arnaucube/go-circom-prover-verifier
1
0
Fork 0
mirror of https://github.com/arnaucube/go-circom-prover-verifier.git synced 2026-02-06 19:06:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from iden3/feature/polynomials-goff

Browse Source 
Add polynomials arithmetic in goff
This commit is contained in:
arnau
2020-04-20 12:51:04 +02:00
committed by GitHub
parent 3f5f8e2318 324c817d42
commit fb3bbedde5
7 changed files with 178 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -9,6 +9,14 @@ Using [bn256](https://github.com/ethereum/go-ethereum/tree/master/crypto/bn256/c
- Generate Proof - Generate Proof
```go ```go
import (
"github.com/iden3/go-circom-prover-verifier/parsers"
"github.com/iden3/go-circom-prover-verifier/prover"
"github.com/iden3/go-circom-prover-verifier/verifier"
)
[...]
// read ProvingKey & Witness files // read ProvingKey & Witness files
provingKeyJson, _ := ioutil.ReadFile("../testdata/small/proving_key.json") provingKeyJson, _ := ioutil.ReadFile("../testdata/small/proving_key.json")
witnessJson, _ := ioutil.ReadFile("../testdata/small/witness.json") witnessJson, _ := ioutil.ReadFile("../testdata/small/witness.json")
@@ -20,7 +28,7 @@ pk, _ := parsers.ParsePk(provingKeyJson)
w, _ := parsers.ParseWitness(witnessJson) w, _ := parsers.ParseWitness(witnessJson)
// generate the proof // generate the proof
proof, pubSignals, _ := GenerateProof(pk, w) proof, pubSignals, _ := prover.GenerateProof(pk, w)
// print proof & publicSignals // print proof & publicSignals
proofStr, _ := parsers.ProofToJson(proof) proofStr, _ := parsers.ProofToJson(proof)
@@ -42,7 +50,7 @@ proof, _ := parsers.ParseProof(proofJson)
vk, _ := parsers.ParseVk(vkJson) vk, _ := parsers.ParseVk(vkJson)
// verify the proof with the given verificationKey & publicSignals // verify the proof with the given verificationKey & publicSignals
v := Verify(vk, proof, public) v := verifier.Verify(vk, proof, public)
fmt.Println(v) fmt.Println(v)
``` ```

1
go.mod
View File

@@ -7,6 +7,7 @@ replace github.com/iden3/go-circom-prover-verifier => ./
require ( require (
github.com/ethereum/go-ethereum v1.9.12 github.com/ethereum/go-ethereum v1.9.12
github.com/iden3/go-circom-prover-verifier v0.0.0-00010101000000-000000000000 github.com/iden3/go-circom-prover-verifier v0.0.0-00010101000000-000000000000
github.com/iden3/go-iden3-crypto v0.0.4
github.com/stretchr/testify v1.5.1 github.com/stretchr/testify v1.5.1
golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4
) )

5
go.sum
View File

@@ -32,6 +32,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dchest/blake512 v1.0.0/go.mod h1:FV1x7xPPLWukZlpDpWQ88rF/SFwZ5qbskrzhLMB92JI=
github.com/deckarep/golang-set v0.0.0-20180603214616-504e848d77ea/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/deckarep/golang-set v0.0.0-20180603214616-504e848d77ea/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
@@ -40,6 +41,7 @@ github.com/docker/docker v1.4.2-0.20180625184442-8e610b2b55bf/go.mod h1:eEKB0N0r
github.com/dop251/goja v0.0.0-20200219165308-d1232e640a87/go.mod h1:Mw6PkjjMXWbTj+nnj4s3QPXq1jaT0s5pC0iFD4+BOAA= github.com/dop251/goja v0.0.0-20200219165308-d1232e640a87/go.mod h1:Mw6PkjjMXWbTj+nnj4s3QPXq1jaT0s5pC0iFD4+BOAA=
github.com/edsrzf/mmap-go v0.0.0-20160512033002-935e0e8a636c/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/edsrzf/mmap-go v0.0.0-20160512033002-935e0e8a636c/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
github.com/elastic/gosigar v0.8.1-0.20180330100440-37f05ff46ffa/go.mod h1:cdorVVzy1fhmEqmtgqkoE3bYtCfSCkVyjTyCIo22xvs= github.com/elastic/gosigar v0.8.1-0.20180330100440-37f05ff46ffa/go.mod h1:cdorVVzy1fhmEqmtgqkoE3bYtCfSCkVyjTyCIo22xvs=
github.com/ethereum/go-ethereum v1.8.27/go.mod h1:PwpWDrCLZrV+tfrhqqF6kPknbISMHaJv9Ln3kPCZLwY=
github.com/ethereum/go-ethereum v1.9.12 h1:EPtimwsp/KGDSiXcNunzsI4kefdsMHZGJntKx3fvbaI= github.com/ethereum/go-ethereum v1.9.12 h1:EPtimwsp/KGDSiXcNunzsI4kefdsMHZGJntKx3fvbaI=
github.com/ethereum/go-ethereum v1.9.12/go.mod h1:PvsVkQmhZFx92Y+h2ylythYlheEDt/uBgFbl61Js/jo= github.com/ethereum/go-ethereum v1.9.12/go.mod h1:PvsVkQmhZFx92Y+h2ylythYlheEDt/uBgFbl61Js/jo=
github.com/fatih/color v1.3.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.3.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -62,6 +64,8 @@ github.com/hashicorp/golang-lru v0.0.0-20160813221303-0a025b7e63ad/go.mod h1:/m3
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huin/goupnp v0.0.0-20161224104101-679507af18f3/go.mod h1:MZ2ZmwcBpvOoJ22IJsc7va19ZwoheaBk43rKg12SKag= github.com/huin/goupnp v0.0.0-20161224104101-679507af18f3/go.mod h1:MZ2ZmwcBpvOoJ22IJsc7va19ZwoheaBk43rKg12SKag=
github.com/iden3/go-circom-prover-verifier v0.0.0-20200409092022-a439651fafb0 h1:iyMhjvq7JKtKT6kEKuKghXiwanoa4/u7JSCKqUBqvds= github.com/iden3/go-circom-prover-verifier v0.0.0-20200409092022-a439651fafb0 h1:iyMhjvq7JKtKT6kEKuKghXiwanoa4/u7JSCKqUBqvds=
github.com/iden3/go-iden3-crypto v0.0.4 h1:rGQEFBvX6d4fDxqkQTizVq5UefB+xdZAg8j5FQ6uv6g=
github.com/iden3/go-iden3-crypto v0.0.4/go.mod h1:LLcgB7DLWAUs+8eBSKne+ZHy5z7xtAmlYlEz0M9M8gE=
github.com/influxdata/influxdb v1.2.3-0.20180221223340-01288bdb0883/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY= github.com/influxdata/influxdb v1.2.3-0.20180221223340-01288bdb0883/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY=
github.com/jackpal/go-nat-pmp v1.0.2-0.20160603034137-1fa385a6f458/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc= github.com/jackpal/go-nat-pmp v1.0.2-0.20160603034137-1fa385a6f458/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@@ -120,6 +124,7 @@ github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef/go.mod h1:s
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/wsddn/go-ecdh v0.0.0-20161211032359-48726bab9208/go.mod h1:IotVbo4F+mw0EzQ08zFqg7pK3FebNXpaMsRy2RT+Ees= github.com/wsddn/go-ecdh v0.0.0-20161211032359-48726bab9208/go.mod h1:IotVbo4F+mw0EzQ08zFqg7pK3FebNXpaMsRy2RT+Ees=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZABEali68eoMFhTZpCjYVA= golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZABEali68eoMFhTZpCjYVA=
golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

