arnaucube/gnark-plonky2-verifier
1
0
Fork 0
mirror of https://github.com/arnaucube/gnark-plonky2-verifier.git synced 2026-01-12 17:11:31 +01:00
Code Issues Projects Releases Wiki Activity

get signature working

Browse Source
This commit is contained in:
Jacob Jackson
2022-10-07 06:19:24 +00:00
parent d61e54c60e
commit 52dade9335
3 changed files with 205 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
cubic.go
View File

@@ -14,61 +14,61 @@
package main package main
import ( // import (
"fmt" // "fmt"
"os" // "os"
"github.com/consensys/gnark/frontend" // "github.com/consensys/gnark/frontend"
"github.com/consensys/gnark-crypto/ecc" // "github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/frontend/cs/r1cs" // "github.com/consensys/gnark/frontend/cs/r1cs"
"github.com/consensys/gnark/backend/groth16" // "github.com/consensys/gnark/backend/groth16"
_ "gnark-ed25519/edwards_curve" // _ "gnark-ed25519/edwards_curve"
_ "gnark-ed25519/sha512" // _ "gnark-ed25519/sha512"
) // )
// Circuit defines a simple circuit // // Circuit defines a simple circuit
// x**3 + x + 5 == y // // x**3 + x + 5 == y
type Circuit struct { // type Circuit struct {
// struct tags on a variable is optional // // struct tags on a variable is optional
// default uses variable name and secret visibility. // // default uses variable name and secret visibility.
X frontend.Variable `gnark:"x"` // X frontend.Variable `gnark:"x"`
Y frontend.Variable `gnark:",public"` // Y frontend.Variable `gnark:",public"`
} // }
// Define declares the circuit constraints // // Define declares the circuit constraints
// x**3 + x + 5 == y // // x**3 + x + 5 == y
func (circuit *Circuit) Define(api frontend.API) error { // func (circuit *Circuit) Define(api frontend.API) error {
x3 := api.Mul(circuit.X, circuit.X, circuit.X) // x3 := api.Mul(circuit.X, circuit.X, circuit.X)
api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5)) // api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5))
return nil // return nil
} // }
func main() { // func main() {
err := mainImpl() // err := mainImpl()
if err != nil { // if err != nil {
fmt.Println(err) // fmt.Println(err)
os.Exit(1) // os.Exit(1)
} // }
} // }
func mainImpl() error { // func mainImpl() error {
var myCircuit Circuit // var myCircuit Circuit
r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit) // r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit)
if err != nil { // if err != nil {
return err // return err
} // }
assignment := &Circuit{ // assignment := &Circuit{
X: "2", // X: "2",
Y: "15", // Y: "15",
} // }
witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField()) // witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField())
publicWitness, _ := witness.Public() // publicWitness, _ := witness.Public()
pk, vk, err := groth16.Setup(r1cs) // pk, vk, err := groth16.Setup(r1cs)
proof, err := groth16.Prove(r1cs, pk, witness) // proof, err := groth16.Prove(r1cs, pk, witness)
err = groth16.Verify(proof, vk, publicWitness) // err = groth16.Verify(proof, vk, publicWitness)
if err != nil { // if err != nil {
return err // return err
} // }
fmt.Println(proof) // fmt.Println(proof)
return nil // return nil
} // }

