arnaucube/go-snark-study
1
1
Fork 0
mirror of https://github.com/arnaucube/go-snark-study.git synced 2026-02-02 17:26:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

snark trusted setup + generate proof + verify proof working. Added test to bn128 pairing

Browse Source
This commit is contained in:
arnaucube
2018-12-23 16:19:33 +01:00
parent 7aafcfd5f3
commit f555ae4b18
10 changed files with 187 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bn128/bn128.go
View File

@@ -105,7 +105,7 @@ func NewBn128() (Bn128, error) {
return b, nil
}
func NewFqR() (fields.Fq, error){
func NewFqR() (fields.Fq, error) {
r, ok := new(big.Int).SetString("21888242871839275222246405745257275088548364400416034343698204186575808495617", 10)
if !ok {
return fields.Fq{}, errors.New("err parsing R")
@@ -172,16 +172,13 @@ func (bn128 *Bn128) preparePairing() error {
}
func (bn128 Bn128) Pairing(p1 [3]*big.Int, p2 [3][2]*big.Int) ([2][3][2]*big.Int, error) {
func (bn128 Bn128) Pairing(p1 [3]*big.Int, p2 [3][2]*big.Int) [2][3][2]*big.Int {
pre1 := bn128.PreComputeG1(p1)
pre2, err := bn128.PreComputeG2(p2)
if err != nil {
return [2][3][2]*big.Int{}, err
}
pre2 := bn128.PreComputeG2(p2)
r1 := bn128.MillerLoop(pre1, pre2)
res := bn128.FinalExponentiation(r1)
return res, nil
return res
}
type AteG1Precomp struct {
@@ -209,7 +206,7 @@ type AteG2Precomp struct {
Coeffs []EllCoeffs
}
func (bn128 Bn128) PreComputeG2(p [3][2]*big.Int) (AteG2Precomp, error) {
func (bn128 Bn128) PreComputeG2(p [3][2]*big.Int) AteG2Precomp {
qCopy := bn128.G2.Affine(p)
res := AteG2Precomp{
qCopy[0],
@@ -235,11 +232,13 @@ func (bn128 Bn128) PreComputeG2(p [3][2]*big.Int) (AteG2Precomp, error) {
q1 := bn128.G2.Affine(bn128.G2MulByQ(qCopy))
if !bn128.Fq2.Equal(q1[2], bn128.Fq2.One()) {
return res, errors.New("q1[2] != Fq2.One")
// return res, errors.New("q1[2] != Fq2.One")
panic(errors.New("q1[2] != Fq2.One()"))
}
q2 := bn128.G2.Affine(bn128.G2MulByQ(q1))
if !bn128.Fq2.Equal(q2[2], bn128.Fq2.One()) {
return res, errors.New("q2[2] != Fq2.One")
// return res, errors.New("q2[2] != Fq2.One")
panic(errors.New("q2[2] != Fq2.One()"))
}
if bn128.LoopCountNeg {
@@ -253,7 +252,7 @@ func (bn128 Bn128) PreComputeG2(p [3][2]*big.Int) (AteG2Precomp, error) {
c, r = bn128.MixedAdditionStep(q2, r)
res.Coeffs = append(res.Coeffs, c)
return res, nil
return res
}
func (bn128 Bn128) DoublingStep(current [3][2]*big.Int) (EllCoeffs, [3][2]*big.Int) {

31
bn128/bn128_test.go
View File

@@ -22,10 +22,10 @@ func TestBN128(t *testing.T) {
g2b := bn128.G2.MulScalar(bn128.G2.G, bn128.Fq1.Copy(big40))
pre1a := bn128.PreComputeG1(g1a)
pre2a, err := bn128.PreComputeG2(g2a)
pre2a := bn128.PreComputeG2(g2a)
assert.Nil(t, err)
pre1b := bn128.PreComputeG1(g1b)
pre2b, err := bn128.PreComputeG2(g2b)
pre2b := bn128.PreComputeG2(g2b)
assert.Nil(t, err)
r1 := bn128.MillerLoop(pre1a, pre2a)
@@ -55,10 +55,8 @@ func TestBN128Pairing(t *testing.T) {
g1b := bn128.G1.MulScalar(bn128.G1.G, big30)
g2b := bn128.G2.MulScalar(bn128.G2.G, big25)
pA, err := bn128.Pairing(g1a, g2a)
assert.Nil(t, err)
pB, err := bn128.Pairing(g1b, g2b)
assert.Nil(t, err)
pA := bn128.Pairing(g1a, g2a)
pB := bn128.Pairing(g1b, g2b)
assert.True(t, bn128.Fq12.Equal(pA, pB))
@@ -67,3 +65,24 @@ func TestBN128Pairing(t *testing.T) {
// assert.Equal(t, pA[0][0][0].String(), "73680848340331011700282047627232219336104151861349893575958589557226556635706")
// assert.Equal(t, bn128.Fq12.Affine(pA)[0][0][0].String(), "8016119724813186033542830391460394070015218389456422587891475873290878009957")
}
func TestBN128Pairing2(t *testing.T) {
// test idea from https://bplib.readthedocs.io/en/latest/ by George Danezis
bn, err := NewBn128()
assert.Nil(t, err)
gt := bn.Pairing(bn.G1.G, bn.G2.G)
gt6 := bn.Fq12.Exp(gt, big.NewInt(int64(6)))
// e(g1, g2)^6 == e(g1, 6*g2)
assert.True(t, bn.Fq12.Equal(gt6, bn.Pairing(bn.G1.G, bn.G2.MulScalar(bn.G2.G, big.NewInt(int64(6))))))
// e(g1, g2)^6 == e(6* g1, g2)
assert.True(t, bn.Fq12.Equal(gt6, bn.Pairing(bn.G1.MulScalar(bn.G1.G, big.NewInt(int64(6))), bn.G2.G)))
// e(g1, g2)^6 == e(3*g1, 2*g2)
assert.True(t, bn.Fq12.Equal(gt6, bn.Pairing(bn.G1.MulScalar(bn.G1.G, big.NewInt(int64(3))), bn.G2.MulScalar(bn.G2.G, big.NewInt(int64(2))))))
// e(g1, g2)^6 == e(2*g1, 3*g2)
assert.True(t, bn.Fq12.Equal(gt6, bn.Pairing(bn.G1.MulScalar(bn.G1.G, big.NewInt(int64(2))), bn.G2.MulScalar(bn.G2.G, big.NewInt(int64(3))))))
}