Sunscreen-tech · samtay · Jul 5, 2023 · Jun 26, 2023 · Jun 26, 2023 · Jun 27, 2023
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -46,14 +46,22 @@ jobs:
     # Run our non-interactive examples and assert the complete without error
     - name: Verify examples (amm)
       run: cargo run --release --bin amm
+    - name: Verify examples (bigint)
+      run: cargo run --release --bin bigint
     - name: Verify examples (chi_sq)
       run: cargo run --release --bin chi_sq
-    - name: Verify examples (simple_multiply)
-      run: cargo run --release --bin simple_multiply
     - name: Verify examples (dot_prod)
       run: cargo run --release --bin dot_prod
+    - name: Verify examples (mean_variance)
+      run: cargo run --release --bin mean_variance
+    - name: Verify examples (ordering_zkp)
+      run: cargo run --release --bin ordering_zkp
     - name: Verify examples (pir)
       run: cargo run --release --bin pir
+    - name: Verify examples (simple_multiply)
+      run: cargo run --release --bin simple_multiply
+    - name: Verify examples (sudoku_zkp)
+      run: cargo run --release --bin sudoku_zkp
     - name: Build sunscreen and bincode
       run: cargo build --release --package sunscreen --package bincode
     - name: Build mdBook

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/benchmarks/bfv_zkp/src/bfv.rs b/benchmarks/bfv_zkp/src/bfv.rs
@@ -201,7 +201,7 @@ fn div_round_bigint<const N: usize>(a: BigInt<N>, b: BigInt<N>) -> BigInt<N> {
 
 type BfvPoly<F> = RnsRingPolynomial<F, POLY_DEGREE, 1>;
 
-#[zkp_program(backend = "bulletproofs")]
+#[zkp_program]
 fn prove_enc<F: BackendField>(
     m: BfvPoly<F>,
     e_1: BfvPoly<F>,

diff --git a/examples/ordering_zkp/Cargo.toml b/examples/ordering_zkp/Cargo.toml
@@ -0,0 +1,7 @@
+[package]
+name = "ordering_zkp"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+sunscreen = { path = "../../sunscreen", features = ["bulletproofs"] }
diff --git a/examples/ordering_zkp/src/main.rs b/examples/ordering_zkp/src/main.rs
@@ -0,0 +1,79 @@
+use sunscreen::{
+    types::zkp::{ConstrainCmp, NativeField},
+    zkp_program, BackendField, BulletproofsBackend, Compiler, Error, ZkpBackend, ZkpRuntime,
+};
+
+#[zkp_program]
+fn greater_than<F: BackendField>(a: NativeField<F>, #[constant] b: NativeField<F>) {
+    a.constrain_gt_bounded(b, 32)
+}
+
+type BPField = NativeField<<BulletproofsBackend as ZkpBackend>::Field>;
+
+fn main() -> Result<(), Error> {
+    let app = Compiler::new()
+        .zkp_backend::<BulletproofsBackend>()
+        .zkp_program(greater_than)
+        .compile()?;
+
+    let greater_than_zkp = app.get_zkp_program(greater_than).unwrap();
+
+    let runtime = ZkpRuntime::new(&BulletproofsBackend::new())?;
+
+    let amount = BPField::from(232);
+    let threshold = BPField::from(64);
+
+    // Prove that amount > threshold
+
+    let proof = runtime.prove(greater_than_zkp, vec![threshold], vec![], vec![amount])?;
+
+    runtime.verify(greater_than_zkp, &proof, vec![threshold], vec![])?;
+
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn run_test(amount: BPField, threshold: BPField, should_succeed: bool) {
+        let app = Compiler::new()
+            .zkp_backend::<BulletproofsBackend>()
+            .zkp_program(greater_than)
+            .compile()
+            .unwrap();
+        let gt_zkp = app.get_zkp_program(greater_than).unwrap();
+        let runtime = ZkpRuntime::new(&BulletproofsBackend::new()).unwrap();
+        let proof = runtime.prove(gt_zkp, vec![threshold], vec![], vec![amount]);
+        if !should_succeed {
+            assert!(proof.is_err());
+        } else {
+            assert!(runtime
+                .verify(gt_zkp, &proof.unwrap(), vec![threshold], vec![])
+                .is_ok())
+        }
+    }
+
+    #[test]
+    fn test_gt() {
+        run_test(1.into(), 0.into(), true);
+        run_test(100.into(), 0.into(), true);
+        run_test(100.into(), 99.into(), true);
+        run_test(u32::MAX.into(), 0.into(), true);
+    }
+
+    #[test]
+    fn test_le() {
+        run_test(0.into(), 1.into(), false);
+    }
+
+    #[test]
+    fn test_eq() {
+        run_test(1.into(), 1.into(), false);
+    }
+
+    #[test]
+    fn test_bounded_failure() {
+        run_test(u64::MAX.into(), 0.into(), false);
+    }
+}
diff --git a/examples/sudoku_zkp/src/main.rs b/examples/sudoku_zkp/src/main.rs
@@ -1,20 +1,19 @@
 use sunscreen::{
-    types::zkp::NativeField, zkp_program, BackendField, BulletproofsBackend, Compiler, Runtime,
-    ZkpBackend, ZkpProgramInput,
+    types::zkp::NativeField, zkp_program, zkp_var, BackendField, BulletproofsBackend, Compiler,
+    Error, ZkpBackend, ZkpProgramInput, ZkpRuntime,
 };
 
 type BPField = NativeField<<BulletproofsBackend as ZkpBackend>::Field>;
 
-fn main() {
+fn main() -> Result<(), Error> {
     let app = Compiler::new()
         .zkp_backend::<BulletproofsBackend>()
         .zkp_program(sudoku_proof)
-        .compile()
-        .unwrap();
+        .compile()?;
 
     let prog = app.get_zkp_program(sudoku_proof).unwrap();
 
-    let runtime = Runtime::new_zkp(&BulletproofsBackend::new()).unwrap();
+    let runtime = ZkpRuntime::new(&BulletproofsBackend::new())?;
 
     let ex_puzzle = [
         [0, 7, 0, 0, 2, 0, 0, 4, 6],
@@ -44,34 +43,36 @@ fn main() {
 
     let cons: Vec<ZkpProgramInput> = vec![ex_puzzle.map(|a| a.map(BPField::from)).into()];
 
-    let proof = runtime.prove(prog, cons.clone(), vec![], board).unwrap();
+    let proof = runtime.prove(prog, cons.clone(), vec![], board)?;
 
-    let verify = runtime.verify(prog, &proof, cons, vec![]);
+    runtime.verify(prog, &proof, cons, vec![])?;
 
-    assert!(verify.is_ok());
+    Ok(())
 }
 
-#[zkp_program(backend = "bulletproofs")]
+#[zkp_program]
 fn sudoku_proof<F: BackendField>(
     #[constant] constraints: [[NativeField<F>; 9]; 9],
     board: [[NativeField<F>; 9]; 9],
 ) {
-    fn assert_unique_numbers<F: BackendField>(arr: [ProgramNode<NativeField<F>>; 9]) {
+    let zero = zkp_var!(0);
+
+    let assert_unique_numbers = |squares| {
         for i in 1..=9 {
-            let mut circuit = NativeField::<F>::from(1).into_program_node();
-            for a in arr {
-                circuit = circuit * (NativeField::<F>::from(i).into_program_node() - a);
+            let mut circuit = zkp_var!(1);
+            for s in squares {
+                circuit = circuit * (zkp_var!(i) - s);
             }
-            circuit.constrain_eq(NativeField::<F>::from(0));
+            circuit.constrain_eq(zero);
         }
-    }
+    };
+
     // Proves that the board matches up with the puzzle where applicable
-    let zero = NativeField::<F>::from(0).into_program_node();
 
     for i in 0..9 {
         for j in 0..9 {
-            let square = board[i][j].into_program_node();
-            let constraint = constraints[i][j].into_program_node();
+            let square = board[i][j];
+            let constraint = constraints[i][j];
             (constraint * (constraint - square)).constrain_eq(zero);
         }
     }
@@ -94,7 +95,7 @@ fn sudoku_proof<F: BackendField>(
 
             let square = rows.iter().map(|s| &s[(j * 3)..(j * 3 + 3)]);
 
