Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
circomkit-numtel
Advanced tools
A simple-to-use & opinionated circuit development & testing toolkit.
groth16
, plonk
, and fflonk
.bn128
.Circomkit can be installed via:
npm install circomkit
pnpm install circomkit
yarn add circomkit
You will also need Circom, which can be installed following the instructions here.
You can setup a new project with the following:
npx circomkit init
You can check out examples at the circomkit-examples repository.
Actions that require a circuit name can be called as follows:
# Compile the circuit
npx circomkit compile <circuit>
# Create the main component
npx circomkit instantiate <circuit>
# Create a Solidity verifier contract
npx circomkit contract <circuit>
# Clean circuit artifacts
npx circomkit clean <circuit>
# Circuit-specific setup
npx circomkit setup <circuit> [ptau-path]
# Create verification key
npx circomkit vkey <circuit> [pkey-path]
# Automatically download PTAU (for BN128)
npx circomkit ptau <circuit>
[!NOTE]
Circuit-specific setup optionally takes the path to a PTAU file as argument. If not provided, it will automatically decide the PTAU to use with respect to constraint count, and download that for you! This feature only works for
bn128
prime, and has an upper-limit of at most $2^{28}$ constraints.
Some actions such as generating a witness, generating a proof and verifying a proof require JSON inputs to provide the signal values. For that, we specifically create our input files under the inputs
folder, and under the target circuit name there. For example, an input named foo
for some circuit named bar
would be at inputs/bar/foo.json
.
# Generate a witness
npx circomkit witness <circuit> <input>
# Generate a proof
npx circomkit prove <circuit> <input>
# Verify a proof with public signals
npx circomkit verify <circuit> <input>
# Export Solidity calldata to console
npx circomkit calldata <circuit> <input>
Everything used by Circomkit can be optionally overridden by providing the selected fields in its constructor. Circomkit CLI does this automatically by checking out circomkit.json
and overriding the defaults with that. You can print the active configuration via the following command:
npx circomkit config
You can edit any of the fields there to fit your needs. Most importantly, you can change the protocol to be groth16
, plonk
or fflonk
; and you can change the underlying prime field to bn128
, bls12381
and goldilocks
.
[!NOTE]
Using a prime other than
bn128
makes things a bit harder in circuit-specific setup, as you will have to find the PTAU files yourself, whereas inbn128
we can use Perpetual Powers of Tau.
A circuit config within circuits.json
looks like below, where the key
is the circuit name to be used in commands, and the value is an object that describes the filename, template name, public signals and template parameters:
sudoku_9x9: {
file: 'sudoku',
template: 'Sudoku',
pubs: ['puzzle'],
params: [3], // sqrt(9)
}
[!TIP]
The
pubs
andparams
options can be omitted, in which case they will default to[]
.
All CLI commands other than init
can be used with the same name and arguments within Circomkit. Furthermore, you can provide configuration & inputs directly, instead of letting Circomkit read from circuits.json
or from within the inputs
folder.
import {Circomkit} from 'circomkit';
const circomkit = new Circomkit({
// custom configurations
protocol: 'plonk',
});
// artifacts output at `build/multiplier_3` directory
await circomkit.compile('multiplier_3', {
file: 'multiplier',
template: 'Multiplier',
params: [3],
});
// proof & public signals at `build/multiplier_3/my_input` directory
await circomkit.prove('multiplier_3', 'my_input', {in: [3, 5, 7]});
// verify with proof & public signals at `build/multiplier_3/my_input`
await circomkit.verify('multiplier_3', 'my_input');
Circomkit provides two tester utilities that use Chai assertions within, which may be used in a test suite such as Mocha. The key point of these utilities is to help reduce boilerplate code and let you simply worry about the inputs and outputs of a circuit.
The Witness tester extends require('circom_tester').wasm
tool with type-safety and few assertion functions. It provides a very simple interface:
expectPass(input)
checks if constraints & assertions are passing for an inputexpectPass(input, output)
additionally checks if the outputs are matchingexpectFail(input)
checks if any constraints / assertions are failingSee an example below:
describe('witness tester', () => {
// input signals and output signals can be given as type parameters
// this makes all functions type-safe!
let circuit: WitnessTester<['in'], ['out']>;
before(async () => {
const circomkit = new Circomkit();
circuit = await circomkit.WitnessTester(CIRCUIT_NAME, CIRCUIT_CONFIG);
});
it('should pass on correct input & output', async () => {
await circuit.expectPass(INPUT, OUTPUT);
});
it('should fail on wrong output', async () => {
await circuit.expectFail(INPUT, WRONG_OUTPUT);
});
it('should fail on bad input', async () => {
await circuit.expectFail(BAD_INPUT);
});
});
You can check if the number of constraints are correct using expectConstraintCount
, as shown below:
it('should have correct number of constraints', async () => {
// expects at least N constraints
await circuit.expectConstraintCount(N);
// expects exactly N constraints
await circuit.expectConstraintCount(N, true);
});
If you want more control over the output signals, you can use the compute
function. It takes in an input, and an array of output signal names used in the main
component so that they can be extracted from the witness.
