refactor: each command has own config controlled via file, env, cli

book/src/SUMMARY.md

@@ -28,7 +28,7 @@
   - [translate-witness](./translate-witness.md)
   - [generate-proof](./generate-proof.md)
   - [verify](./verify.md)
-  - [Network Config File](./network-config.md)
+  - [Configuration](./config.md)
 - [Examples](./examples.md)
     - [Poseidon](./poseidon.md)
     - [KYC](./kyc.md)

book/src/config.md

@@ -0,0 +1,91 @@
+# Configuration
+
+`co-circom` uses a configuration for general settings and network configuration.
+The configuration can be done via a config file, environment variables, and cli arguments.
+Values are loaded in hierarchical order `file < environment variables < cli args`.
+
+A path to the configuration file can be passed to all commands using `--config <CONFIG>`.
+Different commands have different required values that must be passed by file, env, or cli.
+The network section is only required for the commands `generate-witness`, `translate-witness` and `generate-proof`.
+
+## TOML File
+
+The configuration file is a TOML file with the following (non-exhaustive) structure:
+
+```toml
+protocol = "REP3"
+curve = "BN254"
+
+[compiler]
+allow_leaky_loops = false
+
+[vm]
+allow_leaky_logs = false
+
+[network]
+my_id = 0
+bind_addr = "0.0.0.0:10000"
+key_path = "data/key0.der"
+[[network.parties]]
+id = 0
+# normally we would use DNS name here such as localhost, but localhost under windows is resolved to ::1, which causes problems since we bind to ipv4 above
+dns_name = "127.0.0.1:10000"
+cert_path = "data/cert0.der"
+[[network.parties]]
+id = 1
+dns_name = "127.0.0.1:10001"
+cert_path = "data/cert1.der"
+[[network.parties]]
+id = 2
+dns_name = "127.0.0.1:10002"
+cert_path = "data/cert2.der"
+```
+
+See the example configuration in the `collaborative-circom/examples/configs` folder, with pre-generated certificates and keys in the `collaborative-circom/examples/data` folder.
+
+## Env Variables
+
+Environment variables use the prefix `COCIRCOM_`.
+The different types can be set as follows:
+
+* Boolean: `true`, `false` (e.g. `COCIRCOM_VAR=true`)
+* Strings/Enums: delimited by `"` (e.g. `COCIRCOM_VAR=\"foo\"`) or else (e.g. `COCIRCOM_VAR=foo`)
+* Arrays: delimited by `[]` (e.g. `COCIRCOM_VAR=[1, 2, 3]`)
+* Structs: as dictionary with `{key=value}` (e.g. `COCIRCOM_VAR={foo=1, bar=true}`)
+
+E.g. the protocol can be set with `COCIRCOM_PROTOCOL=BN254`.
+Structs such as the CompilerConfig can be set with `COCIRCOM_COMPILER={allow_leaky_loops=true}`.
+
+## Cli Arguments
+
+See [co-circom CLI](./co-circom.md)
+
+## Compiler Configuration
+
+This section is used to configure the co-circom MPC compiler.
+
+### Keys
+
+* `allow_leaky_loops`: used to allow leaking of secret values in loops, default: `false` (*currently not implemented*).
+
+## VM Configuration
+
+This section is used to configure the co-circom VM.
+
+### Keys
+
+* `allow_leaky_logs`: used to allow leaking of secret values logs, default: `false`.
+
+## Network Configuration
+
+`co-circom` requires a network configuration for establishing connections to other MPC parties for the `generate-witness` and `generate-proof` commands.
+
+### Keys
+
+* `my_id` is the party id of the party executing the `co-circom` binary using the configuration file.
+* `bind_addr` is the local socket address this party is binding to and listening for incoming connections from other parties.
+* `key_path` is a path to a DER encoded PKCS8 private key file corresponding to the public key used in the certificate for our party.
+* `parties` is an array of tables containing the public information of each MPC party.
+  * `id`: the party id of the MPC party
+  * `dns_name`: the hostname/port combination where the party is publicly reachable. The hostname must be the a valid CN or SNI in the used certificate.
+  * `cert_path`: a path to the DER encoded certificate (chain) file that is used to authenticate the connection with the party and is used to establish the secure communication channel.

book/src/examples.md

@@ -4,5 +4,5 @@ This section shows how to use the co-circom CLI to generate proofs for different
 circuits. Example bash scripts are available in the `examples` directory of the
 [co-circom repository](https://github.com/TaceoLabs/collaborative-circom/tree/main/collaborative-circom/examples).
 
