2018-10-21 19:24:49 +03:00
|
|
|
#!/usr/bin/env node
|
|
|
|
|
|
|
|
/*
|
|
|
|
Copyright 2018 0KIMS association.
|
|
|
|
|
|
|
|
This file is part of jaz (Zero Knowledge Circuit Compiler).
|
|
|
|
|
|
|
|
jaz is a free software: you can redistribute it and/or modify it
|
|
|
|
under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
jaz is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
|
|
|
License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with jaz. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* eslint-disable no-console */
|
|
|
|
|
|
|
|
const fs = require("fs");
|
|
|
|
const path = require("path");
|
|
|
|
|
|
|
|
const zkSnark = require("./index.js");
|
2020-04-18 21:21:16 +03:00
|
|
|
const {stringifyBigInts, unstringifyBigInts} = require("ffjavascript").utils;
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
const loadR1cs = require("r1csfile").load;
|
|
|
|
const WitnessCalculatorBuilder = require("circom_runtime").WitnessCalculatorBuilder;
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
const version = require("./package").version;
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
const loadSyms = require("./src/loadsyms");
|
|
|
|
const printR1cs = require("./src/printr1cs");
|
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
const argv = require("yargs")
|
|
|
|
.version(version)
|
|
|
|
.usage(`snarkjs <command> <options>
|
|
|
|
|
|
|
|
setup command
|
|
|
|
=============
|
|
|
|
|
|
|
|
snarkjs setup <option>
|
|
|
|
|
|
|
|
Runs a setup for a circuit generating the proving and the verification key.
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
-r or --r1cs <r1csFile>
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Filename of the compiled circuit file generated by circom.
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
Default: circuit.r1cs
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
--pk or --provingkey <provingKeyFile>
|
|
|
|
|
|
|
|
Output filename where the proving key will be stored.
|
|
|
|
|
|
|
|
Default: proving_key.json
|
|
|
|
|
|
|
|
--vk or --verificationkey <verificationKeyFile>
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Output filename where the verification key will be stored.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: verification_key.json
|
|
|
|
|
2019-06-16 01:12:50 +03:00
|
|
|
--protocol [original|groth|kimleeoh]
|
2018-11-10 16:43:37 +03:00
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Defines which variant of the zk-SNARK protocol you want to use.
|
2018-11-10 16:43:37 +03:00
|
|
|
|
2020-03-27 17:47:59 +03:00
|
|
|
Default: groth
|
2018-11-10 16:43:37 +03:00
|
|
|
|
2020-04-06 22:38:08 +03:00
|
|
|
--verbose
|
|
|
|
|
|
|
|
Print verbose to screen
|
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
calculate witness command
|
|
|
|
=========================
|
|
|
|
|
|
|
|
snarkjs calculatewitness <options>
|
|
|
|
|
|
|
|
Calculate the witness of a circuit given an input.
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
--ws --wasm <wasmFile>
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Filename of the compiled circuit file generated by circom.
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
Default: circuit.r1cs
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
-i or --input <inputFile>
|
|
|
|
|
|
|
|
JSON file with the inputs of the circuit.
|
|
|
|
|
|
|
|
Default: input.json
|
|
|
|
|
2019-06-11 03:52:48 +03:00
|
|
|
Example of a circuit with two inputs a and b:
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
{"a": "22", "b": "33"}
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
--wt --witness
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Output filename with the generated witness.
|
|
|
|
|
|
|
|
Default: witness.json
|
|
|
|
|
2019-06-16 01:12:50 +03:00
|
|
|
--lg or --logget
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Output GET access to the signals.
|
2019-06-16 01:12:50 +03:00
|
|
|
|
|
|
|
--ls or --logset
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Output SET access to the signal.
|
2019-06-16 01:12:50 +03:00
|
|
|
|
|
|
|
--lt or --logtrigger
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Output when a subcomponent is triggered and when finished.
|
2019-06-16 01:12:50 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
--s or --sanitycheck
|
|
|
|
|
2020-04-18 21:21:16 +03:00
|
|
|
-s or --sym <symFile>
|
|
|
|
|
|
|
|
Filename of the debuging symbols file generated by circom.
|
|
|
|
|
|
|
|
Default: circuit.sym
|
2019-06-16 01:12:50 +03:00
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
generate a proof command
|
|
|
|
========================
|
|
|
|
|
|
|
|
snarkjs proof <options>
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
--wt or --witness
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Input filename used to calculate the proof.
|
|
|
|
|
|
|
|
Default: witness.json
|
|
|
|
|
|
|
|
--pk or --provingkey <provingKeyFile>
|
|
|
|
|
|
|
|
Input filename with the proving key (generated during the setup).
|
|
|
|
|
|
|
|
Default: proving_key.json
|
|
|
|
|
|
|
|
-p or --proof
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Output filename with the zero-knowledge proof.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: proof.json
|
|
|
|
|
|
|
|
--pub or --public <publicFilename>
|
|
|
|
|
|
|
|
Output filename with the value of the public wires/signals.
|
|
|
|
This info will be needed to verify the proof.
|
|
|
|
|
|
|
|
Default: public.json
|
|
|
|
|
2020-04-18 21:21:16 +03:00
|
|
|
--verbose
|
|
|
|
|
|
|
|
Print verbose to screen
|
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
verify command
|
|
|
|
==============
|
|
|
|
|
|
|
|
snarkjs verify <options>
|
|
|
|
|
|
|
|
The command returns "OK" if the proof is valid
|
|
|
|
and "INVALID" in case it is not a valid proof.
|
|
|
|
|
|
|
|
--vk or --verificationkey <verificationKeyFile>
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Input filename with the verification key (generated during the setup).
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: verification_key.json
|
|
|
|
|
|
|
|
-p or --proof
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Input filename with the zero-knowledge proof you want to verify.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: proof.json
|
|
|
|
|
|
|
|
--pub or --public <publicFilename>
|
|
|
|
|
|
|
|
Input filename with the public wires/signals.
|
|
|
|
|
|
|
|
Default: public.json
|
|
|
|
|
2018-11-10 16:43:37 +03:00
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
generate solidity verifier command
|
|
|
|
==================================
|
|
|
|
|
|
|
|
snarkjs generateverifier <options>
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Generates a solidity smart contract that verifies the zero-knowledge proof.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
--vk or --verificationkey <verificationKeyFile>
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Input filename with the verification key (generated during the setup).
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: verification_key.json
|
|
|
|
|
|
|
|
-v or --verifier
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Output file with a solidity smart contract that verifies a zero-knowledge proof.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: verifier.sol
|
|
|
|
|
2018-11-10 16:43:37 +03:00
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
generate call parameters
|
|
|
|
========================
|
|
|
|
|
|
|
|
snarkjs generatecall <options>
|
|
|
|
|
|
|
|
Outputs into the console the raw parameters to be used in 'verifyProof'
|
2018-10-26 01:52:26 +03:00
|
|
|
method of the solidity verifier function.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
-p or --proof
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Input filename with the zero-knowledge proof you want to use.
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
Default: proof.json
|
|
|
|
|
|
|
|
--pub or --public <publicFilename>
|
|
|
|
|
|
|
|
Input filename with the public wires/signals.
|
|
|
|
|
|
|
|
Default: public.json
|
|
|
|
|
2018-10-22 09:34:49 +03:00
|
|
|
circuit info
|
|
|
|
============
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2018-10-22 09:34:49 +03:00
|
|
|
snarkjs info <options>
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Print statistics of a circuit.
|
2018-10-22 09:34:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
-r or --r1cs <r1csFile>
|
2018-10-22 09:34:49 +03:00
|
|
|
|
|
|
|
Filename of the compiled circuit file generated by circom.
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
Default: circuit.r1cs
|
2018-10-22 09:34:49 +03:00
|
|
|
|
|
|
|
print constraints
|
|
|
|
=================
|
|
|
|
|
|
|
|
snarkjs printconstraints <options>
|
|
|
|
|
2020-03-27 17:31:02 +03:00
|
|
|
Print all the constraints of a given circuit.
|
2018-10-22 09:34:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
-r or --r1cs <r1csFile>
|
2018-10-22 09:34:49 +03:00
|
|
|
|
|
|
|
Filename of the compiled circuit file generated by circom.