180
ed25519.go
View File

@@ -14,43 +14,159 @@
package main package main
// import (
// "fmt" import (
// "os" "time"
// "crypto/ed25519" "fmt"
// "crypto/rand" "os"
// "github.com/consensys/gnark/std/math/emulated" "encoding/hex"
// ) "github.com/consensys/gnark/frontend"
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/frontend/cs/r1cs"
"github.com/consensys/gnark/backend/groth16"
"gnark-ed25519/edwards_curve"
"gnark-ed25519/sha512"
)
type Eddsa25519Circuit struct {
M []frontend.Variable
Pk []frontend.Variable
Sig []frontend.Variable
}
func (circuit *Eddsa25519Circuit) Define(api frontend.API) error {
c, err := edwards_curve.New[edwards_curve.Ed25519, edwards_curve.Ed25519Scalars](api)
if err != nil {
return err
}
edwards_curve.CheckValid(c, circuit.Sig, circuit.M, circuit.Pk)
return nil
}
type Sha512Circuit struct {
in []frontend.Variable `gnark:"in"`
out []frontend.Variable `gnark:"out"`
}
func (circuit *Sha512Circuit) Define(api frontend.API) error {
res := sha512.Sha512(api, circuit.in)
if len(res) != 512 { panic("bad length") }
for i := 0; i < 512; i++ {
api.AssertIsEqual(res[i], circuit.out[i])
}
return nil
}
// func main() { func main() {
// err := mainImpl() err := mainImpl()
// if err != nil { if err != nil {
// fmt.Println(err) fmt.Println(err)
// os.Exit(1) os.Exit(1)
// } }
// } }
// func mainImpl() error { // func mainImpl() error {
// pubKey, privKey, err := ed25519.GenerateKey(rand.Reader) // in := bytesToBits([]byte("Succinct Labs"))
// fmt.Println(pubKey) // out := hexToBits("503ace098aa03f6feec1b5df0a38aee923f744a775508bc81f2b94ad139be297c2e8cd8c44af527b5d3f017a7fc929892c896604047e52e3f518924f52bff0dc")
// fmt.Println(privKey)
// message := []byte("string")
// sig := ed25519.Sign(privKey, message)
// fmt.Println(sig)
// verified := ed25519.Verify(pubKey, message, sig)
// fmt.Println(verified)
// verifiedFalse := ed25519.Verify(pubKey, []byte("string1"), sig) // myCircuit := Sha512Circuit{
// fmt.Println(verifiedFalse) // in,
// out,
// ele := emulated.NewElement[emulated.BN254Fp](1) // }
// fmt.Println(ele) // fmt.Println(time.Now(), "compiling...")
// r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit)
// if err != nil { // if err != nil {
// return err // return err
// } // }
// return nil
// assignment := &Sha512Circuit{
// in,
// out,
// }
// fmt.Println(time.Now(), "generating witness...")
// witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField())
// publicWitness, _ := witness.Public()
// fmt.Println(time.Now(), "groth setup...")
// pk, vk, err := groth16.Setup(r1cs)
// fmt.Println(time.Now(), "groth prove...")
// proof, err := groth16.Prove(r1cs, pk, witness)
// fmt.Println(time.Now(), "groth verify...")
// err = groth16.Verify(proof, vk, publicWitness)
// if err != nil {
// return err
// }
// fmt.Println(proof)
// return nil
// } // }
func mainImpl() error {
M := "53756363696e6374204c616273"
Pk := "f7ec1c43f4de9d49556de87b86b26a98942cb078486fdb44de38b80864c39731"
Sig := "35c323757c20640a294345c89c0bfcebe3d554fdb0c7b7a0bdb72222c531b1ec849fed99a053e0f5b02dd9a25bb6eb018885526d9f583cdbde0b1e9f6329da09"
myCircuit := Eddsa25519Circuit{
M: hexToBits(M),
Pk: hexToBits(Pk),
Sig: hexToBits(Sig),
}
fmt.Println(time.Now(), "compiling...")
r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit)
if err != nil {
return err
}
assignment := &Eddsa25519Circuit{
M: hexToBits(M),
Pk: hexToBits(Pk),
Sig: hexToBits(Sig),
}
fmt.Println(time.Now(), "generating witness...")
witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField())
publicWitness, _ := witness.Public()
fmt.Println(time.Now(), "groth setup...")
pk, vk, err := groth16.Setup(r1cs)
fmt.Println(time.Now(), "groth prove...")
proof, err := groth16.Prove(r1cs, pk, witness)
fmt.Println(time.Now(), "groth verify...")
err = groth16.Verify(proof, vk, publicWitness)
if err != nil {
return err
}
fmt.Println(proof)
return nil
}
func hexToBits(h string) []frontend.Variable {
b, err := hex.DecodeString(h)
if err != nil {
panic(err)
}
result := make([]frontend.Variable, len(b) * 8)
for i, v := range b {
for j := 0; j < 8; j++ {
if (v & (1 << j)) != 0 {
result[i*8+j] = 1
} else {
result[i*8+j] = 0
}
}
}
return result
}
func bytesToBits(arr []byte) []frontend.Variable {
result := make([]frontend.Variable, len(arr) * 8)
for i, v := range arr {
for j := 0; j < 8; j++ {
if (v & (1 << (7-j))) != 0 {
result[i*8+j] = 1
} else {
result[i*8+j] = 0
}
}
}
return result
}

20
edwards_curve/eddsa25519.go
View File

@@ -4,7 +4,6 @@ package edwards_curve
// This file is little-endian // This file is little-endian
import ( import (
"fmt"
"math/big" "math/big"
"github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/std/math/emulated" "github.com/consensys/gnark/std/math/emulated"
@@ -13,10 +12,8 @@ import (
func H(api frontend.API, m []frontend.Variable) []frontend.Variable { func H(api frontend.API, m []frontend.Variable) []frontend.Variable {
fmt.Println("sha input", m)
rawResult := sha512.Sha512(api, swapByteEndianness(m)) rawResult := sha512.Sha512(api, swapByteEndianness(m))
sResult := swapByteEndianness(rawResult[:]) sResult := swapByteEndianness(rawResult[:])
fmt.Println("sha output", sResult)
return sResult return sResult
} }
@@ -36,10 +33,10 @@ func bits_to_scalar(c *EdCurve, s []frontend.Variable) EdCoordinate {
elt := emulated.NewElement[Ed25519](0) elt := emulated.NewElement[Ed25519](0)
if len(elt.Limbs) != 4 { panic("bad length") } if len(elt.Limbs) != 4 { panic("bad length") }
i := 0 i := 0
elt.Limbs[0] = c.api.FromBinary(s[i:i+64]...); i += 64 for k := 0; k < 4; k++ {
elt.Limbs[1] = c.api.FromBinary(s[i:i+64]...); i += 64 elt.Limbs[k] = c.api.FromBinary(s[i:i+64]...)
elt.Limbs[2] = c.api.FromBinary(s[i:i+64]...); i += 64 i += 64
elt.Limbs[3] = c.api.FromBinary(s[i:i+64]...); i += 64 }
if i != len(s) { panic("bad length") } if i != len(s) { panic("bad length") }
return elt return elt
} }
@@ -83,13 +80,8 @@ func CheckValid(c *EdCurve, s, m, pk []frontend.Variable) {
R := bits_to_element(c, s[:256]) R := bits_to_element(c, s[:256])
A := bits_to_element(c, pk) A := bits_to_element(c, pk)
h := H(c.api, concat(s[:256], pk, m)) h := H(c.api, concat(s[:256], pk, m))
fmt.Println("h", h)
fmt.Println("g", dbg(c.g.X), dbg(c.g.Y))
fmt.Println("s last half", s[256:])
v1 := c.ScalarMulBinary(c.g, s[256:]) v1 := c.ScalarMulBinary(c.g, s[256:])
fmt.Println("v1", dbg(v1.X), dbg(v1.Y))
v2 := c.Add(R, c.ScalarMulBinary(A, h)) v2 := c.Add(R, c.ScalarMulBinary(A, h))
fmt.Println("v2", dbg(v2.X), dbg(v2.Y))
c.AssertIsEqual(v1, v2) c.AssertIsEqual(v1, v2)
} }
@@ -152,10 +144,6 @@ func toValue(s EdCoordinate) *big.Int {
return result return result
} }
func dbg(s EdCoordinate) string {
return toValue(s).Text(16)
}
func _const(x int64) EdCoordinate { func _const(x int64) EdCoordinate {
return emulated.NewElement[Ed25519](big.NewInt(x)) return emulated.NewElement[Ed25519](big.NewInt(x))
} }