-            let flattened_sq: [ProgramNode<NativeField<F>>; 9] = square
+            let flattened_sq = square
                 .flatten()
                 .copied()
                 .collect::<Vec<_>>()
@@ -120,7 +121,7 @@ mod tests {
 
         let prog = app.get_zkp_program(sudoku_proof).unwrap();
 
-        let runtime = Runtime::new_zkp(&BulletproofsBackend::new()).unwrap();
+        let runtime = ZkpRuntime::new(&BulletproofsBackend::new()).unwrap();
 
         let ex_puzzle = [
             [0, 7, 0, 0, 2, 0, 0, 4, 6],
@@ -167,7 +168,7 @@ mod tests {
 
         let prog = app.get_zkp_program(sudoku_proof).unwrap();
 
-        let runtime = Runtime::new_zkp(&BulletproofsBackend::new()).unwrap();
+        let runtime = ZkpRuntime::new(&BulletproofsBackend::new()).unwrap();
 
         let ex_puzzle = [
             [0, 7, 0, 0, 2, 0, 0, 4, 6],
@@ -212,7 +213,7 @@ mod tests {
 
         let prog = app.get_zkp_program(sudoku_proof).unwrap();
 
-        let runtime = Runtime::new_zkp(&BulletproofsBackend::new()).unwrap();
+        let runtime = ZkpRuntime::new(&BulletproofsBackend::new()).unwrap();
 
         let ex_puzzle = [[0; 9]; 9];
 

diff --git a/sunscreen/Cargo.toml b/sunscreen/Cargo.toml
@@ -47,7 +47,9 @@ env_logger = "0.10.0"
 float-cmp = "0.9.0"
 lazy_static = "1.4.0"
 proptest = "1.1.0"
-sunscreen_zkp_backend = { path = "../sunscreen_zkp_backend", features = ["bulletproofs"] }
+sunscreen_zkp_backend = { path = "../sunscreen_zkp_backend", features = [
+  "bulletproofs",
+] }
 sunscreen_compiler_common = { path = "../sunscreen_compiler_common" }
 serde_json = "1.0.74"
 

diff --git a/sunscreen/benches/fractional_range_proof.rs b/sunscreen/benches/fractional_range_proof.rs
@@ -80,7 +80,7 @@ fn make_fractional_value(bits: &[i8]) -> [[BPField; 8]; 64] {
 /// the number of decimal places in the fractional amount. This is
 /// basically free, so we don't need to time it here.
 fn unshield_tx_fractional_range_proof(_c: &mut Criterion) {
-    #[zkp_program(backend = "bulletproofs")]
+    #[zkp_program]
     /**
      * Proves the 0 < a <= b and a == c
      */
@@ -153,7 +153,7 @@ fn unshield_tx_fractional_range_proof(_c: &mut Criterion) {
 /// in the SDLP, which reduces the number of circuit inputs. However, this proof is
 /// orders of magnitude faster than the SDLP so 🤷‍♀️.
 fn private_tx_fractional_range_proof(_c: &mut Criterion) {
-    #[zkp_program(backend = "bulletproofs")]
+    #[zkp_program]
     /**
      * Proves the 0 < a <= b and a == c
      */
@@ -228,7 +228,7 @@ fn private_tx_fractional_range_proof(_c: &mut Criterion) {
 /// * a is the submitted value under a given user's key.
 /// * b is the maximum value encrypted under the same user's key.
 fn mean_variance_fractional_range_proof(_c: &mut Criterion) {
-    #[zkp_program(backend = "bulletproofs")]
+    #[zkp_program]
     /**
      * Proves the 0 < a <= b and a == c
      */
@@ -291,7 +291,7 @@ fn mean_variance_fractional_range_proof(_c: &mut Criterion) {
 ///
 /// * a_0, a_1, a_2 are submitted value under a given user's key.
 fn chi_sq_fractional_range_proof(_c: &mut Criterion) {
-    #[zkp_program(backend = "bulletproofs")]
+    #[zkp_program]
     /**
      * Proves the 0 < a <= b and a == c
      */

diff --git a/sunscreen/src/compiler.rs b/sunscreen/src/compiler.rs
@@ -591,7 +591,7 @@ mod tests {
 
