Revert "Generate contract name by its name output"

This reverts commit 22a5b7bc46a0a1a69019af9feb99fe3cdbe1411b.
This commit is contained in:
adriamb 2019-06-18 17:07:11 +02:00
parent 22a5b7bc46
commit d2b3be19ef
3 changed files with 90 additions and 83 deletions

17
cli.js

@ -318,14 +318,12 @@ try {
} else if (argv._[0].toUpperCase() == "GENERATEVERIFIER") { } else if (argv._[0].toUpperCase() == "GENERATEVERIFIER") {
const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync(verificationKeyName, "utf8"))); const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync(verificationKeyName, "utf8")));
let contractName = path.parse(verifierName).name
contractName = contractName.charAt(0).toUpperCase() + contractName.slice(1)
let verifierCode; let verifierCode;
if (verificationKey.protocol == "original") { if (verificationKey.protocol == "original") {
verifierCode = generateVerifier_original(contractName,verificationKey); verifierCode = generateVerifier_original(verificationKey);
} else if (verificationKey.protocol == "groth") { } else if (verificationKey.protocol == "groth") {
verifierCode = generateVerifier_groth(contractName,verificationKey); verifierCode = generateVerifier_groth(verificationKey);
} else { } else {
throw new Error("InvalidProof"); throw new Error("InvalidProof");
} }
@ -376,11 +374,9 @@ try {
} }
function generateVerifier_original(contractName, verificationKey) { function generateVerifier_original(verificationKey) {
let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_original.sol"), "utf-8"); let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_original.sol"), "utf-8");
template = template.replace("<%contractName%>", contractName);
const vka_str = `[${verificationKey.vk_a[0][1].toString()},`+ const vka_str = `[${verificationKey.vk_a[0][1].toString()},`+
`${verificationKey.vk_a[0][0].toString()}], `+ `${verificationKey.vk_a[0][0].toString()}], `+
`[${verificationKey.vk_a[1][1].toString()},` + `[${verificationKey.vk_a[1][1].toString()},` +
@ -426,7 +422,7 @@ function generateVerifier_original(contractName, verificationKey) {
let vi = ""; let vi = "";
for (let i=0; i<verificationKey.IC.length; i++) { for (let i=0; i<verificationKey.IC.length; i++) {
if (vi != "") vi = vi + " "; if (vi != "") vi = vi + " ";
vi = vi + `vk.IC[${i}] = G1Point(${verificationKey.IC[i][0].toString()},`+ vi = vi + `vk.IC[${i}] = Pairing.G1Point(${verificationKey.IC[i][0].toString()},`+
`${verificationKey.IC[i][1].toString()});\n`; `${verificationKey.IC[i][1].toString()});\n`;
} }
template = template.replace("<%vk_ic_pts%>", vi); template = template.replace("<%vk_ic_pts%>", vi);
@ -435,10 +431,9 @@ function generateVerifier_original(contractName, verificationKey) {
} }
function generateVerifier_groth(contractName,verificationKey) { function generateVerifier_groth(verificationKey) {
let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_groth.sol"), "utf-8"); let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_groth.sol"), "utf-8");
template = template.replace("<%contractName%>", contractName);
const vkalfa1_str = `${verificationKey.vk_alfa_1[0].toString()},`+ const vkalfa1_str = `${verificationKey.vk_alfa_1[0].toString()},`+
