Documentation ¶
Index ¶
- func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error
- func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error
- func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error
- type Proof
- type ProvingKey
- func (pk *ProvingKey) CurveID() ecc.ID
- func (pk *ProvingKey) IsDifferent(_other interface{}) bool
- func (pk *ProvingKey) NbG1() int
- func (pk *ProvingKey) NbG2() int
- func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
- func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)
- func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)
- func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)
- type VerifyingKey
- func (vk *VerifyingKey) CurveID() ecc.ID
- func (vk *VerifyingKey) ExportSolidity(w io.Writer) error
- func (vk *VerifyingKey) IsDifferent(_other interface{}) bool
- func (vk *VerifyingKey) NbG1() int
- func (vk *VerifyingKey) NbG2() int
- func (vk *VerifyingKey) NbPublicWitness() int
- func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)
- func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)
- func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)
- func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DummySetup ¶
func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error
DummySetup fills a random ProvingKey used for test or benchmarking purposes
func Setup ¶
func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error
Setup constructs the SRS
Types ¶
type Proof ¶
type Proof struct {
Ar, Krs curve.G1Affine
Bs curve.G2Affine
Commitment, CommitmentPok curve.G1Affine
}
Proof represents a Groth16 proof that was encoded with a ProvingKey and can be verified with a valid statement and a VerifyingKey Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func Prove ¶
func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness fr.Vector, opt backend.ProverConfig) (*Proof, error)
Prove generates the proof of knowledge of a r1cs with full witness (secret + public part).
func (*Proof) ReadFrom ¶
ReadFrom attempts to decode a Proof from reader Proof must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed)
func (*Proof) WriteRawTo ¶
WriteRawTo writes binary encoding of the Proof elements to writer points are stored in uncompressed form Ar | Krs | Bs use WriteTo(...) to encode the proof with point compression
type ProvingKey ¶
type ProvingKey struct { // domain Domain fft.Domain // [α]1, [β]1, [δ]1 // [A(t)]1, [B(t)]1, [Kpk(t)]1, [Z(t)]1 G1 struct { Alpha, Beta, Delta curve.G1Affine A, B, Z []curve.G1Affine K []curve.G1Affine // the indexes correspond to the private wires } // [β]2, [δ]2, [B(t)]2 G2 struct { Beta, Delta curve.G2Affine B []curve.G2Affine } // if InfinityA[i] == true, the point G1.A[i] == infinity InfinityA, InfinityB []bool NbInfinityA, NbInfinityB uint64 CommitmentKey pedersen.Key }
ProvingKey is used by a Groth16 prover to encode a proof of a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func (*ProvingKey) IsDifferent ¶
func (pk *ProvingKey) IsDifferent(_other interface{}) bool
IsDifferent returns true if provided pk is different than self this is used by groth16.Assert to ensure random sampling
func (*ProvingKey) NbG1 ¶
func (pk *ProvingKey) NbG1() int
NbG1 returns the number of G1 elements in the ProvingKey
func (*ProvingKey) NbG2 ¶
func (pk *ProvingKey) NbG2() int
NbG2 returns the number of G2 elements in the ProvingKey
func (*ProvingKey) ReadFrom ¶
func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom attempts to decode a ProvingKey from reader ProvingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) note that we don't check that the points are on the curve or in the correct subgroup at this point
func (*ProvingKey) UnsafeReadFrom ¶
func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)
UnsafeReadFrom behaves like ReadFrom excepts it doesn't check if the decoded points are on the curve or in the correct subgroup
func (*ProvingKey) WriteRawTo ¶
func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)
WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression
type VerifyingKey ¶
type VerifyingKey struct { // [α]1, [Kvk]1 G1 struct { Alpha curve.G1Affine Beta, Delta curve.G1Affine // unused, here for compatibility purposes K []curve.G1Affine // The indexes correspond to the public wires } // [β]2, [δ]2, [γ]2, // -[δ]2, -[γ]2: see proof.Verify() for more details G2 struct { Beta, Delta, Gamma curve.G2Affine // contains filtered or unexported fields } CommitmentKey pedersen.Key CommitmentInfo constraint.Commitment // since the verifier doesn't input a constraint system, this needs to be provided here // contains filtered or unexported fields }
VerifyingKey is used by a Groth16 verifier to verify the validity of a proof and a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func (*VerifyingKey) ExportSolidity ¶
func (vk *VerifyingKey) ExportSolidity(w io.Writer) error
ExportSolidity writes a solidity Verifier contract on provided writer while this uses an audited template https://github.com/appliedzkp/semaphore/blob/master/contracts/sol/verifier.sol audit report https://github.com/appliedzkp/semaphore/blob/master/audit/Audit%20Report%20Summary%20for%20Semaphore%20and%20MicroMix.pdf this is an experimental feature and gnark solidity generator as not been thoroughly tested.
See https://github.com/ConsenSys/gnark-tests for example usage.
func (*VerifyingKey) IsDifferent ¶
func (vk *VerifyingKey) IsDifferent(_other interface{}) bool
IsDifferent returns true if provided vk is different than self this is used by groth16.Assert to ensure random sampling
func (*VerifyingKey) NbG1 ¶
func (vk *VerifyingKey) NbG1() int
NbG1 returns the number of G1 elements in the VerifyingKey
func (*VerifyingKey) NbG2 ¶
func (vk *VerifyingKey) NbG2() int
NbG2 returns the number of G2 elements in the VerifyingKey
func (*VerifyingKey) NbPublicWitness ¶
func (vk *VerifyingKey) NbPublicWitness() int
NbPublicWitness returns the number of elements in the expected public witness
func (*VerifyingKey) ReadFrom ¶
func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom attempts to decode a VerifyingKey from reader VerifyingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) serialization format: https://github.com/zkcrypto/bellman/blob/fa9be45588227a8c6ec34957de3f68705f07bd92/src/groth16/mod.rs#L143 [α]1,[β]1,[β]2,[γ]2,[δ]1,[δ]2,uint32(len(Kvk)),[Kvk]1
func (*VerifyingKey) UnsafeReadFrom ¶
func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)
UnsafeReadFrom has the same behavior as ReadFrom, except that it will not check that decode points are on the curve and in the correct subgroup.
func (*VerifyingKey) WriteRawTo ¶
func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)
WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression