arnaucube
/
go-snark
mirror of https://github.com/arnaucube/go-snark.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 Commits
1 Branch
4 Tags
91 MiB
Tree: 1bf5a75f01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1bf5a75f01'
${ noResults }
go-snark/proof/pinocchio_test.go

350 lines
10 KiB
Raw Normal View History

refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
doing trusted setup
6 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
doing trusted setup
6 years ago
flat circuit code to R1CS working
6 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
add Groth16 proof generation & verification
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add Groth16 proof generation & verification
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
minimal clean & update tests
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
minimal clean & update tests
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
minimal clean & update tests
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
minimal clean & update tests
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
minimal clean & update tests
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
minimal clean & update tests
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
minimal clean & update tests
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
minimal clean & update tests
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
doing trusted setup
6 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
cli
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
snark.Utils packed
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
minimal clean & update tests
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
starting circuitcompiler, lexer and parser (simple version)
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
doing trusted setup
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
doing trusted setup
6 years ago
minimal clean & update tests
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
e(Vb, piB) == e(piB', g2) proof
6 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
cli
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
minimal clean & update tests
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
flat circuit code to R1CS working
6 years ago
  1. package proof
  3. import (
  4. "bytes"
  5. "fmt"
  6. "math/big"
  7. "strings"
  8. "testing"
  9. "time"
  11. "github.com/stretchr/testify/assert"
  13. "github.com/arnaucube/go-snark/circuit"
  14. "github.com/arnaucube/go-snark/r1csqap"
  15. )
  17. func TestZkFromFlatCircuitCode(t *testing.T) {
  18. // compile circuit and get the R1CS
  20. // circuit function
  21. // y = x^3 + x + 5
  22. code := `
  23. func exp3(private a):
  24. b = a * a
  25. c = a * b
  26. return c
  27. func sum(private a, private b):
  28. c = a + b
  29. return c
  31. func main(private s0, public s1):
  32. s3 = exp3(s0)
  33. s4 = sum(s3, s0)
  34. s5 = s4 + 5
  35. equals(s1, s5)
  36. out = 1 * 1
  37. `
  38. // the same code without the functions calling, all in one func
  39. // code := `
  40. // func test(private s0, public s1):
  41. // s2 = s0 * s0
  42. // s3 = s2 * s0
  43. // s4 = s3 + s0
  44. // s5 = s4 + 5
  45. // equals(s1, s5)
  46. // out = 1 * 1
  47. // `
  48. fmt.Print("\ncode of the circuit:")
  49. fmt.Println(code)
  51. // parse the code
  52. parser := circuit.NewParser(strings.NewReader(code))
  53. circuit, err := parser.Parse()
  54. assert.Nil(t, err)
  55. // fmt.Println("\ncircuit data:", circuit)
  56. // circuitJson, _ := json.Marshal(circuit)
  57. // fmt.Println("circuit:", string(circuitJson))
  59. b3 := big.NewInt(int64(3))
  60. privateInputs := []*big.Int{b3}
  61. b35 := big.NewInt(int64(35))
  62. publicSignals := []*big.Int{b35}
  64. // wittness
  65. w, err := circuit.CalculateWitness(privateInputs, publicSignals)
  66. assert.Nil(t, err)
  68. // code to R1CS
  69. fmt.Println("\ngenerating R1CS from code")
  70. a, b, c := circuit.GenerateR1CS()
  71. fmt.Println("\nR1CS:")
  72. fmt.Println("a:", a)
  73. fmt.Println("b:", b)
  74. fmt.Println("c:", c)
  76. // R1CS to QAP
  77. // TODO zxQAP is not used and is an old impl, TODO remove
  78. alphas, betas, gammas, zxQAP := Utils.PF.R1CSToQAP(a, b, c)
  79. fmt.Println("qap")
  80. assert.Equal(t, 8, len(alphas))
  81. assert.Equal(t, 8, len(alphas))
  82. assert.Equal(t, 8, len(alphas))
  83. assert.Equal(t, 7, len(zxQAP))
  84. assert.True(t, !bytes.Equal(alphas[1][1].Bytes(), big.NewInt(int64(0)).Bytes()))
  86. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  87. assert.Equal(t, 7, len(ax))
  88. assert.Equal(t, 7, len(bx))
  89. assert.Equal(t, 7, len(cx))
