groth16

package
v0.2.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DummySetup

func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error

DummySetup fills a random ProvingKey used for test or benchmarking purposes

func Setup

func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error

Setup constructs the SRS

func Verify

func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector, opts ...backend.VerifierOption) error

Verify verifies a proof with given VerifyingKey and publicWitness

func VerifyFolded added in v0.1.3

func VerifyFolded(foldedProof *FoldedProof, foldingParameters FoldingParameters, vk *VerifyingKey, proofs []Proof, publicWitness ...fr.Vector) error

Verify verifies a proof with given VerifyingKey and publicWitness

Types

type FoldedProof added in v0.1.1

type FoldedProof struct {
	Ar, Krs curve.G1Affine
	Bs      curve.G2Affine
}

func FoldProof added in v0.2.4

func FoldProof(proof1 *FoldedProof, proof2 *Proof, vk *VerifyingKey, opts ...backend.VerifierOption) (*FoldedProof, error)

type FoldedWitness added in v0.1.1

type FoldedWitness struct {
	H curve.G1Affine
	E curve.GT
	// contains filtered or unexported fields
}

type FoldingParameters added in v0.1.1

type FoldingParameters struct {
	T curve.GT
	R big.Int
}

func GetFoldingParameters added in v0.2.0

func GetFoldingParameters(proof1, proof2 *Proof, vk *VerifyingKey, publicWitness1, publicWitness2 PublicWitness, opts ...backend.VerifierOption) (*FoldingParameters, error)

type Proof

type Proof struct {
	Ar, Krs       curve.G1Affine
	Bs            curve.G2Affine
	Commitments   []curve.G1Affine // Pedersen commitments a la https://eprint.iacr.org/2022/1072
	CommitmentPok curve.G1Affine   // Batched proof of knowledge of the above commitments
}

Proof represents a Groth16 proof that was encoded with a ProvingKey and can be verified with a valid statement and a VerifyingKey Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf

func Prove

func Prove(r1cs *cs.R1CS, pk *ProvingKey, fullWitness witness.Witness, opts ...backend.ProverOption) (*Proof, error)

Prove generates the proof of knowledge of a r1cs with full witness (secret + public part).

func (*Proof) CurveID

func (proof *Proof) CurveID() ecc.ID

CurveID returns the curveID

func (*Proof) ReadFrom

func (proof *Proof) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom attempts to decode a Proof from reader Proof must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed)

func (*Proof) WriteRawTo

func (proof *Proof) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of the Proof elements to writer points are stored in uncompressed form Ar | Krs | Bs use WriteTo(...) to encode the proof with point compression

func (*Proof) WriteTo

func (proof *Proof) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of the Proof elements to writer points are stored in compressed form Ar | Krs | Bs use WriteRawTo(...) to encode the proof without point compression

type ProvingKey

type ProvingKey struct {
	// domain
	Domain fft.Domain

	// [α]₁, [β]₁, [δ]₁
	// [A(t)]₁, [B(t)]₁, [Kpk(t)]₁, [Z(t)]₁
	G1 struct {
		Alpha, Beta, Delta curve.G1Affine
		A, B, Z            []curve.G1Affine
		K                  []curve.G1Affine // the indexes correspond to the private wires
	}

	// [β]₂, [δ]₂, [B(t)]₂
	G2 struct {
		Beta, Delta curve.G2Affine
		B           []curve.G2Affine
	}

	// [E]_T
	Gt struct {
		E curve.GT
	}

	// if InfinityA[i] == true, the point G1.A[i] == infinity
	InfinityA, InfinityB     []bool
	NbInfinityA, NbInfinityB uint64

	CommitmentKeys []pedersen.ProvingKey
	// contains filtered or unexported fields
}

ProvingKey is used by a Groth16 prover to encode a proof of a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf

func (*ProvingKey) CurveID

func (pk *ProvingKey) CurveID() ecc.ID

CurveID returns the curveID

func (*ProvingKey) IsDifferent

func (pk *ProvingKey) IsDifferent(_other interface{}) bool

IsDifferent returns true if provided pk is different than self this is used by groth16.Assert to ensure random sampling

func (*ProvingKey) NbG1

func (pk *ProvingKey) NbG1() int

NbG1 returns the number of G1 elements in the ProvingKey

func (*ProvingKey) NbG2

func (pk *ProvingKey) NbG2() int

NbG2 returns the number of G2 elements in the ProvingKey

func (*ProvingKey) ReadFrom

func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom attempts to decode a ProvingKey from reader ProvingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) note that we don't check that the points are on the curve or in the correct subgroup at this point

func (*ProvingKey) UnsafeReadFrom

func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom behaves like ReadFrom excepts it doesn't check if the decoded points are on the curve or in the correct subgroup

func (*ProvingKey) WriteRawTo

func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression

func (*ProvingKey) WriteTo

func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of the key elements to writer points are compressed use WriteRawTo(...) to encode the key without point compression

type PublicWitness added in v0.1.1

type PublicWitness struct {
	Public fr.Vector
	E      curve.GT
	// contains filtered or unexported fields
}

func (*PublicWitness) SetStartingParameters added in v0.1.1

func (witness *PublicWitness) SetStartingParameters() error

type VerifyingKey

type VerifyingKey struct {
	// [α]₁, [Kvk]₁
	G1 struct {
		Alpha       curve.G1Affine
		Beta, Delta curve.G1Affine   // unused, here for compatibility purposes
		K           []curve.G1Affine // The indexes correspond to the public wires
	}

	// [β]₂, [δ]₂, [γ]₂,
	// -[δ]₂, -[γ]₂: see proof.Verify() for more details
	G2 struct {
		Beta, Delta, Gamma curve.G2Affine
		// contains filtered or unexported fields
	}

	CommitmentKey                pedersen.VerifyingKey
	PublicAndCommitmentCommitted [][]int // indexes of public/commitment committed variables
	// contains filtered or unexported fields
}

VerifyingKey is used by a Groth16 verifier to verify the validity of a proof and a statement Notation follows Figure 4. in DIZK paper https://eprint.iacr.org/2018/691.pdf

func (*VerifyingKey) CurveID

func (vk *VerifyingKey) CurveID() ecc.ID

CurveID returns the curveID

func (*VerifyingKey) ExportSolidity

func (vk *VerifyingKey) ExportSolidity(w io.Writer) error

ExportSolidity not implemented for BLS12-377

func (*VerifyingKey) IsDifferent

func (vk *VerifyingKey) IsDifferent(_other interface{}) bool

IsDifferent returns true if provided vk is different than self this is used by groth16.Assert to ensure random sampling

func (*VerifyingKey) NbG1

func (vk *VerifyingKey) NbG1() int

NbG1 returns the number of G1 elements in the VerifyingKey

func (*VerifyingKey) NbG2

func (vk *VerifyingKey) NbG2() int

NbG2 returns the number of G2 elements in the VerifyingKey

func (*VerifyingKey) NbPublicWitness

func (vk *VerifyingKey) NbPublicWitness() int

NbPublicWitness returns the number of elements in the expected public witness

func (*VerifyingKey) Precompute

func (vk *VerifyingKey) Precompute() error

Precompute sets e, -[δ]₂, -[γ]₂ This is meant to be called internally during setup or deserialization.

func (*VerifyingKey) ReadFrom

func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom attempts to decode a VerifyingKey from reader VerifyingKey must be encoded through WriteTo (compressed) or WriteRawTo (uncompressed) serialization format: https://github.com/zkcrypto/bellman/blob/fa9be45588227a8c6ec34957de3f68705f07bd92/src/groth16/mod.rs#L143 [α]1,[β]1,[β]2,[γ]2,[δ]1,[δ]2,uint32(len(Kvk)),[Kvk]1

func (*VerifyingKey) UnsafeReadFrom

func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom has the same behavior as ReadFrom, except that it will not check that decode points are on the curve and in the correct subgroup.

func (*VerifyingKey) WriteRawTo

func (vk *VerifyingKey) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of the key elements to writer points are not compressed use WriteTo(...) to encode the key with point compression

func (*VerifyingKey) WriteTo

func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of the key elements to writer points are compressed use WriteRawTo(...) to encode the key without point compression

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL