Documentation ¶
Index ¶
- func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error
- func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error
- func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector, ...) error
- type Proof
- type ProvingKey
- func (pk *ProvingKey) CurveID() ecc.ID
- func (pk *ProvingKey) IsDifferent(_other interface{}) bool
- func (pk *ProvingKey) NbG1() int
- func (pk *ProvingKey) NbG2() int
- func (pk *ProvingKey) ReadDump(r io.Reader) error
- func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
- func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)
- func (pk *ProvingKey) WriteDump(w io.Writer) error
- func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)
- func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)
- type VerifyingKey
- func (vk *VerifyingKey) CurveID() ecc.ID
- func (vk *VerifyingKey) ExportSolidity(w io.Writer, exportOpts ...solidity.ExportOption) error
- func (vk *VerifyingKey) IsDifferent(_other interface{}) bool
- func (vk *VerifyingKey) NbG1() int
- func (vk *VerifyingKey) NbG2() int
- func (vk *VerifyingKey) NbPublicWitness() int
- func (vk *VerifyingKey) Precompute() error
- func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)
- func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)
- func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)
- func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DummySetup ¶
func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error
DummySetup fills a random ProvingKey used for test or benchmarking purposes
func Setup ¶
func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error
Setup constructs the SRS
func Verify ¶
func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector, opts ...backend.VerifierOption) error
Verify verifies a proof with given VerifyingKey and publicWitness
Types ¶
type Proof ¶
type Proof struct {
Ar, Krs curve.G1Affine
Bs curve.G2Affine
Commitments []curve.G1Affine // Pedersen commitments a la https://eprint.iacr.org/2022/1072
CommitmentPok curve.G1Affine // Batched proof of knowledge of the above commitments
}
Proof represents a Groth16 proof that was encoded with a ProvingKey and can be verified with a valid statement and a VerifyingKey Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func Prove ¶
func Prove(r1cs *cs.R1CS, pk *ProvingKey, fullWitness witness.Witness, opts ...backend.ProverOption) (*Proof, error)
Prove generates the proof of knowledge of a r1cs with full witness (secret + public part).
func (*Proof) ReadFrom ¶
ReadFrom attempts to decode a Proof from reader Proof must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed)
func (*Proof) WriteRawTo ¶
WriteRawTo writes binary encoding of the Proof elements to writer points are stored in uncompressed form Ar | Krs | Bs use WriteTo(...) to encode the proof with point compression
type ProvingKey ¶
type ProvingKey struct { // domain Domain fft.Domain // [α]₁, [β]₁, [δ]₁ // [A(t)]₁, [B(t)]₁, [Kpk(t)]₁, [Z(t)]₁ G1 struct { Alpha, Beta, Delta curve.G1Affine A, B, Z []curve.G1Affine K []curve.G1Affine // the indexes correspond to the private wires } // [β]₂, [δ]₂, [B(t)]₂ G2 struct { Beta, Delta curve.G2Affine B []curve.G2Affine } // if InfinityA[i] == true, the point G1.A[i] == infinity InfinityA, InfinityB []bool NbInfinityA, NbInfinityB uint64 CommitmentKeys []pedersen.ProvingKey }
ProvingKey is used by a Groth16 prover to encode a proof of a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func (*ProvingKey) IsDifferent ¶
func (pk *ProvingKey) IsDifferent(_other interface{}) bool
IsDifferent returns true if provided pk is different than self this is used by groth16.Assert to ensure random sampling
func (*ProvingKey) NbG1 ¶
func (pk *ProvingKey) NbG1() int
NbG1 returns the number of G1 elements in the ProvingKey
func (*ProvingKey) NbG2 ¶
func (pk *ProvingKey) NbG2() int
NbG2 returns the number of G2 elements in the ProvingKey
func (*ProvingKey) ReadDump ¶ added in v0.11.0
func (pk *ProvingKey) ReadDump(r io.Reader) error
ReadDump reads a ProvingKey from a dump written by WriteDump. This is platform dependent and very unsafe (no checks, no endianness translation, etc.)
func (*ProvingKey) ReadFrom ¶
func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom attempts to decode a ProvingKey from reader ProvingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) note that we don't check that the points are on the curve or in the correct subgroup at this point
func (*ProvingKey) UnsafeReadFrom ¶
func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)
UnsafeReadFrom behaves like ReadFrom excepts it doesn't check if the decoded points are on the curve or in the correct subgroup
func (*ProvingKey) WriteDump ¶ added in v0.11.0
func (pk *ProvingKey) WriteDump(w io.Writer) error
WriteDump behaves like WriteRawTo, excepts, the slices of points are "dumped" using gnark-crypto/utils/unsafe Output is compatible with ReadDump, with the caveat that, not only the points are not checked for correctness, but the raw bytes are platform dependent (endianness, etc.)
func (*ProvingKey) WriteRawTo ¶
func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)
WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression
type VerifyingKey ¶
type VerifyingKey struct { // [α]₁, [Kvk]₁ G1 struct { Alpha curve.G1Affine Beta, Delta curve.G1Affine // unused, here for compatibility purposes K []curve.G1Affine // The indexes correspond to the public wires } // [β]₂, [δ]₂, [γ]₂, // -[δ]₂, -[γ]₂: see proof.Verify() for more details G2 struct { Beta, Delta, Gamma curve.G2Affine // contains filtered or unexported fields } CommitmentKeys []pedersen.VerifyingKey PublicAndCommitmentCommitted [][]int // indexes of public/commitment committed variables // contains filtered or unexported fields }
VerifyingKey is used by a Groth16 verifier to verify the validity of a proof and a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func (*VerifyingKey) ExportSolidity ¶
func (vk *VerifyingKey) ExportSolidity(w io.Writer, exportOpts ...solidity.ExportOption) error
ExportSolidity not implemented for BLS12-377
func (*VerifyingKey) IsDifferent ¶
func (vk *VerifyingKey) IsDifferent(_other interface{}) bool
IsDifferent returns true if provided vk is different than self this is used by groth16.Assert to ensure random sampling
func (*VerifyingKey) NbG1 ¶
func (vk *VerifyingKey) NbG1() int
NbG1 returns the number of G1 elements in the VerifyingKey
func (*VerifyingKey) NbG2 ¶
func (vk *VerifyingKey) NbG2() int
NbG2 returns the number of G2 elements in the VerifyingKey
func (*VerifyingKey) NbPublicWitness ¶
func (vk *VerifyingKey) NbPublicWitness() int
NbPublicWitness returns the number of elements in the expected public witness
func (*VerifyingKey) Precompute ¶
func (vk *VerifyingKey) Precompute() error
Precompute sets e, -[δ]₂, -[γ]₂ This is meant to be called internally during setup or deserialization.
func (*VerifyingKey) ReadFrom ¶
func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom attempts to decode a VerifyingKey from reader VerifyingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) serialization format: https://github.com/zkcrypto/bellman/blob/fa9be45588227a8c6ec34957de3f68705f07bd92/src/groth16/mod.rs#L143 [α]1,[β]1,[β]2,[γ]2,[δ]1,[δ]2,uint32(len(Kvk)),[Kvk]1
func (*VerifyingKey) UnsafeReadFrom ¶
func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)
UnsafeReadFrom has the same behavior as ReadFrom, except that it will not check that decode points are on the curve and in the correct subgroup.
func (*VerifyingKey) WriteRawTo ¶
func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)
WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression