[Tracking] Pre-release of the mainnet branch

.github/workflows/benchmarks.yml

@@ -3,7 +3,7 @@ name: Run snarkVM Benchmarks
 on:
   push:
     branches:
-      - 'testnet3'
+      - 'mainnet'
 
 jobs:
   # Run benchmarks and stores the output to a file

README.md

@@ -3,7 +3,7 @@
 </p>
 
 <p align="center">
-    <a href="https://circleci.com/gh/AleoHQ/snarkVM"><img src="https://dl.circleci.com/status-badge/img/gh/AleoHQ/snarkVM/tree/testnet3.svg?style=svg"></a>
+    <a href="https://circleci.com/gh/AleoHQ/snarkVM"><img src="https://dl.circleci.com/status-badge/img/gh/AleoHQ/snarkVM/tree/mainnet.svg?style=svg"></a>
     <a href="https://codecov.io/gh/AleoHQ/snarkVM"><img src="https://codecov.io/gh/AleoHQ/snarkVM/branch/master/graph/badge.svg?token=cck8tS9HpO"/></a>
     <a href="https://discord.gg/aleo"><img src="https://img.shields.io/discord/700454073459015690?logo=discord"/></a>
     <a href="https://twitter.com/AleoHQ"><img src="https://img.shields.io/twitter/follow/AleoHQ?style=social"/></a>

SECURITY.md

@@ -2,16 +2,10 @@
 
 The following describes our procedure for addressing major and minor security concerns in snarkVM.
 
-## Testnet
-
-As Aleo is currently in the prototype stage and does not operate a platform intended for production use,
-our security procedures are designed to promote public disclosure and quick security resolution.
-
-In preparation for the production stage, we will release new security guidelines and
-issue new procedures for addressing the disclosure of sensitive security vulnerabilities.
+Our security procedures are designed to promote public disclosure and quick security resolution.
 
 ### Reporting a Bug
 
-During Testnet, all software bugs should be reported by filing a Github issue.
+All software bugs should be reported by filing a Github issue.
 
 If you are unsure and would like to reach out to us directly, please email security \_at\_ aleo.org to elaborate on the issue.

algorithms/src/errors.rs

@@ -41,6 +41,9 @@ pub enum SNARKError {
     #[error("Batch size was different between public input and proof")]
     BatchSizeMismatch,
 
+    #[error("Public input size was different from the circuit")]
+    PublicInputSizeMismatch,
+
     #[error("Circuit not found")]
     CircuitNotFound,
 }

algorithms/src/polycommit/kzg10/data_structures.rs

@@ -18,7 +18,7 @@ use crate::{
 };
 use snarkvm_curves::{AffineCurve, PairingCurve, PairingEngine, ProjectiveCurve};
 use snarkvm_fields::{ConstraintFieldError, ToConstraintField, Zero};
-use snarkvm_parameters::testnet3::PowersOfG;
+use snarkvm_parameters::mainnet::PowersOfG;
 use snarkvm_utilities::{
     borrow::Cow,
     error,

algorithms/src/r1cs/linear_combination.rs

@@ -114,7 +114,12 @@ impl<F: Field> AddAssign<(F, Variable)> for LinearCombination<F> {
     #[inline]
     fn add_assign(&mut self, (coeff, var): (F, Variable)) {
         match self.get_var_loc(&var) {
-            Ok(found) => self.0[found].1 += &coeff,
+            Ok(found) => {
+                self.0[found].1 += &coeff;
+                if self.0[found].1.is_zero() {
+                    self.0.remove(found);
+                }
+            }
             Err(not_found) => self.0.insert(not_found, (var, coeff)),
         }
     }

algorithms/src/snark/varuna/ahp/ahp.rs

@@ -180,23 +180,20 @@ impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM> {
         let max_constraint_domain = state.max_constraint_domain;
         let max_variable_domain = state.max_variable_domain;
         let max_non_zero_domain = state.max_non_zero_domain;
-        let public_inputs = state
-            .circuit_specific_states
-            .iter()
-            .map(|(circuit_id, circuit_state)| {
-                let input_domain = circuit_state.input_domain;
-                let public_inputs = public_inputs[circuit_id]
-                    .iter()
-                    .map(|p| {
-                        let public_input = prover::ConstraintSystem::format_public_input(p);
-                        Self::formatted_public_input_is_admissible(&public_input)?;
-                        Ok::<_, AHPError>(public_input)
-                    })
-                    .collect::<Result<Vec<_>, _>>()?;
-                ensure!(public_inputs[0].len() == input_domain.size());
-                Ok(public_inputs)
-            })
-            .collect::<Result<Vec<_>, _>>()?;
+        let mut formatted_public_inputs = Vec::with_capacity(state.circuit_specific_states.len());
+        for (circuit_id, circuit_state) in &state.circuit_specific_states {
+            let input_domain = circuit_state.input_domain;
+            let public_inputs_i = public_inputs[circuit_id]
+                .iter()
+                .map(|p| {
+                    let public_input = prover::ConstraintSystem::format_public_input(p);
+                    Self::formatted_public_input_is_admissible(&public_input)?;
+                    Ok::<_, AHPError>(public_input)
+                })
+                .collect::<Result<Vec<_>, _>>()?;
+            ensure!(public_inputs_i[0].len() == input_domain.size());
+            formatted_public_inputs.push(public_inputs_i);
+        }
 
