Documentation
¶
Index ¶
- Constants
- func GenPublicWitness(publicInfo *PublicInfo) *witness.Witness
- func LoadVerifyingKey(filepath string) (verifyingKey groth16.VerifyingKey, err error)
- func Prove(input *UpdateSet32) (*groth16.Proof, error)
- func SetupTranscript(setup *accumulator.Setup, accOld, accMid, accNew *big.Int, ...) *fiatshamir.Transcript
- func SetupZkMultiswap(size uint32)
- func TestMultiSwap(testSetSize uint32)
- func TestMultiSwapAndOutputSmartContract(testSetSize uint32)
- func TestMultiSwapAndOutputSmartContract2(testSetSize uint32) error
- func Verify(proof *groth16.Proof, setsize uint32, publicInfo *PublicInfo) bool
- func VerifyPublicWitness(publicWitness *witness.Witness, publicInfo *PublicInfo) bool
- type Circuit
- func AssignCircuit(input *UpdateSet32) *Circuit
- func AssignCircuitHelper(input *PublicInfo) *Circuit
- func AssignCircuitRSA(input *UpdateSet32) *Circuit
- func AssignCircuitRSAHelper(input *PublicInfo) *Circuit
- func InitCircuitRSAWithSize(size uint32) *Circuit
- func InitCircuitWithSize(size uint32) *Circuit
- type CircuitExp
- type CircuitRSAInside
- type PublicInfo
- type UpdateSet32
Constants ¶
const ( // BitLength is the bit length of the user ID, balnace and epoch number. It can be 32, 64 or any valid number within the field BitLength = 32 // CurrentEpochNum is used for *test purpose* only. It should be larger than the test set size and all OriginalUpdEpoch CurrentEpochNum = 1000000 // OriginalSum is used for *test purpose* only. It should be larger than 0 and the updated balance should also be positive OriginalSum = 10000 // KeyPathPrefix denotes the path to store the circuit and keys. fileName = KeyPathPrefix + "_" + strconv.FormatInt(int64(size), 10) + different names KeyPathPrefix = "zkmultiswap" )
Variables ¶
This section is empty.
Functions ¶
func GenPublicWitness ¶
func GenPublicWitness(publicInfo *PublicInfo) *witness.Witness
GenPublicWitness generates the publicWitness based on publicInfo
func LoadVerifyingKey ¶
func LoadVerifyingKey(filepath string) (verifyingKey groth16.VerifyingKey, err error)
LoadVerifyingKey load the verification key from the filepath
func Prove ¶
func Prove(input *UpdateSet32) (*groth16.Proof, error)
Prove is used to generate a Groth16 proof and public witness for the zkMultiSwap
func SetupTranscript ¶
func SetupTranscript(setup *accumulator.Setup, accOld, accMid, accNew *big.Int, CurrentEpochNum uint32) *fiatshamir.Transcript
SetupTranscript should takes in all public information regarding the MultiSwap
func SetupZkMultiswap ¶
func SetupZkMultiswap(size uint32)
SetupZkMultiswap generates the circuit and public/verification keys with Groth16 "keyPathPrefix".pk* are for public keys, "keyPathPrefix".ccs* are for r1cs, "keyPathPrefix".vk,save is for verification keys
func TestMultiSwap ¶
func TestMultiSwap(testSetSize uint32)
TestMultiSwap is temporarily used for test purpose
func TestMultiSwapAndOutputSmartContract ¶
func TestMultiSwapAndOutputSmartContract(testSetSize uint32)
TestMultiSwapAndOutputSmartContract outputs a Solidity smart contract to verify the SNARK
func TestMultiSwapAndOutputSmartContract2 ¶
TestMultiSwapAndOutputSmartContract2 outputs a Solidity smart contract and test proofs
func Verify ¶
func Verify(proof *groth16.Proof, setsize uint32, publicInfo *PublicInfo) bool
Verify is used to check a Groth16 proof and public witness for the zkMultiSwap
func VerifyPublicWitness ¶
func VerifyPublicWitness(publicWitness *witness.Witness, publicInfo *PublicInfo) bool
VerifyPublicWitness returns true is the public witness is valid for zkMultiSwap
Types ¶
type Circuit ¶
type Circuit struct {
// struct tag on a variable is optional
// default uses variable name and secret visibility.
ChallengeL1 frontend.Variable `gnark:",public"` // a prime challenge number L1
ChallengeL2 frontend.Variable `gnark:",public"` // a prime challenge number L2
RemainderR1 frontend.Variable `gnark:",public"` // a remainder R1
RemainderR2 frontend.Variable `gnark:",public"` // a remainder R2
CurrentEpochNum frontend.Variable `gnark:",public"` // current epoch number
// Delta (2^1024) should be able to fixed as public parameters, however, gnark still cannot support big Int for now
// we use the following two public input to replace the Delta
// This because Delta + Hash(x) mod L = (Delta mod L + Hash(x) mod L) mod L
DeltaModL1 frontend.Variable `gnark:",public"` // 2^1024 mod L1
DeltaModL2 frontend.Variable `gnark:",public"` // 2^1024 mod L2
//------------------------------private witness below--------------------------------------
Randomizer1 frontend.Variable // Used to randomize the removed set
Randomizer2 frontend.Variable // Used to randomize the inserted set
OriginalSum frontend.Variable // original sum of balances for all users
UpdatedSum frontend.Variable // updated sum of balances for all users
UserID []frontend.Variable // list of user IDs to be updated
OriginalBalances []frontend.Variable // list of user balances before update
OriginalHashes []frontend.Variable // list of user hasher before update
OriginalUpdEpoch []frontend.Variable // list of user updated epoch number before update
UpdatedBalances []frontend.Variable // list of user balances after update
}
Circuit is the Zk-MultiSwap circuit for gnark. gnark is a zk-SNARK library written in Go. Circuits are regular structs. The inputs must be of type frontend.Variable and make up the witness.
func AssignCircuit ¶
func AssignCircuit(input *UpdateSet32) *Circuit
AssignCircuit assign a circuit with UpdateSet32 values.
func AssignCircuitHelper ¶
func AssignCircuitHelper(input *PublicInfo) *Circuit
AssignCircuitHelper assign a circuit with PublicInfo values.
func AssignCircuitRSA ¶
func AssignCircuitRSA(input *UpdateSet32) *Circuit
AssignCircuitRSA assign a circuit with UpdateSet32 values.
func AssignCircuitRSAHelper ¶
func AssignCircuitRSAHelper(input *PublicInfo) *Circuit
AssignCircuitRSAHelper assign a circuit with PublicInfo values.
func InitCircuitRSAWithSize ¶
InitCircuitRSAWithSize init a circuit with challenges, OriginalHashes and CurrentEpochNum value 1, all other values 0. Use for test purpose only.
func InitCircuitWithSize ¶
InitCircuitWithSize init a circuit with challenges, OriginalHashes and CurrentEpochNum value 1, all other values 0. Use for test purpose only.
type CircuitExp ¶
type CircuitExp struct {
// tagging a variable is optional
// default uses variable name and secret visibility.
X frontend.Variable `gnark:",public"`
Y frontend.Variable `gnark:",public"`
N frontend.Variable `gnark:",public"`
E frontend.Variable
}
CircuitExp y == x**e mod N only the bitSize least significant bits of e are used
type CircuitRSAInside ¶
type CircuitRSAInside struct {
// struct tag on a variable is optional
// default uses variable name and secret visibility.
ChallengeL1 frontend.Variable `gnark:",public"` // a prime challenge number L1
ChallengeL2 frontend.Variable `gnark:",public"` // a prime challenge number L2
RemainderR1 frontend.Variable `gnark:",public"` // a remainder R1
RemainderR2 frontend.Variable `gnark:",public"` // a remainder R2
CurrentEpochNum frontend.Variable `gnark:",public"` // current epoch number
// Delta (2^1024) should be able to fixed as public parameters, however, gnark still cannot support big Int for now
// we use the following two public input to replace the Delta
// This because Delta + Hash(x) mod L = (Delta mod L + Hash(x) mod L) mod L
DeltaModL1 frontend.Variable `gnark:",public"` // 2^1024 mod L1
DeltaModL2 frontend.Variable `gnark:",public"` // 2^1024 mod L2
Acc0 frontend.Variable `gnark:",public"` // the accumulator before update
AccMid frontend.Variable `gnark:",public"` // the intermediate accumulator
Acc1 frontend.Variable `gnark:",public"` // the accumulator after update
N frontend.Variable `gnark:",public"` // the RSA modulus for the hidden order group
//------------------------------private witness below--------------------------------------
Randomizer1 frontend.Variable // Used to randomize the removed set
Randomizer2 frontend.Variable // Used to randomize the inserted set
OriginalSum frontend.Variable // original sum of balances for all users
UpdatedSum frontend.Variable // updated sum of balances for all users
UserID []frontend.Variable // list of user IDs to be updated
OriginalBalances []frontend.Variable // list of user balances before update
OriginalHashes []frontend.Variable // list of user hasher before update
OriginalUpdEpoch []frontend.Variable // list of user updated epoch number before update
UpdatedBalances []frontend.Variable // list of user balances after update
Q1 frontend.Variable // PoKE proof for AccMid to Acc0, Q1^(ChallengeL1)AccMid^(RemainderR1)=Acc0
Q2 frontend.Variable // PoKE proof for AccMid to Acc1, Q2^(ChallengeL2)AccMid^(RemainderR2)=Acc1
}
CircuitRSAInside is the Zk-MultiSwap circuit for gnark. gnark is a zk-SNARK library written in Go. Circuits are regular structs. The inputs must be of type frontend.Variable and make up the witness. The difference between CircuitRSAInside and Circuit is that: CircuitRSAInside checks two PoKE protocol inside SNARK
type PublicInfo ¶
type PublicInfo struct {
ChallengeL1 big.Int
ChallengeL2 big.Int
RemainderR1 big.Int
RemainderR2 big.Int
CurrentEpochNum uint32
DeltaModL1 big.Int
DeltaModL2 big.Int
}
PublicInfo is the public information part of UpdateSet32
type UpdateSet32 ¶
type UpdateSet32 struct {
ChallengeL1 big.Int
ChallengeL2 big.Int
RemainderR1 big.Int
RemainderR2 big.Int
CurrentEpochNum uint32
DeltaModL1 big.Int
DeltaModL2 big.Int
Randomizer1 big.Int
Randomizer2 big.Int
OriginalSum uint32
UpdatedSum uint32
UserID []uint32
OriginalBalances []uint32
OriginalHashes []big.Int
OriginalUpdEpoch []uint32
UpdatedBalances []uint32
}
UpdateSet32 is one set for the prover with uint32 for CurrentEpochNum,
func GenTestSet ¶
func GenTestSet(setsize uint32, setup *accumulator.Setup) *UpdateSet32
GenTestSet generates a set of values for test purpose.
func (*UpdateSet32) IsValid ¶
func (input *UpdateSet32) IsValid() bool
IsValid returns true only if the input is valid for multiSwap
func (*UpdateSet32) PublicPart ¶
func (input *UpdateSet32) PublicPart() *PublicInfo
PublicPart returns a new UpdateSet32 with same public part and hidden part 0
Source Files
Directories