arnaucube
/
go-snark-study
mirror of https://github.com/arnaucube/go-snark-study.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

key generation for proofs, snark files to the root directory

pull/5/head
arnaucube 6 years ago
parent
19f7216d0e
commit
439d894ee7
5 changed files with 106 additions and 51 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      .gitignore
  2. +7
    -4
      README.md
  3. +0
    -4
      bn128/README.md
  4. +96
    -41
      snark.go
  5. +2
    -2
      snark_test.go

+ 1
- 0
.gitignore
View File

@ -0,0 +1 @@
*.Backup

+ 7
- 4
README.md
View File

@ -3,11 +3,14 @@
zkSNARK library implementation in Go
`Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture`, Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza https://eprint.iacr.org/2013/879.pdf
### Usage
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/zk?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/zk) zk (TrustedSetup, GenerateProof, VerifyProof)
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/bn128?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/bn128) bn128 (more details: https://github.com/arnaucube/go-snark/tree/master/bn128)
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/fields?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/fields) Finite Fields
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/r1csqap?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/r1csqap) R1CS to QAP (more details: https://github.com/arnaucube/go-snark/tree/master/r1csqap)
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark?status.svg)](https://godoc.org/github.com/arnaucube/go-snark) zkSnark
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/bn128?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/bn128) bn128 (more details: https://github.com/arnaucube/go-snark/tree/master/bn128)
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/fields?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/fields) Finite Fields operations
- [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/r1csqap?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/r1csqap) R1CS to QAP (more details: https://github.com/arnaucube/go-snark/tree/master/r1csqap)
Example:
```go

+ 0
- 4
bn128/README.md
View File

@ -26,10 +26,6 @@ over Elliptic Curves`, Matthieu Rivain https://eprint.iacr.org/2011/338.pdf
- [x] MillerLoop
- [x] Pairing
### Installation
```
go get github.com/arnaucube/bn128
```
#### Usage

zk/zk.go → snark.go
View File

@ -1,8 +1,7 @@
package zk
package snark
import (
"crypto/rand"
"fmt"
"math/big"
"github.com/arnaucube/go-snark/bn128"
@ -11,16 +10,25 @@ import (
type Setup struct {
Toxic struct {
T *big.Int // trusted setup secret
Ka *big.Int // prover
Kb *big.Int // prover
Kc *big.Int // prover
T *big.Int // trusted setup secret
Ka *big.Int // prover
Kb *big.Int // prover
Kc *big.Int // prover
Kbeta *big.Int
Kgamma *big.Int
RhoA *big.Int
RhoB *big.Int
RhoC *big.Int
}
// public
G1T [][3]*big.Int // t encrypted in G1 curve
G2T [][3][2]*big.Int // t encrypted in G2 curve
G1T [][3]*big.Int // t encrypted in G1 curve
G2T [][3][2]*big.Int // t encrypted in G2 curve
