Generating witness from circuit with assigned fields gives error.

[drakstik]

Hi I'm getting this error when trying to generate a witness after assigning it fields.

Here is the code:

package main

import (
	crand "crypto/rand"

	ctwistededwards "github.com/consensys/gnark-crypto/ecc/twistededwards"

	ceddsa "github.com/consensys/gnark-crypto/signature/eddsa"
)

type Circuit struct {
	PublicKey_in  eddsa.PublicKey      `gnark:",secret"`
	PublicKey_out eddsa.PublicKey      `gnark:",public"`
	Signature     eddsa.Signature      `gnark:",secret"`
	Message_in    frontend.Variable    `gnark:",secret"`
	T             frontend.Variable    `gnark:",secret"`
	Message_out   frontend.Variable    `gnark:",public"`
	Permissible_T [2]frontend.Variable `gnark:",public"`
}

func (circuit *Circuit) Define(api frontend.API) error {

	// set the twisted ewards curve to use
	curve, err := twistededwards.NewEdCurve(api, ctwistededwards.BN254)
	if err != nil {
		return err
	}

	// hash function
	mimc, err := mimc.NewMiMC(api)
	if err != nil {
		return err
	}

	// verify the EdDSA signature
	eddsa.Verify(curve, circuit.Signature, circuit.Message_out, circuit.PublicKey_out, &mimc)

	// Print message
	api.Println("MESSAGE: ", circuit.Message_out)

	return nil
}

type Msg struct {
	Matrix   [][]frontend.Variable  `json:"matrix"` // Each group of three
	Metadata map[string]interface{} `json:"metadata"`
}

func CreateMsg() Msg {
       ...
	// create a Msg with a 2D array of frontend.Variable of size N*N and populate Metadata fields
       ...
}

func main() {
	/* Create message */
       msg := CreateMsg()

	/* Sign message */

	// JSON encode the message
	JSON_msg := msg.JSON_Encode_Msg()

	msg_big_endian_bytes := field_elements.Bytes_to_big_endian(JSON_msg)

	// Generate a signing key
	secretKey, err := ceddsa.New(1, crand.Reader)
	if err != nil {
		fmt.Println("Error: " + err.Error())
	}

	// Generate a public signature verification key
	publicKey := secretKey.Public()

	// Instantiate hash function to be used when signing the message
	hFunc := hash.MIMC_BN254.New()

	// Sign the msg
	signature, err := secretKey.Sign(msg_big_endian_bytes, hFunc)
	if err != nil {
		fmt.Println("Error: " + err.Error())
	}

	// Instantiate a Circuit
	var circuit Circuit

	// assign values to the Circuit's fields
	circuit.Message_out = frontend.Variable(new(big.Int).SetBytes(JSON_msg))
	circuit.Message_in = frontend.Variable(-1)
	circuit.PublicKey_out.Assign(ctwistededwards.ID(ecc.BN254), publicKey.Bytes()[:32])
	circuit.PublicKey_in.Assign(ctwistededwards.ID(ecc.BN254), publicKey.Bytes()[:32])
	circuit.Signature.Assign(ctwistededwards.ID(ecc.BN254), signature)
	circuit.T = frontend.Variable(-1)

	// assign Permissible_Transformations
	var permissibleT []frontend.Variable
	permissibleT = msg.Metadata["permissibleT"].([]frontend.Variable)
	for i := 0; i < len(circuit.Permissible_T); i++ {
		circuit.Permissible_T[i] = permissibleT[i]
	}

	/* Compiling the constraint system for an eddsaCircuit */
	r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)
	if err != nil {
		fmt.Println(err.Error())
	}

	/*	"generate PCD keys"	*/
	provingKey, verifyingKey, err := groth16.Setup(r1cs)
	if err != nil {
		fmt.Println(err.Error())
	}

	// Generate the witness
	witness, err := frontend.NewWitness(&circuit, ecc.BN254.ScalarField())
	if err != nil {
		fmt.Println("ERROR 1: " + err.Error())
		return
	}

	// Generate the public part of the witness
	publicWitness, err := witness.Public()
	if err != nil {
		fmt.Println("ERROR 2: " + err.Error())
		return
	}

	/* Generate the proof */
	proof, err := groth16.Prove(r1cs, provingKey, witness)
	if err != nil {
		fmt.Println("ERROR 3: " + err.Error())
		return
	}

	fmt.Println("Success", witness, publicWitness, proof, verifyingKey)
}

I'm getting this in my console when I run it (I'm catching the error as ERROR 1, and it's when I'm generating the witness).

15:04:35 INF compiling circuit
15:04:35 INF parsed circuit inputs nbPublic=5 nbSecret=7
15:04:35 INF building constraint builder nbConstraints=7003
ERROR 1: can't set fr.Element from type expr.LinearExpression

Please help. I could not find much in the discussions and issues. I am unsure which of the circuit fields are not being accepted by SetInterface()...

[ivokub]

Hi.

Compiling a circuit and performing witness assignment is two-phase operation. First when you run the frontend.Compile, you should compile without having the witness values assigned (i.e. need to remove

	// assign values to the Circuit's fields
	circuit.Message_out = frontend.Variable(new(big.Int).SetBytes(JSON_msg))
	circuit.Message_in = frontend.Variable(-1)
	circuit.PublicKey_out.Assign(ctwistededwards.ID(ecc.BN254), publicKey.Bytes()[:32])
	circuit.PublicKey_in.Assign(ctwistededwards.ID(ecc.BN254), publicKey.Bytes()[:32])
	circuit.Signature.Assign(ctwistededwards.ID(ecc.BN254), signature)
	circuit.T = frontend.Variable(-1)

)

Then, when doing witness, err := frontend.NewWitness(&circuit, ecc.BN254.ScalarField()) you should use a another value with assigned witness.

So the code should (on a high level, your example doesn't compile for me as is not complete) be

package main

import (
	crand "crypto/rand"

	ctwistededwards "github.com/consensys/gnark-crypto/ecc/twistededwards"

	ceddsa "github.com/consensys/gnark-crypto/signature/eddsa"
)

type Circuit struct {
	PublicKey_in  eddsa.PublicKey      `gnark:",secret"`
	PublicKey_out eddsa.PublicKey      `gnark:",public"`
	Signature     eddsa.Signature      `gnark:",secret"`
	Message_in    frontend.Variable    `gnark:",secret"`
	T             frontend.Variable    `gnark:",secret"`
	Message_out   frontend.Variable    `gnark:",public"`
	Permissible_T [2]frontend.Variable `gnark:",public"`
}

func (circuit *Circuit) Define(api frontend.API) error {

	// set the twisted ewards curve to use
	curve, err := twistededwards.NewEdCurve(api, ctwistededwards.BN254)
	if err != nil {
		return err
	}

	// hash function
	mimc, err := mimc.NewMiMC(api)
	if err != nil {
		return err
	}

	// verify the EdDSA signature
	eddsa.Verify(curve, circuit.Signature, circuit.Message_out, circuit.PublicKey_out, &mimc)

	// Print message
	api.Println("MESSAGE: ", circuit.Message_out)

	return nil
}

type Msg struct {
	Matrix   [][]frontend.Variable  `json:"matrix"` // Each group of three
	Metadata map[string]interface{} `json:"metadata"`
}

func CreateMsg() Msg {
       ...
	// create a Msg with a 2D array of frontend.Variable of size N*N and populate Metadata fields
       ...
}

func main() {
	/* Create message */
       msg := CreateMsg()

	/* Sign message */

	// JSON encode the message
	JSON_msg := msg.JSON_Encode_Msg()

	msg_big_endian_bytes := field_elements.Bytes_to_big_endian(JSON_msg)

	// Generate a signing key
	secretKey, err := ceddsa.New(1, crand.Reader)
	if err != nil {
		fmt.Println("Error: " + err.Error())
	}

	// Generate a public signature verification key
	publicKey := secretKey.Public()

	// Instantiate hash function to be used when signing the message
	hFunc := hash.MIMC_BN254.New()

	// Sign the msg
	signature, err := secretKey.Sign(msg_big_endian_bytes, hFunc)
	if err != nil {
		fmt.Println("Error: " + err.Error())
	}

	// Instantiate an assignment
	var assignment Circuit

	// assign values to the Circuit's fields
	assignment.Message_out = frontend.Variable(new(big.Int).SetBytes(JSON_msg))
	assignment.Message_in = frontend.Variable(-1)
	assignment.PublicKey_out.Assign(ctwistededwards.ID(ecc.BN254), publicKey.Bytes()[:32])
	assignment.PublicKey_in.Assign(ctwistededwards.ID(ecc.BN254), publicKey.Bytes()[:32])
	assignment.Signature.Assign(ctwistededwards.ID(ecc.BN254), signature)
	assignment.T = frontend.Variable(-1)

	// assign Permissible_Transformations
	var permissibleT []frontend.Variable
	permissibleT = msg.Metadata["permissibleT"].([]frontend.Variable)
	for i := 0; i < len(circuit.Permissible_T); i++ {
		assignment.Permissible_T[i] = permissibleT[i]
	}

	/* Compiling the constraint system for an eddsaCircuit */
	r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &Circuit{})
	if err != nil {
		fmt.Println(err.Error())
	}

	/*	"generate PCD keys"	*/
	provingKey, verifyingKey, err := groth16.Setup(r1cs)
	if err != nil {
		fmt.Println(err.Error())
	}

	// Generate the witness
	witness, err := frontend.NewWitness(&assignment, ecc.BN254.ScalarField())
	if err != nil {
		fmt.Println("ERROR 1: " + err.Error())
		return
	}

	// Generate the public part of the witness
	publicWitness, err := witness.Public()
	if err != nil {
		fmt.Println("ERROR 2: " + err.Error())
		return
	}

	/* Generate the proof */
	proof, err := groth16.Prove(r1cs, provingKey, witness)
	if err != nil {
		fmt.Println("ERROR 3: " + err.Error())
		return
	}

	fmt.Println("Success", witness, publicWitness, proof, verifyingKey)
}