Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Groth16 prover #463

Open
wants to merge 49 commits into
base: master
Choose a base branch
from
Open

Groth16 prover #463

wants to merge 49 commits into from

Conversation

Vindaar
Copy link
Collaborator

@Vindaar Vindaar commented Aug 22, 2024
edited
Loading

Edit: The PR previously contained a long description of my debugging of the Groth16 prover implementation. For anyone interested, it can still be found here.

This PR implements a Groth16 prover and verifier, which requires SnarkJS produced .wtns, .zkey and .r1cs binary files.

  • Implement verifier

@Vindaar
Copy link
Collaborator Author

Vindaar commented Jan 12, 2025

I just had another look at SnarkJS to see if I can figure out the double Montgomery encoding situation.

As it turns out at least I could identify the SnarkJS code that writes the coefficients as doubly Montgomery encoded. This happens here:

const nR2 = curve.Fr.mul(n, R2r);
curve.Fr.toRprLE(buffCoeff, 12, nR2);

where R2r is:

const R2r = curve.Fr.e(Scalar.mod(Scalar.mul(Rr,Rr), primeR));

Which at the very least finally ends the question of whether I'm imagining things or not.

I still have no clue why this is done to be honest. The commits touching these lines are not very illuminating either.

@Vindaar Vindaar changed the title Groth16 prover buggy draft Groth16 prover Jan 25, 2025
Vindaar added 28 commits January 25, 2025 13:55
@Vindaar
WIP commit of our groth16 work
866ff86
@Vindaar
add partially manual Groth16 proof file
a62c270
@Vindaar
minor comments, cleanup, TODOs
ac9fc4d
@Vindaar
add note about typed R1CS
a9574c5
@Vindaar
add 'typed' variant of Zkey
32471f8
@Vindaar
add 'typed' variant of Witness file data
d9c8399
@Vindaar
move asEC*, randomFieldElement to utils
52a0d8e
@Vindaar
use 'typed' form of zkey / witnessss data objects
5f8ffa7
@Vindaar
[tests] add test file for finite field FFT
8a425c0
@Vindaar
[groth16] whitespace
b7b5f8e
@Vindaar
clean up FFT for finite fields
eac3545
@Vindaar
remove old FFT finite field test file
456eb87
@Vindaar
remove old TODO from FFT
2468297
@Vindaar
move groth16 files one dir up (proof_systems)
3516ea2
@Vindaar
add notes about binary zkey, wtns file format / parser
31b93fc
@Vindaar
fixup code for changed path, minor cleanup
544acaf
@Vindaar
bind sysrand in utils
54c8ccb
@Vindaar
export some modules, export prover & prove
b865732
@Vindaar
bind two identifiers in sumImpl
52ab899 
Otherwise when performing operations on EC points in Jacobian,
depending on import these can be missing.
@Vindaar
[example] add Groth16 prover example
4394b90
@Vindaar
[examples] clean up outputs of code blocks
8c125c4
@Vindaar
remove left over :END:
0be109b
@Vindaar
remove old echoes
7c00f4e
@Vindaar
export EC related modules from Groth16
11c2d57
@Vindaar
update tangled example Nim code
e27e7fd
@Vindaar
[io_fields] annotate fromDecimal with raises, pop raises: [] before
3fd87ab
@Vindaar
[tests] add groth16 prover test case, binary files for test
ab1db16
@Vindaar
export wtns field of Witness section
f0ec4bb
Vindaar added 14 commits January 25, 2025 13:55
@Vindaar
[tests] add test case for Witness binary parser
33e0e17
@Vindaar
[tests] add .zkey parser test case
1079d9f
@Vindaar
[tests] add expected zkey test files as JSON data
c4a5d1c
@Vindaar
[nimble] add finite field FFT, Groth16 related tests to nimble file
0f90e5b
@Vindaar
add booldefine variables to choose what is Montgomery encoded
9041755
@Vindaar
add a bunch more echo outputs for SnarkJS comparison
5aed56a
@Vindaar
[parser] minor cleanup of the binary file parsing logic
8740a5d
@Vindaar
remove comment about truncation in random field element sampling
6856a3b
@Vindaar
remove debugging ~booldefine~ variables
6b5185b
@Vindaar
[groth16] add parser utils submodule for Groth16 binary files
1f4e89f
@Vindaar
[groth16] rename the Groth16 main file
fcdd4cd
@Vindaar
clean up FFT LUT calculation code
564cc42
@Vindaar
[groth16] clean up Groth16 main file
92108bf
@Vindaar
[tests] clean up Groth16 test case, adjust for correct API
47ba6f9
@Vindaar
remove duplicate pow_vartime due to rebase
e492ba2
@Vindaar
[tests] update ZKey test vectors from wrong booldefine branch
8a4db94 
Previously these were generated from the wrong branch of the
`{.booldefine.}` variables we had in the code when the PR was still a
draft. Instead of parsing the data as doubly Montgomery encoded as
they actually are, we parsed them as regular Montgomery encoded
resulting in wrong test vectors.
@Vindaar
[utils] add comment reference to double Montgomery encoding
34812a1
@Vindaar
[tests] fix paths in Zkey and Groth16 prover tests
53209ae
@Vindaar
[groth16] add proper type for Groth16 proof
0345743
@Vindaar
[groth16] implement Groth16 proof verification and test it
068a456
@Vindaar Vindaar marked this pull request as ready for review January 25, 2025 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Vindaar