# Saturn circuits audit scope ## Overview The Saturn circuits consist of: - the Universal Batch Verifier circuit which aggregrates Groth16 proofs, then verifies them. - a variable length Keccak circuit which hashes the public inputs to the circuit above together. - an outer circuit which aggregates the UBV and the keccak proofs together. All the code below is in the [Saturn repository](https://github.com/NebraZKP/Saturn/) unless otherwise specified ## Common utilities ### Critical - `/circuits/src/utils/bitmask.rs`: All ## Universal Batch Verifier audit scope ### Spec - `/spec/circuits/universal_batch_verifier.md`: All ### Critical - `/circuits/src/universal_batch_verifier/mod.rs`: All - `/circuits/src/universal_batch_verifier/chip.rs`: All - `/circuits/src/universal_batch_verifier/native.rs`: - structs: `BatchEntry`, `BatchEntries`, `UniversalBatchVerifierInput`, `UniversalBatchVerifierInputs`, `UniversalBatchVerifierConfig`. - `/circuits/src/batch_verifier/native.rs`: - structs: `Proof`, `PublicInputs`, `VerificationKey` - `/circuits/src/batch_verifier/chip.rs`: - structs: `BatchVerifierChip`, `AssignedProof`, `AssignedPublicInputs`, `AssignedVerificationKey` - methods: - `BatchVerifierChip`: `assign_g1_reduced`, `assign_g2_reduced`, `assign_verification_key`, `assign_proof`, `assign_public_inputs`, `check_pairing_result`, `scale_pairs`. - `/circuits/src/utils/hashing.rs`: - structs: `PoseidonHasher` - functions: `var_len_keccak` - methods: `PoseidonHasher::*` - traits: `InCircuitHash` (with all impls) ### Informational - `/circuits/src/universal_batch_verifier/native.rs`: the rest - `/circuits/src/utils/hashing.rs`: the rest ### Tests - `/circuits/src/tests/universal_batch_verifier/mod.rs`: All - `/circuits/src/tests/universal_batch_verifier/component.rs`: All - `/circuits/stc/tests/hashing.rs`: All ## Variable length keccak audit scope ### Spec - `/spec/circuits/var_len_keccak.md`: All ### Critical - `/circuits/src/keccak/chip.rs`: All - `/circuits/src/keccak/mod.rs`: All - `/circuits/src/keccak/variable.rs`: All - `/circuits/src/keccak/util.rs`: - functions: `byte_decomposition_powers`, `byte_decomposition`, `byte_decomposition_list`, `compose_into_field_elements`, `into_bits`, `padding`, `pack`, `bytes_to_keccak_padded_words`. - Repo [Nebra's halo2lib](https://github.com/NebraZKP/halo2-lib): diff of branch [v0.3.0-ce-keccak](https://github.com/NebraZKP/halo2-lib/tree/v0.3.0-ce-keccak) with respect to [v0.3.0-ce](https://github.com/axiom-crypto/halo2-lib/tree/v0.3.0-ce) ### Informational - `/circuits/src/keccak/util.rs`: the rest ### Tests - `/circuits/src/tests/keccak/mod.rs`: All - `/circuits/src/tests/keccak/utils.rs`: All - `/circuits/src/tests/keccak/variable.rs`: All ## Universal Outer Circuit audit scope Note: Outer circuit code is under construction. What's currently on `main` is non-universal and won't be used in production. It's being upgraded to the universal version right now. The amount/complexity of code to be reviewed won't change significantly, so what's there gives you an accurate picture of the audit workload. (Universality actually simplifies this circuit somewhat) ### Spec - Coming soon (tldr: atomic accumulation via `axiom/snark-verifier` + Saturn-specific public input logic) ### Critical - `circuits/src/outer/mod.rs` - `circuits/src/outer/utils.rs` ### Tests - `circuits/src/tests/outer.rs`: "Shplonk"-only (GWC19 is not used in production) - `outer_circuit_mock_shplonk` - `outer_circuit_prover_shplonk` - `outer_circuit_evm_check_shplonk`