arnaucube
/
go-circom-prover-verifier
mirror of https://github.com/arnaucube/go-circom-prover-verifier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add zkSNARK Groth16 prover

ed255-patch-1
arnaucube 4 years ago
parent
f942c8c157
commit
a99f4510da
1 changed files with 67 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +67
    -0
      prover.go

+ 67
- 0
prover.go
View File

@ -1,6 +1,7 @@
package gocircomprover
import (
"crypto/rand"
"math/big"
bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
@ -34,3 +35,69 @@ type ProvingKey struct {
type Witness []*big.Int
var R, _ = new(big.Int).SetString("21888242871839275222246405745257275088548364400416034343698204186575808495617", 10)
func RandBigInt() (*big.Int, error) {
maxbits := R.BitLen()
b := make([]byte, (maxbits/8)-1)
_, err := rand.Read(b)
if err != nil {
return nil, err
}
r := new(big.Int).SetBytes(b)
rq := new(big.Int).Mod(r, R)
return rq, nil
}
func Prove(pk *ProvingKey, w Witness) (*Proof, []*big.Int, error) {
var proof Proof
r, err := RandBigInt()
if err != nil {
return nil, nil, err
}
s, err := RandBigInt()
if err != nil {
return nil, nil, err
}
proof.A = new(bn256.G1).ScalarBaseMult(big.NewInt(0))
proof.B = new(bn256.G2).ScalarBaseMult(big.NewInt(0))
proof.C = new(bn256.G1).ScalarBaseMult(big.NewInt(0))
proofBG1 := new(bn256.G1).ScalarBaseMult(big.NewInt(0))
for i := 0; i < pk.NVars; i++ {
proof.A = new(bn256.G1).Add(proof.A, new(bn256.G1).ScalarMult(pk.A[i], w[i]))
proof.B = new(bn256.G2).Add(proof.B, new(bn256.G2).ScalarMult(pk.B2[i], w[i]))
proofBG1 = new(bn256.G1).Add(proofBG1, new(bn256.G1).ScalarMult(pk.B1[i], w[i]))
}
for i := pk.NPublic + 1; i < pk.NVars; i++ {
proof.C = new(bn256.G1).Add(proof.C, new(bn256.G1).ScalarMult(pk.C[i], w[i]))
}
proof.A = new(bn256.G1).Add(proof.A, pk.VkAlpha1)
proof.A = new(bn256.G1).Add(proof.A, new(bn256.G1).ScalarMult(pk.VkDelta1, r))
proof.B = new(bn256.G2).Add(proof.B, pk.VkBeta2)
proof.B = new(bn256.G2).Add(proof.B, new(bn256.G2).ScalarMult(pk.VkDelta2, s))
proofBG1 = new(bn256.G1).Add(proofBG1, pk.VkBeta1)
proofBG1 = new(bn256.G1).Add(proofBG1, new(bn256.G1).ScalarMult(pk.VkDelta1, s))
// TODO
// h := calculateH(pk, w)
h := []*big.Int{} // TMP
for i := 0; i < len(h); i++ {
proof.C = new(bn256.G1).Add(proof.C, new(bn256.G1).ScalarMult(pk.HExps[i], h[i]))
}
proof.C = new(bn256.G1).Add(proof.C, new(bn256.G1).ScalarMult(proof.A, s))
proof.C = new(bn256.G1).Add(proof.C, new(bn256.G1).ScalarMult(proofBG1, r))
rsneg := new(big.Int).Mod(new(big.Int).Neg(new(big.Int).Mul(r, s)), R) // FAdd & FMul
proof.C = new(bn256.G1).Add(proof.C, new(bn256.G1).ScalarMult(pk.VkDelta1, rsneg))
pubSignals := w[1 : pk.NPublic+1]
return &proof, pubSignals, nil
}

Write Preview
Loading…
Cancel
Save