From 6a02f83d411c5e6f8e1fbac5cfea0062caa84ec6 Mon Sep 17 00:00:00 2001 From: Jordi Baylina Date: Thu, 9 Aug 2018 18:59:39 +0200 Subject: [PATCH] Force 1 in the verifier --- README | 107 ------------------------------------------------ README.md | 2 +- src/prover.js | 3 +- src/verifier.js | 4 +- 4 files changed, 5 insertions(+), 111 deletions(-) delete mode 100644 README diff --git a/README b/README deleted file mode 100644 index dd185fb..0000000 --- a/README +++ /dev/null @@ -1,107 +0,0 @@ -# javascript implementation of zkSnark - -This is a javascript implementation of zkSnarks. - -This library allows to do the trusted setup, generate proofs and verify the proofs. - -This library uses the compiled circuits generated by the jaz compiler. - -## Install - -``` -npm install zkSnark -``` - -## Usage - -### import - -``` -const zkSnark = require("zksnark"); -``` - -### Load a circuit. - -``` -// "myCircuit.cir" is the output of the jaz compiler - -const circuitDef = JSON.parse(fs.readFileSync("myCircuit.cir", "utf8")); -const circuit = new zkSnark.Circuit(circuitDef); -``` - -### Inspect the circuit. - -``` - // `signalId` can always be a number or an alias string - - circuit.m; // number of constrains - circuit.n; // number of signals - circuit.p; // number of public signals (nPublicInputs + nOutputs) - - // The array of signals is always sorted in this order: - // [ outputs, publicInputs, privedInputs, internalSignals, constants] - - // returns a,b and c coeficients of the `signalId` on a given `constrain` - circuit.a(constrain, signalId) - circuit.b(constrain, signalId) - circuit.c(constrain, signalId) - - circuit.nOutputs // number of public outputs - circuit.nPublicInputs // number of public inputs - circuit.nPrivateInputs // number of private inputs - circuit.nInputs // number of inputs ( nPublicInputs + nPrivateInputs) - - circuit.outputIdx(i) // returns the index of the i'th output - circuit.inputIdx(i) // returns the index of the i'th input - circuit.inputPublicIdx(i) // returns the index of the i'th public input - circuit.inputPrivateIdx(i) // returns the index of the i'th private input - - // returns signal Idx given a signalId - // if the idx >= n , it is a constant - // if the idx == -1, the signal does not exist - circuit.signalId2idx(signalId); - - // returns an array aliases names for a given signalId - circuit.signalNames(signalId) - - // input is a key value object where keys are the signal names - // of all the inputs (public and private) - // returns an array of values that represent the witness - circuit.generateWitness(input) -``` - -### Trusted setup - -``` -const setup = zkSnark.setup(circuit); -fs.writeFileSink("myCircuit.vk_proof", JSON.stringify(setup.vk_proof), "utf8"); -fs.writeFileSink("myCircuit.vk_verifier", JSON.stringify(setup.vk_verifier), "utf8"); -setup.toxic // Must be discarded. -``` - -### Generate proof - -``` -const circuitDef = JSON.parse(fs.readFileSync("myCircuit.cir", "utf8")); -const circuit = new zkSnark.Circuit(circuitDef); -const input = { - "main.pubIn1": "123", - "main.out1": "456" -} -const witness = circuit.generateWitness(input); -const vk_proof = JSON.parse(fs.readFileSync("myCircuit.vk_proof", "utf8")); - -const {proof, publicSignals} = zkSnark.genProof(vk_proof, witness); -``` - -### Verifier - -``` -const vk_verifier = JSON.parse(fs.readFileSync("myCircuit.vk_verifier", "utf8")); - -if (zkSnark.isValid(vk_verifier, proof, publicSignals)) { - console.log("The proof is valid"); -} else { - console.log("The proof is not valid"); -} -``` diff --git a/README.md b/README.md index b6dc4d4..828bafa 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ const circuit = new zkSnark.Circuit(circuitDef); circuit.nPublic; // number of public signals (nOutputs + nPublicInputs) // The array of signals is always sorted in this order: - // [ outputs, publicInputs, privedInputs, internalSignals, constants] + // [ outputs, publicInputs, 1, privedInputs, internalSignals, constants] // returns a,b and c coeficients of the `signalId` on a given `constrain` circuit.a(constrain, signalId) diff --git a/src/prover.js b/src/prover.js index 5844680..f49a633 100644 --- a/src/prover.js +++ b/src/prover.js @@ -25,7 +25,8 @@ module.exports = function genProof(vk_proof, witness) { proof.pi_h = G1.zero(); - for (let s= vk_proof.nPublic; s< vk_proof.nSignals; s++) { + // Skip public entries and the "1" signal that are forced by the verifier + for (let s= vk_proof.nPublic+1; s< vk_proof.nSignals; s++) { // pi_a = pi_a + A[s] * witness[s]; proof.pi_a = G1.add( proof.pi_a, G1.mulEscalar( vk_proof.A[s], witness[s])); diff --git a/src/verifier.js b/src/verifier.js index 0bb4cef..d8d9bd3 100644 --- a/src/verifier.js +++ b/src/verifier.js @@ -10,12 +10,12 @@ const pairing = require("./pairing"); module.exports = function isValid(vk_verifier, proof, publicSignals) { - let full_pi_a = proof.pi_a; for (let s= 0; s< vk_verifier.nPublic; s++) { - full_pi_a = G1.add( full_pi_a, G1.mulEscalar( vk_verifier.A[s], publicSignals[s])); } + let full_pi_a = G1.add(proof.pi_a, vk_verifier.A[vk_verifier.nPublic]); + if (! Gt.equal( pairing( proof.pi_a , vk_verifier.vk_a ), pairing( proof.pi_ap , G2.g )))