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
Default: circuit.r1cs
|
|
|
|
|
|
|
|
-s or --sym <symFile>
|
|
|
|
|
|
|
|
Filename of the debuging symbols file generated by circom.
|
|
|
|
|
|
|
|
Default: circuit.sym
|
2018-10-21 19:24:49 +03:00
|
|
|
`)
|
2020-03-26 22:16:29 +03:00
|
|
|
.alias("r", "r1cs")
|
|
|
|
.alias("s", "sym")
|
2018-10-21 19:24:49 +03:00
|
|
|
.alias("pk", "provingkey")
|
|
|
|
.alias("vk", "verificationkey")
|
2020-03-26 22:16:29 +03:00
|
|
|
.alias("wt", "witness")
|
|
|
|
.alias("ws", "wasm")
|
2018-10-21 19:24:49 +03:00
|
|
|
.alias("p", "proof")
|
|
|
|
.alias("i", "input")
|
|
|
|
.alias("pub", "public")
|
|
|
|
.alias("v", "verifier")
|
2019-06-16 01:12:50 +03:00
|
|
|
.alias("lo", "logoutput")
|
|
|
|
.alias("lg", "logget")
|
|
|
|
.alias("ls", "logset")
|
|
|
|
.alias("lt", "logtrigger")
|
2018-10-21 19:24:49 +03:00
|
|
|
.help("h")
|
|
|
|
.alias("h", "help")
|
2019-06-16 01:12:50 +03:00
|
|
|
|
2018-10-21 19:24:49 +03:00
|
|
|
.epilogue(`Copyright (C) 2018 0kims association
|
|
|
|
This program comes with ABSOLUTELY NO WARRANTY;
|
|
|
|
This is free software, and you are welcome to redistribute it
|
|
|
|
under certain conditions; see the COPYING file in the official
|
|
|
|
repo directory at https://github.com/iden3/circom `)
|
|
|
|
.argv;
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
const r1csName = (argv.r1cs) ? argv.r1cs : "circuit.r1cs";
|
|
|
|
const symName = (argv.sym) ? argv.sym : "circuit.sym";
|
2018-10-21 19:24:49 +03:00
|
|
|
const provingKeyName = (argv.provingkey) ? argv.provingkey : "proving_key.json";
|
|
|
|
const verificationKeyName = (argv.verificationkey) ? argv.verificationkey : "verification_key.json";
|
|
|
|
const inputName = (argv.input) ? argv.input : "input.json";
|
2020-03-26 22:16:29 +03:00
|
|
|
const wasmName = (argv.wasm) ? argv.wasm : "circuit.wasm";
|
2018-10-21 19:24:49 +03:00
|
|
|
const witnessName = (argv.witness) ? argv.witness : "witness.json";
|
|
|
|
const proofName = (argv.proof) ? argv.proof : "proof.json";
|
|
|
|
const publicName = (argv.public) ? argv.public : "public.json";
|
2018-11-10 16:43:37 +03:00
|
|
|
const verifierName = (argv.verifier) ? argv.verifier : "verifier.sol";
|
2020-03-26 22:16:29 +03:00
|
|
|
const protocol = (argv.protocol) ? argv.protocol : "groth";
|
|
|
|
|
|
|
|
run().then(() => {
|
|
|
|
process.exit();
|
|
|
|
});
|
2018-10-21 19:24:49 +03:00
|
|
|
|
|
|
|
function p256(n) {
|
|
|
|
let nstr = n.toString(16);
|
|
|
|
while (nstr.length < 64) nstr = "0"+nstr;
|
|
|
|
nstr = `"0x${nstr}"`;
|
|
|
|
return nstr;
|
|
|
|
}
|
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
async function run() {
|
|
|
|
try {
|
|
|
|
if (argv._[0].toUpperCase() == "INFO") {
|
|
|
|
const cir = await loadR1cs(r1csName);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
console.log(`# Wires: ${cir.nVars}`);
|
|
|
|
console.log(`# Constraints: ${cir.nConstraints}`);
|
|
|
|
console.log(`# Private Inputs: ${cir.nPrvInputs}`);
|
|
|
|
console.log(`# Public Inputs: ${cir.nPubInputs}`);
|
|
|
|
console.log(`# Outputs: ${cir.nOutputs}`);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
} else if (argv._[0].toUpperCase() == "PRINTCONSTRAINTS") {
|
|
|
|
const cir = await loadR1cs(r1csName, true, true);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