-You will also find [network configs](./network-config.md), TLS keys, and sample
+You will also find [configs](./config.md), TLS keys, and sample
 inputs for these circuits.

book/src/generate-proof.md

@@ -16,10 +16,10 @@ The above command takes a witness share `test_vectors/poseidon/witness.wtns.0.sh
 $ co-circom generate-proof --help
 Evaluates the prover algorithm for the specified circuit and witness share in MPC
 
-Usage: co-circom generate-proof [OPTIONS] --config <CONFIG> --witness <WITNESS> --zkey <ZKEY> <PROOFSYSTEM>
+Usage: co-circom generate-proof [OPTIONS] <PROOF_SYSTEM>
 
 Arguments:
-  <PROOFSYSTEM>  [possible values: groth16, plonk]
+  <PROOF_SYSTEM>  The proof system to be used [possible values: groth16, plonk]
 
 Options:
       --config <CONFIG>              The path to the config file

book/src/generate-witness.md

@@ -16,15 +16,15 @@ The above command takes a shared input file `input.json.0.shared` for the circui
 $ co-circom generate-witness --help
 Evaluates the extended witness generation for the specified circuit and input share in MPC
 
-Usage: co-circom generate-witness [OPTIONS] --input <INPUT> --circuit <CIRCUIT> --protocol <PROTOCOL> --curve <CURVE> --config <CONFIG> --out <OUT>
+Usage: co-circom generate-witness [OPTIONS]
 
 Options:
+      --config <CONFIG>              The path to the config file
       --input <INPUT>                The path to the input share file
       --circuit <CIRCUIT>            The path to the circuit file
       --link-library <LINK_LIBRARY>  The path to Circom library files
       --protocol <PROTOCOL>          The MPC protocol to be used [possible values: REP3, SHAMIR]
       --curve <CURVE>                The pairing friendly curve to be used [possible values: BN254, BLS12-381]
-      --config <CONFIG>              The path to MPC network configuration file
       --out <OUT>                    The output file where the final witness share is written to
-  -h, --help                         Print help
+  -h, --help                         Print help (see more with '--help')
 ```

book/src/merge-input-shares.md

@@ -18,12 +18,13 @@ The above command takes the two input shares `input0.json.0.shared` and `input1.
 co-circom merge-input-shares --help
 Merge multiple shared inputs received from multiple parties into a single one
 
-Usage: co-circom merge-input-shares [OPTIONS] --protocol <PROTOCOL> --curve <CURVE> --out <OUT>
+Usage: co-circom merge-input-shares [OPTIONS]
 
 Options:
+      --config <CONFIG>      The path to the config file
       --inputs <INPUTS>      The path to the input JSON file
       --protocol <PROTOCOL>  The MPC protocol to be used [possible values: REP3, SHAMIR]
       --curve <CURVE>        The pairing friendly curve to be used [possible values: BN254, BLS12-381]
       --out <OUT>            The output file where the merged input share is written to
-  -h, --help                 Print help
+  -h, --help                 Print help (see more with '--help')
 ```

book/src/quick_start.md

@@ -72,21 +72,22 @@ This command secret shares the private inputs (everything that is not explicitly
 
 Now we have to compute the extended witness. In a real-world setting you would have to send the input files from the previous step to the parties.
 
-To achieve that we need another config file for every party, namely the network config (you can read an in-depth explanation about the config at [here](./network-config.md)). You can copy-paste the config from here and call it `party0.toml` for party0 and so on:
+To achieve that we need a network config for every party (you can read an in-depth explanation about the config at [here](./config.md)). You can copy-paste the config from here and call it `party0.toml` for party0 and so on:
 
 ```toml
+[network]
 my_id = 0
 bind_addr = "0.0.0.0:10000"
 key_path = "data/key0.der"
-[[parties]]
+[[network.parties]]
 id = 0
 dns_name = "localhost:10000"
 cert_path = "data/cert0.der"
-[[parties]]
+[[network.parties]]
 id = 1
 dns_name = "localhost:10001"
 cert_path = "data/cert1.der"
-[[parties]]
+[[network.parties]]
 id = 2
 dns_name = "localhost:10002"
 cert_path = "data/cert2.der"

book/src/split-input.md

@@ -18,14 +18,15 @@ These shares can be handed to the 3 different MPC parties for the witness genera
 $ co-circom split-input --help
 Splits a JSON input file into secret shares for use in MPC
 
-Usage: co-circom split-input [OPTIONS] --input <INPUT> --circuit <CIRCUIT> --protocol <PROTOCOL> --curve <CURVE> --out-dir <OUT_DIR>
+Usage: co-circom split-input [OPTIONS]
 
 Options:
+      --config <CONFIG>              The path to the config file
       --input <INPUT>                The path to the input JSON file
       --circuit <CIRCUIT>            The path to the circuit file
       --link-library <LINK_LIBRARY>  The path to Circom library files
       --protocol <PROTOCOL>          The MPC protocol to be used [possible values: REP3, SHAMIR]
       --curve <CURVE>                The pairing friendly curve to be used [possible values: BN254, BLS12-381]
       --out-dir <OUT_DIR>            The path to the (existing) output directory
-  -h, --help                         Print help
+  -h, --help                         Print help (see more with '--help')
 ```

book/src/split-witness.md

@@ -18,15 +18,16 @@ These shares can be handed to the 3 different MPC parties for the proof generati
 $ co-circom split-witness --help
 Splits an existing witness file generated by Circom into secret shares for use in MPC
 
-Usage: co-circom split-witness [OPTIONS] --witness <WITNESS> --r1cs <R1CS> --protocol <PROTOCOL> --curve <CURVE> --out-dir <OUT_DIR>
+Usage: co-circom split-witness [OPTIONS]
 
 Options:
+      --config <CONFIG>            The path to the config file
       --witness <WITNESS>          The path to the input witness file generated by Circom
       --r1cs <R1CS>                The path to the r1cs file, generated by Circom compiler
       --protocol <PROTOCOL>        The MPC protocol to be used [possible values: REP3, SHAMIR]
       --curve <CURVE>              The pairing friendly curve to be used [possible values: BN254, BLS12-381]
       --out-dir <OUT_DIR>          The path to the (existing) output directory
   -t, --threshold <THRESHOLD>      The threshold of tolerated colluding parties [default: 1]
   -n, --num-parties <NUM_PARTIES>  The number of parties [default: 3]
-  -h, --help                       Print help
+  -h, --help                       Print help (see more with '--help')
 ```

book/src/translate-witness.md

@@ -8,17 +8,19 @@ The aim of the `translate-witness` command is to take a witness file `witness.wt
 co-circom translate-witness --witness test_vectors/poseidon/witness.wtns --src-protocol REP3 --target-protocol SHAMIR --curve BN254 --config configs/party1.toml --out test_vectors/poseidon/shamir_witness.wtns
 ```
 
-The above command takes the witness file `test_vectors/poseidon/witness.wtns` which was generated with the source MPC protocol `REP3` and translates it to the witness file `test_vectors/poseidon/shamir_witness.wtns` which is suitable for the target MPC protocol `SHAMIR`. The translation process requires network interaction, thus a [networking config](./network-config.md) is required as well.
+The above command takes the witness file `test_vectors/poseidon/witness.wtns` which was generated with the source MPC protocol `REP3` and translates it to the witness file `test_vectors/poseidon/shamir_witness.wtns` which is suitable for the target MPC protocol `SHAMIR`. The translation process requires network interaction, thus a [networking config](./config.md) is required as well.
 
 ## Reference
 
 ```txt
 $ co-circom translate-witness --help
 Translates the witness generated with one MPC protocol to a witness for a different one
 
-Usage: co-circom translate-witness --witness <WITNESS> --src-protocol <SRC_PROTOCOL> --target-protocol <TARGET_PROTOCOL> --curve <CURVE> --config <CONFIG> --out <OUT>
+Usage: co-circom translate-witness [OPTIONS]
 
 Options:
+      --config <CONFIG>
+          The path to the config file
       --witness <WITNESS>
           The path to the witness share file
       --src-protocol <SRC_PROTOCOL>
@@ -27,10 +29,8 @@ Options:
           The MPC protocol to be used for the proof generation [possible values: REP3, SHAMIR]
       --curve <CURVE>
           The pairing friendly curve to be used [possible values: BN254, BLS12-381]
-      --config <CONFIG>
-          The path to MPC network configuration file
       --out <OUT>
           The output file where the final witness share is written to
   -h, --help
-          Print help
+          Print help (see more with '--help')
 ```

