starkshield 1.0.0

package/circomlib/test/smtverifier.js

@@ -0,0 +1,141 @@
+const chai = require("chai");
+const path = require("path");
+const Scalar = require("ffjavascript").Scalar;
+const wasm_tester = require("circom_tester").wasm;
+
+const newMemEmptyTrie = require("circomlibjs").newMemEmptyTrie;
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+    console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+async function testInclusion(tree, _key, circuit) {
+    const key = tree.F.e(_key);
+    const res = await tree.find(key);
+
+    assert(res.found);
+    let siblings = res.siblings;
+    for (let i=0; i<siblings.length; i++) siblings[i] = tree.F.toObject(siblings[i]);
+    while (siblings.length<10) siblings.push(0);
+
+    const w = await circuit.calculateWitness({
+        enabled: 1,
+        fnc: 0,
+        root: tree.F.toObject(tree.root),
+        siblings: siblings,
+        oldKey: 0,
+        oldValue: 0,
+        isOld0: 0,
+        key: tree.F.toObject(key),
+        value: tree.F.toObject(res.foundValue)
+    }, true);
+
+    await circuit.checkConstraints(w);
+
+}
+
+async function testExclusion(tree, _key, circuit) {
+    const key = tree.F.e(_key);
+    const res = await tree.find(key);
+
+    assert(!res.found);
+    let siblings = res.siblings;
+    for (let i=0; i<siblings.length; i++) siblings[i] = tree.F.toObject(siblings[i]);
+    while (siblings.length<10) siblings.push(0);
+
+    const w = await circuit.calculateWitness({
+        enabled: 1,
+        fnc: 1,
+        root: tree.F.toObject(tree.root),
+        siblings: siblings,
+        oldKey: res.isOld0 ? 0 : tree.F.toObject(res.notFoundKey),
+        oldValue: res.isOld0 ? 0 : tree.F.toObject(res.notFoundValue),
+        isOld0: res.isOld0 ? 1 : 0,
+        key: tree.F.toObject(key),
+        value: 0
+    });
+
+    await circuit.checkConstraints(w);
+
+}
+
+describe("SMT Verifier test", function () {
+    let Fr;
+    let circuit;
+    let tree;
+
+    this.timeout(100000);
+
+    before( async () => {
+        circuit = await wasm_tester(path.join(__dirname, "circuits", "smtverifier10_test.circom"));
+
+        tree = await newMemEmptyTrie();
+        Fr = tree.F;
+        await tree.insert(7,77);
+        await tree.insert(8,88);
+        await tree.insert(32,3232);
+    });
+
+    it("Check inclussion in a tree of 3", async () => {
+        await testInclusion(tree, 7, circuit);
+        await testInclusion(tree, 8, circuit);
+        await testInclusion(tree, 32, circuit);
+    });
+
+    it("Check exclussion in a tree of 3", async () => {
+        await testExclusion(tree, 0, circuit);
+        await testExclusion(tree, 6, circuit);
+        await testExclusion(tree, 9, circuit);
+        await testExclusion(tree, 33, circuit);
+        await testExclusion(tree, 31, circuit);
+        await testExclusion(tree, 16, circuit);
+        await testExclusion(tree, 64, circuit);
+    });
+
+    it("Check not enabled accepts any thing", async () => {
+        let siblings = [];
+        for (let i=0; i<10; i++) siblings.push(i);
+
+        const w = await circuit.calculateWitness({
+            enabled: 0,
+            fnc: 0,
+            root: 1,
+            siblings: siblings,
+            oldKey: 22,
+            oldValue: 33,
+            isOld0: 0,
+            key: 44,
+            value: 0
+        });
+
+
+        await circuit.checkConstraints(w);
+    });
+
+    it("Check inclussion Adria case", async () => {
+        const e1_hi= Fr.e("17124152697573569611556136390143205198134245887034837071647643529178599000839");
+        const e1_hv= Fr.e("19650379996168153643111744440707177573540245771926102415571667548153444658179");
+
+        const e2ok_hi= Fr.e("16498254692537945203721083102154618658340563351558973077349594629411025251262");
+        const e2ok_hv= Fr.e("19650379996168153643111744440707177573540245771926102415571667548153444658179");
+
+        const e2fail_hi= Fr.e("17195092312975762537892237130737365903429674363577646686847513978084990105579");
+        const e2fail_hv= Fr.e("19650379996168153643111744440707177573540245771926102415571667548153444658179");
+
+        const tree1 = await newMemEmptyTrie();
+        await tree1.insert(e1_hi,e1_hv);
+        await tree1.insert(e2ok_hi,e2ok_hv);
+
+        await testInclusion(tree1, e2ok_hi, circuit);
+
+        const tree2 = await newMemEmptyTrie();
+        await tree2.insert(e1_hi,e1_hv);
+        await tree2.insert(e2fail_hi,e2fail_hv);
+
+        await testInclusion(tree2, e2fail_hi, circuit);
+    });
+
+
+});

package/lib/compile.js

@@ -0,0 +1,82 @@
+const { execSync } = require("child_process");
+const fs = require("fs-extra");
+const path = require("path");
+
+async function compileCircuit(circuitPath) {
+    const baseName = path.basename(circuitPath, ".circom");
+    const outDir = path.resolve(path.join(process.cwd(), baseName));
+   
+    await fs.ensureDir(outDir);
+    await fs.emptyDir(outDir);
+   
+    console.log(`📦 Compiling ${baseName} into ${outDir}...`);
+   
+    // Get absolute paths for better reliability
+    const absCircuitPath = path.resolve(circuitPath);
+    const circomlibPath = path.resolve(__dirname, "..", "circomlib", "circuits");
+   
+    // Verify circomlib exists
+    if (!fs.existsSync(circomlibPath)) {
+        throw new Error(`❌ Circomlib not found at: ${circomlibPath}`);
+    }
+   
+    // Define output paths
+    const r1csPath = path.join(outDir, `${baseName}.r1cs`);
+    const zkeyPath = path.join(outDir, `circuit_final.zkey`);
+    const verifierPath = path.join(outDir, `verifier.cairo`);  // Changed to Cairo (the main contract will be copied here for easy use in further modules)
+   
+    // Compile circuit with circomlib path
+    execSync(
+        `"${path.resolve(__dirname, "..", "bin", "circom")}" "${absCircuitPath}" --wasm --r1cs -l "${circomlibPath}" -o "${outDir}"`,
+        {
+            stdio: "inherit",
+            cwd: outDir
+        }
+    );
+   
+    // Verify R1CS file exists
+    if (!fs.existsSync(r1csPath)) {
+        throw new Error(`❌ Compilation failed: ${r1csPath} not found.`);
+    }
+   
+    // Rest of your existing code...
+    const ptauPath = path.resolve(__dirname, "..", "ptau", "pot12_final.ptau");
+    if (!fs.existsSync(ptauPath)) {
+        throw new Error(`❌ Missing PTAU file at: ${ptauPath}`);
+    }
+   
+    // Run groth16 setup
+    execSync(
+        `snarkjs groth16 setup "${r1csPath}" "${ptauPath}" "${zkeyPath}"`,
+        { stdio: "inherit" }
+    );
+   
+    // === MODIFIED PART: Generate Cairo verifier for Starknet instead of Solidity ===
+    // 1. Export verification key (required by garaga)
+    execSync(
+        `snarkjs zkey export verificationkey "${zkeyPath}" "${outDir}/verification_key.json"`,
+        { stdio: "inherit" }
+    );
+
+    // 2. Generate valid Cairo Groth16 verifier contract using garaga (state-of-the-art, actively maintained, handles BN254 correctly)
+    //    Prerequisites (run once):
+    //      pip install garaga
+    //      (Scarb is auto-detected; install via https://docs.swmansion.com/scarb/ if you want to build/deploy the contract)
+    console.log("🔨 Generating Cairo verifier contract with garaga...");
+    execSync(
+        `garaga gen --system groth16 --vk "${outDir}/verification_key.json" --project-name "${baseName}"`,
+        { 
+            stdio: "inherit",
+            cwd: outDir 
+        }
+    );
+
+    // garaga creates a full Scarb project in ./verifier/ by default.
