Documentation ¶
Index ¶
- func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error
- func FoldProofs(proof1, proof2 *Proof, vk *VerifyingKey, ...) (*FoldedProof, *FoldingParameters, error)
- func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error
- func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector, ...) error
- func VerifyFolded(proof *Proof, vk *VerifyingKey, publicWitness ...fr.Vector) error
- type FoldedProof
- type FoldedWitness
- type FoldingParameters
- type Proof
- type ProvingKey
- func (pk *ProvingKey) CurveID() ecc.ID
- func (pk *ProvingKey) IsDifferent(_other interface{}) bool
- func (pk *ProvingKey) NbG1() int
- func (pk *ProvingKey) NbG2() int
- func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
- func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)
- func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)
- func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)
- type PublicWitness
- type VerifyingKey
- func (vk *VerifyingKey) CurveID() ecc.ID
- func (vk *VerifyingKey) ExportSolidity(w io.Writer) error
- func (vk *VerifyingKey) IsDifferent(_other interface{}) bool
- func (vk *VerifyingKey) NbG1() int
- func (vk *VerifyingKey) NbG2() int
- func (vk *VerifyingKey) NbPublicWitness() int
- func (vk *VerifyingKey) Precompute() error
- func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)
- func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)
- func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)
- func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DummySetup ¶
func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error
DummySetup fills a random ProvingKey used for test or benchmarking purposes
func FoldProofs ¶ added in v0.1.1
func FoldProofs(proof1, proof2 *Proof, vk *VerifyingKey, publicWitness1, publicWitness2 PublicWitness, opts ...backend.VerifierOption) (*FoldedProof, *FoldingParameters, error)
func Setup ¶
func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error
Setup constructs the SRS
func Verify ¶
func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector, opts ...backend.VerifierOption) error
Verify verifies a proof with given VerifyingKey and publicWitness
func VerifyFolded ¶ added in v0.1.3
func VerifyFolded(proof *Proof, vk *VerifyingKey, publicWitness ...fr.Vector) error
Verify verifies a proof with given VerifyingKey and publicWitness
Types ¶
type FoldedProof ¶ added in v0.1.1
type FoldedWitness ¶ added in v0.1.1
type Proof ¶
type Proof struct {
Ar, Krs curve.G1Affine
Bs curve.G2Affine
Commitments []curve.G1Affine // Pedersen commitments a la https://eprint.iacr.org/2022/1072
CommitmentPok curve.G1Affine // Batched proof of knowledge of the above commitments
}
Proof represents a Groth16 proof that was encoded with a ProvingKey and can be verified with a valid statement and a VerifyingKey Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func Prove ¶
func Prove(r1cs *cs.R1CS, pk *ProvingKey, fullWitness witness.Witness, opts ...backend.ProverOption) (*Proof, error)
Prove generates the proof of knowledge of a r1cs with full witness (secret + public part).
