Skip to content
This repository has been archived by the owner on Jun 23, 2024. It is now read-only.

Latest commit

 

History

History
75 lines (64 loc) · 4.06 KB

README.md

File metadata and controls

75 lines (64 loc) · 4.06 KB

circom-zk-whiteboard

Overview

The following image taken from the ZK Whiteboard Session Module Five slides describes what will be coded:

Source: Slides

Notes

  • In this example, S is used as an operator selector. S0 and S1 are set to 1 to indicate addition gates. S2 is set to 0 to indicate a multication gate. These are important to apply the row constraint equally.

  • $$ \begin{flalign} \text{The row constraint is } &S_i[x_i+y_i]+(1-S_i)[x_i*y_i]-c_i=0& \end{flalign} $$

    $$ \begin{flalign} \text{at i=0: } &(x_0+y_0) - c_0 = 0& \\ \text{at i=1: } &(x_1+y_1) - c_1 = 0& \\ \text{at i=2: } &(x_2*y_2) - c_2 = 0& \\ \end{flalign} $$

  • Important Note: The arithmetic circuit has been constructed with these row constraints but since Circom does not allow non-quadratic constraints, the row constraints are not explicitly stated.

Resources

Relevant Videos:

Circom Documentation

Compilation Steps from Circom documentation

Compile circuit:

  1. Run circom multiplier2.circom --r1cs --wasm --sym --c

Compute witness (with C++):

  1. Navigate to the multiplier2_cpp directory
  2. Add an input.json file with a, b, and w values as string inputs
  3. Run make
  • Troubleshoot fatal error: nlohmann/json.hpp: No such file or directory: sudo apt upgrade && sudo apt install nlohmann-json3-dev libgmp-dev nasm && make
  1. Run executable: ./multiplier2 input.json witness.wtns

Prove circuit with Groth16 ZkSnark Protocol

Trusted Setup (part 1) - Powers of Tau

  • Note that this step is independent of the circuit.
  1. Start "Powers of Tau" ceremony: snarkjs powersoftau new bn128 12 pot12_0000.ptau -v
  2. Contribute to the ceremony: snarkjs powersoftau contribute pot12_0000.ptau pot12_0001.ptau --name="First contribution" -v

Trusted Setup (part 2)

  • Note that this step is circuit-specific.
  1. Setup by running snarkjs powersoftau prepare phase2 pot12_0001.ptau pot12_final.ptau -v
  2. Generate a .zkey file with both the proving and verification keys and all phase 2 contributions: snarkjs groth16 setup multiplier2.r1cs pot12_final.ptau multiplier2_0000.zkey
    • Troubleshoot multiplier2.r1cs not found: use ../multiplier2.r1cs in the above command
  3. Contribute to part 2 of the ceremony: snarkjs zkey contribute multiplier2_0000.zkey multiplier2_0001.zkey --name="1st Contributor Name" -v
  4. Export the verification key: snarkjs zkey export verificationkey multiplier2_0001.zkey verification_key.json

Generate a Proof

  1. Run snarkjs groth16 prove multiplier2_0001.zkey witness.wtns proof.json public.json

Verify a Proof

  1. Run snarkjs groth16 verify verification_key.json public.json proof.json

    Outputs: [INFO] snarkJS: OK!