58
prover/arithmetic.go
View File

@@ -3,6 +3,8 @@ package prover
import ( import (
"bytes" "bytes"
"math/big" "math/big"
"github.com/iden3/go-iden3-crypto/ff"
) )
func arrayOfZeroes(n int) []*big.Int { func arrayOfZeroes(n int) []*big.Int {
@@ -12,6 +14,13 @@ func arrayOfZeroes(n int) []*big.Int {
} }
return r return r
} }
func arrayOfZeroesE(n int) []*ff.Element {
var r []*ff.Element
for i := 0; i < n; i++ {
r = append(r, ff.NewElement())
}
return r
}
func fAdd(a, b *big.Int) *big.Int { func fAdd(a, b *big.Int) *big.Int {
ab := new(big.Int).Add(a, b) ab := new(big.Int).Add(a, b)
@@ -75,6 +84,17 @@ func polynomialSub(a, b []*big.Int) []*big.Int {
return r return r
} }
func polynomialSubE(a, b []*ff.Element) []*ff.Element {
r := arrayOfZeroesE(max(len(a), len(b)))
for i := 0; i < len(a); i++ {
r[i].Add(r[i], a[i])
}
for i := 0; i < len(b); i++ {
r[i].Sub(r[i], b[i])
}
return r
}
func polynomialMul(a, b []*big.Int) []*big.Int { func polynomialMul(a, b []*big.Int) []*big.Int {
r := arrayOfZeroes(len(a) + len(b) - 1) r := arrayOfZeroes(len(a) + len(b) - 1)
for i := 0; i < len(a); i++ { for i := 0; i < len(a); i++ {
@@ -85,6 +105,16 @@ func polynomialMul(a, b []*big.Int) []*big.Int {
return r return r
} }
func polynomialMulE(a, b []*ff.Element) []*ff.Element {
r := arrayOfZeroesE(len(a) + len(b) - 1)
for i := 0; i < len(a); i++ {
for j := 0; j < len(b); j++ {
r[i+j].Add(r[i+j], ff.NewElement().Mul(a[i], b[j]))
}
}
return r
}
func polynomialDiv(a, b []*big.Int) ([]*big.Int, []*big.Int) { func polynomialDiv(a, b []*big.Int) ([]*big.Int, []*big.Int) {
// https://en.wikipedia.org/wiki/Division_algorithm // https://en.wikipedia.org/wiki/Division_algorithm
r := arrayOfZeroes(len(a) - len(b) + 1) r := arrayOfZeroes(len(a) - len(b) + 1)
@@ -100,3 +130,31 @@ func polynomialDiv(a, b []*big.Int) ([]*big.Int, []*big.Int) {
} }
return r, rem return r, rem
} }
func polynomialDivE(a, b []*ff.Element) ([]*ff.Element, []*ff.Element) {
// https://en.wikipedia.org/wiki/Division_algorithm
r := arrayOfZeroesE(len(a) - len(b) + 1)
rem := a
for len(rem) >= len(b) {
l := ff.NewElement().Div(rem[len(rem)-1], b[len(b)-1])
pos := len(rem) - len(b)
r[pos] = l
aux := arrayOfZeroesE(pos)
aux1 := append(aux, l)
aux2 := polynomialSubE(rem, polynomialMulE(b, aux1))
rem = aux2[:len(aux2)-1]
}
return r, rem
}
// once https://github.com/iden3/go-iden3-crypto/pull/22 is merged, use the fucntion from there
func ElementArrayToBigIntArray(e []*ff.Element) []*big.Int {
var o []*big.Int
for i := range e {
ei := e[i]
bi := big.NewInt(0)
ei.ToBigIntRegular(bi)
o = append(o, bi)
}
return o
}