func (*Proof) ReadFrom ¶
ReadFrom attempts to decode a Proof from reader Proof must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed)
func (*Proof) WriteRawTo ¶
WriteRawTo writes binary encoding of the Proof elements to writer points are stored in uncompressed form Ar | Krs | Bs use WriteTo(...) to encode the proof with point compression
type ProvingKey ¶
type ProvingKey struct { // domain Domain fft.Domain // [α]₁, [β]₁, [δ]₁ // [A(t)]₁, [B(t)]₁, [Kpk(t)]₁, [Z(t)]₁ G1 struct { Alpha, Beta, Delta curve.G1Affine A, B, Z []curve.G1Affine K []curve.G1Affine // the indexes correspond to the private wires } // [β]₂, [δ]₂, [B(t)]₂ G2 struct { Beta, Delta curve.G2Affine B []curve.G2Affine } // [E]_T Gt struct { E curve.GT } // if InfinityA[i] == true, the point G1.A[i] == infinity InfinityA, InfinityB []bool NbInfinityA, NbInfinityB uint64 CommitmentKeys []pedersen.ProvingKey // contains filtered or unexported fields }
ProvingKey is used by a Groth16 prover to encode a proof of a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func (*ProvingKey) IsDifferent ¶
func (pk *ProvingKey) IsDifferent(_other interface{}) bool
IsDifferent returns true if provided pk is different than self this is used by groth16.Assert to ensure random sampling
func (*ProvingKey) NbG1 ¶
func (pk *ProvingKey) NbG1() int
NbG1 returns the number of G1 elements in the ProvingKey
func (*ProvingKey) NbG2 ¶
func (pk *ProvingKey) NbG2() int
NbG2 returns the number of G2 elements in the ProvingKey
func (*ProvingKey) ReadFrom ¶
func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom attempts to decode a ProvingKey from reader ProvingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) note that we don't check that the points are on the curve or in the correct subgroup at this point
func (*ProvingKey) UnsafeReadFrom ¶
func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)
UnsafeReadFrom behaves like ReadFrom excepts it doesn't check if the decoded points are on the curve or in the correct subgroup
func (*ProvingKey) WriteRawTo ¶
func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)
WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression
type PublicWitness ¶ added in v0.1.1
func (*PublicWitness) SetStartingParameters ¶ added in v0.1.1
func (witness *PublicWitness) SetStartingParameters() error
type VerifyingKey ¶
type VerifyingKey struct { // [α]₁, [Kvk]₁ G1 struct { Alpha curve.G1Affine Beta, Delta curve.G1Affine // unused, here for compatibility purposes K []curve.G1Affine // The indexes correspond to the public wires } // [β]₂, [δ]₂, [γ]₂, // -[δ]₂, -[γ]₂: see proof.Verify() for more details G2 struct { Beta, Delta, Gamma curve.G2Affine // contains filtered or unexported fields } CommitmentKey pedersen.VerifyingKey PublicAndCommitmentCommitted [][]int // indexes of public/commitment committed variables // contains filtered or unexported fields }
VerifyingKey is used by a Groth16 verifier to verify the validity of a proof and a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf
func (*VerifyingKey) ExportSolidity ¶
func (vk *VerifyingKey) ExportSolidity(w io.Writer) error
ExportSolidity not implemented for BLS12-377
func (*VerifyingKey) IsDifferent ¶
func (vk *VerifyingKey) IsDifferent(_other interface{}) bool
IsDifferent returns true if provided vk is different than self this is used by groth16.Assert to ensure random sampling
func (*VerifyingKey) NbG1 ¶
func (vk *VerifyingKey) NbG1() int
NbG1 returns the number of G1 elements in the VerifyingKey
func (*VerifyingKey) NbG2 ¶
func (vk *VerifyingKey) NbG2() int
NbG2 returns the number of G2 elements in the VerifyingKey
func (*VerifyingKey) NbPublicWitness ¶
func (vk *VerifyingKey) NbPublicWitness() int
NbPublicWitness returns the number of elements in the expected public witness
func (*VerifyingKey) Precompute ¶
func (vk *VerifyingKey) Precompute() error
Precompute sets e, -[δ]₂, -[γ]₂ This is meant to be called internally during setup or deserialization.
func (*VerifyingKey) ReadFrom ¶
func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom attempts to decode a VerifyingKey from reader VerifyingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) serialization format: https://github.com/zkcrypto/bellman/blob/fa9be45588227a8c6ec34957de3f68705f07bd92/src/groth16/mod.rs#L143 [α]1,[β]1,[β]2,[γ]2,[δ]1,[δ]2,uint32(len(Kvk)),[Kvk]1
func (*VerifyingKey) UnsafeReadFrom ¶
func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)
UnsafeReadFrom has the same behavior as ReadFrom, except that it will not check that decode points are on the curve and in the correct subgroup.
func (*VerifyingKey) WriteRawTo ¶
func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)
WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression