groth16

package
v0.5.1-hotfixes Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 17, 2021 License: Apache-2.0 Imports: 24 Imported by: 169

Documentation

Overview

Package groth16 implements Groth16 Zero Knowledge Proof system (aka zkSNARK).

See also

https://eprint.iacr.org/2016/260.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsSolved added in v0.4.0 

func IsSolved(r1cs frontend.CompiledConstraintSystem, witness frontend.Circuit, opts ...func(opt *backend.ProverOption) error) error

IsSolved attempts to solve the constraint system with provided witness returns nil if it succeeds, error otherwise.

func NewCS added in v0.4.0 

func NewCS(curveID ecc.ID) frontend.CompiledConstraintSystem

NewCS instantiate a concrete curved-typed R1CS and return a R1CS interface This method exists for (de)serialization purposes

func ReadAndVerify added in v0.4.0 

func ReadAndVerify(proof Proof, vk VerifyingKey, publicWitness io.Reader) error

ReadAndVerify behaves like Verify, except witness is read from a io.Reader witness must be encoded following the binary serialization protocol described in gnark/backend/witness package

func Setup 

func Setup(r1cs frontend.CompiledConstraintSystem) (ProvingKey, VerifyingKey, error)

Setup runs groth16.Setup with provided R1CS and outputs a key pair associated with the circuit.

Note that careful consideration must be given to this step in production environment. groth16.Setup uses some randomness to precompute the Proving and Verifying keys. If the process or machine leaks this randomness, an attacker could break the ZKP protocol.

Two main solutions to this deployment issues are: running the Setup through a MPC (multi party computation) or using a ZKP backend like PLONK where the per-circuit Setup is deterministic.

func Verify 

func Verify(proof Proof, vk VerifyingKey, publicWitness frontend.Circuit) error

Verify runs the groth16.Verify algorithm on provided proof with given witness

Types

type Assert 

type Assert struct {
	*require.Assertions
}

Assert is a helper to test circuits

func NewAssert 

func NewAssert(t *testing.T) *Assert

NewAssert returns an Assert helper

func (*Assert) ProverFailed 

func (assert *Assert) ProverFailed(r1cs frontend.CompiledConstraintSystem, witness frontend.Circuit, opts ...func(opt *backend.ProverOption) error)

ProverFailed check that a witness does NOT solve a circuit

func (*Assert) ProverSucceeded 

func (assert *Assert) ProverSucceeded(r1cs frontend.CompiledConstraintSystem, witness frontend.Circuit, opts ...func(opt *backend.ProverOption) error)

ProverSucceeded check that a witness solves a circuit

1. Runs groth16.Setup()

2. Solves the R1CS

3. Runs groth16.Prove()

4. Runs groth16.Verify()

5. Ensure deserialization(serialization) of generated objects is correct

ensure result vectors a*b=c, and check other properties like random sampling

func (*Assert) SerializationRawSucceeded added in v0.5.0 

func (assert *Assert) SerializationRawSucceeded(from gnarkio.WriterRawTo, to io.ReaderFrom)

func (*Assert) SerializationSucceeded added in v0.5.0 

func (assert *Assert) SerializationSucceeded(from io.WriterTo, to io.ReaderFrom)

func (*Assert) SolvingFailed 

func (assert *Assert) SolvingFailed(r1cs frontend.CompiledConstraintSystem, witness frontend.Circuit, opts ...func(opt *backend.ProverOption) error)

SolvingFailed Verifies that the R1CS is not solved with the given witness, without executing groth16 workflow

func (*Assert) SolvingSucceeded 

func (assert *Assert) SolvingSucceeded(r1cs frontend.CompiledConstraintSystem, witness frontend.Circuit, opts ...func(opt *backend.ProverOption) error)

SolvingSucceeded Verifies that the R1CS is solved with the given witness, without executing groth16 workflow

type Proof 

type Proof interface {
	// contains filtered or unexported methods
}

Proof represents a Groth16 proof generated by groth16.Prove

it's underlying implementation is curve specific (see gnark/internal/backend)

func NewProof added in v0.3.6 

func NewProof(curveID ecc.ID) Proof

NewProof instantiates a curve-typed Proof and returns an interface This function exists for serialization purposes

func Prove 

func Prove(r1cs frontend.CompiledConstraintSystem, pk ProvingKey, witness frontend.Circuit, opts ...func(opt *backend.ProverOption) error) (Proof, error)

Prove runs the groth16.Prove algorithm.

if the force flag is set: 

	will executes all the prover computations, even if the witness is invalid
 will produce an invalid proof
	internally, the solution vector to the R1CS will be filled with random values which may impact benchmarking

func ReadAndProve added in v0.4.0 

func ReadAndProve(r1cs frontend.CompiledConstraintSystem, pk ProvingKey, witness io.Reader, opts ...func(opt *backend.ProverOption) error) (Proof, error)

ReadAndProve behaves like Prove, , except witness is read from a io.Reader witness must be encoded following the binary serialization protocol described in gnark/backend/witness package

type ProvingKey 

type ProvingKey interface {

	// NbG1 returns the number of G1 elements in the ProvingKey
	NbG1() int

	// NbG2 returns the number of G2 elements in the ProvingKey
	NbG2() int

	IsDifferent(interface{}) bool
	// contains filtered or unexported methods
}

ProvingKey represents a Groth16 ProvingKey

it's underlying implementation is strongly typed with the curve (see gnark/internal/backend)

func DummySetup 

func DummySetup(r1cs frontend.CompiledConstraintSystem) (ProvingKey, error)

DummySetup create a random ProvingKey with provided R1CS it doesn't return a VerifyingKey and is use for benchmarking or test purposes only.

func NewProvingKey added in v0.3.6 

func NewProvingKey(curveID ecc.ID) ProvingKey

NewProvingKey instantiates a curve-typed ProvingKey and returns an interface object This function exists for serialization purposes

type VerifyingKey 

type VerifyingKey interface {

	// NbPublicWitness returns number of elements expected in the public witness
	NbPublicWitness() int

	// NbG1 returns the number of G1 elements in the VerifyingKey
	NbG1() int

	// NbG2 returns the number of G2 elements in the VerifyingKey
	NbG2() int

	// ExportSolidity writes a solidity Verifier contract from the VerifyingKey
	// this will return an error if not supported on the CurveID()
	ExportSolidity(w io.Writer) error

	IsDifferent(interface{}) bool
	// contains filtered or unexported methods
}

VerifyingKey represents a Groth16 VerifyingKey

it's underlying implementation is strongly typed with the curve (see gnark/internal/backend)

ExportSolidity is implemented for BN254 and will return an error with other curves

func NewVerifyingKey added in v0.3.6 

func NewVerifyingKey(curveID ecc.ID) VerifyingKey

NewVerifyingKey instantiates a curve-typed VerifyingKey and returns an interface This function exists for serialization purposes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.