompose': array of bit witness indices (LSB first) */
+    bitIndices?: number[];
+    /** For 'bit_decompose': number of bits */
+    numBits?: number;
+}
 /**
  * Complete R1CS definition for arkworks-groth16-wasm
  */
@@ -96,6 +64,8 @@ interface R1csDefinition {
     public_inputs: number[];
     private_inputs: number[];
     constraints: R1csConstraint[];
+    /** Instructions for computing auxiliary witnesses */
+    auxWitnessComputations?: AuxWitnessComputation[];
 }
 /**
  * Builds R1CS constraints from a ParsedCircuit
@@ -107,6 +77,7 @@ declare class R1csBuilder {
     private nextWitnessIdx;
     private publicIndices;
     private privateIndices;
+    private auxWitnessComputations;
     private readonly NEG_ONE;
     private readonly COMPARISON_BITS;
     constructor(parsedCircuit: ParsedCircuit);
@@ -202,6 +173,60 @@ declare class R1csBuilder {
     private getOrCreateWitness;
 }
 
+/**
+ * Formatter for Solana-compatible proof data.
+ *
+ * Converts generic ProofData into SolanaProofData format with:
+ * - Verifying key in gnark format (compatible with gnark-verifier-solana)
+ * - Proof bytes (256 bytes Groth16)
+ * - Public inputs as 32-byte arrays
+ * - VK account size and rent estimates
+ *
+ * @example
+ * ```typescript
+ * const formatter = new SolanaFormatter(arkworksProvider);
+ * const solanaProof = await formatter.formatProof(proofData, circuit, metadata);
+ * ```
+ */
+declare class SolanaFormatter implements IChainFormatter<'solana'> {
+    private arkworksProvider;
+    readonly chainId: "solana";
+    constructor(arkworksProvider: ArkworksWasm);
+    /**
+     * Format a generic proof for Solana on-chain verification.
+     *
+     * @param proofData - Generic proof data from Arkworks
+     * @param circuit - The compiled circuit (must be Arkworks circuit)
+     * @param metadata - Circuit metadata with public input count
+     * @returns SolanaProofData ready for on-chain verification
+     */
+    formatProof(proofData: ProofData, circuit: CompiledCircuit, metadata: CircuitMetadata): Promise<SolanaProofData>;
+    /**
+     * Get Solana-specific metadata for a circuit.
+     *
+     * @param publicInputCount - Number of public inputs in the circuit
+     * @returns Solana metadata with account size and rent estimates
+     */
+    getChainMetadata(publicInputCount: number): SolanaChainMetadata;
+    /**
+     * Calculate the size of a VK account for a given number of public inputs.
+     * Matches the Rust `vk_account_size` function in the Solana program.
+     */
+    private calculateVkAccountSize;
+    /**
+     * Calculate the minimum rent for a VK account.
+     */
+    private calculateVkAccountRent;
+    /**
+     * Convert Uint8Array to base64 string.
+     */
+    private uint8ArrayToBase64;
+    /**
+     * Convert hex string to Uint8Array.
+     */
+    private hexToBytes;
+}
+
 interface IParser {
     parse(fn: CircuitFunction, publicInputs: InputValue[], privateInputs: InputValue[]): ParsedCircuit;
 }

package/dist/index.d.ts

@@ -2,7 +2,7 @@ import { I as IChainFormatter } from './wasmInit-D3RyRKIC.js';
 export { C as ChainProofDataFor, D as DeployResult, a as IziNoir, S as SolanaDeployData, V as VerifyOnChainResult, W as WalletAdapter, i as initNoirWasm, b as isWasmInitialized, m as markWasmInitialized } from './wasmInit-D3RyRKIC.js';
 import { P as ProofData, S as SolanaProofData, a as CircuitFunction, I as InputValue, b as ProofResult } from './types-CxkI04bP.js';
 export { C as CompileResult, c as ProofTimings, d as ProverOptions, e as VerifierOptions, V as VerifyingKeyData } from './types-CxkI04bP.js';
-import { c as CircuitMetadata, S as SolanaChainMetadata, g as ParsedCircuit, I as IProvingSystem } from './IProvingSystem-BKgFRl27.js';
+import { g as ParsedCircuit, c as CircuitMetadata, S as SolanaChainMetadata, I as IProvingSystem } from './IProvingSystem-BKgFRl27.js';
 export { A as AssertStatement, B as BinaryExpr, o as BinaryOperator, e as Chain, b as ChainId, h as ChainMetadata, d as ChainMetadataFor, l as CircuitParam, C as CircuitPaths, f as CompileOptions, E as EthereumChainMetadata, m as Expr, i as ICompiler, j as IProver, k as IVerifier, n as IdentifierExpr, a as IziNoirConfig, L as LiteralExpr, M as MemberExpr, q as NETWORK_CONFIG, N as Network, t as NetworkConfig, P as Provider, p as Statement, s as getExplorerAccountUrl, r as getExplorerTxUrl } from './IProvingSystem-BKgFRl27.js';
 import { ArkworksWasm, ArkworksWasmConfig } from './providers/arkworks.js';
 export { ArkworksCompiledCircuit, ArkworksProofResult, ArkworksSetupResult, ArkworksWasmModule, isArkworksCircuit } from './providers/arkworks.js';
@@ -11,60 +11,6 @@ export { CompiledCircuit, InputMap } from '@noir-lang/types';
 export { Barretenberg } from './providers/barretenberg.js';
 export { IZI_NOIR_PROGRAM_ID, buildInitVkFromBytesData, buildVerifyProofData, calculateVkAccountRent, calculateVkAccountSize, parseProof, parsePublicInputs, parseVerifyingKey } from './providers/solana.js';
 
-/**
- * Formatter for Solana-compatible proof data.
- *
- * Converts generic ProofData into SolanaProofData format with:
- * - Verifying key in gnark format (compatible with gnark-verifier-solana)
- * - Proof bytes (256 bytes Groth16)
- * - Public inputs as 32-byte arrays
- * - VK account size and rent estimates
- *
- * @example
- * ```typescript
- * const formatter = new SolanaFormatter(arkworksProvider);
- * const solanaProof = await formatter.formatProof(proofData, circuit, metadata);
- * ```
- */
-declare class SolanaFormatter implements IChainFormatter<'solana'> {
-    private arkworksProvider;
-    readonly chainId: "solana";
-    constructor(arkworksProvider: ArkworksWasm);
-    /**
-     * Format a generic proof for Solana on-chain verification.
-     *
-     * @param proofData - Generic proof data from Arkworks
-     * @param circuit - The compiled circuit (must be Arkworks circuit)
-     * @param metadata - Circuit metadata with public input count
-     * @returns SolanaProofData ready for on-chain verification
-     */
-    formatProof(proofData: ProofData, circuit: CompiledCircuit, metadata: CircuitMetadata): Promise<SolanaProofData>;
-    /**
-     * Get Solana-specific metadata for a circuit.
-     *
-     * @param publicInputCount - Number of public inputs in the circuit
-     * @returns Solana metadata with account size and rent estimates
-     */
-    getChainMetadata(publicInputCount: number): SolanaChainMetadata;
-    /**
-     * Calculate the size of a VK account for a given number of public inputs.
-     * Matches the Rust `vk_account_size` function in the Solana program.
-     */
-    private calculateVkAccountSize;
-    /**
-     * Calculate the minimum rent for a VK account.
-     */
-    private calculateVkAccountRent;
-    /**
-     * Convert Uint8Array to base64 string.
-     */
-    private uint8ArrayToBase64;
-    /**
-     * Convert hex string to Uint8Array.
-     */
-    private hexToBytes;
-}
-
 /**
  * R1csBuilder - Generates R1CS constraints from ParsedCircuit
  *
@@ -88,6 +34,28 @@ interface R1csConstraint {
     b: [string, number][];
     c: [string, number][];
 }
+/**
+ * Auxiliary witness computation instruction
+ * Tells the prover how to compute auxiliary witnesses from input witnesses
+ */
+interface AuxWitnessComputation {
+    /** Type of computation */
+    type: 'subtract' | 'bit_decompose';
+    /** Witness index to compute */
+    targetIdx: number;
+    /** For 'subtract': left operand witness index */
+    leftIdx?: number;
+    /** For 'subtract': right operand witness index */
+    rightIdx?: number;
+    /** For 'subtract': additional constant offset to subtract (e.g., -1 for > operator) */
+    offset?: number;
+    /** For 'bit_decompose': source value witness index */
+    sourceIdx?: number;
+    /** For 'bit_decompose': array of bit witness indices (LSB first) */
+    bitIndices?: number[];
+    /** For 'bit_decompose': number of bits */
+    numBits?: number;
+}
 /**
  * Complete R1CS definition for arkworks-groth16-wasm
  */
@@ -96,6 +64,8 @@ interface R1csDefinition {
     public_inputs: number[];
     private_inputs: number[];
     constraints: R1csConstraint[];
+    /** Instructions for computing auxiliary witnesses */
+    auxWitnessComputations?: AuxWitnessComputation[];
 }
 /**
  * Builds R1CS constraints from a ParsedCircuit
@@ -107,6 +77,7 @@ declare class R1csBuilder {
     private nextWitnessIdx;
     private publicIndices;
     private privateIndices;
+    private auxWitnessComputations;
     private readonly NEG_ONE;
     private readonly COMPARISON_BITS;
     constructor(parsedCircuit: ParsedCircuit);
@@ -202,6 +173,60 @@ declare class R1csBuilder {
     private getOrCreateWitness;
 }
 
+/**
+ * Formatter for Solana-compatible proof data.
+ *
+ * Converts generic ProofData into SolanaProofData format with:
+ * - Verifying key in gnark format (compatible with gnark-verifier-solana)
+ * - Proof bytes (256 bytes Groth16)
+ * - Public inputs as 32-byte arrays
+ * - VK account size and rent estimates
+ *
+ * @example
+ * ```typescript
+ * const formatter = new SolanaFormatter(arkworksProvider);
+ * const solanaProof = await formatter.formatProof(proofData, circuit, metadata);
+ * ```
+ */
+declare class SolanaFormatter implements IChainFormatter<'solana'> {
+    private arkworksProvider;
+    readonly chainId: "solana";
+    constructor(arkworksProvider: ArkworksWasm);
+    /**
+     * Format a generic proof for Solana on-chain verification.
+     *
+     * @param proofData - Generic proof data from Arkworks
+     * @param circuit - The compiled circuit (must be Arkworks circuit)
+     * @param metadata - Circuit metadata with public input count
+     * @returns SolanaProofData ready for on-chain verification
+     */
+    formatProof(proofData: ProofData, circuit: CompiledCircuit, metadata: CircuitMetadata): Promise<SolanaProofData>;
+    /**
+     * Get Solana-specific metadata for a circuit.
+     *
+     * @param publicInputCount - Number of public inputs in the circuit
+     * @returns Solana metadata with account size and rent estimates
+     */
+    getChainMetadata(publicInputCount: number): SolanaChainMetadata;
+    /**
+     * Calculate the size of a VK account for a given number of public inputs.
+     * Matches the Rust `vk_account_size` function in the Solana program.
+     */
+    private calculateVkAccountSize;
+    /**
+     * Calculate the minimum rent for a VK account.
+     */
+    private calculateVkAccountRent;
+    /**
+     * Convert Uint8Array to base64 string.
+     */
+    private uint8ArrayToBase64;
+    /**
+     * Convert hex string to Uint8Array.
+     */
+    private hexToBytes;
+}
+
 interface IParser {
     parse(fn: CircuitFunction, publicInputs: InputValue[], privateInputs: InputValue[]): ParsedCircuit;
 }

package/dist/index.js

@@ -120,6 +120,7 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
@@ -138,7 +139,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -369,6 +371,12 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -388,6 +396,14 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -418,6 +434,14 @@ var init_R1csBuilder = __esm({
             c: [["0x1", bitIdx]]
           });
         }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
         const sumTerms = [];
         for (let i = 0; i < this.COMPARISON_BITS; i++) {
           const coeff = (1n << BigInt(i)).toString(16);
@@ -850,6 +874,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -902,6 +935,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/providers/arkworks.cjs

@@ -45,6 +45,7 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
@@ -63,7 +64,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -294,6 +296,12 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -313,6 +321,14 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -343,6 +359,14 @@ var init_R1csBuilder = __esm({
             c: [["0x1", bitIdx]]
           });
         }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
         const sumTerms = [];
         for (let i = 0; i < this.COMPARISON_BITS; i++) {
           const coeff = (1n << BigInt(i)).toString(16);
@@ -776,6 +800,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -828,6 +861,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/providers/arkworks.d.cts

@@ -70,6 +70,7 @@ interface ArkworksWasmConfig {
     /** Cache proving/verifying keys for repeated proofs */
     cacheKeys?: boolean;
 }
+
 /**
  * Extended CompiledCircuit for ArkworksWasm backend
  */
@@ -121,6 +122,11 @@ declare class ArkworksWasm implements IProvingSystem {
      * Verify a Groth16 proof
      */
     verifyProof(circuit: CompiledCircuit, proof: Uint8Array, publicInputs: string[]): Promise<boolean>;
+    /**
+     * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+     * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+     */
+    private computeAuxiliaryWitnesses;
     /**
      * Get the verifying key in gnark format for on-chain deployment
      */

package/dist/providers/arkworks.d.ts

@@ -70,6 +70,7 @@ interface ArkworksWasmConfig {
     /** Cache proving/verifying keys for repeated proofs */
     cacheKeys?: boolean;
 }
+
 /**
  * Extended CompiledCircuit for ArkworksWasm backend
  */
@@ -121,6 +122,11 @@ declare class ArkworksWasm implements IProvingSystem {
      * Verify a Groth16 proof
      */
     verifyProof(circuit: CompiledCircuit, proof: Uint8Array, publicInputs: string[]): Promise<boolean>;
+    /**
+     * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+     * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+     */
+    private computeAuxiliaryWitnesses;
     /**
      * Get the verifying key in gnark format for on-chain deployment
      */

package/dist/providers/arkworks.js

@@ -23,6 +23,7 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
@@ -41,7 +42,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -272,6 +274,12 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -291,6 +299,14 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -321,6 +337,14 @@ var init_R1csBuilder = __esm({
             c: [["0x1", bitIdx]]
           });
         }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
         const sumTerms = [];
         for (let i = 0; i < this.COMPARISON_BITS; i++) {
           const coeff = (1n << BigInt(i)).toString(16);
@@ -753,6 +777,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -805,6 +838,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/providers/barretenberg.cjs

@@ -142,6 +142,7 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
@@ -160,7 +161,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -391,6 +393,12 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -410,6 +418,14 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -440,6 +456,14 @@ var init_R1csBuilder = __esm({
             c: [["0x1", bitIdx]]
           });
         }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
         const sumTerms = [];
         for (let i = 0; i < this.COMPARISON_BITS; i++) {
           const coeff = (1n << BigInt(i)).toString(16);
@@ -873,6 +897,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -925,6 +958,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/dist/providers/barretenberg.js