`${verificationKey.vk_alfa_1[1].toString()}`; `${verificationKey.vk_alfa_1[1].toString()}`;
@ -469,7 +464,7 @@ function generateVerifier_groth(contractName,verificationKey) {
let vi = ""; let vi = "";
for (let i=0; i<verificationKey.IC.length; i++) { for (let i=0; i<verificationKey.IC.length; i++) {
if (vi != "") vi = vi + " "; if (vi != "") vi = vi + " ";
vi = vi + `vk.IC[${i}] = G1Point(${verificationKey.IC[i][0].toString()},`+ vi = vi + `vk.IC[${i}] = Pairing.G1Point(${verificationKey.IC[i][0].toString()},`+
`${verificationKey.IC[i][1].toString()});\n`; `${verificationKey.IC[i][1].toString()});\n`;
} }
template = template.replace("<%vk_ic_pts%>", vi); template = template.replace("<%vk_ic_pts%>", vi);

@ -10,8 +10,7 @@
// added requiere error messages // added requiere error messages
// //
pragma solidity ^0.5.0; pragma solidity ^0.5.0;
contract <%contractName%> { library Pairing {
struct G1Point { struct G1Point {
uint X; uint X;
uint Y; uint Y;
@ -34,6 +33,16 @@ contract <%contractName%> {
[4082367875863433681332203403145435568316851327593401208105741076214120093531, [4082367875863433681332203403145435568316851327593401208105741076214120093531,
8495653923123431417604973247489272438418190587263600148770280649306958101930] 8495653923123431417604973247489272438418190587263600148770280649306958101930]
); );
/*
// Changed by Jordi point
return G2Point(
[10857046999023057135944570762232829481370756359578518086990519993285655852781,
11559732032986387107991004021392285783925812861821192530917403151452391805634],
[8495653923123431417604973247489272438418190587263600148770280649306958101930,
4082367875863433681332203403145435568316851327593401208105741076214120093531]
);
*/
} }
/// @return the negation of p, i.e. p.addition(p.negate()) should be zero. /// @return the negation of p, i.e. p.addition(p.negate()) should be zero.
function negate(G1Point memory p) internal pure returns (G1Point memory) { function negate(G1Point memory p) internal pure returns (G1Point memory) {
@ -149,37 +158,39 @@ contract <%contractName%> {
p2[3] = d2; p2[3] = d2;
return pairing(p1, p2); return pairing(p1, p2);
} }
}
contract Verifier {
using Pairing for *;
struct VerifyingKey { struct VerifyingKey {
G1Point alfa1; Pairing.G1Point alfa1;
G2Point beta2; Pairing.G2Point beta2;
G2Point gamma2; Pairing.G2Point gamma2;
G2Point delta2; Pairing.G2Point delta2;
G1Point[] IC; Pairing.G1Point[] IC;
} }
struct Proof { struct Proof {
G1Point A; Pairing.G1Point A;
G2Point B; Pairing.G2Point B;
G1Point C; Pairing.G1Point C;
} }
function verifyingKey() internal pure returns (VerifyingKey memory vk) { function verifyingKey() internal pure returns (VerifyingKey memory vk) {
vk.alfa1 = G1Point(<%vk_alfa1%>); vk.alfa1 = Pairing.G1Point(<%vk_alfa1%>);
vk.beta2 = G2Point(<%vk_beta2%>); vk.beta2 = Pairing.G2Point(<%vk_beta2%>);
vk.gamma2 = G2Point(<%vk_gamma2%>); vk.gamma2 = Pairing.G2Point(<%vk_gamma2%>);
vk.delta2 = G2Point(<%vk_delta2%>); vk.delta2 = Pairing.G2Point(<%vk_delta2%>);
vk.IC = new G1Point[](<%vk_ic_length%>); vk.IC = new Pairing.G1Point[](<%vk_ic_length%>);
<%vk_ic_pts%> <%vk_ic_pts%>
} }
function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
VerifyingKey memory vk = verifyingKey(); VerifyingKey memory vk = verifyingKey();
require(input.length + 1 == vk.IC.length,"verifier-bad-input"); require(input.length + 1 == vk.IC.length,"verifier-bad-input");
// Compute the linear combination vk_x // Compute the linear combination vk_x
G1Point memory vk_x = G1Point(0, 0); Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
for (uint i = 0; i < input.length; i++) for (uint i = 0; i < input.length; i++)
vk_x = addition(vk_x, scalar_mul(vk.IC[i + 1], input[i])); vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
vk_x = addition(vk_x, vk.IC[0]); vk_x = Pairing.addition(vk_x, vk.IC[0]);
if (!pairingProd4( if (!Pairing.pairingProd4(
negate(proof.A), proof.B, Pairing.negate(proof.A), proof.B,
vk.alfa1, vk.beta2, vk.alfa1, vk.beta2,
vk_x, vk.gamma2, vk_x, vk.gamma2,
proof.C, vk.delta2 proof.C, vk.delta2
@ -193,9 +204,9 @@ contract <%contractName%> {
uint[<%vk_input_length%>] memory input uint[<%vk_input_length%>] memory input
) public view returns (bool r) { ) public view returns (bool r) {
Proof memory proof; Proof memory proof;
proof.A = G1Point(a[0], a[1]); proof.A = Pairing.G1Point(a[0], a[1]);
proof.B = G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]);
proof.C = G1Point(c[0], c[1]); proof.C = Pairing.G1Point(c[0], c[1]);
uint[] memory inputValues = new uint[](input.length); uint[] memory inputValues = new uint[](input.length);
for(uint i = 0; i < input.length; i++){ for(uint i = 0; i < input.length; i++){
inputValues[i] = input[i]; inputValues[i] = input[i];

@ -10,8 +10,7 @@
// added requiere error messages // added requiere error messages
// //
pragma solidity ^0.5.0; pragma solidity ^0.5.0;
contract <%contractName%> { library Pairing {
struct G1Point { struct G1Point {
uint X; uint X;
uint Y; uint Y;
@ -149,58 +148,60 @@ contract <%contractName%> {
p2[3] = d2; p2[3] = d2;
return pairing(p1, p2); return pairing(p1, p2);
} }
}
contract Verifier {
using Pairing for *;
struct VerifyingKey { struct VerifyingKey {
G2Point A; Pairing.G2Point A;
G1Point B; Pairing.G1Point B;
G2Point C; Pairing.G2Point C;
G2Point gamma; Pairing.G2Point gamma;
G1Point gammaBeta1; Pairing.G1Point gammaBeta1;
G2Point gammaBeta2; Pairing.G2Point gammaBeta2;
G2Point Z; Pairing.G2Point Z;
G1Point[] IC; Pairing.G1Point[] IC;
} }
struct Proof { struct Proof {
G1Point A; Pairing.G1Point A;
G1Point A_p; Pairing.G1Point A_p;
G2Point B; Pairing.G2Point B;
G1Point B_p; Pairing.G1Point B_p;
G1Point C; Pairing.G1Point C;
G1Point C_p; Pairing.G1Point C_p;
G1Point K; Pairing.G1Point K;
G1Point H; Pairing.G1Point H;
} }
function verifyingKey() internal pure returns (VerifyingKey memory vk) { function verifyingKey() internal pure returns (VerifyingKey memory vk) {
vk.A = G2Point(<%vk_a%>); vk.A = Pairing.G2Point(<%vk_a%>);
vk.B = G1Point(<%vk_b%>); vk.B = Pairing.G1Point(<%vk_b%>);
vk.C = G2Point(<%vk_c%>); vk.C = Pairing.G2Point(<%vk_c%>);
vk.gamma = G2Point(<%vk_g%>); vk.gamma = Pairing.G2Point(<%vk_g%>);
vk.gammaBeta1 = G1Point(<%vk_gb1%>); vk.gammaBeta1 = Pairing.G1Point(<%vk_gb1%>);