     #[test]
     fn fhe_zkp_program_yields_fhezkp_compiler() {
-        #[zkp_program(backend = "bulletproofs")]
+        #[zkp_program]
         fn kitty<F: BackendField>() {}
 
         #[fhe_program(scheme = "bfv")]
@@ -619,7 +619,7 @@ mod tests {
 
     #[test]
     fn compiling_zkp_program_yields_zkp_application() {
-        #[zkp_program(backend = "bulletproofs")]
+        #[zkp_program]
         fn kitty<F: BackendField>() {}
 
         let app = GenericCompiler::new()
@@ -633,7 +633,7 @@ mod tests {
 
     #[test]
     fn compiling_fhe_and_zkp_program_yields_fhezkp_application() {
-        #[zkp_program(backend = "bulletproofs")]
+        #[zkp_program]
         fn kitty<F: BackendField>(_a: NativeField<F>) {}
 
         #[fhe_program(scheme = "bfv")]

diff --git a/sunscreen/src/types/bfv/batched.rs b/sunscreen/src/types/bfv/batched.rs
@@ -554,6 +554,20 @@ impl<const LANES: usize> GraphCipherMul for Batched<LANES> {
     }
 }
 
+impl<const LANES: usize> GraphCipherInsert for Batched<LANES> {
+    type Lit = i64;
+    type Val = Self;
+
+    fn graph_cipher_insert(lit: Self::Lit) -> FheProgramNode<Self::Val> {
+        with_fhe_ctx(|ctx| {
+            let lit = Self::from(lit).try_into_plaintext(&ctx.data).unwrap();
+            let l = ctx.add_plaintext_literal(lit.inner);
+
+            FheProgramNode::new(&[l])
+        })
+    }
+}
+
 impl<const LANES: usize> GraphCipherConstMul for Batched<LANES> {
     type Left = Self;
     type Right = i64;

diff --git a/sunscreen/src/types/bfv/fractional.rs b/sunscreen/src/types/bfv/fractional.rs
@@ -5,9 +5,9 @@ use crate::{
     types::{
         ops::{
             GraphCipherAdd, GraphCipherConstAdd, GraphCipherConstDiv, GraphCipherConstMul,
-            GraphCipherConstSub, GraphCipherMul, GraphCipherNeg, GraphCipherPlainAdd,
-            GraphCipherPlainMul, GraphCipherPlainSub, GraphCipherSub, GraphConstCipherSub,
-            GraphPlainCipherSub,
+            GraphCipherConstSub, GraphCipherInsert, GraphCipherMul, GraphCipherNeg,
+            GraphCipherPlainAdd, GraphCipherPlainMul, GraphCipherPlainSub, GraphCipherSub,
+            GraphConstCipherSub, GraphPlainCipherSub,
         },
         Cipher,
     },
@@ -236,6 +236,20 @@ impl<const INT_BITS: usize> GraphCipherPlainAdd for Fractional<INT_BITS> {
     }
 }
 
+impl<const INT_BITS: usize> GraphCipherInsert for Fractional<INT_BITS> {
+    type Lit = f64;
+    type Val = Self;
+
+    fn graph_cipher_insert(lit: Self::Lit) -> FheProgramNode<Self::Val> {
+        with_fhe_ctx(|ctx| {
+            let lit = Self::from(lit).try_into_plaintext(&ctx.data).unwrap();
+            let lit = ctx.add_plaintext_literal(lit.inner);
+
+            FheProgramNode::new(&[lit])
+        })
+    }
+}
+
 impl<const INT_BITS: usize> GraphCipherConstAdd for Fractional<INT_BITS> {
     type Left = Fractional<INT_BITS>;
     type Right = f64;