book/src/verify.md

@@ -15,10 +15,10 @@ The above command verifies the proof in `proof.json` using the verification key
 ```txt
 Verification of a Circom proof
 
-Usage: co-circom verify [OPTIONS] --config <CONFIG> --proof <PROOF> --vk <VK> --public-input <PUBLIC_INPUT> <PROOFSYSTEM>
+Usage: co-circom verify [OPTIONS] <PROOF_SYSTEM>
 
 Arguments:
-  <PROOFSYSTEM>  [possible values: groth16, plonk]
+  <PROOF_SYSTEM>  The proof system to be used [possible values: groth16, plonk]
 
 Options:
       --config <CONFIG>              The path to the config file

collaborative-circom/examples/groth16/cleanup.sh

@@ -0,0 +1,4 @@
+# rm all proof files
+rm proof.0.json proof.1.json proof.2.json
+# delete all shared files
+find . -name "*.shared" -type f -delete

collaborative-circom/examples/groth16/run_full_kyc.sh

@@ -1,5 +1,5 @@
 # split input into shares
-cargo run --release --bin co-circom -- split-input --config ../configs/config.toml --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --input test_vectors/kyc/input.json --protocol REP3 --curve BN254 --out-dir test_vectors/kyc
+cargo run --release --bin co-circom -- split-input --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --input test_vectors/kyc/input.json --protocol REP3 --curve BN254 --out-dir test_vectors/kyc
 # run witness extension in MPC
 cargo run --release --bin co-circom -- generate-witness --input test_vectors/kyc/input.json.0.shared --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --protocol REP3 --curve BN254 --config ../configs/party1.toml --out test_vectors/kyc/witness.wtns.0.shared &
 cargo run --release --bin co-circom -- generate-witness --input test_vectors/kyc/input.json.1.shared --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --protocol REP3 --curve BN254 --config ../configs/party2.toml --out test_vectors/kyc/witness.wtns.1.shared &
@@ -9,4 +9,4 @@ cargo run --release --bin co-circom -- generate-proof groth16 --witness test_vec
 cargo run --release --bin co-circom -- generate-proof groth16 --witness test_vectors/kyc/witness.wtns.1.shared --zkey test_vectors/kyc/bn254/kyc.zkey --protocol REP3 --curve BN254 --config ../configs/party2.toml --out proof.1.json &
 cargo run --release --bin co-circom -- generate-proof groth16 --witness test_vectors/kyc/witness.wtns.2.shared --zkey test_vectors/kyc/bn254/kyc.zkey --protocol REP3 --curve BN254 --config ../configs/party3.toml --out proof.2.json
 # verify proof
-cargo run --release --bin co-circom -- verify groth16 --config ../configs/config.toml --proof proof.0.json --vk test_vectors/kyc/bn254/verification_key.json --public-input public_input.json --curve BN254
+cargo run --release --bin co-circom -- verify groth16 --proof proof.0.json --vk test_vectors/kyc/bn254/verification_key.json --public-input public_input.json --curve BN254

collaborative-circom/examples/groth16/run_full_kyc_shamir_bls.sh

@@ -1,5 +1,5 @@
 # split input into shares
-cargo run --release --bin co-circom -- split-input --config ../configs/config.toml --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --input test_vectors/kyc/input.json --protocol REP3 --curve BLS12-381 --out-dir test_vectors/kyc
+cargo run --release --bin co-circom -- split-input --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --input test_vectors/kyc/input.json --protocol REP3 --curve BLS12-381 --out-dir test_vectors/kyc
 # run witness extension in MPC
 cargo run --release --bin co-circom -- generate-witness --input test_vectors/kyc/input.json.0.shared --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --protocol REP3 --curve BLS12-381 --config ../configs/party1.toml --out test_vectors/kyc/witness.wtns.0.shared &
 cargo run --release --bin co-circom -- generate-witness --input test_vectors/kyc/input.json.1.shared --circuit test_vectors/kyc/circuit.circom --link-library test_vectors/kyc/lib --protocol REP3 --curve BLS12-381 --config ../configs/party2.toml --out test_vectors/kyc/witness.wtns.1.shared &
@@ -13,4 +13,4 @@ cargo run --release --bin co-circom -- generate-proof groth16 --witness test_vec
 cargo run --release --bin co-circom -- generate-proof groth16 --witness test_vectors/kyc/shamir_witness.wtns.1.shared --zkey test_vectors/kyc/bls12/kyc.zkey --protocol SHAMIR --curve BLS12-381 --config ../configs/party2.toml --out proof.1.json &
 cargo run --release --bin co-circom -- generate-proof groth16 --witness test_vectors/kyc/shamir_witness.wtns.2.shared --zkey test_vectors/kyc/bls12/kyc.zkey --protocol SHAMIR --curve BLS12-381 --config ../configs/party3.toml --out proof.2.json
 # verify proof
-cargo run --release --bin co-circom -- verify groth16 --config ../configs/config.toml --proof proof.0.json --vk test_vectors/kyc/bls12/verification_key.json --public-input public_input.json --curve BLS12-381
+cargo run --release --bin co-circom -- verify groth16 --proof proof.0.json --vk test_vectors/kyc/bls12/verification_key.json --public-input public_input.json --curve BLS12-381