@@ -120,6 +120,7 @@ var init_R1csBuilder = __esm({
       // w_0 = 1 is reserved
       publicIndices = [];
       privateIndices = [];
+      auxWitnessComputations = [];
       // BN254 scalar field modulus - 1 (for representing -1)
       // Fr modulus = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
       // -1 mod Fr = Fr - 1
@@ -138,7 +139,8 @@ var init_R1csBuilder = __esm({
           num_witnesses: this.nextWitnessIdx,
           public_inputs: this.publicIndices,
           private_inputs: this.privateIndices,
-          constraints: this.constraints
+          constraints: this.constraints,
+          auxWitnessComputations: this.auxWitnessComputations.length > 0 ? this.auxWitnessComputations : void 0
         };
       }
       /**
@@ -369,6 +371,12 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -388,6 +396,14 @@ var init_R1csBuilder = __esm({
         const leftIdx = this.getOrCreateWitness(left);
         const rightIdx = this.getOrCreateWitness(right);
         const diffIdx = this.nextWitnessIdx++;
+        this.auxWitnessComputations.push({
+          type: "subtract",
+          targetIdx: diffIdx,
+          leftIdx,
+          rightIdx,
+          offset: -1
+          // For > operator: diff = left - right - 1
+        });
         this.constraints.push({
           a: [
             ["0x1", leftIdx],
@@ -418,6 +434,14 @@ var init_R1csBuilder = __esm({
             c: [["0x1", bitIdx]]
           });
         }
+        this.auxWitnessComputations.push({
+          type: "bit_decompose",
+          targetIdx: bitIndices[0],
+          // First bit index (for reference)
+          sourceIdx: valueIdx,
+          bitIndices,
+          numBits: this.COMPARISON_BITS
+        });
         const sumTerms = [];
         for (let i = 0; i < this.COMPARISON_BITS; i++) {
           const coeff = (1n << BigInt(i)).toString(16);
@@ -850,6 +874,15 @@ authors = [""]
           const strVal = String(value);
           witnessMap[r1csIndex.toString()] = strVal;
         }
+        const r1cs = JSON.parse(circuit.r1csJson);
+        if (r1cs.auxWitnessComputations && r1cs.auxWitnessComputations.length > 0) {
+          console.log("=== AUXILIARY WITNESS COMPUTATION ===");
+          console.log("Input witnesses:", JSON.stringify(witnessMap, null, 2));
+          console.log("Computations:", JSON.stringify(r1cs.auxWitnessComputations, null, 2));
+          this.computeAuxiliaryWitnesses(witnessMap, r1cs.auxWitnessComputations);
+          console.log("After aux computation:", JSON.stringify(witnessMap, null, 2));
+          console.log("=====================================");
+        }
         const witnessJson = JSON.stringify(witnessMap);
         let provingKey = circuit.provingKey;
         if (!provingKey) {
@@ -902,6 +935,63 @@ authors = [""]
           publicInputs.length
         );
       }
+      /**
+       * Compute auxiliary witnesses based on computation instructions from R1csBuilder.
+       * This handles witnesses that noir_js cannot compute (e.g., bit decomposition for >= operator).
+       */
+      computeAuxiliaryWitnesses(witnessMap, computations) {
+        const FR_MODULUS = BigInt("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");
+        const getWitnessValue = (idx) => {
+          if (idx === 0) return 1n;
+          const val = witnessMap[idx.toString()];
+          if (val === void 0) {
+            throw new Error(`Witness w_${idx} not found`);
+          }
+          if (val.startsWith("0x")) {
+            return BigInt(val);
+          }
+          return BigInt(val);
+        };
+        const setWitnessValue = (idx, val) => {
+          const normalized = (val % FR_MODULUS + FR_MODULUS) % FR_MODULUS;
+          witnessMap[idx.toString()] = "0x" + normalized.toString(16);
+        };
+        for (const comp of computations) {
+          switch (comp.type) {
+            case "subtract": {
+              const left = getWitnessValue(comp.leftIdx);
+              const right = getWitnessValue(comp.rightIdx);
+              const offset = BigInt(comp.offset ?? 0);
+              const result = left - right + offset;
+              setWitnessValue(comp.targetIdx, result);
+              break;
+            }
+            case "bit_decompose": {
+              const source = getWitnessValue(comp.sourceIdx);
+              const bitIndices = comp.bitIndices;
+              const numBits = comp.numBits;
+              if (source < 0n) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} is negative. This means the comparison constraint is not satisfied.`
+                );
+              }
+              const maxVal = (1n << BigInt(numBits)) - 1n;
+              if (source > maxVal) {
+                throw new Error(
+                  `Bit decomposition failed: value ${source} exceeds ${numBits} bits (max: ${maxVal}). Consider using a larger bit width or smaller values.`
+                );
+              }
+              for (let i = 0; i < numBits; i++) {
+                const bit = source >> BigInt(i) & 1n;
+                setWitnessValue(bitIndices[i], bit);
+              }
+              break;
+            }
+            default:
+              throw new Error(`Unknown auxiliary witness computation type: ${comp.type}`);
+          }
+        }
+      }
       /**
        * Get the verifying key in gnark format for on-chain deployment
        */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@izi-noir/sdk",
-  "version": "0.1.14",
+  "version": "0.1.15",
   "description": "Write ZK circuits in JavaScript/TypeScript, generate Noir code and proofs automatically",
   "type": "module",
   "main": "./dist/index.cjs",