gnark

package module
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 6, 2024 License: Apache-2.0 Imports: 2 Imported by: 13

README

gnark zk-SNARK library

Twitter URL License Go Report Card PkgGoDev Documentation Status DOI

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open source and developed under the Apache 2.0 license.

gnark uses gnark-crypto for the finite-field arithmetic and out-circuit implementation of cryptographic algorithms.

gnark powers Linea zk-rollup. Include your project in the known users section by opening a PR.

gnark Users

To get started with gnark and write your first circuit, follow these instructions.

Checkout the online playground to compile circuits and visualize constraint systems.

Security

gnark and gnark-crypto have been extensively audited, but are provided as-is, we make no guarantees or warranties to its safety and reliability. In particular, gnark makes no security guarantees such as constant time implementation or side-channel attack resistance.

To report a security bug, please refer to gnark Security Policy.

Refer to known security advisories for a list of known security issues.

Testing

gnark employs the following testing procedures:

  • unit testing - we test the primitives in unit tests
  • circuit testing - we test the circuit implementation against several targets:
    • test engine - instead of running the full prover and verifier stack, we run the computations only to ensure the completeness of the circuits
    • proof engines - we compile the circuits, run the setup, prove and verify using native implementation
    • Solidity verifier - in addition to the previous, we verify the proofs in Solidity verifier. See gnark-solidity-checker
  • regression testing - we have implemented tests for reported issues to avoid regressions
  • constraint count testing - we have implemented circuit size tests to avoid regressions
  • serialization testing - we check that serialization round-trip is complete
  • side-effect testing - we check that circuit compilation is deterministic
  • fuzz testing:
    • circuit input fuzzing - we provide random inputs to the circuit to cause solver error
    • native input fuzzing - we provide random inputs to various native methods to cause errors. We have also stored initial fuzzing corpus for regression tests.
    • circuit definition fuzzing - we cooperate with Consensys Diligence to fuzz the circuit definitions to find bugs in the gnark circuit compiler.

The tests are automatically run during every PR and merge commit. We run full test suite only for the Linux on amd64 target, but run short tests both for Windows target (amd64) and macOS target (arm64).

Performance

gnark and gnark-crypto packages are optimized for 64bits architectures (x86 amd64) using assembly operations. We have generic implementation of the same arithmetic algorithms for ARM backends (arm64). We do not implement vector operations.

Backwards compatibility

gnark tries to be backwards compatible when possible, however we do not guarantee that serialized object formats are static over different versions of gnark. Particularly - we do not have versioning implemented in the serialized formats, so using files between different versions of gnark may lead to undefined behaviour or even crash the program.

Issues

gnark issues are tracked in the GitHub issues tab.

To report a security bug, please refer to gnark Security Policy.

If you have any questions, queries or comments, GitHub discussions is the place to find us.

You can also get in touch directly: gnark@consensys.net

Release Notes

Release Notes

Audits

Proving schemes and curves

Refer to Proving schemes and curves for more details.

gnark support the following zk-SNARKs:

which can be instantiated with the following curves

  • BN254
  • BLS12-381
  • BLS12-377
  • BW6-761
  • BLS24-315
  • BW6-633
  • BLS24-317
Example

Refer to the gnark User Documentation

Here is what x**3 + x + 5 = y looks like

package main

import (
	"github.com/consensys/gnark-crypto/ecc"
	"github.com/consensys/gnark/backend/groth16"
	"github.com/consensys/gnark/frontend"
	"github.com/consensys/gnark/frontend/cs/r1cs"
)

// CubicCircuit defines a simple circuit
// x**3 + x + 5 == y
type CubicCircuit struct {
	// struct tags on a variable is optional
	// default uses variable name and secret visibility.
	X frontend.Variable `gnark:"x"`
	Y frontend.Variable `gnark:",public"`
}

// Define declares the circuit constraints
// x**3 + x + 5 == y
func (circuit *CubicCircuit) Define(api frontend.API) error {
	x3 := api.Mul(circuit.X, circuit.X, circuit.X)
	api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5))
	return nil
}

func main() {
	// compiles our circuit into a R1CS
	var circuit CubicCircuit
	ccs, _ := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)