66
prover/arithmetic_test.go Normal file
View File

@@ -0,0 +1,66 @@
package prover
import (
"crypto/rand"
"math/big"
"testing"
cryptoConstants "github.com/iden3/go-iden3-crypto/constants"
"github.com/iden3/go-iden3-crypto/utils"
)
func randBI() *big.Int {
maxbits := 253
b := make([]byte, (maxbits/8)-1)
_, err := rand.Read(b)
if err != nil {
panic(err)
}
r := new(big.Int).SetBytes(b)
return new(big.Int).Mod(r, cryptoConstants.Q)
}
func BenchmarkArithmetic(b *testing.B) {
// generate arrays with bigint
var p, q []*big.Int
for i := 0; i < 1000; i++ {
pi := randBI()
p = append(p, pi)
}
for i := 1000 - 1; i >= 0; i-- {
q = append(q, p[i])
}
pe := utils.BigIntArrayToElementArray(p)
qe := utils.BigIntArrayToElementArray(q)
b.Run("polynomialSub", func(b *testing.B) {
for i := 0; i < b.N; i++ {
polynomialSub(p, q)
}
})
b.Run("polynomialSubE", func(b *testing.B) {
for i := 0; i < b.N; i++ {
polynomialSubE(pe, qe)
}
})
b.Run("polynomialMul", func(b *testing.B) {
for i := 0; i < b.N; i++ {
polynomialMul(p, q)
}
})
b.Run("polynomialMulE", func(b *testing.B) {
for i := 0; i < b.N; i++ {
polynomialMulE(pe, qe)
}
})
b.Run("polynomialDiv", func(b *testing.B) {
for i := 0; i < b.N; i++ {
polynomialDiv(p, q)
}
})
b.Run("polynomialDivE", func(b *testing.B) {
for i := 0; i < b.N; i++ {
polynomialDivE(pe, qe)
}
})
}

49
prover/ifft.go
View File

@@ -3,11 +3,13 @@ package prover
import ( import (
"math" "math"
"math/big" "math/big"
"github.com/iden3/go-iden3-crypto/ff"
) )
type rootsT struct { type rootsT struct {
roots [][]*big.Int roots [][]*ff.Element
w []*big.Int w []*ff.Element
} }
func newRootsT() rootsT { func newRootsT() rootsT {
@@ -19,15 +21,15 @@ func newRootsT() rootsT {
s++ s++
rem = new(big.Int).Rsh(rem, 1) rem = new(big.Int).Rsh(rem, 1)
} }
roots.w = make([]*big.Int, s+1) roots.w = make([]*ff.Element, s+1)
roots.w[s] = fExp(big.NewInt(5), rem) roots.w[s] = ff.NewElement().SetBigInt(fExp(big.NewInt(5), rem))
n := s - 1 n := s - 1
for n >= 0 { for n >= 0 {
roots.w[n] = fMul(roots.w[n+1], roots.w[n+1]) roots.w[n] = ff.NewElement().Mul(roots.w[n+1], roots.w[n+1])
n-- n--
} }
roots.roots = make([][]*big.Int, 50) // TODO WIP roots.roots = make([][]*ff.Element, 50) // TODO WIP
roots.setRoots(15) roots.setRoots(15)
return roots return roots
@@ -35,25 +37,25 @@ func newRootsT() rootsT {
func (roots rootsT) setRoots(n int) { func (roots rootsT) setRoots(n int) {
for i := n; i >= 0 && nil == roots.roots[i]; i-- { // TODO tmp i<=len(r) for i := n; i >= 0 && nil == roots.roots[i]; i-- { // TODO tmp i<=len(r)
r := big.NewInt(1) r := ff.NewElement().SetBigInt(big.NewInt(1))
nroots := 1 << i nroots := 1 << i
var rootsi []*big.Int var rootsi []*ff.Element
for j := 0; j < nroots; j++ { for j := 0; j < nroots; j++ {
rootsi = append(rootsi, r) rootsi = append(rootsi, r)
r = fMul(r, roots.w[i]) r = ff.NewElement().Mul(r, roots.w[i])
} }
roots.roots[i] = rootsi roots.roots[i] = rootsi
} }
} }
func fft(roots rootsT, pall []*big.Int, bits, offset, step int) []*big.Int { func fft(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element {
n := 1 << bits n := 1 << bits
if n == 1 { if n == 1 {
return []*big.Int{pall[offset]} return []*ff.Element{pall[offset]}
} else if n == 2 { } else if n == 2 {
return []*big.Int{ return []*ff.Element{
fAdd(pall[offset], pall[offset+step]), // TODO tmp ff.NewElement().Add(pall[offset], pall[offset+step]), // TODO tmp
fSub(pall[offset], pall[offset+step]), ff.NewElement().Sub(pall[offset], pall[offset+step]),
} }
} }
@@ -61,17 +63,16 @@ func fft(roots rootsT, pall []*big.Int, bits, offset, step int) []*big.Int {
p1 := fft(roots, pall, bits-1, offset, step*2) p1 := fft(roots, pall, bits-1, offset, step*2)
p2 := fft(roots, pall, bits-1, offset+step, step*2) p2 := fft(roots, pall, bits-1, offset+step, step*2)
// var out []*big.Int out := make([]*ff.Element, n)
out := make([]*big.Int, n)
for i := 0; i < ndiv2; i++ { for i := 0; i < ndiv2; i++ {
// fmt.Println(i, len(roots.roots)) // fmt.Println(i, len(roots.roots))
out[i] = fAdd(p1[i], fMul(roots.roots[bits][i], p2[i])) out[i] = ff.NewElement().Add(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
out[i+ndiv2] = fSub(p1[i], fMul(roots.roots[bits][i], p2[i])) out[i+ndiv2] = ff.NewElement().Sub(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
} }
return out return out
} }
func ifft(p []*big.Int) []*big.Int { func ifft(p []*ff.Element) []*ff.Element {
if len(p) <= 1 { if len(p) <= 1 {
return p return p
} }
@@ -82,20 +83,20 @@ func ifft(p []*big.Int) []*big.Int {
ep := extend(p, m) ep := extend(p, m)
res := fft(roots, ep, int(bits), 0, 1) res := fft(roots, ep, int(bits), 0, 1)
twoinvm := fInv(fMul(big.NewInt(1), big.NewInt(int64(m)))) twoinvm := ff.NewElement().SetBigInt(fInv(fMul(big.NewInt(1), big.NewInt(int64(m)))))
var resn []*big.Int var resn []*ff.Element
for i := 0; i < m; i++ { for i := 0; i < m; i++ {
resn = append(resn, fMul(res[(m-i)%m], twoinvm)) resn = append(resn, ff.NewElement().Mul(res[(m-i)%m], twoinvm))
} }
return resn return resn
} }
func extend(p []*big.Int, e int) []*big.Int { func extend(p []*ff.Element, e int) []*ff.Element {
if e == len(p) { if e == len(p) {
return p return p
} }
z := arrayOfZeroes(e - len(p)) z := arrayOfZeroesE(e - len(p))
return append(p, z...) return append(p, z...)
} }

20
prover/prover.go
View File

@@ -6,6 +6,7 @@ import (
bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare" bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
"github.com/iden3/go-circom-prover-verifier/types" "github.com/iden3/go-circom-prover-verifier/types"
"github.com/iden3/go-iden3-crypto/utils"
) )
// Proof is the data structure of the Groth16 zkSNARK proof // Proof is the data structure of the Groth16 zkSNARK proof
@@ -123,13 +124,18 @@ func calculateH(pk *types.Pk, w types.Witness) []*big.Int {
polCT[j] = fAdd(polCT[j], fMul(w[i], pk.PolsC[i][j])) polCT[j] = fAdd(polCT[j], fMul(w[i], pk.PolsC[i][j]))
} }
} }
polAS := ifft(polAT) polATe := utils.BigIntArrayToElementArray(polAT)
polBS := ifft(polBT) polBTe := utils.BigIntArrayToElementArray(polBT)
polCTe := utils.BigIntArrayToElementArray(polCT)
polABS := polynomialMul(polAS, polBS) polASe := ifft(polATe)
polCS := ifft(polCT) polBSe := ifft(polBTe)
polABCS := polynomialSub(polABS, polCS) polABSe := polynomialMulE(polASe, polBSe)
hS := polABCS[m:] polCSe := ifft(polCTe)
return hS
polABCSe := polynomialSubE(polABSe, polCSe)
hSe := polABCSe[m:]
return ElementArrayToBigIntArray(hSe)
} }