const sym = await loadSyms(symName);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
printR1cs(cir, sym);
|
|
|
|
} else if (argv._[0].toUpperCase() == "SETUP") {
|
|
|
|
const cir = await loadR1cs(r1csName, true);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
if (!zkSnark[protocol]) throw new Error("Invalid protocol");
|
2020-04-06 22:38:08 +03:00
|
|
|
const setup = zkSnark[protocol].setup(cir, argv.verbose);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-28 21:40:30 +03:00
|
|
|
await fs.promises.writeFile(provingKeyName, JSON.stringify(stringifyBigInts(setup.vk_proof), null, 1), "utf-8");
|
|
|
|
await fs.promises.writeFile(verificationKeyName, JSON.stringify(stringifyBigInts(setup.vk_verifier), null, 1), "utf-8");
|
2020-03-26 22:16:29 +03:00
|
|
|
} else if (argv._[0].toUpperCase() == "CALCULATEWITNESS") {
|
|
|
|
const wasm = await fs.promises.readFile(wasmName);
|
|
|
|
const input = unstringifyBigInts(JSON.parse(await fs.promises.readFile(inputName, "utf8")));
|
|
|
|
|
|
|
|
|
|
|
|
let options;
|
|
|
|
let sym;
|
|
|
|
if (argv.logset || argv.logget || argv.logtrigger || argv.sanitycheck) {
|
|
|
|
options = {
|
|
|
|
sanityCheck: true
|
|
|
|
};
|
|
|
|
if (argv.logset) {
|
|
|
|
if (!sym) sym = await loadSyms(symName);
|
|
|
|
options.logSetSignal= function(labelIdx, value) {
|
|
|
|
console.log("SET " + sym.labelIdx2Name[labelIdx] + " <-- " + value.toString());
|
|
|
|
};
|
|
|
|
}
|
|
|
|
if (argv.logget) {
|
|
|
|
if (!sym) sym = await loadSyms(symName);
|
|
|
|
options.logGetSignal= function(varIdx, value) {
|
|
|
|
console.log("GET " + sym.labelIdx2Name[varIdx] + " --> " + value.toString());
|
|
|
|
};
|
|
|
|
}
|
|
|
|
if (argv.logtrigger) {
|
|
|
|
if (!sym) sym = await loadSyms(symName);
|
|
|
|
options.logStartComponent= function(cIdx) {
|
|
|
|
console.log("START: " + sym.componentIdx2Name[cIdx]);
|
|
|
|
};
|
|
|
|
options.logFinishComponent= function(cIdx) {
|
|
|
|
console.log("FINISH: " + sym.componentIdx2Name[cIdx]);
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
const wc = await WitnessCalculatorBuilder(wasm, options);
|
|
|
|
|
|
|
|
const w = await wc.calculateWitness(input);
|
|
|
|
|
|
|
|
await fs.promises.writeFile(witnessName, JSON.stringify(stringifyBigInts(w), null, 1));
|
|
|
|
|
|
|
|
} else if (argv._[0].toUpperCase() == "PROOF") {
|
|
|
|
const witness = unstringifyBigInts(JSON.parse(fs.readFileSync(witnessName, "utf8")));
|
|
|
|
const provingKey = unstringifyBigInts(JSON.parse(fs.readFileSync(provingKeyName, "utf8")));
|
|
|
|
|
|
|
|
const protocol = provingKey.protocol;
|
|
|
|
if (!zkSnark[protocol]) throw new Error("Invalid protocol");
|
2020-04-18 21:21:16 +03:00
|
|
|
const {proof, publicSignals} = zkSnark[protocol].genProof(provingKey, witness, argv.verbose);
|
2020-03-26 22:16:29 +03:00
|
|
|
|
2020-03-28 21:40:30 +03:00
|
|
|
await fs.promises.writeFile(proofName, JSON.stringify(stringifyBigInts(proof), null, 1), "utf-8");
|
|
|
|
await fs.promises.writeFile(publicName, JSON.stringify(stringifyBigInts(publicSignals), null, 1), "utf-8");
|
2020-03-26 22:16:29 +03:00
|
|
|
} else if (argv._[0].toUpperCase() == "VERIFY") {
|
|
|
|
const public = unstringifyBigInts(JSON.parse(fs.readFileSync(publicName, "utf8")));
|
|
|
|
const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync(verificationKeyName, "utf8")));
|
|
|
|
