arnaucube
/
go-snark
mirror of https://github.com/arnaucube/go-snark.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 Commits
1 Branch
4 Tags
50 MiB
Tree: e0f427095e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e0f427095e'
${ noResults }
go-snark/snark_test.go

321 lines
8.7 KiB
Raw Normal View History

key generation for proofs, snark files to the root directory
6 years ago
doing trusted setup
6 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
doing trusted setup
6 years ago
flat circuit code to R1CS working
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
starting circuitcompiler, lexer and parser (simple version)
5 years ago
doing trusted setup
6 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
small update, fix trusted setup ops over Field R
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
doing trusted setup
6 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
doing trusted setup
6 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
cli
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
snark.Utils packed
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
starting circuitcompiler, lexer and parser (simple version)
5 years ago
snark.Utils packed
5 years ago
snark trusted setup + generate proof + verify proof working. Added test to bn128 pairing
6 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
doing trusted setup
6 years ago
snark.Utils packed
5 years ago
e(Vb, piB) == e(piB', g2) proof
6 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
doing trusted setup
6 years ago
fixing Z(x), VkIC, Vkz, piH calculations
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
flat circuit code to R1CS working
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
flat circuit code to R1CS working
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuit output in proof.PublicSignals for proof verification
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuit output in proof.PublicSignals for proof verification
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuit output in proof.PublicSignals for proof verification
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuit output in proof.PublicSignals for proof verification
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
circuit output in proof.PublicSignals for proof verification
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
circuit output in proof.PublicSignals for proof verification
5 years ago
circuit CalculateWitness, added - & / in GenerateR1CS(), added doc
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
snark.Utils packed
5 years ago
flat circuit code to R1CS working
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
cli
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
flat circuit code to R1CS working
5 years ago
add rho's for proof keys and verification keys calculation, Vk.IC, add alphas input soundness when generating trusted setup
5 years ago
  1. package snark
  3. import (
  4. "encoding/json"
  5. "fmt"
  6. "math/big"
  7. "strings"
  8. "testing"
  9. "time"
  11. "github.com/arnaucube/go-snark/circuitcompiler"
  12. "github.com/arnaucube/go-snark/r1csqap"
  13. "github.com/stretchr/testify/assert"
  14. )
  16. func TestZkFromFlatCircuitCode(t *testing.T) {
  18. // compile circuit and get the R1CS
  19. flatCode := `
  20. func test(x):
  21. aux = x*x
  22. y = aux*x
  23. z = x + y
  24. out = z + 5
  25. `
  26. fmt.Print("\nflat code of the circuit:")
  27. fmt.Println(flatCode)
  29. // parse the code
  30. parser := circuitcompiler.NewParser(strings.NewReader(flatCode))
  31. circuit, err := parser.Parse()
  32. assert.Nil(t, err)
  33. fmt.Println("\ncircuit data:", circuit)
  34. circuitJson, _ := json.Marshal(circuit)
  35. fmt.Println("circuit:", string(circuitJson))
  37. b3 := big.NewInt(int64(3))
  38. privateInputs := []*big.Int{b3}
  39. // wittness
  40. w, err := circuit.CalculateWitness(privateInputs)
  41. assert.Nil(t, err)
  42. fmt.Println("\nwitness", w)
  44. // flat code to R1CS
  45. fmt.Println("\ngenerating R1CS from flat code")
  46. a, b, c := circuit.GenerateR1CS()
  47. fmt.Println("\nR1CS:")
  48. fmt.Println("a:", a)
  49. fmt.Println("b:", b)
  50. fmt.Println("c:", c)
  52. // R1CS to QAP
  53. // TODO zxQAP is not used and is an old impl, bad calculated. TODO remove
  54. alphas, betas, gammas, zxQAP := Utils.PF.R1CSToQAP(a, b, c)
  55. fmt.Println("qap")
  56. fmt.Println("alphas", len(alphas))
  57. fmt.Println("alphas[1]", alphas[1])
  58. fmt.Println("betas", len(betas))
  59. fmt.Println("gammas", len(gammas))
  60. fmt.Println("zx length", len(zxQAP))
  62. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  63. fmt.Println("ax length", len(ax))
  64. fmt.Println("bx length", len(bx))
  65. fmt.Println("cx length", len(cx))
  66. fmt.Println("px length", len(px))
  67. fmt.Println("px[last]", px[0])
  68. px0 := Utils.PF.F.Add(px[0], big.NewInt(int64(88)))
  69. fmt.Println(px0)
  70. assert.Equal(t, px0.Bytes(), Utils.PF.F.Zero().Bytes())
  72. hxQAP := Utils.PF.DivisorPolynomial(px, zxQAP)
  73. fmt.Println("hx length", len(hxQAP))
  75. // hx==px/zx so px==hx*zx
  76. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  78. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  79. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  80. assert.Equal(t, abc, px)
  81. hzQAP := Utils.PF.Mul(hxQAP, zxQAP)
  82. assert.Equal(t, abc, hzQAP)
  84. div, rem := Utils.PF.Div(px, zxQAP)
  85. assert.Equal(t, hxQAP, div)
  86. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(4))
  88. // calculate trusted setup
  89. setup, err := GenerateTrustedSetup(len(w), *circuit, alphas, betas, gammas)
  90. assert.Nil(t, err)
  91. fmt.Println("\nt:", setup.Toxic.T)
  93. // zx and setup.Pk.Z should be the same (currently not, the correct one is the calculation used inside GenerateTrustedSetup function), the calculation is repeated. TODO avoid repeating calculation
  94. // assert.Equal(t, zxQAP, setup.Pk.Z)
  96. fmt.Println("hx pk.z", hxQAP)
  97. hx := Utils.PF.DivisorPolynomial(px, setup.Pk.Z)
  98. fmt.Println("hx pk.z", hx)
  99. // assert.Equal(t, hxQAP, hx)
  101. assert.Equal(t, px, Utils.PF.Mul(hxQAP, zxQAP))
  102. // hx==px/zx so px==hx*zx
  103. assert.Equal(t, px, Utils.PF.Mul(hx, setup.Pk.Z))
  105. // check length of polynomials H(x) and Z(x)
  106. assert.Equal(t, len(hx), len(px)-len(setup.Pk.Z)+1)
  107. assert.Equal(t, len(hxQAP), len(px)-len(zxQAP)+1)
  109. // fmt.Println("pk.Z", len(setup.Pk.Z))
  110. // fmt.Println("zxQAP", len(zxQAP))
  112. proof, err := GenerateProofs(*circuit, setup, w, px)
  113. assert.Nil(t, err)
  115. // fmt.Println("\n proofs:")
  116. // fmt.Println(proof)
  118. // fmt.Println("public signals:", proof.PublicSignals)
  119. fmt.Println("\nwitness", w)
  120. // b1 := big.NewInt(int64(1))
  121. b35 := big.NewInt(int64(35))
  122. // publicSignals := []*big.Int{b1, b35}
  123. publicSignals := []*big.Int{b35}
  124. before := time.Now()
  125. assert.True(t, VerifyProof(*circuit, setup, proof, publicSignals, true))
  126. fmt.Println("verify proof time elapsed:", time.Since(before))
  127. }
  129. /*
  130. func TestZkMultiplication(t *testing.T) {
  132. // compile circuit and get the R1CS
  133. flatCode := `
  134. func test(a, b):
  135. out = a * b
  136. `
  138. // parse the code
  139. parser := circuitcompiler.NewParser(strings.NewReader(flatCode))
  140. circuit, err := parser.Parse()
  141. assert.Nil(t, err)
  143. b3 := big.NewInt(int64(3))
  144. b4 := big.NewInt(int64(4))
  145. inputs := []*big.Int{b3, b4}
  146. // wittness
  147. w, err := circuit.CalculateWitness(inputs)
  148. assert.Nil(t, err)
  150. fmt.Println("circuit")
  151. fmt.Println(circuit.NPublic)
  153. // flat code to R1CS
  154. a, b, c := circuit.GenerateR1CS()
  155. fmt.Println("\nR1CS:")
  156. fmt.Println("a:", a)
  157. fmt.Println("b:", b)
  158. fmt.Println("c:", c)
  160. // R1CS to QAP
  161. alphas, betas, gammas, zx := Utils.PF.R1CSToQAP(a, b, c)
  162. fmt.Println("qap")
  163. fmt.Println("alphas", alphas)
  164. fmt.Println("betas", betas)
  165. fmt.Println("gammas", gammas)
  167. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  169. hx := Utils.PF.DivisorPolynomial(px, zx)
  171. // hx==px/zx so px==hx*zx
  172. assert.Equal(t, px, Utils.PF.Mul(hx, zx))
  174. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  175. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  176. assert.Equal(t, abc, px)
  177. hz := Utils.PF.Mul(hx, zx)
  178. assert.Equal(t, abc, hz)
  180. div, rem := Utils.PF.Div(px, zx)
  181. assert.Equal(t, hx, div)
  182. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(1))
  184. // calculate trusted setup
  185. setup, err := GenerateTrustedSetup(len(w), *circuit, alphas, betas, gammas, zx)
  186. assert.Nil(t, err)
