Fastcrypto Groth16 Audit Summary by Common Prefix

**Audit Commit:** [eb77c755](https://github.com/MystenLabs/fastcrypto/tree/eb77c7556c1996aac9610f0475742a3277f26a3f) > The scope of the audit was constrained exclusively to the Fastcrypto wrapper code, with no examination conducted on its associated dependencies. Notably, the Arkworks Groth16 crate, upon which Fastcrypto is reliant, has not undergone a prior audit. ### Low 1. The `verify_groth16` function lacks length validation for the `proof_public_inputs_as_bytes` parameter. It is recommended to move the [length validation check](https://github.com/MystenLabs/fastcrypto/blob/ab472a0598874fee405235004d12f740d0809506/fastcrypto-zkp/src/bn254/api.rs#L38), currently present in the `verify_groth16_in_bytes` function, to the `verify_groth16` function. You can locate the relevant code. ### Information & Style 2. The serialization/deserialization functions for the `PreparedVerifyingKey` exhibit inconsistency. The output of the serialization operation cannot be directly passed as an argument to the deserialization function. It is advisable to harmonize these functions for consistent usage. 3. Consider implementing the conversion traits `From<ArkPreparedVerifyingKey> for PreparedVerifyingKey` and `From<PreparedVerifyingKey> for ArkPreparedVerifyingKey` instead of relying on specialized functions such as `as_arkworks_pvk` and `process_vk_special`. 4. In the Arkworks implementation, during the `prepare_verifying_key` operation, the `gamma_g2_neg_pc` and `delta_g2_neg_pc` affine points are temporarily converted to projective points before negation, and then they are converted back to affine points [here](https://github.com/arkworks-rs/groth16/blob/9bac46fb3b1fbc0d2c88c6bc59b0ba798216bf6f/src/verifier.rs#L17). While the [fastcrypto implementation](https://github.com/MystenLabs/fastcrypto/blob/ab472a0598874fee405235004d12f740d0809506/fastcrypto-zkp/src/bn254/verifier.rs#L146) omits these additional projective point conversions. Even though these conversions are redundant, it is noteworthy to add those for consistency between the implementations. 5. Currently, there are three functions responsible for proof verification: `verify_groth16_in_bytes`, `verify_groth16`, and `verify_with_processed_vk`. For stylistic consistency, it is suggested to relocate the `verify_with_processed_vk` function to the `api.rs` file and call it from within the `verify_groth16` function.