+    // We copy the main contract file to verifier.cairo (so further modules that expect "verifier.sol" style can just rename/use verifier.cairo)
+    const generatedContract = path.join(outDir, "verifier", "src", "groth16_verifier.cairo");
+   
+    console.log(`✅ All files successfully generated in: ${outDir}`);
+    console.log(`   → Cairo verifier ready at: ${generatedContract}`);
+}
+
+module.exports = { compileCircuit };

package/lib/deploy.js

@@ -0,0 +1,391 @@
+'use strict';
+
+const fs = require('fs-extra');
+const path = require('path');
+const { spawnSync } = require('child_process');
+
+// ─── Constants ────────────────────────────────────────────────────────────────
+
+const NETWORK = 'sepolia';
+const CONTRACT_NAME = 'Groth16VerifierBN254';
+
+// ─── Core runner ──────────────────────────────────────────────────────────────
+
+/**
+ * Run a shell command using spawnSync so we always capture BOTH stdout and
+ * stderr. sncast prints its results (class hash, contract address) to stderr
+ * in many versions, so execSync/stdout-only is not reliable.
+ *
+ * Returns { stdout, stderr, combined, status }.
+ * Does NOT throw — callers check status and combined themselves.
+ */
+function run(cmd, cwd) {
+  // Split the command string into argv array for spawnSync.
+  // We use shell:true to support multi-line commands with backslash continuation.
+  const result = spawnSync(cmd, {
+    shell: true,
+    encoding: 'utf8',
+    cwd: cwd || process.cwd(),
+  });
+
+  const stdout   = result.stdout || '';
+  const stderr   = result.stderr || '';
+  const combined = stdout + stderr;
+
+  return {
+    stdout,
+    stderr,
+    combined,
+    status: result.status ?? 1,
+  };
+}
+
+// ─── Path resolution ──────────────────────────────────────────────────────────
+
+/**
+ * Resolve and validate the folder structure that compile produces:
+ *
+ *   <folderPath>/                    ← absFolder       (e.g. ./simple)
+ *   ├── simple.r1cs
+ *   ├── circuit_final.zkey
+ *   ├── verification_key.json
+ *   ├── simple_js/simple.wasm
+ *   └── simple/                      ← scarbProjectDir (e.g. ./simple/simple)
+ *       ├── Scarb.toml
+ *       ├── src/
+ *       └── tests/
+ */
+function resolvePaths(folderPath) {
+  const absFolder    = path.resolve(folderPath);
+  const circuitName  = path.basename(absFolder);
+  const scarbProjectDir = path.join(absFolder, circuitName);
+
+  if (!fs.existsSync(absFolder)) {
+    console.error(`❌ Output folder not found: ${absFolder}`);
+    console.error('   Run "npx starkshield compile <circuit.circom>" first.');
+    process.exit(1);
+  }
+
+  const expectedFiles = [
+    path.join(absFolder, 'verification_key.json'),
+    path.join(absFolder, 'circuit_final.zkey'),
+    path.join(absFolder, `${circuitName}.r1cs`),
+  ];
+  for (const f of expectedFiles) {
+    if (!fs.existsSync(f)) {
+      console.error(`❌ Missing compile artefact: ${f}`);
+      console.error('   Re-run "npx starkshield compile <circuit.circom>".');
+      process.exit(1);
+    }
+  }
+
+  if (!fs.existsSync(path.join(scarbProjectDir, 'Scarb.toml'))) {
+    console.error(`❌ Scarb.toml not found in: ${scarbProjectDir}`);
+    console.error('   Re-run "npx starkshield compile <circuit.circom>".');
+    process.exit(1);
+  }
+
+  return { absFolder, circuitName, scarbProjectDir };
+}
+
+// ─── Account management ───────────────────────────────────────────────────────
+
+function importAccount(accountName, privateKey, accountAddress) {
+  console.log(`\n🔑 Registering account "${accountName}" with sncast ...`);
+
+  // Remove stale entry silently.
+  run(`sncast account delete --name ${accountName} --network-name alpha-${NETWORK}`);
+
+  const { combined, status } = run(
+    `sncast account import \
+      --network ${NETWORK} \
+      --name ${accountName} \
+      --address ${accountAddress} \
+      --private-key ${privateKey} \
+      --type oz`,
+  );
+
+  if (status !== 0 && !combined.toLowerCase().includes('already')) {
+    console.error('❌ Failed to register account with sncast:');
+    console.error(combined);
+    process.exit(1);
+  }
+
+  console.log('✅ Account registered.');
+}
+
+function cleanupAccount(accountName) {
+  const { status } = run(
+    `sncast account delete --name ${accountName} --network-name alpha-${NETWORK}`,
+  );
+  if (status === 0) {
+    console.log(`🧹 Temporary account "${accountName}" removed.`);
+  } else {
+    console.warn(`⚠️  Could not remove temporary account "${accountName}" — remove it manually if needed.`);
+  }
+}
+
+// ─── Output parsers ───────────────────────────────────────────────────────────
+
+/**
+ * Extract a class hash from any sncast declare output format:
+ *
+ *   JSON:                { "class_hash": "0x..." }
+ *   Labeled:             class_hash: 0x...
+ *   Parenthesised:       ClassHash(0x...)
+ *   Error sentence:      "with hash 0x..."
+ *   Fallback:            any 0x value that is 60-64 hex chars (full felt252)
+ */
+function extractClassHash(text) {
+  if (!text) return null;
+
+  try {
+    const data = JSON.parse(text.trim());
+    const h = data.class_hash || data.result?.class_hash;
+    if (h) return h;
+  } catch (_) {}
+
+  const patterns = [
+    /class[_\s-]hash[\s:=]+\s*(0x[0-9a-fA-F]+)/i,
+    /[Cc]lass[Hh]ash\s*\(\s*(0x[0-9a-fA-F]+)\s*\)/,
+    /with\s+hash\s+(0x[0-9a-fA-F]+)/i,
+    /hash[:\s]+(0x[0-9a-fA-F]+)/i,
+  ];
+  for (const re of patterns) {
+    const m = text.match(re);
+    if (m) return m[1];
+  }
+
+  // Any full felt252-length hex value
+  const all = [...text.matchAll(/0x[0-9a-fA-F]{60,64}/g)];
+  if (all.length > 0) return all[0][0];
+
+  return null;
+}
+
+/**
+ * Extract a deployed contract address from sncast deploy output.
+ */
+function extractContractAddress(text) {
+  if (!text) return null;
+
+  try {
+    const data = JSON.parse(text.trim());
+    const a = data.contract_address || data.address || data.result?.contract_address;
+    if (a) return a;
+  } catch (_) {}
+
+  const patterns = [
+    /contract[_\s]address[\s:=]+\s*(0x[0-9a-fA-F]+)/i,
+    /address[\s:=]+\s*(0x[0-9a-fA-F]+)/i,
+  ];
+  for (const re of patterns) {
+    const m = text.match(re);
+    if (m) return m[1];
+  }
+
+  const all = [...text.matchAll(/0x[0-9a-fA-F]{60,64}/g)];
+  if (all.length > 0) return all[0][0];
+
+  return null;
+}
+
+// ─── ABI extraction ───────────────────────────────────────────────────────────
+
+function extractAbi(scarbProjectDir) {
+  const targetDevDir = path.join(scarbProjectDir, 'target', 'dev');
+
+  if (!fs.existsSync(targetDevDir)) {
+    throw new Error(`Build artefacts not found at: ${targetDevDir}`);
+  }
+
+  const files = fs.readdirSync(targetDevDir);
+  const contractFile = files.find(
+    (f) => f.endsWith('.contract_class.json') || f.endsWith('.sierra.json'),
+  );
+
+  if (!contractFile) {
+    throw new Error(
+      `No .contract_class.json found in ${targetDevDir}.\nFiles: ${files.join(', ')}`,
+    );
+  }
+
+  const sierra = fs.readJsonSync(path.join(targetDevDir, contractFile));
+  if (!sierra.abi || sierra.abi.length === 0) {
+    throw new Error(`ABI is empty in ${contractFile}.`);
+  }
+  return sierra.abi;
+}
+
+// ─── Main export ──────────────────────────────────────────────────────────────
+
+/**
+ * Build, declare, and deploy the Garaga Groth16 verifier to Starknet Sepolia.
+ *
+ * Writes <folderPath>/deployment.json on success with everything verifyProof needs.
+ *
+ * @param {string} folderPath      Root circuit output folder  (e.g. ./simple)
+ * @param {string} privateKey      Starknet account private key (0x-prefixed)
+ * @param {string} accountAddress  Starknet account address     (0x-prefixed)
+ */
+async function deployVerifier(folderPath, privateKey, accountAddress) {
+
+  if (!folderPath || !privateKey || !accountAddress) {
+    console.error('❌ Usage: npx starkshield deploy <folder> <privateKey> <accountAddress>');
+    process.exit(1);
+  }
+
+  // ── 1. Validate folder structure ───────────────────────────────────────────
+
+  const { absFolder, circuitName, scarbProjectDir } = resolvePaths(folderPath);
+
+  console.log('');
+  console.log('🛡  StarkShield — Deploy');
+  console.log(`   Circuit      : ${circuitName}`);
+  console.log(`   Output folder: ${absFolder}`);
+  console.log(`   Scarb project: ${scarbProjectDir}`);
+  console.log(`   Network      : ${NETWORK}`);
+
+  // ── 2. Register account ────────────────────────────────────────────────────
+
+  const accountName = `starkshield-${circuitName}-${Date.now()}`;
+  importAccount(accountName, privateKey, accountAddress);
+
+  try {
+
+    // ── 3. Build ───────────────────────────────────────────────────────────────
+
+    console.log(`\n🔨 Building Cairo verifier (scarb build) ...`);
+    const build = run('scarb build', scarbProjectDir);
+    if (build.status !== 0) {
+      console.error('❌ scarb build failed:');
+      console.error(build.combined);
+      process.exit(1);
+    }
+    console.log('✅ Build complete.');
+
+    // ── 4. Extract ABI ────────────────────────────────────────────────────────
+
+    console.log('\n📄 Extracting ABI from build artefacts ...');
+    const abi = extractAbi(scarbProjectDir);
+    console.log(`✅ ABI extracted (${abi.length} entries).`);
+
+    // ── 5. Declare ────────────────────────────────────────────────────────────
+
+    console.log(`\n📢 Declaring ${CONTRACT_NAME} on ${NETWORK} ...`);
+    let classHash;
+
+    const declare = run(
+      `sncast --account ${accountName} \
+        declare \
+        --contract-name ${CONTRACT_NAME} \
+        --network ${NETWORK}`,
+      scarbProjectDir,
+    );
+
+    console.log('── sncast declare stdout ──────────────────────────────────');
+    console.log(declare.stdout || '(empty)');
+    console.log('── sncast declare stderr ──────────────────────────────────');
+    console.log(declare.stderr || '(empty)');
+    console.log('───────────────────────────────────────────────────────────');
+
+    const declareText = declare.combined;
+    const alreadyDeclared =
+      declareText.toLowerCase().includes('already declared') ||
+      declareText.toLowerCase().includes('class hash already exists') ||
+      declareText.toLowerCase().includes('contract class already declared');
+
+    if (declare.status === 0 || alreadyDeclared) {
+      classHash = extractClassHash(declareText);
+    }
+
+    if (!classHash && alreadyDeclared) {
+      // Class is on-chain but we couldn't get the hash from the error — compute locally.
