groth16

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 14, 2022 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DummySetup

func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error

DummySetup fills a random ProvingKey used for test or benchmarking purposes

func Setup

func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error

Setup constructs the SRS

func Verify

func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_761witness.Witness) error

Verify verifies a proof with given VerifyingKey and publicWitness

Types

type Proof

type Proof struct {
	Ar, Krs curve.G1Affine
	Bs      curve.G2Affine
}

Proof represents a Groth16 proof that was encoded with a ProvingKey and can be verified with a valid statement and a VerifyingKey Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf

func Prove

func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_761witness.Witness, opt backend.ProverConfig) (*Proof, error)

Prove generates the proof of knoweldge of a r1cs with full witness (secret + public part).

func (*Proof) CurveID added in v0.5.0

func (proof *Proof) CurveID() ecc.ID

CurveID returns the curveID

func (*Proof) ReadFrom

func (proof *Proof) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom attempts to decode a Proof from reader Proof must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed)

func (*Proof) WriteRawTo

func (proof *Proof) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of the Proof elements to writer points are stored in uncompressed form Ar | Krs | Bs use WriteTo(...) to encode the proof with point compression

func (*Proof) WriteTo

func (proof *Proof) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of the Proof elements to writer points are stored in compressed form Ar | Krs | Bs use WriteRawTo(...) to encode the proof without point compression

type ProvingKey

type ProvingKey struct {
	// domain
	Domain fft.Domain

	// [α]1, [β]1, [δ]1
	// [A(t)]1, [B(t)]1, [Kpk(t)]1, [Z(t)]1
	G1 struct {
		Alpha, Beta, Delta curve.G1Affine
		A, B, Z            []curve.G1Affine
		K                  []curve.G1Affine // the indexes correspond to the private wires
	}

	// [β]2, [δ]2, [B(t)]2
	G2 struct {
		Beta, Delta curve.G2Affine
		B           []curve.G2Affine
	}

	// if InfinityA[i] == true, the point G1.A[i] == infinity
	InfinityA, InfinityB     []bool
	NbInfinityA, NbInfinityB uint64
}

ProvingKey is used by a Groth16 prover to encode a proof of a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf

func (*ProvingKey) CurveID added in v0.5.0

func (pk *ProvingKey) CurveID() ecc.ID

CurveID returns the curveID

func (*ProvingKey) IsDifferent

func (pk *ProvingKey) IsDifferent(_other interface{}) bool

IsDifferent returns true if provided pk is different than self this is used by groth16.Assert to ensure random sampling

func (*ProvingKey) NbG1 added in v0.5.0

func (pk *ProvingKey) NbG1() int

NbG1 returns the number of G1 elements in the ProvingKey

func (*ProvingKey) NbG2 added in v0.5.0

func (pk *ProvingKey) NbG2() int

NbG2 returns the number of G2 elements in the ProvingKey

func (*ProvingKey) ReadFrom

func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom attempts to decode a ProvingKey from reader ProvingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) note that we don't check that the points are on the curve or in the correct subgroup at this point

func (*ProvingKey) UnsafeReadFrom added in v0.5.2

func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom behaves like ReadFrom excepts it doesn't check if the decoded points are on the curve or in the correct subgroup

func (*ProvingKey) WriteRawTo

func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression

func (*ProvingKey) WriteTo

func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of the key elements to writer points are compressed use WriteRawTo(...) to encode the key without point compression

type VerifyingKey

type VerifyingKey struct {
	// [α]1, [Kvk]1
	G1 struct {
		Alpha       curve.G1Affine
		Beta, Delta curve.G1Affine   // unused, here for compatibility purposes
		K           []curve.G1Affine // The indexes correspond to the public wires
	}

	// [β]2, [δ]2, [γ]2,
	// -[δ]2, -[γ]2: see proof.Verify() for more details
	G2 struct {
		Beta, Delta, Gamma curve.G2Affine
		// contains filtered or unexported fields
	}
	// contains filtered or unexported fields
}

VerifyingKey is used by a Groth16 verifier to verify the validity of a proof and a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf

func (*VerifyingKey) CurveID added in v0.5.0

func (vk *VerifyingKey) CurveID() ecc.ID

CurveID returns the curveID

func (*VerifyingKey) ExportSolidity

func (vk *VerifyingKey) ExportSolidity(w io.Writer) error

ExportSolidity not implemented for BW6-761

func (*VerifyingKey) IsDifferent

func (vk *VerifyingKey) IsDifferent(_other interface{}) bool

IsDifferent returns true if provided vk is different than self this is used by groth16.Assert to ensure random sampling

func (*VerifyingKey) NbG1 added in v0.5.0

func (vk *VerifyingKey) NbG1() int

NbG1 returns the number of G1 elements in the VerifyingKey

func (*VerifyingKey) NbG2 added in v0.5.0

func (vk *VerifyingKey) NbG2() int

NbG2 returns the number of G2 elements in the VerifyingKey

func (*VerifyingKey) NbPublicWitness added in v0.5.0

func (vk *VerifyingKey) NbPublicWitness() int

NbPublicWitness returns the number of elements in the expected public witness

func (*VerifyingKey) ReadFrom

func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom attempts to decode a VerifyingKey from reader VerifyingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) serialization format: https://github.com/zkcrypto/bellman/blob/fa9be45588227a8c6ec34957de3f68705f07bd92/src/groth16/mod.rs#L143 [α]1,[β]1,[β]2,[γ]2,[δ]1,[δ]2,uint32(len(Kvk)),[Kvk]1

func (*VerifyingKey) UnsafeReadFrom added in v0.5.2

func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom has the same behavior as ReadFrom, except that it will not check that decode points are on the curve and in the correct subgroup.

func (*VerifyingKey) WriteRawTo

func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression

func (*VerifyingKey) WriteTo

func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of the key elements to writer points are compressed use WriteRawTo(...) to encode the key without point compression

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL