UltraHonk Verifier for Soroban — Milestone #3

# UltraHonk Verifier for Soroban — Milestone #3 Authored by Yugo & Changmin Cho **Repository** - [https://github.com/indextree/ultrahonk\_soroban\_contract](https://github.com/indextree/ultrahonk_soroban_contract) - [https://github.com/yugocabrio/ultrahonk\-rust\-verifier](https://github.com/yugocabrio/ultrahonk-rust-verifier) --- ## 1) Initial Plan We set out to do four things: * **Deploy the UltraHonk verifier to Soroban localnet** * **Noir BB Version Upgrade to Nargo v1.0.0-beta.9 bb v0.87.0** * Off-chain verifier(`ultrahonk-rust-verifier`) * On-chain contract(`ultrahonk_soroban_contract`) * **Implement EC trait in `ultrahonk-rust-verifier`** * **Develop Tornado Cash Classic DApp** --- ## 2) What Happened Everything went successfully. ### 2.1 Deployment to Soroban Localnet ✅ * Previously, I created a tutorial (`README.md`) explaining how to deploy a `lib.rs`-based contract on the Stellar localnet. Even with the environment variable set to `--limits unlimited`, I continued to encounter the `ResourceLimitExceeded` error. * After discussing the issue with Jay, I posted the details in the Stellar Discord — the full discussion can be found [here](https://discord.com/channels/897514728459468821/1420385576820936725). * **Key update**: Deployment must be done using an RPC version **newer than `23.0.4`**, as that release included fixes to the instruction estimation logic. * Additionally, the optimization work from Milestone 2 contained minor errors, which I corrected. * **Duration**: ~4 weeks ### 2.2 Noir & Barretenberg Version Upgrade to Nargo v1.0.0-beta.9 / bb v0.87.0 ✅ #### Off-chain Verifier (`ultrahonk-rust-verifier`) * Both the Off-chain verifier and On-chain contract were upgraded to `Nargo v1.0.0-beta.9` and `bb v0.87.0`. The proof format changed compared to the previous version, requiring substantial codebase updates. #### On-chain Contract (`ultrahonk_soroban_contract`) * Since the contract builds on top of the Off-chain verifier, the implementation was adapted accordingly. Several intermediate files and variables were updated — details are available in our [repository](https://github.com/indextree/ultrahonk_soroban_contract). * **Duration**: ~3 weeks ### 2.3 Implement EC trait ✅ - Added the `Bn254Ops` trait so MSM/pairing calls stay the same while swapping between Arkworks and a Soroban BN254 precompile under the `soroban-bn254-precompile` feature [ec.rs:20](https://github.com/yugocabrio/ultrahonk-rust-verifier/blob/39b227c208ba1e985d6f44f7cf5aa1a1f332b8cf/src/ec.rs#L20), [ec.rs:148](https://github.com/yugocabrio/ultrahonk-rust-verifier/blob/39b227c208ba1e985d6f44f7cf5aa1a1f332b8cf/src/ec.rs#L148). - Introduced `set_soroban_bn254_backend`, backed by OnceBox, to register the precompile bridge once in no_std/WASM builds [ec.rs:203](https://github.com/yugocabrio/ultrahonk-rust-verifier/blob/39b227c208ba1e985d6f44f7cf5aa1a1f332b8cf/src/ec.rs#L204). - Routed every verifier hotspot through this backend layer, keeping local Arkworks verification intact and making the Soroban contract precompile-ready [shplemini.rs:292](https://github.com/yugocabrio/ultrahonk-rust-verifier/blob/39b227c208ba1e985d6f44f7cf5aa1a1f332b8cf/src/shplemini.rs#L292), [shplemini.rs:305](https://github.com/yugocabrio/ultrahonk-rust-verifier/blob/39b227c208ba1e985d6f44f7cf5aa1a1f332b8cf/src/shplemini.rs#L305). ### 2.4 Develop Tornado Classic DApp ✅ - Built a [Noir circuit](https://github.com/indextree/ultrahonk_soroban_contract/tree/main/tornado_classic) that mirrors Tornado Classic (Merkle tree, nullifier binding, deposit leaf construction) so the proof artifacts drop straight into the Soroban contracts. - Implemented the [Soroban mixer contract](https://github.com/indextree/ultrahonk_soroban_contract/tree/main/tornado_classic) that maintains the incremental Merkle tree, guards deposits/nullifiers/admin configuration, and delegates proof checks to the UltraHonk verifier. - Integration tests cover Merkle updates, withdraw, double-spend rejection, and root/admin guardrails. --- ## 3) Current Status (At a Glance) | Item | Status | Notes | | --------------------- | :----: | ------------------------------------- | | Deploy to Soroban localnet | ✅ | | | Version Upgrade | ✅ | | | Implement EC trait | ✅ | | | Develop Tornado Classic DApp | ✅ | | --- ## 4) Next Actions * [ ] **Create an automated script to invoke contract functions (for testing)** * The contract currently includes two functions: `is_verified` and `verify_proof`. The script will automatically call `verify_proof` using a test Noir circuit, then invoke `is_verified` to verify that the contract behaves as expected. * [ ] **Optimize contract for testnet deployment** * This process involves two phases: * Integrate Soroban’s BN254 and Poseidon2 precompiles to **significantly** reduce resource fees * Refactor contract logic to **slightly** lower resource fees * Although the current Wasm size is within the 128 KiB limit, disabling `--limits unlimited` triggers `Error(Budget, ExceededLimit)`, hence this optimization is necessary. * [ ] **(Optional) Make a exact benchmark of resource usage** * To precisely measure resource consumption, one must monitor budget usage — though the exact tracking plan has not yet been finalized. * [ ] **Tornado Cash Classic DApp** * We will deploy not only the UltraHonk Verifier contract but also the Tornado Classic contract to the localnet. Additionally, we will add token transfers to the current contract logic.