const proof = unstringifyBigInts(JSON.parse(fs.readFileSync(proofName, "utf8")));
|
|
|
|
|
|
|
|
const protocol = verificationKey.protocol;
|
|
|
|
if (!zkSnark[protocol]) throw new Error("Invalid protocol");
|
|
|
|
|
|
|
|
const isValid = zkSnark[protocol].isValid(verificationKey, proof, public);
|
|
|
|
|
|
|
|
if (isValid) {
|
|
|
|
console.log("OK");
|
|
|
|
process.exit(0);
|
|
|
|
} else {
|
|
|
|
console.log("INVALID");
|
|
|
|
process.exit(1);
|
|
|
|
}
|
|
|
|
} else if (argv._[0].toUpperCase() == "GENERATEVERIFIER") {
|
|
|
|
|
|
|
|
const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync(verificationKeyName, "utf8")));
|
|
|
|
|
|
|
|
let verifierCode;
|
|
|
|
if (verificationKey.protocol == "original") {
|
|
|
|
verifierCode = generateVerifier_original(verificationKey);
|
|
|
|
} else if (verificationKey.protocol == "groth") {
|
|
|
|
verifierCode = generateVerifier_groth(verificationKey);
|
|
|
|
} else if (verificationKey.protocol == "kimleeoh") {
|
|
|
|
verifierCode = generateVerifier_kimleeoh(verificationKey);
|
|
|
|
} else {
|
|
|
|
throw new Error("InvalidProof");
|
|
|
|
}
|
|
|
|
|
|
|
|
fs.writeFileSync(verifierName, verifierCode, "utf-8");
|
|
|
|
process.exit(0);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2020-03-26 22:16:29 +03:00
|
|
|
} else if (argv._[0].toUpperCase() == "GENERATECALL") {
|
|
|
|
|
|
|
|
const public = unstringifyBigInts(JSON.parse(fs.readFileSync(publicName, "utf8")));
|
|
|
|
const proof = unstringifyBigInts(JSON.parse(fs.readFileSync(proofName, "utf8")));
|
|
|
|
|
|
|
|
let inputs = "";
|
|
|
|
for (let i=0; i<public.length; i++) {
|
|
|
|
if (inputs != "") inputs = inputs + ",";
|
|
|
|
inputs = inputs + p256(public[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
let S;
|
|
|
|
if ((typeof proof.protocol === "undefined") || (proof.protocol == "original")) {
|
|
|
|
S=`[${p256(proof.pi_a[0])}, ${p256(proof.pi_a[1])}],` +
|
|
|
|
`[${p256(proof.pi_ap[0])}, ${p256(proof.pi_ap[1])}],` +
|
|
|
|
`[[${p256(proof.pi_b[0][1])}, ${p256(proof.pi_b[0][0])}],[${p256(proof.pi_b[1][1])}, ${p256(proof.pi_b[1][0])}]],` +
|
|
|
|
`[${p256(proof.pi_bp[0])}, ${p256(proof.pi_bp[1])}],` +
|
|
|
|
`[${p256(proof.pi_c[0])}, ${p256(proof.pi_c[1])}],` +
|
|
|
|
`[${p256(proof.pi_cp[0])}, ${p256(proof.pi_cp[1])}],` +
|
|
|
|
`[${p256(proof.pi_h[0])}, ${p256(proof.pi_h[1])}],` +
|
|
|
|
`[${p256(proof.pi_kp[0])}, ${p256(proof.pi_kp[1])}],` +
|
|
|
|
`[${inputs}]`;
|
|
|
|
} else if ((proof.protocol == "groth")||(proof.protocol == "kimleeoh")) {
|
|
|
|
S=`[${p256(proof.pi_a[0])}, ${p256(proof.pi_a[1])}],` +
|
|
|
|
`[[${p256(proof.pi_b[0][1])}, ${p256(proof.pi_b[0][0])}],[${p256(proof.pi_b[1][1])}, ${p256(proof.pi_b[1][0])}]],` +
|
|
|
|
`[${p256(proof.pi_c[0])}, ${p256(proof.pi_c[1])}],` +
|
|
|
|
`[${inputs}]`;
|
|
|
|
} else {
|
|
|
|
throw new Error("InvalidProof");
|
|
|
|
}
|
|
|
|
|
|
|
|
console.log(S);
|
|
|
|
process.exit(0);
|
2018-11-10 16:43:37 +03:00
|
|
|
} else {
|
2020-03-26 22:16:29 +03:00
|
|
|
throw new Error("Invalid Command");
|
2018-11-10 16:43:37 +03:00
|
|
|
}
|
2020-03-26 22:16:29 +03:00
|
|
|
} catch(err) {
|
|
|
|
console.log(err.stack);
|
|
|
|
console.log("ERROR: " + err);
|
|
|
|
process.exit(1);
|
2018-10-21 19:24:49 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-11-10 16:43:37 +03:00
|
|
|
function generateVerifier_original(verificationKey) {
