Fe contains (#145)

* Contains should take three arguments (root, key, value) * Add a test for frontend Dictionaries * Separate frontend and middleware operations * Make tests pass: add arg to contains * Cargo fmt * Merkleproof verify circuit (#143) * merkletree: add keypath circuit * merkletree-circuit: implement proof of existence verification in-circuit * parametrize max_depth at the tree circuit * Constrain selectors in-circuit * implement merketree nonexistence proof circuit, and add edgecase tests * add non-existence proofs documentation in the mdbook, mv EMPTY->EMPTY_VALUE & NULL->EMPTY_HASH, dependency clean and public exposure methods * review comments, some extra polishing and add a test that expects wrong proofs to fail * Add circuit to check only merkleproofs-of-existence With this, the merkletree_circuit module offers two different circuits: - `MerkleProofCircuit`: allows to verify both proofs of existence and proofs non-existence with the same circuit. - `MerkleProofExistenceCircuit`: allows to verify proofs of existence only. In this way, if only proofs of existence are needed, `MerkleProofExistenceCircuit` should be used, which requires less amount of constraints than `MerkleProofCircuit`. * Code review --------- Co-authored-by: Ahmad <root@ahmadafuni.com> * Towards Contains/NotContains in middleware and backend * Fix build * Adding error handling to deal with op compile introduce extra ops * Incorporate Merkle proofs into MockMainPod * Merkleproof verify circuit (#143) * merkletree: add keypath circuit * merkletree-circuit: implement proof of existence verification in-circuit * parametrize max_depth at the tree circuit * Constrain selectors in-circuit * implement merketree nonexistence proof circuit, and add edgecase tests * add non-existence proofs documentation in the mdbook, mv EMPTY->EMPTY_VALUE & NULL->EMPTY_HASH, dependency clean and public exposure methods * review comments, some extra polishing and add a test that expects wrong proofs to fail * Add circuit to check only merkleproofs-of-existence With this, the merkletree_circuit module offers two different circuits: - `MerkleProofCircuit`: allows to verify both proofs of existence and proofs non-existence with the same circuit. - `MerkleProofExistenceCircuit`: allows to verify proofs of existence only. In this way, if only proofs of existence are needed, `MerkleProofExistenceCircuit` should be used, which requires less amount of constraints than `MerkleProofCircuit`. * Code review --------- Co-authored-by: Ahmad <root@ahmadafuni.com> * Towards Contains/NotContains in middleware and backend * Frontend compound types -- allow one frontend operation to produce multiple middleware statements (in progress) * Incorporate Merkle proofs into MockMainPod * Incorporate Merkle proof op arg into frontend * Compile one statement to many, in progress * Fix remaining tests * Minor clean-up * Oops I did a bunch of work in the middle of a rebase, committing * Incorporate Merkle proof op arg into frontend * still working on frontend compound types, refactor compile() to output multiple statements * Contains statements for frontend types: code compiles * Tests pass * Examples use front-end compound types * Remove old Contains and NotContains from frontend * Add nin to typos * Code review --------- Co-authored-by: arnaucube <git@arnaucube.com> Co-authored-by: Ahmad <root@ahmadafuni.com>
2025-03-26 17:54:58 -07:00 · 2025-03-26 17:54:58 -07:00 · d00ff95f41
commit d00ff95f41
parent d6033b7090
16 changed files with 789 additions and 162 deletions
--- a/src/frontend/containers.rs
+++ b/src/frontend/containers.rs
@ -19,7 +19,12 @@ pub struct Set(Vec<Value>, #[serde(skip)] MiddlewareSet);

 impl Set {
    pub fn new(values: Vec<Value>) -> Result<Self> {
-        let set = MiddlewareSet::new(&values.iter().map(|v| MiddlewareValue::from(v)).collect())?;
+        let set = MiddlewareSet::new(
+            &values
+                .iter()
+                .map(|v| MiddlewareValue::from(v))
+                .collect::<Vec<_>>(),
+        )?;
        Ok(Self(values, set))
    }

@ -85,8 +90,12 @@ pub struct Array(Vec<Value>, #[serde(skip)] MiddlewareArray);

 impl Array {
    pub fn new(values: Vec<Value>) -> Result<Self> {
-        let array =
-            MiddlewareArray::new(&values.iter().map(|v| MiddlewareValue::from(v)).collect())?;
+        let array = MiddlewareArray::new(
+            &values
+                .iter()
+                .map(|v| MiddlewareValue::from(v))
+                .collect::<Vec<_>>(),
+        )?;
        Ok(Self(values, array))
    }

--- a/src/frontend/mod.rs
+++ b/src/frontend/mod.rs
@ -3,10 +3,9 @@

 use crate::frontend::serialization::*;
 use crate::middleware::{
-    self, hash_str, Hash, MainPodInputs, NativeOperation, NativePredicate, Params, PodId,
-    PodProver, PodSigner, SELF,
+    self, hash_str, Hash, MainPodInputs, Params, PodId, PodProver, PodSigner, SELF,
 };
-use crate::middleware::{OperationType, Predicate, KEY_SIGNER, KEY_TYPE};
+use crate::middleware::{KEY_SIGNER, KEY_TYPE};
 use anyhow::{anyhow, Error, Result};
 use containers::{Array, Dictionary, Set};
 use env_logger;
@ -18,13 +17,17 @@ use std::collections::HashMap;
 use std::convert::From;
 use std::{fmt, hash as h};