	// groth16 zkSNARK: Setup
	pk, vk, _ := groth16.Setup(ccs)

	// witness definition
	assignment := CubicCircuit{X: 3, Y: 35}
	witness, _ := frontend.NewWitness(&assignment, ecc.BN254.ScalarField())
	publicWitness, _ := witness.Public()

	// groth16: Prove & Verify
	proof, _ := groth16.Prove(ccs, pk, witness)
	groth16.Verify(proof, vk, publicWitness)
}

GPU Support
Icicle Library

The following schemes and curves support experimental use of Ingonyama's Icicle GPU library for low level zk-SNARK primitives such as MSM, NTT, and polynomial operations:

instantiated with the following curve(s)

  • BN254

To use GPUs, add the icicle buildtag to your build/run commands, e.g. go run -tags=icicle main.go.

You can then toggle on or off icicle acceleration by providing the WithIcicleAcceleration backend ProverOption:

    // toggle on
    proofIci, err := groth16.Prove(ccs, pk, secretWitness, backend.WithIcicleAcceleration())
    
    // toggle off
    proof, err := groth16.Prove(ccs, pk, secretWitness)

For more information about prerequisites see the Icicle repo.

Citing

If you use gnark in your research a citation would be appreciated. Please use the following BibTeX to cite the most recent release.

@software{gnark-v0.11.0,
  author       = {Gautam Botrel and
                  Thomas Piellard and
                  Youssef El Housni and
                  Ivo Kubjas and
                  Arya Tabaie},
  title        = {ConsenSys/gnark: v0.11.0},
  month        = sep,
  year         = 2024,
  publisher    = {Zenodo},
  version      = {v0.11.0},
  doi          = {10.5281/zenodo.5819104},
  url          = {https://doi.org/10.5281/zenodo.5819104}
}

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

License

This project is licensed under the Apache 2 License - see the LICENSE file for details

Documentation

Overview

Package gnark provides fast Zero Knowledge Proofs (ZKP) systems and a high level APIs to design ZKP circuits.

gnark supports the following ZKP schemes:

  • Groth16
  • PLONK

gnark supports the following curves:

  • BN254
  • BLS12_377
  • BLS12_381
  • BW6_761
  • BLS24_315
  • BW6_633
  • BLS24_317

User documentation https://docs.gnark.consensys.net

Index

Constants

This section is empty.

Variables

View Source
var Version = semver.MustParse("0.11.0")

Functions

func Curves

func Curves() []ecc.ID

Curves return the curves supported by gnark

Types

This section is empty.

Directories

Path Synopsis
Package backend implements Zero Knowledge Proof systems: it consumes circuit compiled with gnark/frontend.
Package backend implements Zero Knowledge Proof systems: it consumes circuit compiled with gnark/frontend.
groth16
Package groth16 implements Groth16 Zero Knowledge Proof system (aka zkSNARK).
Package groth16 implements Groth16 Zero Knowledge Proof system (aka zkSNARK).
groth16/bn254/icicle
Package icicle_bn254 implements ICICLE acceleration for BN254 Groth16 backend.
Package icicle_bn254 implements ICICLE acceleration for BN254 Groth16 backend.
plonk
Package plonk implements PLONK Zero Knowledge Proof system.
Package plonk implements PLONK Zero Knowledge Proof system.
witness
Package witness provides serialization helpers to encode a witness into a []byte.
Package witness provides serialization helpers to encode a witness into a []byte.
Package constraint provides constructs needed to build and use a constraint system.
Package constraint provides constructs needed to build and use a constraint system.
examples
cs
schema/internal/reflectwalk
reflectwalk is a package that allows you to "walk" complex structures similar to how you may "walk" a filesystem: visiting every element one by one and calling callback functions allowing you to handle and manipulate those elements.
reflectwalk is a package that allows you to "walk" complex structures similar to how you may "walk" a filesystem: visiting every element one by one and calling callback functions allowing you to handle and manipulate those elements.
internal
backend/circuits
Package circuits contains test circuits
Package circuits contains test circuits
frontendtype
Package frontendtype allows to assert frontend type.
Package frontendtype allows to assert frontend type.
kvstore
Package kvstore implements simple key-value store
Package kvstore implements simple key-value store
regression_tests
Package regressiontests includes tests to avoid re-introducing regressions.
Package regressiontests includes tests to avoid re-introducing regressions.
tinyfield
Package tinyfield contains field arithmetic operations for modulus = 0x2f.
Package tinyfield contains field arithmetic operations for modulus = 0x2f.
Package io offers serialization interfaces for gnark objects.
Package io offers serialization interfaces for gnark objects.
Package logger provides a configurable logger across gnark components
Package logger provides a configurable logger across gnark components
Package profile provides a simple way to generate pprof compatible gnark circuit profile.
Package profile provides a simple way to generate pprof compatible gnark circuit profile.
internal/graph
Package graph collects a set of samples into a directed graph.
Package graph collects a set of samples into a directed graph.
internal/measurement
Package measurement export utility functions to manipulate/format performance profile sample values.
Package measurement export utility functions to manipulate/format performance profile sample values.
internal/report
Package report summarizes a performance profile into a human-readable report.
Package report summarizes a performance profile into a human-readable report.
std
Package std provides components or functions to help design gnark circuits.
Package std provides components or functions to help design gnark circuits.
accumulator/merkle
Package merkle provides a ZKP-circuit function to verify merkle proofs.
Package merkle provides a ZKP-circuit function to verify merkle proofs.
algebra
Package algebra implements:
Package algebra implements:
algebra/algopts
Package algopts provides shareable options for modifying algebraic operations.
Package algopts provides shareable options for modifying algebraic operations.
algebra/emulated/fields_bls12381
Package fields_bls12381 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-381 curve.
Package fields_bls12381 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-381 curve.
algebra/emulated/fields_bn254
Package fields_bn254 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BN254 curve.
Package fields_bn254 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BN254 curve.
algebra/emulated/fields_bw6761
Package fields_bw6761 implements the fields arithmetic of the Fp6 tower used to compute the pairing over the BW6-761 curve.
Package fields_bw6761 implements the fields arithmetic of the Fp6 tower used to compute the pairing over the BW6-761 curve.
algebra/emulated/sw_bls12381
Package sw_bls12381 implements G1 and G2 arithmetics and pairing computation over BLS12-381 curve.
Package sw_bls12381 implements G1 and G2 arithmetics and pairing computation over BLS12-381 curve.
algebra/emulated/sw_bn254
Package sw_bn254 implements G1 and G2 arithmetics and pairing computation over BN254 curve.
Package sw_bn254 implements G1 and G2 arithmetics and pairing computation over BN254 curve.
algebra/emulated/sw_bw6761
Package sw_bw6761 implements G1 and G2 arithmetics and pairing computation over BW6-761 curve.
Package sw_bw6761 implements G1 and G2 arithmetics and pairing computation over BW6-761 curve.
algebra/emulated/sw_emulated
Package sw_emulated implements elliptic curve group operations in (short) Weierstrass form.
Package sw_emulated implements elliptic curve group operations in (short) Weierstrass form.
algebra/native/fields_bls12377
Package fields_bls12377 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-377 curve.
Package fields_bls12377 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-377 curve.
algebra/native/fields_bls24315