|
|
|
|
let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_original.sol"), "utf-8");
|
|
|
|
|
|
|
|
const vka_str = `[${verificationKey.vk_a[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_a[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_a[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_a[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_a%>", vka_str);
|
|
|
|
|
|
|
|
const vkb_str = `${verificationKey.vk_b[0].toString()},`+
|
|
|
|
`${verificationKey.vk_b[1].toString()}`;
|
|
|
|
template = template.replace("<%vk_b%>", vkb_str);
|
|
|
|
|
|
|
|
const vkc_str = `[${verificationKey.vk_c[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_c[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_c[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_c[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_c%>", vkc_str);
|
|
|
|
|
|
|
|
const vkg_str = `[${verificationKey.vk_g[0][1].toString()},`+
|
2019-06-16 01:12:50 +03:00
|
|
|
`${verificationKey.vk_g[0][0].toString()}], `+
|
2018-11-10 16:43:37 +03:00
|
|
|
`[${verificationKey.vk_g[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_g[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_g%>", vkg_str);
|
|
|
|
|
|
|
|
const vkgb1_str = `${verificationKey.vk_gb_1[0].toString()},`+
|
|
|
|
`${verificationKey.vk_gb_1[1].toString()}`;
|
|
|
|
template = template.replace("<%vk_gb1%>", vkgb1_str);
|
|
|
|
|
|
|
|
const vkgb2_str = `[${verificationKey.vk_gb_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_gb_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_gb_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_gb_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_gb2%>", vkgb2_str);
|
|
|
|
|
|
|
|
const vkz_str = `[${verificationKey.vk_z[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_z[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_z[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_z[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_z%>", vkz_str);
|
|
|
|
|
|
|
|
// The points
|
|
|
|
|
|
|
|
template = template.replace("<%vk_input_length%>", (verificationKey.IC.length-1).toString());
|
|
|
|
template = template.replace("<%vk_ic_length%>", verificationKey.IC.length.toString());
|
|
|
|
let vi = "";
|
|
|
|
for (let i=0; i<verificationKey.IC.length; i++) {
|
|
|
|
if (vi != "") vi = vi + " ";
|
|
|
|
vi = vi + `vk.IC[${i}] = Pairing.G1Point(${verificationKey.IC[i][0].toString()},`+
|
|
|
|
`${verificationKey.IC[i][1].toString()});\n`;
|
|
|
|
}
|
|
|
|
template = template.replace("<%vk_ic_pts%>", vi);
|
|
|
|
|
|
|
|
return template;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function generateVerifier_groth(verificationKey) {
|
|
|
|
let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_groth.sol"), "utf-8");
|
|
|
|
|
|
|
|
|
|
|
|
const vkalfa1_str = `${verificationKey.vk_alfa_1[0].toString()},`+
|
|
|
|
`${verificationKey.vk_alfa_1[1].toString()}`;
|
|
|
|
template = template.replace("<%vk_alfa1%>", vkalfa1_str);
|
|
|
|
|
|
|
|
const vkbeta2_str = `[${verificationKey.vk_beta_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_beta_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_beta_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_beta_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_beta2%>", vkbeta2_str);
|
|
|
|
|
|
|
|