  90. assert.Equal(t, 13, len(px))
  92. hxQAP := Utils.PF.DivisorPolynomial(px, zxQAP)
  93. assert.Equal(t, 7, len(hxQAP))
  95. // hx==px/zx so px==hx*zx
  96. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  98. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  99. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  100. assert.Equal(t, abc, px)
  101. hzQAP := Utils.PF.Mul(hxQAP, zxQAP)
  102. assert.Equal(t, abc, hzQAP)
  104. div, rem := Utils.PF.Div(px, zxQAP)
  105. assert.Equal(t, hxQAP, div)
  106. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(6))
  108. // calculate trusted setup
  109. setup := &PinocchioSetup{}
  110. err = setup.Init(len(w), *circuit, alphas, betas, gammas)
  111. assert.Nil(t, err)
  112. fmt.Println("\nt:", setup.Toxic.T)
  114. // zx and setup.Pk.Z should be the same (currently not, the correct one is the calculation used inside GenerateTrustedSetup function), the calculation is repeated. TODO avoid repeating calculation
  115. assert.Equal(t, zxQAP, setup.Pk.Z)
  117. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  118. assert.Equal(t, hx, hxQAP)
  119. // assert.Equal(t, hxQAP, hx)
  120. div, rem = Utils.PF.Div(px, setup.Pk.Z)
  121. assert.Equal(t, hx, div)
  122. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(6))
  124. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  125. // hx==px/zx so px==hx*zx
  126. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  128. // check length of polynomials H(x) and Z(x)
  129. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  130. assert.Equal(t, len(hxQAP), len(px)-len(zxQAP)+1)
  132. proof, err := setup.Generate(*circuit, w, px)
  133. assert.Nil(t, err)
  135. // fmt.Println("\n proofs:")
  136. // fmt.Println(proof)
  138. // fmt.Println("public signals:", proof.PublicSignals)
  139. fmt.Println("\nsignals:", circuit.Signals)
  140. fmt.Println("witness:", w)
  141. b35Verif := big.NewInt(int64(35))
  142. publicSignalsVerif := []*big.Int{b35Verif}
  143. before := time.Now()
  144. assert.True(t, setup.Verify(*circuit, proof, publicSignalsVerif, true))
  145. fmt.Println("verify proof time elapsed:", time.Since(before))
  147. // check that with another public input the verification returns false
  148. bOtherWrongPublic := big.NewInt(int64(34))
  149. wrongPublicSignalsVerif := []*big.Int{bOtherWrongPublic}
  150. assert.True(t, !setup.Verify(*circuit, proof, wrongPublicSignalsVerif, false))
  151. }
  153. func TestZkMultiplication(t *testing.T) {
  154. code := `
  155. func main(private a, private b, public c):
  156. d = a * b
  157. equals(c, d)
  158. out = 1 * 1
  159. `
  160. fmt.Println("code", code)
  162. // parse the code
  163. parser := circuit.NewParser(strings.NewReader(code))
  164. circuit, err := parser.Parse()
  165. assert.Nil(t, err)
  167. b3 := big.NewInt(int64(3))
  168. b4 := big.NewInt(int64(4))
  169. privateInputs := []*big.Int{b3, b4}
  170. b12 := big.NewInt(int64(12))
  171. publicSignals := []*big.Int{b12}
  173. // wittness
  174. w, err := circuit.CalculateWitness(privateInputs, publicSignals)
  175. assert.Nil(t, err)
  177. // code to R1CS
  178. fmt.Println("\ngenerating R1CS from code")
  179. a, b, c := circuit.GenerateR1CS()
  180. fmt.Println("\nR1CS:")
  181. fmt.Println("a:", a)
  182. fmt.Println("b:", b)
  183. fmt.Println("c:", c)
  185. // R1CS to QAP
  186. // TODO zxQAP is not used and is an old impl. TODO remove
  187. alphas, betas, gammas, zxQAP := Utils.PF.R1CSToQAP(a, b, c)
  188. assert.Equal(t, 6, len(alphas))
  189. assert.Equal(t, 6, len(betas))
  190. assert.Equal(t, 6, len(betas))
  191. assert.Equal(t, 5, len(zxQAP))
  192. assert.True(t, !bytes.Equal(alphas[1][1].Bytes(), big.NewInt(int64(0)).Bytes()))
  194. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  195. assert.Equal(t, 4, len(ax))
  196. assert.Equal(t, 4, len(bx))
  197. assert.Equal(t, 4, len(cx))
  198. assert.Equal(t, 7, len(px))
  200. hxQAP := Utils.PF.DivisorPolynomial(px, zxQAP)
  201. assert.Equal(t, 3, len(hxQAP))
  203. // hx==px/zx so px==hx*zx
  204. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  206. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  207. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  208. assert.Equal(t, abc, px)
  209. hzQAP := Utils.PF.Mul(hxQAP, zxQAP)
  210. assert.Equal(t, abc, hzQAP)
  212. div, rem := Utils.PF.Div(px, zxQAP)
  213. assert.Equal(t, hxQAP, div)
  214. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(4))
  216. // calculate trusted setup
  217. setup := &PinocchioSetup{}
  218. err = setup.Init(len(w), *circuit, alphas, betas, gammas)
  219. assert.Nil(t, err)
  220. // fmt.Println("\nt:", setup.Toxic.T)
  222. // zx and setup.Pk.Z should be the same (currently not, the correct one is the calculation used inside GenerateTrustedSetup function), the calculation is repeated. TODO avoid repeating calculation
  223. assert.Equal(t, zxQAP, setup.Pk.Z)
  225. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  226. assert.Equal(t, 3, len(hx))
  227. assert.Equal(t, hx, hxQAP)
  229. div, rem = Utils.PF.Div(px, setup.Pk.Z)
  230. assert.Equal(t, hx, div)
  231. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(4))
  233. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  234. // hx==px/zx so px==hx*zx
  235. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  237. // check length of polynomials H(x) and Z(x)
  238. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  239. assert.Equal(t, len(hxQAP), len(px)-len(zxQAP)+1)
  241. proof, err := setup.Generate(*circuit, w, px)
  242. assert.Nil(t, err)
  244. // fmt.Println("\n proofs:")
  245. // fmt.Println(proof)
  247. // fmt.Println("public signals:", proof.PublicSignals)
  248. fmt.Println("\n", circuit.Signals)
  249. fmt.Println("witness", w)
  250. b12Verif := big.NewInt(int64(12))
  251. publicSignalsVerif := []*big.Int{b12Verif}
  252. before := time.Now()
  253. assert.True(t, setup.Verify(*circuit, proof, publicSignalsVerif, true))
  254. fmt.Println("verify proof time elapsed:", time.Since(before))
  256. // check that with another public input the verification returns false
  257. bOtherWrongPublic := big.NewInt(int64(11))
  258. wrongPublicSignalsVerif := []*big.Int{bOtherWrongPublic}
  259. assert.True(t, !setup.Verify(*circuit, proof, wrongPublicSignalsVerif, false))
  260. }
  262. func TestMinimalFlow(t *testing.T) {
  263. // circuit function
  264. // y = x^3 + x + 5
  265. code := `
  266. func main(private s0, public s1):
  267. s2 = s0 * s0
  268. s3 = s2 * s0
  269. s4 = s3 + s0
  270. s5 = s4 + 5
  271. equals(s1, s5)
  272. out = 1 * 1
  273. `
  274. fmt.Print("\ncode of the circuit:")
  275. fmt.Println(code)
  277. // parse the code
  278. parser := circuit.NewParser(strings.NewReader(code))
  279. circuit, err := parser.Parse()
  280. assert.Nil(t, err)
  282. b3 := big.NewInt(int64(3))
  283. privateInputs := []*big.Int{b3}
  284. b35 := big.NewInt(int64(35))
  285. publicSignals := []*big.Int{b35}
  287. // wittness
  288. w, err := circuit.CalculateWitness(privateInputs, publicSignals)
  289. assert.Nil(t, err)
  291. // code to R1CS
  292. fmt.Println("\ngenerating R1CS from code")
  293. a, b, c := circuit.GenerateR1CS()
  294. fmt.Println("\nR1CS:")
  295. fmt.Println("a:", a)
  296. fmt.Println("b:", b)
  297. fmt.Println("c:", c)
  299. // R1CS to QAP
  300. // TODO zxQAP is not used and is an old impl, TODO remove
  301. alphas, betas, gammas, _ := Utils.PF.R1CSToQAP(a, b, c)
  302. fmt.Println("qap")
  303. assert.Equal(t, 8, len(alphas))
  304. assert.Equal(t, 8, len(alphas))
  305. assert.Equal(t, 8, len(alphas))
  306. assert.True(t, !bytes.Equal(alphas[1][1].Bytes(), big.NewInt(int64(0)).Bytes()))
  308. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  309. assert.Equal(t, 7, len(ax))
  310. assert.Equal(t, 7, len(bx))
  311. assert.Equal(t, 7, len(cx))
  312. assert.Equal(t, 13, len(px))
  314. // calculate trusted setup
  315. setup := &PinocchioSetup{}
  316. err = setup.Init(len(w), *circuit, alphas, betas, gammas)
  317. assert.Nil(t, err)
  318. fmt.Println("\nt:", setup.Toxic.T)
  320. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  321. div, rem := Utils.PF.Div(px, setup.Pk.Z)
  322. assert.Equal(t, hx, div)
  323. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(6))
  325. // hx==px/zx so px==hx*zx
  326. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  328. // check length of polynomials H(x) and Z(x)
  329. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  331. proof, err := setup.Generate(*circuit, w, px)
  332. assert.Nil(t, err)
  334. // fmt.Println("\n proofs:")
  335. // fmt.Println(proof)
  337. // fmt.Println("public signals:", proof.PublicSignals)
  338. fmt.Println("\nsignals:", circuit.Signals)
  339. fmt.Println("witness:", w)
  340. b35Verif := big.NewInt(int64(35))
  341. publicSignalsVerif := []*big.Int{b35Verif}
  342. before := time.Now()
  343. assert.True(t, setup.Verify(*circuit, proof, publicSignalsVerif, true))
  344. fmt.Println("verify proof time elapsed:", time.Since(before))
  346. // check that with another public input the verification returns false
  347. bOtherWrongPublic := big.NewInt(int64(34))
  348. wrongPublicSignalsVerif := []*big.Int{bOtherWrongPublic}
  349. assert.True(t, !setup.Verify(*circuit, proof, wrongPublicSignalsVerif, false))
  350. }