feat: add empty inputs generator for key gen phase

README.md

@@ -32,6 +32,7 @@ You can modify these parameters to fit your needs.
 
 As a result:
 - A file `./src/data/sk_enc_input.json` is generated including the input to the circuit that can be used for testing. It includes a random secret key, a random plaintext message and the corresponding ciphertext encrypted under the secret key.
+- A file `./src/data/sk_enc_input_zeroes.json` is generated. In this file all the coefficients of the input polynomials are set to zero. This input is used at key generation time, when the actual inputs are not known.
 - A file `./src/constants/sk_enc.rs` is generated including the generic constants for the circuit. Note that we separate them from the input because these should be known at compile time.
 
 On top of that, the console will print an estimatation of the number of advice cells needed to compile the circuit in halo2 considering a single advice column and a lookup table of size 2^8.

scripts/circuit_sk.py

@@ -410,10 +410,28 @@ def main(args):
         f.write(f"/// List of scalars `k0is` such that `k0i[i]` is equal to the negative of the multiplicative inverses of t mod qi.\n")
         f.write(f"pub const K0IS: [&str; {len(k0i_constants)}] = [{k0is_str}];\n")
 
-    # write the inputs to a json file
     with open(args.output_input, 'w') as f:
         json.dump(json_input, f)
 
+    # Initialize a structure to hold polynomials with zero coefficients. This will be used at key generation.
+    json_input_zeroes = {
+        "s": ["0" for _ in s_assigned.coefficients],
+        "e": ["0" for _ in e_assigned.coefficients],
+        "k1": ["0" for _ in k1_assigned.coefficients],
+        "r2is": [["0" for _ in r2i.coefficients] for r2i in r2is_assigned],
+        "r1is": [["0" for _ in r1i.coefficients] for r1i in r1is_assigned],
+        "ais": [["0" for _ in ai_in_p.coefficients] for ai_in_p in ais_in_p],
+        "ct0is": [["0" for _ in ct0i_in_p.coefficients] for ct0i_in_p in ct0is_in_p],
+    }
+
+    original_output_path = args.output_input
+    path_parts = original_output_path.rsplit('.', 1)
+    zeroed_output_path = f"{path_parts[0]}_zeroes.{path_parts[1]}"
+
+    with open(zeroed_output_path, 'w') as f:
+        json.dump(json_input_zeroes, f)
+
+
 if __name__ == "__main__":
     parser = argparse.ArgumentParser(
         description="Generate rust constants and json inputs for BFV zk proof of secret key encryption circuit"