vk.gammaBeta2 = G2Point(<%vk_gb2%>); vk.gammaBeta2 = Pairing.G2Point(<%vk_gb2%>);
vk.Z = G2Point(<%vk_z%>); vk.Z = Pairing.G2Point(<%vk_z%>);
vk.IC = new G1Point[](<%vk_ic_length%>); vk.IC = new Pairing.G1Point[](<%vk_ic_length%>);
<%vk_ic_pts%> <%vk_ic_pts%>
} }
function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
VerifyingKey memory vk = verifyingKey(); VerifyingKey memory vk = verifyingKey();
require(input.length + 1 == vk.IC.length,"verifier-bad-input"); require(input.length + 1 == vk.IC.length,"verifier-bad-input");
// Compute the linear combination vk_x // Compute the linear combination vk_x
G1Point memory vk_x = G1Point(0, 0); Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
for (uint i = 0; i < input.length; i++) for (uint i = 0; i < input.length; i++)
vk_x = addition(vk_x, scalar_mul(vk.IC[i + 1], input[i])); vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
vk_x = addition(vk_x, vk.IC[0]); vk_x = Pairing.addition(vk_x, vk.IC[0]);
if (!pairingProd2(proof.A, vk.A, negate(proof.A_p), P2())) return 1; if (!Pairing.pairingProd2(proof.A, vk.A, Pairing.negate(proof.A_p), Pairing.P2())) return 1;
if (!pairingProd2(vk.B, proof.B, negate(proof.B_p), P2())) return 2; if (!Pairing.pairingProd2(vk.B, proof.B, Pairing.negate(proof.B_p), Pairing.P2())) return 2;
if (!pairingProd2(proof.C, vk.C, negate(proof.C_p), P2())) return 3; if (!Pairing.pairingProd2(proof.C, vk.C, Pairing.negate(proof.C_p), Pairing.P2())) return 3;
if (!pairingProd3( if (!Pairing.pairingProd3(
proof.K, vk.gamma, proof.K, vk.gamma,
negate(addition(vk_x, addition(proof.A, proof.C))), vk.gammaBeta2, Pairing.negate(Pairing.addition(vk_x, Pairing.addition(proof.A, proof.C))), vk.gammaBeta2,
negate(vk.gammaBeta1), proof.B Pairing.negate(vk.gammaBeta1), proof.B
)) return 4; )) return 4;
if (!pairingProd3( if (!Pairing.pairingProd3(
addition(vk_x, proof.A), proof.B, Pairing.addition(vk_x, proof.A), proof.B,
negate(proof.H), vk.Z, Pairing.negate(proof.H), vk.Z,
negate(proof.C), P2() Pairing.negate(proof.C), Pairing.P2()
)) return 5; )) return 5;
return 0; return 0;
} }
@ -216,14 +217,14 @@ contract <%contractName%> {
uint[<%vk_input_length%>] memory input uint[<%vk_input_length%>] memory input
) view public returns (bool r) { ) view public returns (bool r) {
Proof memory proof; Proof memory proof;
proof.A = G1Point(a[0], a[1]); proof.A = Pairing.G1Point(a[0], a[1]);
proof.A_p = G1Point(a_p[0], a_p[1]); proof.A_p = Pairing.G1Point(a_p[0], a_p[1]);
proof.B = G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]);
proof.B_p = G1Point(b_p[0], b_p[1]); proof.B_p = Pairing.G1Point(b_p[0], b_p[1]);
proof.C = G1Point(c[0], c[1]); proof.C = Pairing.G1Point(c[0], c[1]);
proof.C_p = G1Point(c_p[0], c_p[1]); proof.C_p = Pairing.G1Point(c_p[0], c_p[1]);
proof.H = G1Point(h[0], h[1]); proof.H = Pairing.G1Point(h[0], h[1]);
proof.K = G1Point(k[0], k[1]); proof.K = Pairing.G1Point(k[0], k[1]);
uint[] memory inputValues = new uint[](input.length); uint[] memory inputValues = new uint[](input.length);
for(uint i = 0; i < input.length; i++){ for(uint i = 0; i < input.length; i++){
inputValues[i] = input[i]; inputValues[i] = input[i];