  188. // piA = g1 * A(t), piB = g2 * B(t), piC = g1 * C(t), piH = g1 * H(t)
  189. proof, err := GenerateProofs(*circuit, setup, hx, w)
  190. assert.Nil(t, err)
  192. // assert.True(t, VerifyProof(*circuit, setup, proof, false))
  193. b35 := big.NewInt(int64(35))
  194. publicSignals := []*big.Int{b35}
  195. assert.True(t, VerifyProof(*circuit, setup, proof, publicSignals, true))
  196. }
  197. */
  198. /*
  199. func TestZkFromHardcodedR1CS(t *testing.T) {
  200. b0 := big.NewInt(int64(0))
  201. b1 := big.NewInt(int64(1))
  202. b3 := big.NewInt(int64(3))
  203. b5 := big.NewInt(int64(5))
  204. b9 := big.NewInt(int64(9))
  205. b27 := big.NewInt(int64(27))
  206. b30 := big.NewInt(int64(30))
  207. b35 := big.NewInt(int64(35))
  208. a := [][]*big.Int{
  209. []*big.Int{b0, b0, b1, b0, b0, b0},
  210. []*big.Int{b0, b0, b0, b1, b0, b0},
  211. []*big.Int{b0, b0, b1, b0, b1, b0},
  212. []*big.Int{b5, b0, b0, b0, b0, b1},
  213. }
  214. b := [][]*big.Int{
  215. []*big.Int{b0, b0, b1, b0, b0, b0},
  216. []*big.Int{b0, b0, b1, b0, b0, b0},
  217. []*big.Int{b1, b0, b0, b0, b0, b0},
  218. []*big.Int{b1, b0, b0, b0, b0, b0},
  219. }
  220. c := [][]*big.Int{
  221. []*big.Int{b0, b0, b0, b1, b0, b0},
  222. []*big.Int{b0, b0, b0, b0, b1, b0},
  223. []*big.Int{b0, b0, b0, b0, b0, b1},
  224. []*big.Int{b0, b1, b0, b0, b0, b0},
  225. }
  226. alphas, betas, gammas, zx := Utils.PF.R1CSToQAP(a, b, c)
  228. // wittness = 1, 35, 3, 9, 27, 30
  229. w := []*big.Int{b1, b35, b3, b9, b27, b30}
  230. circuit := circuitcompiler.Circuit{
  231. NVars: 6,
  232. NPublic: 1,
  233. NSignals: len(w),
  234. }
  235. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  237. hx := Utils.PF.DivisorPolynomial(px, zx)
  239. // hx==px/zx so px==hx*zx
  240. assert.Equal(t, px, Utils.PF.Mul(hx, zx))
  242. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  243. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  244. assert.Equal(t, abc, px)
  245. hz := Utils.PF.Mul(hx, zx)
  246. assert.Equal(t, abc, hz)
  248. div, rem := Utils.PF.Div(px, zx)
  249. assert.Equal(t, hx, div)
  250. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(4))
  252. // calculate trusted setup
  253. setup, err := GenerateTrustedSetup(len(w), circuit, alphas, betas, gammas, zx)
  254. assert.Nil(t, err)
  256. // piA = g1 * A(t), piB = g2 * B(t), piC = g1 * C(t), piH = g1 * H(t)
  257. proof, err := GenerateProofs(circuit, setup, hx, w)
  258. assert.Nil(t, err)
  260. // assert.True(t, VerifyProof(circuit, setup, proof, true))
  261. publicSignals := []*big.Int{b35}
  262. assert.True(t, VerifyProof(circuit, setup, proof, publicSignals, true))
  263. }
  265. func TestZkMultiplication(t *testing.T) {
  267. // compile circuit and get the R1CS
  268. flatCode := `
  269. func test(a, b):
  270. out = a * b
  271. `
  273. // parse the code
  274. parser := circuitcompiler.NewParser(strings.NewReader(flatCode))
  275. circuit, err := parser.Parse()
  276. assert.Nil(t, err)
  278. b3 := big.NewInt(int64(3))
  279. b4 := big.NewInt(int64(4))
  280. inputs := []*big.Int{b3, b4}
  281. // wittness
  282. w, err := circuit.CalculateWitness(inputs)
  283. assert.Nil(t, err)
  285. // flat code to R1CS
  286. a, b, c := circuit.GenerateR1CS()
  288. // R1CS to QAP
  289. alphas, betas, gammas, zx := Utils.PF.R1CSToQAP(a, b, c)
  291. ax, bx, cx, px := Utils.PF.CombinePolynomials(w, alphas, betas, gammas)
  293. hx := Utils.PF.DivisorPolynomial(px, zx)
  295. // hx==px/zx so px==hx*zx
  296. assert.Equal(t, px, Utils.PF.Mul(hx, zx))
  298. // p(x) = a(x) * b(x) - c(x) == h(x) * z(x)
  299. abc := Utils.PF.Sub(Utils.PF.Mul(ax, bx), cx)
  300. assert.Equal(t, abc, px)
  301. hz := Utils.PF.Mul(hx, zx)
  302. assert.Equal(t, abc, hz)
  304. div, rem := Utils.PF.Div(px, zx)
  305. assert.Equal(t, hx, div)
  306. assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(1))
  308. // calculate trusted setup
  309. setup, err := GenerateTrustedSetup(len(w), *circuit, alphas, betas, gammas, zx)
  310. assert.Nil(t, err)
  312. // piA = g1 * A(t), piB = g2 * B(t), piC = g1 * C(t), piH = g1 * H(t)
  313. proof, err := GenerateProofs(*circuit, setup, hx, w)
  314. assert.Nil(t, err)
  316. // assert.True(t, VerifyProof(*circuit, setup, proof, false))
  317. b35 := big.NewInt(int64(35))
  318. publicSignals := []*big.Int{b35}
  319. assert.True(t, VerifyProof(*circuit, setup, proof, publicSignals, true))
  320. }
  321. */