it('should compute correctly', async () => {
const output = await circuit.compute(INPUT, ['out']);
expect(output).to.haveOwnProperty('out');
expect(output.out).to.eq(BigInt(OUTPUT.out));
});
Finally, you can run tests on the witnesses too. This is most useful when you would like to check for soundness errors.
expectConstraintPass(witness)
checks if constraints are passing for a witnessexpectConstraintFail(witness)
checks if constraints are failingYou can compute the witness via the calculateWitness(input)
function. To test for soundness errors, you may edit the witness and see if constraints are failing.
Circomkit provides a nice utility for this purpose, called
editWitness(witness, symbols)
. You simply provide a dictionary of symbols to their new values, and it will edit the witness accordingly. See the example below:
it('should pass on correct witness', async () => { const witness = await circuit.calculateWitness(INPUT); await circuit.expectConstraintPass(witness); }); it('should fail on fake witness', async () => { const witness = await circuit.calculateWitness(INPUT); const badWitness = await circuit.editWitness(witness, { 'main.signal': BigInt(1234), 'main.component.signal': BigInt('0xCAFE'), 'main.foo.bar[0]': BigInt('0b0101'), }); await circuit.expectConstraintFail(badWitness); });
As an alternative to simulate generating a proof and verifying it, you can use Proof Tester. The proof tester makes use of WASM file, prover key and verifier key in the background. It will use the underlying Circomkit configuration to look for those files, and it can generate them automatically if they do not exist. An example using Plonk protocol is given below. Notice how we create the necessary files before creating the tester, as they are required for proof generation and verification.
describe('proof tester', () => {
// input signals and output signals can be given as type parameters
// this makes all functions type-safe!
let circuit: ProofTester<['in']>;
before(async () => {
const circomkit = new Circomkit({
protocol: 'plonk',
});
circomkit.instantiate(CIRCUIT_NAME, CIRCUIT_CONFIG);
await circomkit.setup(CIRCUIT_NAME, PTAU_PATH);
circuit = await circomkit.ProofTester(CIRCUIT_NAME);
});
it('should verify a proof correctly', async () => {
const {proof, publicSignals} = await circuit.prove(INPUT);
await circuit.expectPass(proof, publicSignals);
});
it('should NOT verify a proof with invalid public signals', async () => {
const {proof} = await circuit.prove(INPUT);
await circuit.expectFail(proof, BAD_PUBLIC_SIGNALS);
});
});
You may notice that there are optional template parameters in both testers: WitnessTester<InputSignals, OutputSignals>
and ProofTester<InputSignals>
. These template parameters take in an array of strings corresponding to signal names. For example, if your circuit has two input signals in1, in2
and an output out
, you may instantiate the tester as WitnessTester<['in1', 'in2'], ['out']>
. In doing so, you will get type-checking on all inputs and outputs required by the tester.
Circomkit with its default configuration follows an opinionated file structure, abstracting away the pathing and orientation behind the scenes. All of these can be customized by overriding the respective settings in circomkit.json
.
An example structure is shown below. Suppose there is a generic circuit for a Sudoku solution knowledge proof written under circuits
folder. When instantiated, a main
component for a 9x9 board is created under circuits/main
. The solution along with it's puzzle is stored as a JSON object under inputs/sudoku_9x9
. You can see the respective artifacts under build
directory. In particular, we see groth16
prefix on some files, indicating that Groth16 protocol was used to create them.
circomkit
├── circuits.json
├── circomkit.json
│
├── circuits
│ ├── main
│ │ └── sudoku_9x9.circom
│ └── sudoku.circom
│
├── inputs
│ └── sudoku_9x9
│ └── my_solution.json
│
├── ptau
│ └── powersOfTau28_hez_final_08.ptau
│
└── build
└── sudoku_9x9
├── sudoku_9x9_js
│ │── generate_witness.js
│ │── witness_calculator.js
│ └── sudoku_9x9.wasm
│
├── my_solution
│ │── proof.json
│ │── public.json
│ └── witness.wtns
│
├── sudoku_9x9.r1cs
├── sudoku_9x9.sym
│
├── groth16_pkey.zkey
├── groth16_vkey.json
└── groth16_verifier.sol
Run all tests via:
yarn test
[!TIP]
You can also use the CLI while developing Circomkit locally via
yarn cli
as if you are usingnpx circomkit
. This is useful for hands-on testing stuff.
Circomkit uses Google TypeScript Style Guide.
# check the formatting
yarn format
# lint everything
yarn lint
# do both at once
yarn style
FAQs
A Circom development environment
We found that circomkit-numtel demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.