arnaucube
/
go-snark
mirror of https://github.com/arnaucube/go-snark.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
4 Tags
14 MiB
Tree: 6cd494f36f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6cd494f36f'
${ noResults }
go-snark/README.md

115 lines
4.0 KiB
Raw Normal View History

bn128 pairing, r1cs to qap
5 years ago
r1cs to qap over finite field
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
bn128 pairing, r1cs to qap
5 years ago
r1cs to qap over finite field
5 years ago
bn128 pairing, r1cs to qap
5 years ago
doing trusted setup
5 years ago
  1. # go-snark [![Go Report Card](https://goreportcard.com/badge/github.com/arnaucube/go-snark)](https://goreportcard.com/report/github.com/arnaucube/go-snark)
  3. zk-SNARK library implementation in Go
  6. #### Test
  7. ```
  8. go test ./... -v
  9. ```
  12. ## R1CS to Quadratic Arithmetic Program
  13. - `Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture`, Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza https://eprint.iacr.org/2013/879.pdf
  14. - Vitalik Buterin blog post about QAP https://medium.com/@VitalikButerin/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649
  15. - Ariel Gabizon in Zcash blog https://z.cash/blog/snark-explain5
  16. - Lagrange polynomial Wikipedia article https://en.wikipedia.org/wiki/Lagrange_polynomial
  18. #### Usage
  19. - R1CS to QAP
  20. ```go
  21. pf := NewPolynomialField(f)
  23. b0 := big.NewInt(int64(0))
  24. b1 := big.NewInt(int64(1))
  25. b3 := big.NewInt(int64(3))
  26. b5 := big.NewInt(int64(5))
  27. b9 := big.NewInt(int64(9))
  28. b27 := big.NewInt(int64(27))
  29. b30 := big.NewInt(int64(30))
  30. b35 := big.NewInt(int64(35))
  31. a := [][]*big.Int{
  32. []*big.Int{b0, b1, b0, b0, b0, b0},
  33. []*big.Int{b0, b0, b0, b1, b0, b0},
  34. []*big.Int{b0, b1, b0, b0, b1, b0},
  35. []*big.Int{b5, b0, b0, b0, b0, b1},
  36. }
  37. b := [][]*big.Int{
  38. []*big.Int{b0, b1, b0, b0, b0, b0},
  39. []*big.Int{b0, b1, b0, b0, b0, b0},
  40. []*big.Int{b1, b0, b0, b0, b0, b0},
  41. []*big.Int{b1, b0, b0, b0, b0, b0},
  42. }
  43. c := [][]*big.Int{
  44. []*big.Int{b0, b0, b0, b1, b0, b0},
  45. []*big.Int{b0, b0, b0, b0, b1, b0},
  46. []*big.Int{b0, b0, b0, b0, b0, b1},
  47. []*big.Int{b0, b0, b1, b0, b0, b0},
  48. }
  49. alphas, betas, gammas, zx := pf.R1CSToQAP(a, b, c)
  50. fmt.Println(alphas)
  51. fmt.Println(betas)
  52. fmt.Println(gammas)
  53. fmt.Println(z)
  55. w := []*big.Int{b1, b3, b35, b9, b27, b30}
  56. ax, bx, cx, px := pf.CombinePolynomials(w, alphas, betas, gammas)
  57. fmt.Println(ax)
  58. fmt.Println(bx)
  59. fmt.Println(cx)
  60. fmt.Println(px)
  62. hx := pf.DivisorPolinomial(px, zx)
  63. fmt.Println(hx)
  64. ```
  66. ## Bn128
  67. Implementation of the bn128 pairing in Go.
  70. Implementation followng the information and the implementations from:
  71. - `Multiplication and Squaring on Pairing-Friendly
  72. Fields`, Augusto Jun Devegili, Colm Ó hÉigeartaigh, Michael Scott, and Ricardo Dahab https://pdfs.semanticscholar.org/3e01/de88d7428076b2547b60072088507d881bf1.pdf
  73. - `Optimal Pairings`, Frederik Vercauteren https://www.cosic.esat.kuleuven.be/bcrypt/optimal.pdf , https://eprint.iacr.org/2008/096.pdf
  74. - `Double-and-Add with Relative Jacobian
  75. Coordinates`, Björn Fay https://eprint.iacr.org/2014/1014.pdf
  76. - `Fast and Regular Algorithms for Scalar Multiplication
  77. over Elliptic Curves`, Matthieu Rivain https://eprint.iacr.org/2011/338.pdf
  78. - `High-Speed Software Implementation of the Optimal Ate Pairing over Barreto–Naehrig Curves`, Jean-Luc Beuchat, Jorge E. González-Díaz, Shigeo Mitsunari, Eiji Okamoto, Francisco Rodríguez-Henríquez, and Tadanori Teruya https://eprint.iacr.org/2010/354.pdf
  79. - `New software speed records for cryptographic pairings`, Michael Naehrig, Ruben Niederhagen, Peter Schwabe https://cryptojedi.org/papers/dclxvi-20100714.pdf
  80. - `Implementing Cryptographic Pairings over Barreto-Naehrig Curves`, Augusto Jun Devegili, Michael Scott, Ricardo Dahab https://eprint.iacr.org/2007/390.pdf
  81. - https://github.com/zcash/zcash/tree/master/src/snark
  82. - https://github.com/iden3/snarkjs
  83. - https://github.com/ethereum/py_ecc/tree/master/py_ecc/bn128
  86. #### Usage
  88. - Pairing
  89. ```go
  90. bn128, err := NewBn128()
  91. assert.Nil(t, err)
  93. big25 := big.NewInt(int64(25))
  94. big30 := big.NewInt(int64(30))
  96. g1a := bn128.G1.MulScalar(bn128.G1.G, big25)
  97. g2a := bn128.G2.MulScalar(bn128.G2.G, big30)
  99. g1b := bn128.G1.MulScalar(bn128.G1.G, big30)
  100. g2b := bn128.G2.MulScalar(bn128.G2.G, big25)
  102. pA, err := bn128.Pairing(g1a, g2a)
  103. assert.Nil(t, err)
  104. pB, err := bn128.Pairing(g1b, g2b)
  105. assert.Nil(t, err)
  106. assert.True(t, bn128.Fq12.Equal(pA, pB))
  107. ```
  110. ---
  112. ## Caution
  113. Not finished, work in progress (implementing this in my free time to understand it better, so I don't have much time).
  115. Thanks to @jbaylina, @bellesmarta, @adriamb for their explanations that helped to understand a little bit this.