Solidity verifier contracts generated using bls12-381 are not deployable #611
Description
Solidity verifier contracts generated for bls12-381 backends are not EVM compatible. I noted 3 issues:
- the contract was generated with BN254 scalar field and base field sizes
- verification key G1 points are 48 bytes (which is correct) but each coordinate is stored in a single uint256 (32 bytes) which is not appropriate.
- precompiles used are wrong. for MSMs we must use precompile at address 0x0c instead of 0x07 (and similarly 0x0b instead of 0x06 and 0x0g instead of 0x08)
pragma solidity >=0.7.0 <0.9.0;
contract Groth16Verifier {
// Scalar field size
uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
// Base field size
uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583;
// Verification Key data
uint256 constant alphax = 3800873390304120055620680196958567188131196432372814735771240607900867188744105719371124913847775267206204062967245;
uint256 constant alphay = 3157358220534401559577075923814275734265404782956125467462019167593175122622269020433527320634115374369583030727981;You should either inform users that the generator is not suitable for bls12-381 circuits or implement a correct template.