src/constants/sk_enc.rs

@@ -5,12 +5,12 @@ pub const E_BOUND: u64 = 19;
 /// The coefficients of the polynomial `s` should exist in the interval `[-S_BOUND, S_BOUND]`.
 pub const S_BOUND: u64 = 1;
 /// The coefficients of the polynomials `r1is` should exist in the interval `[-R1_BOUND[i], R1_BOUND[i]]` where `R1_BOUND[i]` is equal to `(qi-1)/2`
-pub const R1_BOUNDS: [u64; 15] = [16094, 14176, 11271, 20472, 6497, 20727, 16995, 22957, 22168, 8788, 13569, 22540, 30882, 23771, 15145];
+pub const R1_BOUNDS: [u64; 15] = [1321, 12139, 1692, 1530, 19009, 17587, 3417, 15539, 24450, 19013, 24041, 5934, 31437, 16662, 15909];
 /// The coefficients of the polynomials `r2is` should exist in the interval `[-R2_BOUND[i], R2_BOUND[i]]` where `R2_BOUND[i]` is equal to $\frac{(N+2) \cdot \frac{q_i - 1}{2} + B + \frac{t - 1}{2} \cdot |K_{0,i}|}{q_i}$
-pub const R2_BOUNDS: [u64; 15] = [248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176, 248101820852378176];
+pub const R2_BOUNDS: [u64; 15] = [576460752303292416, 576460752299360256, 576460752298508288, 576460752297984000, 576460752297820160, 576460752296706048, 576460752296411136, 576460752296214528, 576460752294969344, 576460752293265408, 576460752292773888, 576460752291823616, 576460752290938880, 576460752290709504, 576460752290447360];
 /// The coefficients of `k1` should exist in the interval `[-K1_BOUND, K1_BOUND]` where `K1_BOUND` is equal to `(t-1)/2`
 pub const K1_BOUND: u64 = 32768;
 /// List of scalars `qis` such that `qis[i]` is the modulus of the i-th CRT basis of `q` (ciphertext space modulus)
-pub const QIS: [&str; 15] = ["496203641704756321", "496203641704756323", "496203641704756325", "496203641704756327", "496203641704756331", "496203641704756333", "496203641704756337", "496203641704756339", "496203641704756343", "496203641704756351", "496203641704756357", "496203641704756361", "496203641704756367", "496203641704756369", "496203641704756373"];
+pub const QIS: [&str; 15] = ["1152921504606584833", "1152921504598720513", "1152921504597016577", "1152921504595968001", "1152921504595640321", "1152921504593412097", "1152921504592822273", "1152921504592429057", "1152921504589938689", "1152921504586530817", "1152921504585547777", "1152921504583647233", "1152921504581877761", "1152921504581419009", "1152921504580894721"];
 /// List of scalars `k0is` such that `k0i[i]` is equal to the negative of the multiplicative inverses of t mod qi.
-pub const K0IS: [&str; 15] = ["21888242871839275222246405745257275088548364400416034343697968232987910254532", "21888242871839275222246405745257275088548364400416034343697997284262354021411", "21888242871839275222246405745257275088548364400416034343698041273812658500319", "21888242871839275222246405745257275088548364400416034343697901945808406689495", "21888242871839275222246405745257275088548364400416034343698113565073640800597", "21888242871839275222246405745257275088548364400416034343697898076847958223274", "21888242871839275222246405745257275088548364400416034343697954596984450983179", "21888242871839275222246405745257275088548364400416034343697864316193085990661", "21888242871839275222246405745257275088548364400416034343697876263785234091815", "21888242871839275222246405745257275088548364400416034343698078873142574514471", "21888242871839275222246405745257275088548364400416034343698006475882675817851", "21888242871839275222246405745257275088548364400416034343697870630699962743729", "21888242871839275222246405745257275088548364400416034343697744310277022997395", "21888242871839275222246405745257275088548364400416034343697851982462028159978", "21888242871839275222246405745257275088548364400416034343697982603412433129030"];
+pub const K0IS: [&str; 15] = ["21888242871839275222246405745257275088548364400416034343698175722853110577582", "21888242871839275222246405745257275088548364400416034343697795104123637376298", "21888242871839275222246405745257275088548364400416034343698162687242159650505", "21888242871839275222246405745257275088548364400416034343698168387023466264589", "21888242871839275222246405745257275088548364400416034343697553391175637430142", "21888242871839275222246405745257275088548364400416034343697603422589329635994", "21888242871839275222246405745257275088548364400416034343698101995126395496783", "21888242871839275222246405745257275088548364400416034343697675479083872324250", "21888242871839275222246405745257275088548364400416034343697361955928178181372", "21888242871839275222246405745257275088548364400416034343697553250440301670262", "21888242871839275222246405745257275088548364400416034343697376346116788602926", "21888242871839275222246405745257275088548364400416034343698013419821216355748", "21888242871839275222246405745257275088548364400416034343697116144063382163047", "21888242871839275222246405745257275088548364400416034343697635967636919321044", "21888242871839275222246405745257275088548364400416034343697662478656761857975"];

src/sk_encryption_circuit.rs

@@ -294,12 +294,13 @@ mod test {
 
     #[test]
     pub fn test_sk_enc_full_prover() {
-        // 1. Define the inputs of the circuit
-        let file_path = "src/data/sk_enc_input.json";
-        let mut file = File::open(file_path).unwrap();
+        // 1. Define the inputs of the circuit.
+        // Since we are going to use this circuit instance for key gen, we can use an input file in which all the coefficients are set to 0
+        let file_path_zeroes = "src/data/sk_enc_input_zeroes.json";
+        let mut file = File::open(file_path_zeroes).unwrap();
         let mut data = String::new();
         file.read_to_string(&mut data).unwrap();
-        let sk_enc_circuit = serde_json::from_str::<BfvSkEncryptionCircuit>(&data).unwrap();
+        let empty_sk_enc_circuit = serde_json::from_str::<BfvSkEncryptionCircuit>(&data).unwrap();
 
         // 2. Generate (unsafe) trusted setup parameters
         // Here we are setting a small k for optimization purposes
@@ -311,7 +312,7 @@ mod test {
             RlcCircuitBuilder::from_stage(CircuitBuilderStage::Keygen, 0).use_k(k);
         key_gen_builder.base.set_lookup_bits(k - 1); // lookup bits set to `k-1` as suggested [here](https://docs.axiom.xyz/protocol/zero-knowledge-proofs/getting-started-with-halo2#technical-detail-how-to-choose-lookup_bits)
 
-        let rlc_circuit = RlcExecutor::new(key_gen_builder, sk_enc_circuit.clone());
+        let rlc_circuit = RlcExecutor::new(key_gen_builder, empty_sk_enc_circuit.clone());
 
         // The parameters are auto configured by halo2 lib to fit all the columns into the `k`-sized table
         let rlc_circuit_params = rlc_circuit.0.calculate_params(Some(9));
@@ -334,6 +335,12 @@ mod test {
                 .use_params(rlc_circuit_params);
         proof_gen_builder.base.set_lookup_bits(k - 1);
 
+        let file_path = "src/data/sk_enc_input.json";
+        let mut file = File::open(file_path).unwrap();
+        let mut data = String::new();
+        file.read_to_string(&mut data).unwrap();
+        let sk_enc_circuit = serde_json::from_str::<BfvSkEncryptionCircuit>(&data).unwrap();
+
         let rlc_circuit = RlcExecutor::new(proof_gen_builder, sk_enc_circuit.clone());
 
         rlc_circuit