+      console.log('ℹ️  Class already on-chain. Computing hash locally ...');
+      const hashResult = run(
+        `sncast class-hash --contract-name ${CONTRACT_NAME}`,
+        scarbProjectDir,
+      );
+      console.log('class-hash output:', hashResult.combined);
+      classHash = extractClassHash(hashResult.combined);
+    }
+
+    if (!classHash) {
+      console.error('❌ Could not extract class hash. Full declare output was:');
+      console.error(declareText);
+      process.exit(1);
+    }
+
+    console.log(`✅ Class hash: ${classHash}`);
+
+    // ── 6. Deploy ─────────────────────────────────────────────────────────────
+
+    console.log(`\n🚀 Deploying contract instance on ${NETWORK} ...`);
+
+    const deploy = run(
+      `sncast --account ${accountName} \
+        deploy \
+        --class-hash ${classHash} \
+        --network ${NETWORK}`,
+      scarbProjectDir,
+    );
+
+    console.log('── sncast deploy stdout ───────────────────────────────────');
+    console.log(deploy.stdout || '(empty)');
+    console.log('── sncast deploy stderr ───────────────────────────────────');
+    console.log(deploy.stderr || '(empty)');
+    console.log('───────────────────────────────────────────────────────────');
+
+    if (deploy.status !== 0 && !deploy.combined.toLowerCase().includes('contract_address')) {
+      console.error('❌ sncast deploy failed. See output above.');
+      process.exit(1);
+    }
+
+    const contractAddress = extractContractAddress(deploy.combined);
+    if (!contractAddress) {
+      console.error('❌ Deploy appeared to succeed but contract address could not be parsed.');
+      console.error('   Full output was printed above. Save the address manually if visible.');
+      process.exit(1);
+    }
+
+    console.log(`✅ Contract deployed at: ${contractAddress}`);
+
+    // ── 7. Write deployment.json ──────────────────────────────────────────────
+
+    const deploymentInfo = {
+      contractAddress,
+      classHash,
+      abi,
+      circuitName,
+      network: NETWORK,
+      paths: {
+        verificationKey: path.join(absFolder, 'verification_key.json'),
+        zkey:            path.join(absFolder, 'circuit_final.zkey'),
+        wasm:            path.join(absFolder, `${circuitName}_js`, `${circuitName}.wasm`),
+        r1cs:            path.join(absFolder, `${circuitName}.r1cs`),
+      },
+      deployedAt: new Date().toISOString(),
+    };
+
+    const deploymentJsonPath = path.join(absFolder, 'deployment.json');
+    fs.writeJsonSync(deploymentJsonPath, deploymentInfo, { spaces: 2 });
+
+    // ── 8. Summary ────────────────────────────────────────────────────────────
+
+    console.log('');
+    console.log('');
+    console.log('  ✅  Deployment complete!');
+    console.log(`  Circuit  : ${circuitName}`);
+    console.log(`  Address  : ${contractAddress}`);
+    console.log(`  Network  : ${NETWORK}`);
+    console.log(`  Explorer : https://sepolia.starkscan.co/contract/${contractAddress}`);
+    console.log(`  Saved to : ${deploymentJsonPath}`);
+    console.log('');
+    console.log('You can now call verifyProof() — it reads deployment.json automatically.');
+
+  } finally {
+    cleanupAccount(accountName);
+  }
+}
+
+module.exports = { deployVerifier };

package/lib/test.js

@@ -0,0 +1,47 @@
+ const path = require('path');
+  const { execSync } = require('child_process');
+  const fs = require('fs');
+
+  function testCircuit(folderPath, inputPath) {
+    try {
+      if (!fs.existsSync(folderPath)) {
+        console.error(`❌ Folder not found: ${folderPath}`);
+        process.exit(1);
+      }
+
+      if (!fs.existsSync(inputPath)) {
+        console.error(`❌ input.json not found: ${inputPath}`);
+        process.exit(1);
+      }
+
+      const folderName = path.basename(folderPath); 
+      const wasmDir = path.join(folderPath, `${folderName}_js`);
+      const wasmPath = path.join(wasmDir, `${folderName}.wasm`);
+      const zkeyPath = path.join(folderPath, 'circuit_final.zkey');
+      const proofPath = path.join(folderPath, 'proof.json');
+      const publicPath = path.join(folderPath, 'public.json');
+
+      if (!fs.existsSync(wasmPath)) {
+        console.error(`❌ .wasm file not found: ${wasmPath}`);
+        process.exit(1);
+      }
+
+      if (!fs.existsSync(zkeyPath)) {
+        console.error('❌ circuit_final.zkey not found. Make sure to compile first.');
+        process.exit(1);
+      }
+
+      console.log(`✅ Running groth16 fullprove...`);
+      execSync(`snarkjs groth16 fullprove ${inputPath} ${wasmPath} ${zkeyPath} ${proofPath} ${publicPath}`, {
+        stdio: 'inherit'
+      });
+
+      console.log(`✅ Proof generated at: ${proofPath}`);
+      console.log(`✅ Public inputs at: ${publicPath}`);
+    } catch (err) {
+      console.error('❌ Error generating proof:', err.message);
+      process.exit(1);
+    }
+  }
+
+  module.exports = { testCircuit };