arnaucube
/
go-snark
mirror of https://github.com/arnaucube/go-snark.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 Commits
1 Branch
4 Tags
91 MiB
Tree: 54a265e73b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '54a265e73b'
${ noResults }
go-snark/proof/pinocchio_test.go

308 lines
7.9 KiB
Raw Normal View History

refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
doing trusted setup
6 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
doing trusted setup
6 years ago
flat circuit code to R1CS working
6 years ago
doing trusted setup
6 years ago
add Groth16 proof generation & verification
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
add Groth16 proof generation & verification
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
minimal clean & update tests
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
minimal clean & update tests
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
minimal clean & update tests
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
fixed full flow, now works, need to update circuit parser&compiler, and clean the code
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
doing trusted setup
6 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
cli
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
snark.Utils packed
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
minimal clean & update tests
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
starting circuitcompiler, lexer and parser (simple version)
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
doing trusted setup
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
doing trusted setup
6 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
e(Vb, piB) == e(piB', g2) proof
6 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
doing trusted setup
6 years ago
add circuit compiler equals(a, b) syntax, complete flow working well (from compiler to verification)
5 years ago
minimal clean & update tests
5 years ago
circuitcompiler allow to call declared functions in circuits language
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
cli
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
cli
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
cli
5 years ago
minimal clean & update tests
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
minimal clean & update tests
5 years ago
move pf to fields and qap conversion to proof module
5 years ago
flat circuit code to R1CS working
6 years ago
  1. package proof
  3. import (
  4. "bytes"
  5. "math/big"
  6. "strings"
  7. "testing"
  9. "github.com/stretchr/testify/assert"
  11. "github.com/arnaucube/go-snark/circuit"
  12. "github.com/arnaucube/go-snark/fields"
  13. )
  15. func TestZkFromFlatCircuitCode(t *testing.T) {
  16. code := `
  17. func exp3(private a):
  18. b = a * a
  19. c = a * b
  20. return c
  21. func sum(private a, private b):
  22. c = a + b
  23. return c
  25. func main(private s0, public s1):
  26. s3 = exp3(s0)
  27. s4 = sum(s3, s0)
  28. s5 = s4 + 5
  29. equals(s1, s5)
  30. out = 1 * 1
  31. `
  33. parser := circuit.NewParser(strings.NewReader(code))
  34. cir, err := parser.Parse()
  35. assert.Nil(t, err)
  37. b3 := big.NewInt(int64(3))
  38. privateInputs := []*big.Int{b3}
  39. b35 := big.NewInt(int64(35))
  40. publicSignals := []*big.Int{b35}
  42. w, err := cir.CalculateWitness(privateInputs, publicSignals)
  43. assert.Nil(t, err)
  45. cir.GenerateR1CS()
  47. alphas, betas, gammas, zxQAP := R1CSToQAP(
  48. cir.R1CS.A,
  49. cir.R1CS.B,
  50. cir.R1CS.C,
  51. )
  52. assert.Equal(t, 8, len(alphas))
  53. assert.Equal(t, 8, len(alphas))
  54. assert.Equal(t, 8, len(alphas))
  55. assert.Equal(t, 7, len(zxQAP))
  56. assert.True(t, !bytes.Equal(alphas[1][1].Bytes(), big.NewInt(int64(0)).Bytes()))
  58. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  59. assert.Equal(t, 7, len(ax))
  60. assert.Equal(t, 7, len(bx))
  61. assert.Equal(t, 7, len(cx))
  62. assert.Equal(t, 13, len(px))
  64. hxQAP := Utils.PF.DivisorPolynomial(px, zxQAP)
  65. assert.Equal(t, 7, len(hxQAP))
  67. // hx==px/zx so px==hx*zx
  68. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  70. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  71. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  72. assert.Equal(t, abc, px)
  73. hzQAP := Utils.PF.Mul(hxQAP, zxQAP)
  74. assert.Equal(t, abc, hzQAP)
  76. div, rem := Utils.PF.Div(px, zxQAP)
  77. assert.Equal(t, hxQAP, div)
  78. assert.Equal(t, rem, fields.ArrayOfBigZeros(6))
  80. // calculate trusted setup
  81. setup := &PinocchioSetup{}
  82. err = setup.Init(cir, alphas, betas, gammas)
  83. assert.Nil(t, err)
  85. // zx and setup.Pk.Z should be the same
  86. // currently not, the correct one is the calculation used inside GenerateTrustedSetup function
  87. // the calculation is repeated. TODO avoid repeating calculation
  88. assert.Equal(t, zxQAP, setup.Pk.Z)
  90. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  91. assert.Equal(t, hx, hxQAP)
  92. div, rem = Utils.PF.Div(px, setup.Pk.Z)
  93. assert.Equal(t, hx, div)
  94. assert.Equal(t, rem, fields.ArrayOfBigZeros(6))
  96. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  97. // hx==px/zx so px==hx*zx
  98. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  100. // check length of polynomials H(x) and Z(x)
  101. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  102. assert.Equal(t, len(hxQAP), len(px)-len(zxQAP)+1)
  104. proof, err := setup.Generate(cir, w, px)
  105. assert.Nil(t, err)
  107. b35Verif := big.NewInt(int64(35))
  108. publicSignalsVerif := []*big.Int{b35Verif}
  109. {
  110. r, err := setup.Verify(proof, publicSignalsVerif)
  111. assert.Nil(t, err)
  112. assert.True(t, r)
  113. }
  115. // check that with another public input the verification returns false
  116. bOtherWrongPublic := big.NewInt(int64(34))
  117. wrongPublicSignalsVerif := []*big.Int{bOtherWrongPublic}
  118. {
  119. r, err := setup.Verify(proof, wrongPublicSignalsVerif)
  120. assert.Nil(t, err)
  121. assert.False(t, r)
  122. }
  123. }
  125. func TestZkMultiplication(t *testing.T) {
  126. code := `
  127. func main(private a, private b, public c):
  128. d = a * b
  129. equals(c, d)
  130. out = 1 * 1
  131. `
  133. parser := circuit.NewParser(strings.NewReader(code))
  134. cir, err := parser.Parse()
  135. assert.Nil(t, err)
  137. b3 := big.NewInt(int64(3))
  138. b4 := big.NewInt(int64(4))
  139. privateInputs := []*big.Int{b3, b4}
  140. b12 := big.NewInt(int64(12))
  141. publicSignals := []*big.Int{b12}
  143. w, err := cir.CalculateWitness(privateInputs, publicSignals)
  144. assert.Nil(t, err)
  146. cir.GenerateR1CS()
  148. // R1CS to QAP
  149. // TODO zxQAP is not used and is an old impl.
  150. // TODO remove
  151. alphas, betas, gammas, zxQAP := R1CSToQAP(
  152. cir.R1CS.A,
  153. cir.R1CS.B,
  154. cir.R1CS.C,
  155. )
  156. assert.Equal(t, 6, len(alphas))
  157. assert.Equal(t, 6, len(betas))
  158. assert.Equal(t, 6, len(betas))
  159. assert.Equal(t, 5, len(zxQAP))
  160. assert.True(t, !bytes.Equal(alphas[1][1].Bytes(), big.NewInt(int64(0)).Bytes()))
  162. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  163. assert.Equal(t, 4, len(ax))
  164. assert.Equal(t, 4, len(bx))
  165. assert.Equal(t, 4, len(cx))
  166. assert.Equal(t, 7, len(px))
  168. hxQAP := Utils.PF.DivisorPolynomial(px, zxQAP)
  169. assert.Equal(t, 3, len(hxQAP))
  171. // hx==px/zx so px==hx*zx
  172. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  174. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  175. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  176. assert.Equal(t, abc, px)
  177. hzQAP := Utils.PF.Mul(hxQAP, zxQAP)
  178. assert.Equal(t, abc, hzQAP)
  180. div, rem := Utils.PF.Div(px, zxQAP)
  181. assert.Equal(t, hxQAP, div)
  182. assert.Equal(t, rem, fields.ArrayOfBigZeros(4))
  184. setup := &PinocchioSetup{}
  185. err = setup.Init(cir, alphas, betas, gammas)
  186. assert.Nil(t, err)
  188. // zx and setup.Pk.Z should be the same
  189. // currently not, the correct one is the calculation used inside GenerateTrustedSetup function
  190. // the calculation is repeated. TODO avoid repeating calculation
  191. assert.Equal(t, zxQAP, setup.Pk.Z)
  193. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  194. assert.Equal(t, 3, len(hx))
  195. assert.Equal(t, hx, hxQAP)
  197. div, rem = Utils.PF.Div(px, setup.Pk.Z)
  198. assert.Equal(t, hx, div)
  199. assert.Equal(t, rem, fields.ArrayOfBigZeros(4))
  201. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  202. // hx==px/zx so px==hx*zx
  203. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  205. // check length of polynomials H(x) and Z(x)
  206. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  207. assert.Equal(t, len(hxQAP), len(px)-len(zxQAP)+1)
  209. proof, err := setup.Generate(cir, w, px)
  210. assert.Nil(t, err)
  212. b12Verif := big.NewInt(int64(12))
  213. publicSignalsVerif := []*big.Int{b12Verif}
  214. {
  215. r, err := setup.Verify(proof, publicSignalsVerif)
  216. assert.Nil(t, err)
  217. assert.True(t, r)
  218. }
  220. // check that with another public input the verification returns false
  221. bOtherWrongPublic := big.NewInt(int64(11))
  222. wrongPublicSignalsVerif := []*big.Int{bOtherWrongPublic}
  223. {
  224. r, err := setup.Verify(proof, wrongPublicSignalsVerif)
  225. assert.Nil(t, err)
  226. assert.False(t, r)
  227. }
  228. }
  230. func TestMinimalFlow(t *testing.T) {
  231. code := `
  232. func main(private s0, public s1):
  233. s2 = s0 * s0
  234. s3 = s2 * s0
  235. s4 = s3 + s0
  236. s5 = s4 + 5
  237. equals(s1, s5)
  238. out = 1 * 1
  239. `
  241. parser := circuit.NewParser(strings.NewReader(code))
  242. cir, err := parser.Parse()
  243. assert.Nil(t, err)
  245. b3 := big.NewInt(int64(3))
  246. privateInputs := []*big.Int{b3}
  247. b35 := big.NewInt(int64(35))
  248. publicSignals := []*big.Int{b35}
  250. w, err := cir.CalculateWitness(privateInputs, publicSignals)
  251. assert.Nil(t, err)
  253. cir.GenerateR1CS()
  255. // R1CS to QAP
  256. // TODO zxQAP is not used and is an old impl, TODO remove
  257. alphas, betas, gammas, _ := R1CSToQAP(
  258. cir.R1CS.A,
  259. cir.R1CS.B,
  260. cir.R1CS.C,
  261. )
  262. assert.Equal(t, 8, len(alphas))
  263. assert.Equal(t, 8, len(alphas))
  264. assert.Equal(t, 8, len(alphas))
  265. assert.True(t, !bytes.Equal(alphas[1][1].Bytes(), big.NewInt(int64(0)).Bytes()))
  267. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  268. assert.Equal(t, 7, len(ax))
  269. assert.Equal(t, 7, len(bx))
  270. assert.Equal(t, 7, len(cx))
  271. assert.Equal(t, 13, len(px))
  273. // calculate trusted setup
  274. setup := &PinocchioSetup{}
  275. err = setup.Init(cir, alphas, betas, gammas)
  276. assert.Nil(t, err)
  278. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  279. div, rem := Utils.PF.Div(px, setup.Pk.Z)
  280. assert.Equal(t, hx, div)
  281. assert.Equal(t, rem, fields.ArrayOfBigZeros(6))
  283. // hx==px/zx so px==hx*zx
  284. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  286. // check length of polynomials H(x) and Z(x)
  287. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  289. proof, err := setup.Generate(cir, w, px)
  290. assert.Nil(t, err)
  292. b35Verif := big.NewInt(int64(35))
  293. publicSignalsVerif := []*big.Int{b35Verif}
  294. {
  295. r, err := setup.Verify(proof, publicSignalsVerif)
  296. assert.Nil(t, err)
  297. assert.True(t, r)
  298. }
  300. // check that with another public input the verification returns false
  301. bOtherWrongPublic := big.NewInt(int64(34))
  302. wrongPublicSignalsVerif := []*big.Int{bOtherWrongPublic}
  303. {
  304. r, err := setup.Verify(proof, wrongPublicSignalsVerif)
  305. assert.Nil(t, err)
  306. assert.False(t, r)
  307. }
  308. }