+use crate::middleware::{hash_value, OperationAux, EMPTY_VALUE};
+
 pub mod containers;
 mod custom;
 mod operation;
+mod predicate;
 mod serialization;
 mod statement;
 pub use custom::*;
 pub use operation::*;
+pub use predicate::*;
 pub use statement::*;

 /// This type is just for presentation purposes.
@ -122,6 +125,12 @@ impl From<middleware::Value> for Value {
    }
 }

+impl From<middleware::Hash> for Value {
+    fn from(v: middleware::Hash) -> Self {
+        Self::Raw(v.into())
+    }
+}
+
 impl TryInto<i64> for Value {
    type Error = Error;
    fn try_into(self) -> std::result::Result<i64, Self::Error> {
@ -405,9 +414,9 @@ impl MainPodBuilder {
        self.op(false, op)
    }

-    fn op(&mut self, public: bool, mut op: Operation) -> Result<Statement> {
+    fn op(&mut self, public: bool, mut op: Operation) -> Result<Statement, anyhow::Error> {
        use NativeOperation::*;
-        let Operation(op_type, ref mut args) = &mut op;
+        let Operation(op_type, ref mut args, _) = &mut op;
        // TODO: argument type checking
        let pred = op_type
            .output_predicate()
@ -486,8 +495,6 @@ impl MainPodBuilder {
                        return Err(anyhow!("Invalid arguments to lt-to-neq operation"));
                    }
                },
-                ContainsFromEntries => self.op_args_entries(public, args)?,
-                NotContainsFromEntries => self.op_args_entries(public, args)?,
                SumOf => match (args[0].clone(), args[1].clone(), args[2].clone()) {
                    (
                        OperationArg::Statement(Statement {
@ -635,12 +642,17 @@ impl MainPodBuilder {
                        return Err(anyhow!("Invalid arguments to operation"));
                    }
                },
+                DictContainsFromEntries => self.op_args_entries(public, args)?,
+                DictNotContainsFromEntries => self.op_args_entries(public, args)?,
+                SetContainsFromEntries => self.op_args_entries(public, args)?,
+                SetNotContainsFromEntries => self.op_args_entries(public, args)?,
+                ArrayContainsFromEntries => self.op_args_entries(public, args)?,
            },
            OperationType::Custom(cpr) => {
                // All args should be statements to be pattern matched against statement templates.
                let args = args.iter().map(
                    |a| match a {
-                        OperationArg::Statement(s) => middleware::Statement::try_from(s.clone()),
+                        OperationArg::Statement(s) => Ok(middleware::Statement::try_from(s.clone())?),
                            _ => Err(anyhow!("Invalid argument {} to operation corresponding to custom predicate {:?}.", a, cpr))
                    }
                ).collect::<Result<Vec<_>>>()?;
@ -712,6 +724,7 @@ impl MainPodBuilder {
            Operation(
                OperationType::Native(NativeOperation::NewEntry),
                vec![OperationArg::Entry(k.clone(), v)],
+                OperationAux::None,
            ),
        )
    }
@ -843,6 +856,13 @@ struct MainPodCompiler {
    // Output
    statements: Vec<middleware::Statement>,
    operations: Vec<middleware::Operation>,
+    // Internal state
+    // Tracks literal constants assigned to ValueOf statements by self.literal()
+    // If `val` has been added as a literal,
+    // then `self.literals.get(&val)` returns `Some(idx)`, and
+    // then `self.statements[idx]` is the ValueOf statement
+    // where it was introduced.
+    literals: HashMap<middleware::Value, usize>,
 }

 impl MainPodCompiler {
@ -851,6 +871,7 @@ impl MainPodCompiler {
            params: params.clone(),
            statements: Vec::new(),
            operations: Vec::new(),
+            literals: HashMap::new(),
        }
    }

@ -876,34 +897,154 @@ impl MainPodCompiler {
        }
    }

-    fn compile_st(&self, st: &Statement) -> Result<middleware::Statement> {
+    // Introduces a literal value if it hasn't been introduced,
+    // or else returns the existing ValueOf statement where it was first introduced.
+    // TODO: this might produce duplicate keys, fix
+    fn literal<V: Clone + Into<middleware::Value>>(&mut self, val: V) -> &middleware::Statement {
+        let val: middleware::Value = val.into();
+        match self.literals.get(&val) {
+            Some(idx) => &self.statements[*idx],
+            None => {
+                let ak = middleware::AnchoredKey(SELF, hash_value(&val));
+                let st = middleware::Statement::ValueOf(ak, val);
+                let op = middleware::Operation::NewEntry;
+                self.statements.push(st);
+                self.operations.push(op);
+                self.statements.last().unwrap()
+            }
+        }
+    }
+
+    // Returns the existing ValueOf statement where it was first introduced,
+    // or None if it does not exist.
+    fn get_literal<V: Clone + Into<middleware::Value>>(
+        &self,
+        val: V,
+    ) -> Option<&middleware::Statement> {
+        let val: middleware::Value = val.into();
+        match self.literals.get(&val) {
+            Some(idx) => Some(&self.statements[*idx]),
+            None => None,
+        }
+    }
+
+    // This function handles cases where one frontend statement
+    // compiles to multiple middleware statements.
+    // For example: DictContains(x, y) on the frontend compiles to:
+    // ValueOf(empty, EMPTY_VALUE)
+    // Contains(x, y, empty)
+    fn manual_compile_st_op(&mut self, st: &Statement, op: &Operation) -> Result<()> {
+        match st.predicate {
+            Predicate::Native(NativePredicate::DictContains) => {
+                let empty_st = self.literal(EMPTY_VALUE).clone();
+                let empty_ak = match empty_st {
+                    middleware::Statement::ValueOf(ak, _) => ak,
+                    _ => unreachable!(),
+                };
+                let (ak1, ak2) = match (st.args.get(0).cloned(), st.args.get(1).cloned()) {
+                    (Some(StatementArg::Key(ak1)), Some(StatementArg::Key(ak2))) => (ak1, ak2),
+                    _ => Err(anyhow!("Ill-formed statement: {}", st))?,
+                };
+                let middle_st =
+                    middleware::Statement::Contains(ak1.into(), ak2.into(), empty_ak.clone());
+                let middle_op = middleware::Operation::ContainsFromEntries(
+                    match &op.1[0] {
+                        OperationArg::Statement(s) => self.compile_st(&s)?,
+                        _ => Err(anyhow!("Statement compile failed in manual compile"))?,
+                    },
+                    match &op.1[1] {
+                        OperationArg::Statement(s) => self.compile_st(&s)?,
+                        _ => Err(anyhow!("Statement compile failed in manual compile"))?,
+                    },
+                    empty_st,
+                    match &op.2 {
+                        OperationAux::MerkleProof(mp) => mp.clone(),
+                        _ => {
+                            return Err(anyhow!(
+                                "Auxiliary argument to DictContainsFromEntries must be Merkle proof"
+                            ));
+                        }
+                    },
+                );
+                self.statements.push(middle_st);
+                self.operations.push(middle_op);
+                assert_eq!(self.statements.len(), self.operations.len());
+                Ok(())
+            }
+            _ => unreachable!(),
+        }
+    }
+
+    // If the frontend statement `st` compiles to a single middleware statement,
+    // returns that middleware statement.
+    // If it compiles to multiple middlewarestatements, returns StatementConversionError.
+    // This is only a helper method within compile_st_op().
+    // If you want to compile a statement in general, run compile_st().
+    fn compile_st_try_simple(
+        &self,
+        st: &Statement,
+    ) -> Result<middleware::Statement, StatementConversionError> {
        st.clone().try_into()
    }

+    // Compiles the frontend statement `st` to a middleware statement.
+    // This function assumes the middleware statement already exists --
+    // it should not be called from compile_st_op.
+    fn compile_st(&self, st: &Statement) -> Result<middleware::Statement> {
+        match self.compile_st_try_simple(st) {
+            Ok(s) => Ok(s),
+            Err(StatementConversionError::Error(e)) => Err(e),
+            Err(StatementConversionError::MCR(_)) => {
+                let empty_st = self
+                    .get_literal(EMPTY_VALUE)
+                    .clone()
+                    .ok_or(anyhow!("Literal value not found for empty literal."))?;
+                let empty_ak = match empty_st {
+                    middleware::Statement::ValueOf(ak, _) => ak,
+                    _ => unreachable!(),
+                };
+                let (ak1, ak2) = match (st.args.get(0).cloned(), st.args.get(1).cloned()) {
+                    (Some(StatementArg::Key(ak1)), Some(StatementArg::Key(ak2))) => (ak1, ak2),
+                    _ => Err(anyhow!("Ill-formed statement: {}", st))?,
+                };
+                let middle_st =
+                    middleware::Statement::Contains(ak1.into(), ak2.into(), empty_ak.clone());
+                Ok(middle_st)
+            }
+        }
+    }
+
    fn compile_op(&self, op: &Operation) -> Result<middleware::Operation> {
-        // TODO
-        let mop_code: OperationType = op.0.clone();
+        let mop_code: middleware::OperationType = op.0.clone().try_into()?;
+
+        // TODO: Take Merkle proof into account.
        let mop_args =
            op.1.iter()
-                .flat_map(|arg| self.compile_op_arg(arg).map(|s| Ok(s.try_into()?)))
-                .collect::<Result<Vec<middleware::Statement>>>()?;
-        middleware::Operation::op(mop_code, &mop_args)
+                .flat_map(|arg| self.compile_op_arg(arg).map(|op_arg| Ok(op_arg)))
+                .collect::<Result<Vec<_>>>()?;
+        middleware::Operation::op(mop_code, &mop_args, &op.2)
    }