G1Kbg [3]*big.Int // g1 * Kbeta * Kgamma
G2Kbg [3][2]*big.Int // g2 * Kbeta * Kgamma
G2Kg [3][2]*big.Int // g2 * Kgamma
}
type Proof struct {
PiA [3]*big.Int
PiAp [3]*big.Int
@ -29,6 +37,7 @@ type Proof struct {
PiC [3]*big.Int
PiCp [3]*big.Int
PiH [3]*big.Int
PiK [3]*big.Int
Va [3][2]*big.Int
Vb [3]*big.Int
Vc [3][2]*big.Int
@ -37,7 +46,7 @@ type Proof struct {
const bits = 512
func GenerateTrustedSetup(bn bn128.Bn128, pollength int) (Setup, error) {
func GenerateTrustedSetup(bn bn128.Bn128, polLength int) (Setup, error) {
var setup Setup
var err error
// generate random t value
@ -45,13 +54,46 @@ func GenerateTrustedSetup(bn bn128.Bn128, pollength int) (Setup, error) {
if err != nil {
return Setup{}, err
}
fmt.Print("trusted t: ")
fmt.Println(setup.Toxic.T)
// k for calculating pi' and Vk
setup.Toxic.Ka, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
setup.Toxic.Kb, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
setup.Toxic.Kc, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
// generate Kβ (Kbeta) and Kγ (Kgamma)
setup.Toxic.Kbeta, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
setup.Toxic.Kgamma, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
// generate ρ (Rho): ρA, ρB, ρC
setup.Toxic.RhoA, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
setup.Toxic.RhoB, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Setup{}, err
}
setup.Toxic.RhoC = bn.Fq1.Mul(setup.Toxic.RhoA, setup.Toxic.RhoB)
// encrypt t values with curve generators
var gt1 [][3]*big.Int
var gt2 [][3][2]*big.Int
for i := 0; i < pollength; i++ {
for i := 0; i < polLength; i++ {
tPow := bn.Fq1.Exp(setup.Toxic.T, big.NewInt(int64(i)))
tEncr1 := bn.G1.MulScalar(bn.G1.G, tPow)
gt1 = append(gt1, tEncr1)
@ -63,26 +105,22 @@ func GenerateTrustedSetup(bn bn128.Bn128, pollength int) (Setup, error) {
setup.G1T = gt1
setup.G2T = gt2
/*
Verification keys:
- Vk_betagamma1: setup.G1Kbg = g1 * Kbeta*Kgamma
- Vk_betagamma2: setup.G2Kbg = g2 * Kbeta*Kgamma
- Vk_gamma: setup.G2Kg = g2 * Kgamma
*/
kbg := bn.Fq1.Mul(setup.Toxic.Kbeta, setup.Toxic.Kgamma)
setup.G1Kbg = bn.G1.MulScalar(bn.G1.G, kbg)
setup.G2Kbg = bn.G2.MulScalar(bn.G2.G, kbg)
setup.G2Kg = bn.G2.MulScalar(bn.G2.G, setup.Toxic.Kgamma)
return setup, nil
}
func GenerateProofs(bn bn128.Bn128, f fields.Fq, setup Setup, ax, bx, cx, hx, zx []*big.Int) (Proof, error) {
func GenerateProofs(bn bn128.Bn128, f fields.Fq, setup Setup, w, ax, bx, cx, hx, zx []*big.Int) (Proof, error) {
var proof Proof
var err error
// k for calculating pi' and Vk
setup.Toxic.Ka, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Proof{}, err
}
setup.Toxic.Kb, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Proof{}, err
}
setup.Toxic.Kc, err = rand.Prime(rand.Reader, bits)
if err != nil {
return Proof{}, err
}
// g1*A(t)
proof.PiA = [3]*big.Int{bn.G1.F.Zero(), bn.G1.F.Zero(), bn.G1.F.Zero()}
@ -90,7 +128,7 @@ func GenerateProofs(bn bn128.Bn128, f fields.Fq, setup Setup, ax, bx, cx, hx, zx
m := bn.G1.MulScalar(setup.G1T[i], ax[i])
proof.PiA = bn.G1.Add(proof.PiA, m)
}
proof.PiAp = bn.G1.MulScalar(proof.PiA, setup.Toxic.Ka)
proof.PiAp = bn.G1.MulScalar(proof.PiA, setup.Toxic.Ka) // move this in the setup step
// g2*B(t)
proof.PiB = bn.Fq6.Zero()
@ -102,7 +140,7 @@ func GenerateProofs(bn bn128.Bn128, f fields.Fq, setup Setup, ax, bx, cx, hx, zx
m1 := bn.G1.MulScalar(setup.G1T[i], bx[i])
pib1 = bn.G1.Add(pib1, m1)
}
proof.PiBp = bn.G1.MulScalar(pib1, setup.Toxic.Kb)
proof.PiBp = bn.G1.MulScalar(pib1, setup.Toxic.Kb) // this in the setup step
// g1*C(t)
proof.PiC = [3]*big.Int{bn.G1.F.Zero(), bn.G1.F.Zero(), bn.G1.F.Zero()}
@ -110,7 +148,7 @@ func GenerateProofs(bn bn128.Bn128, f fields.Fq, setup Setup, ax, bx, cx, hx, zx
m := bn.G1.MulScalar(setup.G1T[i], cx[i])
proof.PiC = bn.G1.Add(proof.PiC, m)
}
proof.PiCp = bn.G1.MulScalar(proof.PiC, setup.Toxic.Kc)
proof.PiCp = bn.G1.MulScalar(proof.PiC, setup.Toxic.Kc) // this in the setup step
// g1*H(t)
proof.PiH = [3]*big.Int{bn.G1.F.Zero(), bn.G1.F.Zero(), bn.G1.F.Zero()}
@ -119,15 +157,17 @@ func GenerateProofs(bn bn128.Bn128, f fields.Fq, setup Setup, ax, bx, cx, hx, zx
proof.PiH = bn.G1.Add(proof.PiH, m)
}
g2Zt := bn.Fq6.Zero()
proof.Vz = bn.Fq6.Zero()
for i := 0; i < len(bx); i++ {
m := bn.G2.MulScalar(setup.G2T[i], zx[i])
g2Zt = bn.G2.Add(g2Zt, m)
proof.Vz = bn.G2.Add(proof.Vz, m)
}
proof.Vz = g2Zt
proof.Va = bn.G2.MulScalar(bn.G2.G, setup.Toxic.Ka)
proof.Vb = bn.G1.MulScalar(bn.G1.G, setup.Toxic.Kb)
proof.Vc = bn.G2.MulScalar(bn.G2.G, setup.Toxic.Kc)
// proof.Vz = g2Zt
proof.Va = bn.G2.MulScalar(bn.G2.G, setup.Toxic.Ka) // this in the setup step
proof.Vb = bn.G1.MulScalar(bn.G1.G, setup.Toxic.Kb) // this in the setup step
proof.Vc = bn.G2.MulScalar(bn.G2.G, setup.Toxic.Kc) // this in the setup step
return proof, nil
}
@ -173,21 +213,36 @@ func VerifyProof(bn bn128.Bn128, setup Setup, proof Proof) bool {
return false
}
// e(piA+piC, g2KbetaKgamma) * e(g1KbetaKgamma, piB)
// == e(piK, g2Kgamma)
// piApiC := bn.G1.Add(proof.PiA, proof.PiC)
// pairingPiACG2Kbg, err := bn.Pairing(piApiC, setup.G2Kbg)
// if err != nil {
// return false
// }
// pairingG1KbgPiB, err := bn.Pairing(setup.G1Kbg, proof.PiB)
// if err != nil {
// return false
// }
// pairing1 := bn.Fq12.Mul(pairingPiACG2Kbg, pairingG1KbgPiB)
//
// e(piA, piB) == e(piH, Vz) * e(piC, g2)
// pairingPiaPib, err := bn.Pairing(proof.PiA, proof.PiB)
// if err != nil {
// return false
// return false
// }
// pairingPihVz, err := bn.Pairing(proof.PiH, proof.Vz)
// if err != nil {
// return false
// return false
// }
// pairingPicG2, err := bn.Pairing(proof.PiC, bn.G2.G)
// if err != nil {
// return false
// return false
// }
// if !bn.Fq12.Equal(pairingPiaPib, bn.Fq12.Mul(pairingPihVz, pairingPicG2)) {
// return false
// return false
// }
return true

zk/zk_test.go → snark_test.go
View File

@ -1,4 +1,4 @@
package zk
package snark
import (
"fmt"
@ -71,7 +71,7 @@ func TestZk(t *testing.T) {
fmt.Println(setup.G2T)
// piA = g1 * A(t), piB = g2 * B(t), piC = g1 * C(t), piH = g1 * H(t)
proof, err := GenerateProofs(bn, f, setup, ax, bx, cx, hx, zx)
proof, err := GenerateProofs(bn, f, setup, w, ax, bx, cx, hx, zx)
assert.Nil(t, err)
fmt.Println("proofs:")
fmt.Println(proof.PiA)

Write Preview
Loading…
Cancel
Save