smartcontract, examples: add API for Groth16 Verifier contract building and examples

[AnnaShaleva]

Three major improvements are included into this PR:

1. Add zkpbinding package that exports API to generate and interact with circuit-cpecific (and Groth-16 parameters-specific) Verifier Go smart contract. This API is assumed to be used by smart contract developers who wants to verify some ZK proofs on Neo.
2. Add an example of Verifier contract generation and proof generation/verification for a simple cubic circuit with the help of https://github.com/Consensys/gnark, zkpbinding package and neotest.
3. Port the Add zkp in neo neo-project/neo#2647 (comment) example from the C# to Go and invoke it with exactly the same proof and witnesses. This example is added to ensure that NeoGo BLS12-381 interoperability is compatible with the C# implementation. This example is not for the external users.

Close #3002.

TODO:

• Properly deal with scalar multipliers form.
• Add clear and concise documentation.
• Update interop deps (after PR finalization and all conversations resolving).

[codecov]

Codecov Report

Merging #3043 (fc6e87a) into master (4598f3d) will increase coverage by 0.02%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #3043      +/-   ##
==========================================
+ Coverage   84.89%   84.92%   +0.02%     
==========================================
  Files         330      330              
  Lines       44332    44332              
==========================================
+ Hits        37637    37649      +12     
+ Misses       5180     5168      -12     
  Partials     1515     1515              

Files	Coverage Δ
pkg/core/native/crypto.go	84.23% <ø> (ø)
pkg/core/native/crypto_blspoints.go	57.57% <0.00%> (+4.32%)	⬆️

... and 3 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[AnnaShaleva]

We have to think about moving Verifier contract auto-generation to a separate package so that contract devs are able to use it from the outside to generate their own verification contracts without massive copy-pasting. @roman-khimov, what do you think?

And with Consensys/gnark#799, the generator-related code will be much simplier.

[AnnaShaleva]

@roman-khimov, could you, please, review the PR? We need to finalize the external smartcontract's generator API, let's fix the issues if there are any.

[AnnaShaleva]

Not ready for review yet, will test against the C# node and update.

[AnnaShaleva]

I've tested it on testnet (carefully with preliminary test Verify execution and result check). Here's the test:

func TestCubicCircuit_Compat(t *testing.T) {
	var (
		circuit    CubicCircuit
		assignment = CubicCircuit{X: 3, Y: 35}
	)

	// Compile our circuit into a R1CS (a constraint system).
	ccs, err := frontend.Compile(ecc.BLS12_381.ScalarField(), r1cs.NewBuilder, &circuit)
	require.NoError(t, err)

	// One time setup (groth16 zkSNARK).
	pk, vk, err := groth16.Setup(ccs)
	require.NoError(t, err)

	// Intermediate step: witness definition.
	witness, err := frontend.NewWitness(&assignment, ecc.BLS12_381.ScalarField())
	require.NoError(t, err)
	publicWitness, err := witness.Public()
	require.NoError(t, err)

	// Proof creation (groth16).
	proof, err := groth16.Prove(ccs, pk, witness)
	require.NoError(t, err)

	// Ensure that gnark can successfully verify the proof (just in case).
	err = groth16.Verify(proof, vk, publicWitness)
	require.NoError(t, err)

	// Now, when we're sure that the proof is valid, we can create and deploy verification
	// contract to the Neo testing chain.
	args, err := zkpbinding.GetVerifyProofArgs(proof, publicWitness)
	require.NoError(t, err)

	// Create contract file.
	tmpDir := t.TempDir()
	srcPath := filepath.Join(tmpDir, "verify.go")
	f, err := os.Create(srcPath)
	require.NoError(t, err)

	// Create contract configuration file.
	cfgPath := filepath.Join(tmpDir, "verify.yml")
	fCfg, err := os.Create(cfgPath)
	require.NoError(t, err)

	// Create contract go.mod and go.sum files.
	fMod, err := os.Create(filepath.Join(tmpDir, "go.mod"))
	require.NoError(t, err)
	fSum, err := os.Create(filepath.Join(tmpDir, "go.sum"))
	require.NoError(t, err)

	err = zkpbinding.GenerateVerifier(zkpbinding.Config{
		VerifyingKey: vk,
		Output:       f,
		CfgOutput:    fCfg,
		GomodOutput:  fMod,
		GosumOutput:  fSum,
	})
	require.NoError(t, err)

	require.NoError(t, f.Close())
	require.NoError(t, fCfg.Close())
	require.NoError(t, fMod.Close())
	require.NoError(t, fSum.Close())

	// rpcUrl := "https://rpc.t5.n3.nspcc.ru:20331"
	rpcUrl := "http://seed1t5.neo.org:20332"
	c, err := rpcclient.New(context.Background(), rpcUrl, rpcclient.Options{})
	require.NoError(t, err)
	require.NoError(t, c.Init())

	w, err := wallet.NewWalletFromFile("../../../n3testnet.json")
	require.NoError(t, err)
	acc := w.Accounts[0]
	require.NoError(t, acc.Decrypt("qwerty", w.Scrypt))

	s := transaction.Signer{
		Account: acc.ScriptHash(),
		Scopes:  transaction.CalledByEntry,
	}
	act, err := actor.New(c, []actor.SignerAccount{{
		Signer:  s,
		Account: acc,
	}})
	require.NoError(t, err)
	man := management.New(act)

	ctr := neotest.CompileFile(t, acc.ScriptHash(), srcPath, cfgPath)
	fmt.Println(ctr.Hash.StringLE())
	res, err := act.Wait(man.Deploy(ctr.NEF, ctr.Manifest, nil))
	require.NoError(t, err)
	require.Equal(t, vmstate.Halt, res.VMState, res.FaultException)

	res, err = act.Wait(act.SendCall(ctr.Hash, "verifyProof", args.A, args.B, args.C, args.PublicWitnesses))
	require.NoError(t, err)
	require.Equal(t, vmstate.Halt, res.VMState, res.FaultException)
	require.True(t, res.Stack[0].Value().(bool))
	fmt.Println(res.Container.StringLE())
}

Here's the contract: https://dora.coz.io/contract/neo3/testnet/c110099c025aadf10b5f4d6af32c65efd5268135
Here's the transaction (it pushes True on stack for both nodes): https://dora.coz.io/transaction/neo3/testnet/87a02195b611e4898275c2d21fb7d62ff60bef3a538bd8d54d47c7f20445cfec

So the bls12381Mul NeoGo implementation matches the NeoC# one.

[AnnaShaleva]

Linter is also fixed, the issue was caused by an update to gnark v0.9.0 in the core library. v0.9.0 requires go 1.19, and we still support go 1.18. Thus, #3079 is left unclosed until we'll bump minimum required go version for neo-go.

[AnnaShaleva]

Dependencies are updated as far.