    fn compile_st_op(&mut self, st: &Statement, op: &Operation, params: &Params) -> Result<()> {
-        let middle_st = self.compile_st(st)?;
-        let middle_op = self.compile_op(op)?;
-        let is_correct = middle_op.check(params, &middle_st)?;
-        if !is_correct {
-            // todo: improve error handling
-            Err(anyhow!(
-                "Compile failed due to invalid deduction:\n {} ⇏ {}",
-                middle_op,
-                middle_st
-            ))
-        } else {
-            self.push_st_op(middle_st, middle_op);
-            Ok(())
+        let middle_st_res = self.compile_st_try_simple(st);
+        match middle_st_res {
+            Ok(middle_st) => {
+                let middle_op = self.compile_op(op)?;
+                let is_correct = middle_op.check(params, &middle_st)?;
+                if !is_correct {
+                    // todo: improve error handling
+                    Err(anyhow!(
+                        "Compile failed due to invalid deduction:\n {} ⇏ {}",
+                        middle_op,
+                        middle_st
+                    ))
+                } else {
+                    self.push_st_op(middle_st, middle_op);
+                    Ok(())
+                }
+            }
+            Err(StatementConversionError::Error(e)) => Err(e),
+            Err(StatementConversionError::MCR(_)) => self.manual_compile_st_op(st, op),
        }
    }

@ -950,55 +1091,66 @@ pub mod build_utils {
    #[macro_export]
    macro_rules! op {
        (new_entry, ($key:expr, $value:expr)) => { $crate::frontend::Operation(
-            $crate::middleware::OperationType::Native($crate::middleware::NativeOperation::NewEntry),
-            $crate::op_args!(($key, $value))) };
+            $crate::frontend::OperationType::Native($crate::frontend::NativeOperation::NewEntry),
+            $crate::op_args!(($key, $value)), crate::middleware::OperationAux::None) };
        (eq, $($arg:expr),+) => { $crate::frontend::Operation(
-            $crate::middleware::OperationType::Native($crate::middleware::NativeOperation::EqualFromEntries),
-            $crate::op_args!($($arg),*)) };
+            $crate::frontend::OperationType::Native($crate::frontend::NativeOperation::EqualFromEntries),
+            $crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (ne, $($arg:expr),+) => { $crate::frontend::Operation(
-            $crate::middleware::OperationType::Native($crate::middleware::NativeOperation::NotEqualFromEntries),
-            $crate::op_args!($($arg),*)) };
+            $crate::frontend::OperationType::Native($crate::frontend::NativeOperation::NotEqualFromEntries),
+            $crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (gt, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::GtFromEntries),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::GtFromEntries),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (lt, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::LtFromEntries),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::LtFromEntries),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (transitive_eq, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::TransitiveEqualFromStatements),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::TransitiveEqualFromStatements),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (gt_to_ne, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::GtToNotEqual),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::GtToNotEqual),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (lt_to_ne, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::LtToNotEqual),
-            crate::op_args!($($arg),*)) };
-        (contains, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::ContainsFromEntries),
-            crate::op_args!($($arg),*)) };
-        (not_contains, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::NotContainsFromEntries),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::LtToNotEqual),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (sum_of, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::SumOf),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::SumOf),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (product_of, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::ProductOf),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::ProductOf),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (max_of, $($arg:expr),+) => { crate::frontend::Operation(
-            crate::middleware::OperationType::Native(crate::middleware::NativeOperation::MaxOf),
-            crate::op_args!($($arg),*)) };
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::MaxOf),
+            crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
        (custom, $op:expr, $($arg:expr),+) => { $crate::frontend::Operation(
-            $crate::middleware::OperationType::Custom($op),
-            $crate::op_args!($($arg),*)) };
+            $crate::frontend::OperationType::Custom($op),
+            $crate::op_args!($($arg),*), crate::middleware::OperationAux::None) };
+        (dict_contains, $dict:expr, $key:expr, $value:expr, $aux:expr) => { crate::frontend::Operation(
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::DictContainsFromEntries),
+            crate::op_args!($dict, $key, $value), crate::middleware::OperationAux::MerkleProof($aux)) };
+        (dict_not_contains, $dict:expr, $key:expr, $aux:expr) => { crate::frontend::Operation(
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::DictNotContainsFromEntries),
+            crate::op_args!($dict, $key), crate::middleware::OperationAux::MerkleProof($aux)) };
+        (set_contains, $set:expr, $value:expr, $aux:expr) => { crate::frontend::Operation(
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::SetContainsFromEntries),
+            crate::op_args!($set, $value), crate::middleware::OperationAux::MerkleProof($aux)) };
+        (set_not_contains, $set:expr, $value:expr, $aux:expr) => { crate::frontend::Operation(
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::SetNotContainsFromEntries),
+            crate::op_args!($set, $value), crate::middleware::OperationAux::MerkleProof($aux)) };
+        (array_contains, $array:expr, $value:expr, $aux:expr) => { crate::frontend::Operation(
+            crate::frontend::OperationType::Native(crate::frontend::NativeOperation::ArrayContainsFromEntries),
+            crate::op_args!($array, $value), crate::middleware::OperationAux::MerkleProof($aux)) };
    }
 }

 #[cfg(test)]
 pub mod tests {
    use super::*;
+    use crate::backends::plonky2::basetypes;
    use crate::backends::plonky2::mock::mainpod::MockProver;
    use crate::backends::plonky2::mock::signedpod::MockSigner;
+    use crate::backends::plonky2::primitives::merkletree::MerkleTree;
    use crate::examples::{
        eth_dos_pod_builder, eth_friend_signed_pod_builder, great_boy_pod_full_flow,
        tickets_pod_full_flow, zu_kyc_pod_builder, zu_kyc_sign_pod_builders,
@ -1007,8 +1159,12 @@ pub mod tests {
    // Check that frontend public statements agree with those
    // embedded in a MainPod.
    fn check_public_statements(pod: &MainPod) -> Result<()> {
-        std::iter::zip(pod.public_statements.clone(), pod.pod.pub_statements()).try_for_each(
-            |(fes, s)| crate::middleware::Statement::try_from(fes).map(|fes| assert_eq!(fes, s)),
+        Ok(
+            std::iter::zip(pod.public_statements.clone(), pod.pod.pub_statements()).try_for_each(
+                |(fes, s)| {
+                    crate::middleware::Statement::try_from(fes).map(|fes| assert_eq!(fes, s))
+                },
+            )?,
        )
    }

@ -1041,7 +1197,9 @@ pub mod tests {
    #[test]
    fn test_front_zu_kyc() -> Result<()> {
        let params = Params::default();
-        let (gov_id, pay_stub, sanction_list) = zu_kyc_sign_pod_builders(&params);
+        let sanctions_values = vec!["A343434340".into()];
+        let sanction_set = Value::Set(Set::new(sanctions_values)?);
+        let (gov_id, pay_stub, sanction_list) = zu_kyc_sign_pod_builders(&params, &sanction_set);

        println!("{}", gov_id);
        println!("{}", pay_stub);
@ -1164,6 +1322,7 @@ pub mod tests {
                OperationArg::from((&signed_pod, "a")),
                OperationArg::from((&signed_pod, "b")),
            ],
+            OperationAux::None,
        );
        let st1 = builder.op(true, op_eq1).unwrap();
        let op_eq2 = Operation(
@ -1172,12 +1331,14 @@ pub mod tests {
                OperationArg::from((&signed_pod, "b")),
                OperationArg::from((&signed_pod, "a")),
            ],
+            OperationAux::None,
        );
        let st2 = builder.op(true, op_eq2).unwrap();

        let op_eq3 = Operation(
            OperationType::Native(NativeOperation::TransitiveEqualFromStatements),
            vec![OperationArg::Statement(st1), OperationArg::Statement(st2)],
+            OperationAux::None,
        );
        let st3 = builder.op(true, op_eq3);

@ -1214,6 +1375,58 @@ pub mod tests {
    }

    #[test]
+    fn test_dictionaries() -> Result<()> {
+        let params = Params::default();
+        let mut builder = SignedPodBuilder::new(&params);
+
+        type BeValue = basetypes::Value;
+        let mut my_dict_kvs: HashMap<String, Value> = HashMap::new();
+        my_dict_kvs.insert("a".to_string(), Value::from(1));
+        my_dict_kvs.insert("b".to_string(), Value::from(2));
+        my_dict_kvs.insert("c".to_string(), Value::from(3));
+        //        let my_dict_as_mt = MerkleTree::new(5, &my_dict_kvs).unwrap();
+        //        let dict = Dictionary { mt: my_dict_as_mt };
+        let dict = Dictionary::new(my_dict_kvs)?;
+        let dict_root = Value::Dictionary(dict.clone());
+        builder.insert("dict", dict_root);
+
+        let mut signer = MockSigner {
+            pk: "signer".into(),
+        };
+        let pod = builder.sign(&mut signer).unwrap();
+
+        let mut builder = MainPodBuilder::new(&params);
+        builder.add_signed_pod(&pod);
+        let st0 = Statement::from((&pod, "dict"));
+        let st1 = builder.op(true, op!(new_entry, ("key", "a"))).unwrap();
+        let st2 = builder.literal(false, &Value::Int(1)).unwrap();
+
+        builder
+            .pub_op(Operation(
+                // OperationType
+                OperationType::Native(NativeOperation::DictContainsFromEntries),
+                // Vec<OperationArg>
+                vec![
+                    OperationArg::Statement(st0),
+                    OperationArg::Statement(st1),
+                    OperationArg::Statement(st2),
+                ],
+                OperationAux::MerkleProof(
+                    dict.middleware_dict()
+                        .prove(&Hash::from("a").into())
+                        .unwrap()
+                        .1,
+                ),
+            ))
+            .unwrap();
+        let mut main_prover = MockProver {};
+        let main_pod = builder.prove(&mut main_prover, &params).unwrap();
+
+        println!("{}", main_pod);
+
+        Ok(())
+    }
+
    #[should_panic]
    fn test_incorrect_pod() {
        // try to insert the same key multiple times
@ -1234,7 +1447,11 @@ pub mod tests {
                    StatementArg::Literal(Value::Int(3)),
                ],
            ),
-            Operation(OperationType::Native(NativeOperation::NewEntry), vec![]),
+            Operation(
+                OperationType::Native(NativeOperation::NewEntry),
+                vec![],
+                OperationAux::None,
+            ),
        ));
        builder.insert((
            Statement::new(
@ -1247,7 +1464,11 @@ pub mod tests {
                    StatementArg::Literal(Value::Int(28)),
                ],
            ),
-            Operation(OperationType::Native(NativeOperation::NewEntry), vec![]),
+            Operation(
+                OperationType::Native(NativeOperation::NewEntry),
+                vec![],
+                OperationAux::None,
+            ),
        ));

        let mut prover = MockProver {};
@ -1283,11 +1504,19 @@ pub mod tests {

        builder.insert((
            value_of_a.clone(),
-            Operation(OperationType::Native(NativeOperation::NewEntry), vec![]),
+            Operation(
+                OperationType::Native(NativeOperation::NewEntry),
+                vec![],
+                OperationAux::None,
+            ),
        ));
        builder.insert((
            value_of_b.clone(),
-            Operation(OperationType::Native(NativeOperation::NewEntry), vec![]),
+            Operation(
+                OperationType::Native(NativeOperation::NewEntry),
+                vec![],
+                OperationAux::None,
+            ),
        ));
        builder.insert((
            Statement::new(
@ -1300,6 +1529,7 @@ pub mod tests {
                    OperationArg::Statement(value_of_a),
                    OperationArg::Statement(value_of_b),
                ],
+                OperationAux::None,
            ),
        ));

--- a/src/frontend/operation.rs
+++ b/src/frontend/operation.rs
@ -1,7 +1,10 @@
 use std::fmt;

-use super::{SignedPod, Statement, Value};
-use crate::middleware::OperationType;
+use super::{NativePredicate, Predicate, SignedPod, Statement, Value};
+use crate::{
+    backends::plonky2::primitives::merkletree::MerkleProof,
+    middleware::{self, OperationAux},
+};

 #[derive(Clone, Debug, PartialEq, Eq)]
 pub enum OperationArg {
@ -69,7 +72,120 @@ impl<V: Into<Value>> From<(&str, V)> for OperationArg {
 }

