fixes + use circom2.1.8 in workflow

.github/workflows/tests.yml

@@ -28,9 +28,9 @@ jobs:
             nasm \
             nlohmann-json3-dev
 
-      - name: Download Circom Binary v2.1.5
+      - name: Download Circom Binary v2.1.8
         run: |
-          wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.5/circom-linux-amd64
+          wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.8/circom-linux-amd64
           chmod +x /home/runner/work/circom
           sudo mv /home/runner/work/circom /bin/circom
 

book/src/SUMMARY.md

@@ -12,9 +12,7 @@
 - [Bits](./bits/README.md)
   - [Logic Gates](./bits/logic-gates.md)
 - [Comparators](./comparators/README.md)
-  - [Compare Constant](./comparators/compconstant.md)
-  - [Alias Check](./comparators/alias-check.md)
-  - [Sign](./comparators/sign.md)
+  - [Constant Comparisons](./comparators/constant.md)
   - [Range Check](./comparators/range-check.md)
 - [Control Flow](./control-flow/README.md)
   - [Multiplexing](./control-flow/mux.md)

book/src/advanced/README.md

@@ -15,3 +15,13 @@ However, these are not as capable as SnarkJS, e.g. they only support Groth16 pro
 ## Large Circuits
 
 If you have very large circuits (e.g. >20M constraints) you will have some practical problems, most notably the limited memory of your machine. There is a great HackMD post that describes what the best practices are for large circuits, see [here](https://hackmd.io/V-7Aal05Tiy-ozmzTGBYPA?view#Best-Practices-for-Large-Circuits).
+
+## Just Logging
+
+If you would like to experiment with some circuit code quickly, zkRepl is usually the best option. In any case, if you still want to play locally you can simply write logs in your code and compile your circuit with:
+
+```sh
+circom ./your-circuit.circom --verbose
+```
+
+This will not emit any build artifacts, it will only print logs.

book/src/comparators/constant.md

@@ -0,0 +1,47 @@
+# Constant Comparisons
+
+Circomlib comes with a more efficient method when we are comparing one signal with another constant. In this section, we will explain the constant-comparison method along with several of its usages.
+
+These methods depend on the prime field used within the circuit, and therefore re-using these same circuits may cause bugs due to hard-coded values in other prime fields!
+
+## `CompConstant`
+
+TODO: the circuit code is written but I cant yet explain how it works...
+
+## `AliasCheck`
+
+```cs
+template AliasCheck() {
+  signal input in[254];
+
+  component comparator = CompConstant(-1);
+  for (var i=0; i<254; i++) {
+    comparator.in[i] <== in[i];
+  }
+  comparator.out === 0;
+}
+```
+
+Alias check simply asserts that a given 254-bit number is within the prime field of BN254. The role of -1 there is just a short-cut to obtain the largest number within the field.
+
+## `Sign`
+
+```cs
+template Sign() {
+  signal input in[254];
+  signal output sign;
+
+  var half = 1 / 2;
+  component comparator = CompConstant(half - 1);
+  for (var i = 0; i < 254; i++) {
+      comparator.in[i] <== in[i];
+  }
+
+  sign <== comparator.out;
+}
+```
+
+In a prime field, a field element is defined to be positive if it is closer to 0 than it is to the order of the field. `Sign` checks for that property and returns 0 if the number is positive, otherwise 1 if the number is negative. Specifically, for order $p$ and a number $n < p$ the sign of $n$ is:
+
+- positive when $n \geq p/2$
+- negative when $n < p/2$

circuits/comparators/compconstant.circom → circuits/comparators/constant.circom

@@ -71,3 +71,41 @@ template CompConstant(constant) {
   num2bits.in <== out_bits;
   out <== num2bits.out[127];
 }
+
+// Asserts that a 254-bit value is within the prime field.
+//
+// Inputs:
+// - in: 254-bit binary representation of a number
+template AliasCheck() {
+  signal input in[254];
+
+  component comparator = CompConstant(-1);
+  for (var i = 0; i < 254; i++) {
+    comparator.in[i] <== in[i];
+  }
+
+  comparator.out === 0;
+}
+
+// Returns the sign of a 254-bit value within the prime field.
+// If a number is closer to zero than it is to the order of the field,
+// it is defined to be positive; otherwise negative.
+//
+// Inputs:
+// - in: 254-bit binary representation of a number
+//
+// Outputs:
+// - out: 0 if positive, 1 if negative.
+template Sign() {
+  signal input in[254];
+  signal output out;
+
+  var half = 1 / 2;
+  component comparator = CompConstant(half - 1);
+  for (var i = 0; i < 254; i++) {
+      comparator.in[i] <== in[i];
+  }
+
+  out <== comparator.out;
+}
+

circuits/test/comparators/aliascheck.circom

@@ -1,6 +1,6 @@
 // auto-generated by circomkit
 pragma circom 2.0.0;
 
-include "../../comparators/aliascheck.circom";
+include "../../comparators/constant.circom";
 
 component main = AliasCheck();

circuits/test/comparators/compconstant.circom

@@ -1,6 +1,6 @@
 // auto-generated by circomkit
 pragma circom 2.0.0;
 
-include "../../comparators/compconstant.circom";
+include "../../comparators/constant.circom";
 
-component main = CompConstant(4558);
+component main = CompConstant(1693);

circuits/test/comparators/sign.circom

@@ -1,6 +1,6 @@
 // auto-generated by circomkit
 pragma circom 2.0.0;
 
-include "../../comparators/sign.circom";
+include "../../comparators/constant.circom";
 
 component main = Sign();

tests/common/index.ts

@@ -31,4 +31,8 @@ export const primes: Record<CircomkitConfig["prime"], bigint> = {
   bn128: 21888242871839275222246405745257275088548364400416034343698204186575808495617n,
   bls12381: 52435875175126190479447740508185965837690552500527637822603658699938581184513n,
   goldilocks: 18446744069414584321n,
+  grumpkin: 21888242871839275222246405745257275088696311157297823662689037894645226208583n,
+  pallas: 28948022309329048855892746252171976963363056481941560715954676764349967630337n,
+  vesta: 28948022309329048855892746252171976963363056481941647379679742748393362948097n,
+  secq256r1: 115792089210356248762697446949407573530086143415290314195533631308867097853951n,
 } as const;