         let verifier::FirstMessage { batch_combiners } = state.first_round_message.as_ref().unwrap();
         let verifier::SecondMessage { alpha, eta_b, eta_c } = state.second_round_message.unwrap();
@@ -286,7 +283,7 @@ impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM> {
             .enumerate()
             .map(|(i, (circuit_id, circuit_state))| {
                 let lag_at_beta = circuit_state.input_domain.evaluate_all_lagrange_coefficients(beta);
-                let x_at_beta = public_inputs[i]
+                let x_at_beta = formatted_public_inputs[i]
                     .iter()
                     .map(|x| x.iter().zip_eq(&lag_at_beta).map(|(x, l)| *x * l).sum::<F>())
                     .collect_vec();

algorithms/src/snark/varuna/data_structures/test_circuit.rs

@@ -40,6 +40,11 @@ impl<F: Field> core::fmt::Debug for TestCircuit<F> {
 
 impl<ConstraintF: Field> ConstraintSynthesizer<ConstraintF> for TestCircuit<ConstraintF> {
     fn generate_constraints<CS: ConstraintSystem<ConstraintF>>(&self, cs: &mut CS) -> Result<(), SynthesisError> {
+        // Ensure the given `cs` is starting off clean.
+        assert_eq!(1, cs.num_public_variables());
+        assert_eq!(0, cs.num_private_variables());
+        assert_eq!(0, cs.num_constraints());
+
         let a = cs.alloc(|| "a", || self.a.ok_or(SynthesisError::AssignmentMissing))?;
         let b = cs.alloc(|| "b", || self.b.ok_or(SynthesisError::AssignmentMissing))?;
 
@@ -91,7 +96,9 @@ impl<F: Field> TestCircuit<F> {
         num_variables: usize,
         rng: &mut R,
     ) -> (Self, Vec<F>) {
-        let mut public_inputs: Vec<F> = Vec::with_capacity(mul_depth);
+        let mut public_inputs: Vec<F> = Vec::with_capacity(1 + mul_depth);
+        public_inputs.push(F::one());
+
         let a = F::rand(rng);
         let b = F::rand(rng);
 
@@ -114,7 +121,8 @@ impl<F: Field> TestCircuit<F> {
         num_constraints: usize,
         num_variables: usize,
     ) -> (Self, Vec<F>) {
-        let mut public_inputs: Vec<F> = Vec::with_capacity(mul_depth);
+        let mut public_inputs: Vec<F> = Vec::with_capacity(1 + mul_depth);
+        public_inputs.push(F::one());
         let a = F::from(a);
         let b = F::from(b);
         for j in 1..(mul_depth + 1) {

algorithms/src/snark/varuna/tests.rs

@@ -26,6 +26,7 @@ mod varuna {
         },
         traits::{AlgebraicSponge, SNARK},
     };
+
     use std::collections::BTreeMap;
 
     use snarkvm_curves::bls12_377::{Bls12_377, Fq, Fr};
@@ -57,6 +58,8 @@ mod varuna {
                         let mul_depth = 1;
                         println!("running test with SM::ZK: {}, mul_depth: {}, num_constraints: {}, num_variables: {}", $snark_mode::ZK, mul_depth + i, num_constraints + i, num_variables + i);
                         let (circ, public_inputs) = TestCircuit::gen_rand(mul_depth + i, num_constraints + i, num_variables + i, rng);
+                        let mut fake_inputs = public_inputs.clone();
+                        fake_inputs[public_inputs.len() - 1] = random;
 
                         let (index_pk, index_vk) = $snark_inst::circuit_setup(&universal_srs, &circ).unwrap();
                         println!("Called circuit setup");
@@ -76,7 +79,7 @@ mod varuna {
                         assert!($snark_inst::verify(universal_verifier, &fs_parameters, &index_vk, public_inputs, &proof).unwrap());
                         println!("Called verifier");
                         eprintln!("\nShould not verify (i.e. verifier messages should print below):");
-                        assert!(!$snark_inst::verify(universal_verifier, &fs_parameters, &index_vk, [random, random], &proof).unwrap());
+                        assert!(!$snark_inst::verify(universal_verifier, &fs_parameters, &index_vk, fake_inputs, &proof).unwrap());
                     }
 
                     for circuit_batch_size in (0..4).map(|i| 2usize.pow(i)) {
@@ -129,7 +132,8 @@ mod varuna {
                             for instance_input in vks_to_inputs.values() {
                                 let mut fake_instance_input = Vec::with_capacity(instance_input.len());
                                 for input in instance_input.iter() {
-                                    let fake_input: Vec<_> = (0..input.len()).map(|_| Fr::rand(rng)).collect();
+                                    let mut fake_input = input.clone();
+                                    fake_input[input.len() - 1] = Fr::rand(rng);
                                     fake_instance_input.push(fake_input);
                                 }
                                 fake_instance_inputs.push(fake_instance_input);
@@ -332,6 +336,8 @@ mod varuna_hiding {
         for _ in 0..num_times {
             let mul_depth = 2;
             let (circuit, public_inputs) = TestCircuit::gen_rand(mul_depth, num_constraints, num_variables, rng);
+            let mut fake_inputs = public_inputs.clone();
+            fake_inputs[public_inputs.len() - 1] = Fr::rand(rng);
 
             let (index_pk, index_vk) = VarunaInst::circuit_setup(&universal_srs, &circuit).unwrap();
             println!("Called circuit setup");
@@ -342,16 +348,7 @@ mod varuna_hiding {
             assert!(VarunaInst::verify(universal_verifier, &fs_parameters, &index_vk, public_inputs, &proof).unwrap());
             println!("Called verifier");
             eprintln!("\nShould not verify (i.e. verifier messages should print below):");
-            assert!(
-                !VarunaInst::verify(
-                    universal_verifier,
-                    &fs_parameters,
-                    &index_vk,
-                    [Fr::rand(rng), Fr::rand(rng)],
-                    &proof
-                )
-                .unwrap()
-            );
+            assert!(!VarunaInst::verify(universal_verifier, &fs_parameters, &index_vk, fake_inputs, &proof).unwrap());
         }
     }
 

algorithms/src/snark/varuna/varuna.rs

@@ -657,7 +657,7 @@ where
         let mut input_domains = BTreeMap::new();
         let mut circuit_infos = BTreeMap::new();
         let mut circuit_ids = Vec::with_capacity(keys_to_inputs.len());
-        for (vk, public_inputs_i) in keys_to_inputs.iter() {
+        for (&vk, &public_inputs_i) in keys_to_inputs.iter() {
             max_num_constraints = max_num_constraints.max(vk.circuit_info.num_constraints);
             max_num_variables = max_num_variables.max(vk.circuit_info.num_variables);
 
@@ -670,17 +670,25 @@ where
 
             let input_fields = public_inputs_i
                 .iter()
-                .map(|input| input.borrow().to_field_elements())
+                .map(|input| {
+                    let input = input.borrow().to_field_elements()?;
+                    ensure!(input.len() > 0);
+                    ensure!(input[0] == E::Fr::one());
+                    if input.len() > input_domain.size() {
+                        bail!(SNARKError::PublicInputSizeMismatch);
+                    }
+                    Ok(input)
+                })
                 .collect::<Result<Vec<_>, _>>()?;
 
             let (padded_public_inputs_i, parsed_public_inputs_i): (Vec<_>, Vec<_>) = {
                 input_fields
                     .iter()
                     .map(|input| {
-                        let mut new_input = Vec::with_capacity((1 + input.len()).max(input_domain.size()));
-                        new_input.push(E::Fr::one());
+                        let input_len = input.len().max(input_domain.size());
+                        let mut new_input = Vec::with_capacity(input_len);
                         new_input.extend_from_slice(input);
-                        new_input.resize(input.len().max(input_domain.size()), E::Fr::zero());
+                        new_input.resize(input_len, E::Fr::zero());
                         if cfg!(debug_assertions) {
                             println!("Number of padded public variables: {}", new_input.len());
                         }

circuit/account/src/signature/ternary.rs

@@ -28,16 +28,6 @@ impl<A: Aleo> Ternary for Signature<A> {
     }
 }
 
-impl<A: Aleo> Ternary for Box<Signature<A>> {
-    type Boolean = Boolean<A>;
-    type Output = Box<Signature<A>>;
-
-    /// Returns `first` if `condition` is `true`, otherwise returns `second`.
-    fn ternary(condition: &Self::Boolean, first: &Self, second: &Self) -> Self::Output {
-        Box::new(Signature::ternary(condition, first, second))
-    }
-}
-
 impl<A: Aleo> Metrics<dyn Ternary<Boolean = Boolean<A>, Output = Signature<A>>> for Signature<A> {
     type Case = (Mode, Mode, Mode);