const vkgamma2_str = `[${verificationKey.vk_gamma_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_gamma_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_gamma_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_gamma_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_gamma2%>", vkgamma2_str);
|
|
|
|
|
|
|
|
const vkdelta2_str = `[${verificationKey.vk_delta_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_delta_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_delta_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_delta_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_delta2%>", vkdelta2_str);
|
|
|
|
|
|
|
|
// The points
|
|
|
|
|
|
|
|
template = template.replace("<%vk_input_length%>", (verificationKey.IC.length-1).toString());
|
|
|
|
template = template.replace("<%vk_ic_length%>", verificationKey.IC.length.toString());
|
|
|
|
let vi = "";
|
|
|
|
for (let i=0; i<verificationKey.IC.length; i++) {
|
|
|
|
if (vi != "") vi = vi + " ";
|
|
|
|
vi = vi + `vk.IC[${i}] = Pairing.G1Point(${verificationKey.IC[i][0].toString()},`+
|
|
|
|
`${verificationKey.IC[i][1].toString()});\n`;
|
|
|
|
}
|
|
|
|
template = template.replace("<%vk_ic_pts%>", vi);
|
|
|
|
|
|
|
|
return template;
|
|
|
|
}
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2019-06-16 01:12:50 +03:00
|
|
|
function generateVerifier_kimleeoh(verificationKey) {
|
|
|
|
let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_groth.sol"), "utf-8");
|
|
|
|
|
|
|
|
|
|
|
|
const vkalfa1_str = `${verificationKey.vk_alfa_1[0].toString()},`+
|
|
|
|
`${verificationKey.vk_alfa_1[1].toString()}`;
|
|
|
|
template = template.replace("<%vk_alfa1%>", vkalfa1_str);
|
|
|
|
|
|
|
|
const vkbeta2_str = `[${verificationKey.vk_beta_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_beta_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_beta_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_beta_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_beta2%>", vkbeta2_str);
|
|
|
|
|
|
|
|
const vkgamma2_str = `[${verificationKey.vk_gamma_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_gamma_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_gamma_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_gamma_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_gamma2%>", vkgamma2_str);
|
|
|
|
|
|
|
|
const vkdelta2_str = `[${verificationKey.vk_delta_2[0][1].toString()},`+
|
|
|
|
`${verificationKey.vk_delta_2[0][0].toString()}], `+
|
|
|
|
`[${verificationKey.vk_delta_2[1][1].toString()},` +
|
|
|
|
`${verificationKey.vk_delta_2[1][0].toString()}]`;
|
|
|
|
template = template.replace("<%vk_delta2%>", vkdelta2_str);
|
|
|
|
|
|
|
|
// The points
|
|
|
|
|
|
|
|
template = template.replace("<%vk_input_length%>", (verificationKey.IC.length-1).toString());
|
|
|
|
template = template.replace("<%vk_ic_length%>", verificationKey.IC.length.toString());
|
|
|
|
let vi = "";
|
|
|
|
for (let i=0; i<verificationKey.IC.length; i++) {
|
|
|
|
if (vi != "") vi = vi + " ";
|
|
|
|
vi = vi + `vk.IC[${i}] = Pairing.G1Point(${verificationKey.IC[i][0].toString()},`+
|
|
|
|
`${verificationKey.IC[i][1].toString()});\n`;
|
|
|
|
}
|
|
|
|
template = template.replace("<%vk_ic_pts%>", vi);
|
2018-10-21 19:24:49 +03:00
|
|
|
|
2019-06-16 01:12:50 +03:00
|
|
|
return template;
|
|
|
|
}
|
2018-10-21 19:24:49 +03:00
|
|
|
|