 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct Operation(pub OperationType, pub Vec<OperationArg>);
+pub enum OperationType {
+    Native(NativeOperation),
+    Custom(middleware::CustomPredicateRef),
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub enum NativeOperation {
+    None = 0,
+    NewEntry = 1,
+    CopyStatement = 2,
+    EqualFromEntries = 3,
+    NotEqualFromEntries = 4,
+    GtFromEntries = 5,
+    LtFromEntries = 6,
+    TransitiveEqualFromStatements = 7,
+    GtToNotEqual = 8,
+    LtToNotEqual = 9,
+    SumOf = 13,
+    ProductOf = 14,
+    MaxOf = 15,
+    DictContainsFromEntries = 16,
+    DictNotContainsFromEntries = 17,
+    SetContainsFromEntries = 18,
+    SetNotContainsFromEntries = 19,
+    ArrayContainsFromEntries = 20,
+}
+
+impl TryFrom<OperationType> for middleware::OperationType {
+    type Error = anyhow::Error;
+    fn try_from(fe_ot: OperationType) -> Result<Self, Self::Error> {
+        type FeOT = OperationType;
+        type FeNO = NativeOperation;
+        type MwOT = middleware::OperationType;
+        type MwNO = middleware::NativeOperation;
+        let mw_ot = match fe_ot {
+            FeOT::Native(FeNO::None) => MwOT::Native(MwNO::None),
+            FeOT::Native(FeNO::NewEntry) => MwOT::Native(MwNO::NewEntry),
+            FeOT::Native(FeNO::CopyStatement) => MwOT::Native(MwNO::CopyStatement),
+            FeOT::Native(FeNO::EqualFromEntries) => MwOT::Native(MwNO::EqualFromEntries),
+            FeOT::Native(FeNO::NotEqualFromEntries) => MwOT::Native(MwNO::NotEqualFromEntries),
+            FeOT::Native(FeNO::GtFromEntries) => MwOT::Native(MwNO::GtFromEntries),
+            FeOT::Native(FeNO::LtFromEntries) => MwOT::Native(MwNO::LtFromEntries),
+            FeOT::Native(FeNO::TransitiveEqualFromStatements) => {
+                MwOT::Native(MwNO::TransitiveEqualFromStatements)
+            }
+            FeOT::Native(FeNO::GtToNotEqual) => MwOT::Native(MwNO::GtToNotEqual),
+            FeOT::Native(FeNO::LtToNotEqual) => MwOT::Native(MwNO::LtToNotEqual),
+            FeOT::Native(FeNO::SumOf) => MwOT::Native(MwNO::SumOf),
+            FeOT::Native(FeNO::ProductOf) => MwOT::Native(MwNO::ProductOf),
+            FeOT::Native(FeNO::MaxOf) => MwOT::Native(MwNO::MaxOf),
+            FeOT::Native(FeNO::DictContainsFromEntries) => MwOT::Native(MwNO::ContainsFromEntries),
+            FeOT::Native(FeNO::DictNotContainsFromEntries) => {
+                MwOT::Native(MwNO::NotContainsFromEntries)
+            }
+            FeOT::Native(FeNO::SetContainsFromEntries) => MwOT::Native(MwNO::ContainsFromEntries),
+            FeOT::Native(FeNO::SetNotContainsFromEntries) => {
+                MwOT::Native(MwNO::NotContainsFromEntries)
+            }
+            FeOT::Native(FeNO::ArrayContainsFromEntries) => MwOT::Native(MwNO::ContainsFromEntries),
+            FeOT::Custom(mw_cpr) => MwOT::Custom(mw_cpr),
+        };
+        Ok(mw_ot)
+    }
+}
+
+impl OperationType {
+    /// Gives the type of predicate that the operation will output, if known.
+    /// CopyStatement may output any predicate (it will match the statement copied),
+    /// so output_predicate returns None on CopyStatement.
+    pub fn output_predicate(&self) -> Option<Predicate> {
+        match self {
+            OperationType::Native(native_op) => match native_op {
+                NativeOperation::None => Some(Predicate::Native(NativePredicate::None)),
+                NativeOperation::NewEntry => Some(Predicate::Native(NativePredicate::ValueOf)),
+                NativeOperation::CopyStatement => None,
+                NativeOperation::EqualFromEntries => {
+                    Some(Predicate::Native(NativePredicate::Equal))
+                }
+                NativeOperation::NotEqualFromEntries => {
+                    Some(Predicate::Native(NativePredicate::NotEqual))
+                }
+                NativeOperation::GtFromEntries => Some(Predicate::Native(NativePredicate::Gt)),
+                NativeOperation::LtFromEntries => Some(Predicate::Native(NativePredicate::Lt)),
+                NativeOperation::TransitiveEqualFromStatements => {
+                    Some(Predicate::Native(NativePredicate::Equal))
+                }
+                NativeOperation::GtToNotEqual => Some(Predicate::Native(NativePredicate::NotEqual)),
+                NativeOperation::LtToNotEqual => Some(Predicate::Native(NativePredicate::NotEqual)),
+                NativeOperation::SumOf => Some(Predicate::Native(NativePredicate::SumOf)),
+                NativeOperation::ProductOf => Some(Predicate::Native(NativePredicate::ProductOf)),
+                NativeOperation::MaxOf => Some(Predicate::Native(NativePredicate::MaxOf)),
+                NativeOperation::DictContainsFromEntries => {
+                    Some(Predicate::Native(NativePredicate::DictContains))
+                }
+                NativeOperation::DictNotContainsFromEntries => {
+                    Some(Predicate::Native(NativePredicate::DictNotContains))
+                }
+                NativeOperation::SetContainsFromEntries => {
+                    Some(Predicate::Native(NativePredicate::SetContains))
+                }
+                NativeOperation::SetNotContainsFromEntries => {
+                    Some(Predicate::Native(NativePredicate::SetNotContains))
+                }
+                NativeOperation::ArrayContainsFromEntries => {
+                    Some(Predicate::Native(NativePredicate::ArrayContains))
+                }
+            },
+            OperationType::Custom(cpr) => Some(Predicate::Custom(cpr.clone())),
+        }
+    }
+}
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct Operation(pub OperationType, pub Vec<OperationArg>, pub OperationAux);

 impl fmt::Display for Operation {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/src/frontend/predicate.rs
+++ b/src/frontend/predicate.rs
@ -0,0 +1,39 @@
+use anyhow::{anyhow, Result};
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+use std::fmt;
+
+use super::{AnchoredKey, SignedPod, Value};
+//use crate::middleware::{self, NativePredicate, Predicate};
+use crate::middleware::{self, CustomPredicateRef};
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, Serialize, Deserialize, JsonSchema)]
+pub enum NativePredicate {
+    None = 0,
+    ValueOf = 1,
+    Equal = 2,
+    NotEqual = 3,
+    Gt = 4,
+    Lt = 5,
+    SumOf = 8,
+    ProductOf = 9,
+    MaxOf = 10,
+    DictContains = 11,
+    DictNotContains = 12,
+    SetContains = 13,
+    SetNotContains = 14,
+    ArrayContains = 15, // there is no ArrayNotContains
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
+pub enum Predicate {
+    Native(NativePredicate),
+    BatchSelf(usize),
+    Custom(CustomPredicateRef),
+}
+
+impl From<NativePredicate> for Predicate {
+    fn from(v: NativePredicate) -> Self {
+        Self::Native(v)
+    }
+}
--- a/src/frontend/serialization.rs
+++ b/src/frontend/serialization.rs
@ -151,6 +151,8 @@ pub fn transform_value_schema(schema: &mut Schema) {

 #[cfg(test)]
 mod tests {
+    use anyhow::Result;
+
    use crate::{
        backends::plonky2::mock::{mainpod::MockProver, signedpod::MockSigner},
        examples::{zu_kyc_pod_builder, zu_kyc_sign_pod_builders},
@ -260,11 +262,13 @@ mod tests {
    }

    #[test]
-    fn test_main_pod_serialization() {
+    fn test_main_pod_serialization() -> Result<()> {
        let params = middleware::Params::default();
+        let sanctions_values = vec!["A343434340".into()];
+        let sanction_set = Value::Set(Set::new(sanctions_values)?);

        let (gov_id_builder, pay_stub_builder, sanction_list_builder) =
-            zu_kyc_sign_pod_builders(&params);
+            zu_kyc_sign_pod_builders(&params, &sanction_set);
        let mut signer = MockSigner {
            pk: "ZooGov".into(),
        };
@ -289,9 +293,8 @@ mod tests {

        assert_eq!(kyc_pod.public_statements, deserialized.public_statements);
        assert_eq!(kyc_pod.pod.id(), deserialized.pod.id());
-        assert_eq!(
-            kyc_pod.pod.verify().is_ok(),
-            deserialized.pod.verify().is_ok()
-        );
+        assert_eq!(kyc_pod.pod.verify()?, deserialized.pod.verify()?);
+
+        Ok(())
    }
 }
--- a/src/frontend/statement.rs
+++ b/src/frontend/statement.rs
@ -1,5 +1,5 @@
-use super::{AnchoredKey, SignedPod, Value};
-use crate::middleware::{self, NativePredicate, Predicate};
+use super::{AnchoredKey, NativePredicate, Predicate, SignedPod, Value};
+use crate::middleware;
 use anyhow::{anyhow, Result};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@ -50,9 +50,35 @@ impl From<(&SignedPod, &str)> for Statement {
    }
 }

+#[derive(Debug)]
+pub struct ManualConversionRequired();
+
+impl std::fmt::Display for StatementConversionError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(
+            f,
+            "Statement conversion error: statement conversion must be implemented manually."
+        )
+    }
+}
+
+impl std::error::Error for StatementConversionError {}
+
+#[derive(Debug)]
+pub enum StatementConversionError {
+    MCR(ManualConversionRequired),
+    Error(anyhow::Error),
+}
+
+impl From<anyhow::Error> for StatementConversionError {
+    fn from(value: anyhow::Error) -> Self {
+        Self::Error(value)
+    }
+}
+
 impl TryFrom<Statement> for middleware::Statement {
-    type Error = anyhow::Error;
-    fn try_from(s: Statement) -> Result<Self> {
+    type Error = StatementConversionError;
+    fn try_from(s: Statement) -> Result<Self, StatementConversionError> {
        type MS = middleware::Statement;
        type NP = NativePredicate;
        type SA = StatementArg;
@ -79,12 +105,6 @@ impl TryFrom<Statement> for middleware::Statement {
                (NP::Lt, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), None)) => {
                    MS::Lt(ak1.into(), ak2.into())
                }
-                (NP::Contains, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), None)) => {
-                    MS::Contains(ak1.into(), ak2.into())
-                }
-                (NP::NotContains, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), None)) => {
-                    MS::NotContains(ak1.into(), ak2.into())
-                }
                (NP::SumOf, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), Some(SA::Key(ak3)))) => {
                    MS::SumOf(ak1.into(), ak2.into(), ak3.into())
                }
@ -94,6 +114,19 @@ impl TryFrom<Statement> for middleware::Statement {
                (NP::MaxOf, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), Some(SA::Key(ak3)))) => {
                    MS::MaxOf(ak1.into(), ak2.into(), ak3.into())
                }
+                (
+                    NP::DictContains,
+                    (Some(SA::Key(ak1)), Some(SA::Key(ak2)), Some(SA::Key(ak3))),
+                ) => MS::Contains(ak1.into(), ak2.into(), ak3.into()),
+                (NP::DictNotContains, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), None)) => {
+                    MS::NotContains(ak1.into(), ak2.into())
+                }
+                (NP::SetContains, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), None)) => {
+                    return Err(StatementConversionError::MCR(ManualConversionRequired()));
+                }
+                (NP::SetNotContains, (Some(SA::Key(ak1)), Some(SA::Key(ak2)), None)) => {
+                    MS::NotContains(ak1.into(), ak2.into())
+                }
                _ => Err(anyhow!("Ill-formed statement: {}", s))?,
            },
            Predicate::Custom(cpr) => MS::Custom(