Package fields_bls24315 implements the fields arithmetic of the Fp24 tower used to compute the pairing over the BLS24-315 curve.
Package fields_bls24315 implements the fields arithmetic of the Fp24 tower used to compute the pairing over the BLS24-315 curve.
algebra/native/sw_bls12377
Package sw_bls12377 implements the arithmetics of G1, G2 and the pairing computation on BLS12-377 as a SNARK circuit over BW6-761.
Package sw_bls12377 implements the arithmetics of G1, G2 and the pairing computation on BLS12-377 as a SNARK circuit over BW6-761.
algebra/native/sw_bls24315
Package sw_bls24315 implements the arithmetics of G1, G2 and the pairing computation on BLS24-315 as a SNARK circuit over BW6-633.
Package sw_bls24315 implements the arithmetics of G1, G2 and the pairing computation on BLS24-315 as a SNARK circuit over BW6-633.
algebra/native/twistededwards
Package twistededwards implements the arithmetic of twisted Edwards curves in native fields.
Package twistededwards implements the arithmetic of twisted Edwards curves in native fields.
commitments/kzg
Package kzg implements KZG polynomial commitment verification.
Package kzg implements KZG polynomial commitment verification.
commitments/pedersen
Package pedersen implements the Pedersen vector commitment scheme verifier.
Package pedersen implements the Pedersen vector commitment scheme verifier.
evmprecompiles
Package evmprecompiles implements the Ethereum VM precompile contracts.
Package evmprecompiles implements the Ethereum VM precompile contracts.
gkr
hash
Package hash provides an interface that hash functions (as gadget) should implement.
Package hash provides an interface that hash functions (as gadget) should implement.
hash/mimc
Package mimc provides a ZKP-circuit function to compute a MiMC hash.
Package mimc provides a ZKP-circuit function to compute a MiMC hash.
hash/sha2
Package sha2 implements SHA2 hash computation.
Package sha2 implements SHA2 hash computation.
hash/sha3
Package sha3 provides ZKP circuits for SHA3 hash algorithms applying sponge construction over Keccak f-[1600] permutation function.
Package sha3 provides ZKP circuits for SHA3 hash algorithms applying sponge construction over Keccak f-[1600] permutation function.
internal/logderivarg
Package logderivarg implements log-derivative argument.
Package logderivarg implements log-derivative argument.
internal/logderivprecomp
Package logderivprecomp allows computing functions using precomputation.
Package logderivprecomp allows computing functions using precomputation.
lookup/logderivlookup
Package logderiv implements append-only lookups using log-derivative argument.
Package logderiv implements append-only lookups using log-derivative argument.
math/bitslice
Package bitslice allows partitioning variables.
Package bitslice allows partitioning variables.
math/cmp
Package cmp provides methods and functions for comparing two numbers.
Package cmp provides methods and functions for comparing two numbers.
math/emulated
Package emulated implements operations over any modulus.
Package emulated implements operations over any modulus.
math/emulated/emparams
Package emparams contains emulation parameters for well known fields.
Package emparams contains emulation parameters for well known fields.
math/polynomial
Package polynomial provides field-agnostic polynomials.
Package polynomial provides field-agnostic polynomials.
math/uints
Package uints implements optimised byte and long integer operations.
Package uints implements optimised byte and long integer operations.
multicommit
Package multicommit implements commitment expansion.
Package multicommit implements commitment expansion.
permutation/keccakf
Package keccakf implements the KeccakF-1600 permutation function.
Package keccakf implements the KeccakF-1600 permutation function.
rangecheck
Package rangecheck implements range checking gadget
Package rangecheck implements range checking gadget
recursion
Package recursion provides in-circuit verifiers for different proofs systems.
Package recursion provides in-circuit verifiers for different proofs systems.
recursion/groth16
Package groth16 provides in-circuit Groth16 verifier.
Package groth16 provides in-circuit Groth16 verifier.
recursion/plonk
Package plonk implements in-circuit PLONK verifier.
Package plonk implements in-circuit PLONK verifier.
recursion/sumcheck
Package sumcheck implements non-native sumcheck verifier.
Package sumcheck implements non-native sumcheck verifier.
selector
Package selector provides a lookup table and map, based on linear scan.
Package selector provides a lookup table and map, based on linear scan.
signature/ecdsa
Package ecdsa implements ECDSA signature verification over any elliptic curve.
Package ecdsa implements ECDSA signature verification over any elliptic curve.
signature/eddsa
Package eddsa implements EdDSA signature verification over twisted Edwards elliptic curves available in gnark and gnark-crypto.
Package eddsa implements EdDSA signature verification over twisted Edwards elliptic curves available in gnark and gnark-crypto.
Package test provides components or functions to help test and fuzz gnark circuits.
Package test provides components or functions to help test and fuzz gnark circuits.
unsafekzg
Package unsafekzg is a convenience package (to be use for test purposes only) to generate and cache SRS for the kzg scheme (and indirectly for PlonK setup).
Package unsafekzg is a convenience package (to be use for test purposes only) to generate and cache SRS for the kzg scheme (and indirectly for PlonK setup).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL