Feat/solidity verifier bls12381

[ThomasPiellard]

Description

This PR adds the bls12-381 solidity verifier.

Fixes #1486

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How has this been tested?

Added in the test suite (see solidityVerification )

Checklist:

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I did not modify files generated from templates
• golangci-lint does not output errors locally
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

---

Note

Medium Risk
Touches cryptography-adjacent Solidity codegen and proof serialization/ABI, where subtle encoding or precompile-call mistakes can break verification. Changes are additive but affect generated contract interfaces and associated snapshots.

Overview
Adds experimental Solidity contract export for Groth16 on BLS12-381 by introducing a new solidityTemplate that targets EIP-2537 precompiles (G1 MSM + pairing), plus Proof.MarshalSolidity() to produce the bytes layout expected by the generated verifier.

Extends PLONK Solidity export to BLS12-381 via a new large verifier template and a new VerifyingKey.ExportSolidity() implementation that renders it (hash-to-field is fixed; custom override is rejected).

Updates the BN254 Groth16 Solidity template/ABI to accept uncompressed proofs as bytes calldata (and parse commitments/PoK from the same blob), aligns Proof.MarshalSolidity() with this encoding, and adjusts test snapshots/fixtures to cover both bn254 and bls12381 for Groth16/PLONK (with and without commitments). CI workflows also drop installing gnark-solidity-checker.

^{Written by Cursor Bugbot for commit 1c536e4. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[ivokub]

Updated the PR:

• fixed Solidity BLS12-381 Plonk verifier to also handle discrepancy when we have points at infinity, in which case gnark encodes with 0x04 prefix (uncompressed infinity), but in Solidity we don't. Otherwise without fixes gamma derivation is incorrect and verification fails. This doesn't apply for BN254 where we have two bits for encoding and we don't use the 0x04 prefix
• added Groth16 BLS12-381 verifier
• modified Groth16 BN254 verifier to take as inputs bytes instead of [n]uint256 to simplify proof passing and to align with all other Solidity verifiers where we used bytes.
• use gnark-solidity-checker as Go tool instead of installing separately. This simplifies testing a bit as we can have the versioned dependency in go.mod. NB! we still have to install solc and abigen. In principle abigen could also be added as a tool, but this pulls in a lot of dependencies I want to avoid.

On the other side, I also updated gnark-solidity-checker to handle BLS12-381 tests. See Consensys/gnark-solidity-checker#5. It is waiting for @gbotrel review. As such, when gnark-solidity-checker update is merged then I'll release v0.2.0 of the Solidity checker tool and update the dependency here. So please don't merge this PR just yet, but otherwise it is good to review.
Updated now. Good to merge on my side when looks good.

[sug0]

hey folks! are there any plans for inclusion of these changes in a possible v0.15.0 release?

[ivokub]

hey folks! are there any plans for inclusion of these changes in a possible v0.15.0 release?

Sure - we usually don't have a concrete timeline for releases and do it in ad-hoc manner. We try to keep master stable though.

I'll discuss internally about doing a new release considering last one was already half a year ago.

[sug0]

perfect, thanks!