Merge branch 'master' of github.com:iden3/snarkjs
This commit is contained in:
Jordi Baylina
commit
f776cc9f8d
80
README.md
80
README.md
@ -32,12 +32,11 @@ node -v
|
||||
|
||||
To download the latest version of Node, see [here](https://nodejs.org/en/download/).
|
||||
|
||||
### Install snarkjs and circom
|
||||
### Install snarkjs
|
||||
|
||||
To install `circom` and `snarkjs`, run:
|
||||
To install `snarkjs` run:
|
||||
|
||||
```sh
|
||||
npm install -g circom@latest
|
||||
npm install -g snarkjs@latest
|
||||
```
|
||||
|
||||
@ -70,6 +69,10 @@ snarkjs g16p --help
|
||||
|
||||
If you a feel a command is taking longer than it should, re-run it with a `-v` or `--verbose` option to see more details about how it's progressing and where it's getting blocked.
|
||||
|
||||
### Install circom
|
||||
|
||||
To install `circom`, follow the instructions at [installing circom](https://docs.circom.io/getting-started/installation).
|
||||
|
||||
## Guide
|
||||
|
||||
### 0. Create and move into a new directory
|
||||
@ -221,9 +224,11 @@ Before we go ahead and create the circuit, we perform a final check and verify t
|
||||
### 9. Create the circuit
|
||||
```sh
|
||||
cat <<EOT > circuit.circom
|
||||
pragma circom 2.0.0;
|
||||
|
||||
template Multiplier(n) {
|
||||
signal private input a;
|
||||
signal private input b;
|
||||
signal input a;
|
||||
signal input b;
|
||||
signal output c;
|
||||
|
||||
signal int[n];
|
||||
@ -246,7 +251,7 @@ In this case, we've chosen `1000`, but we can change this to anything we want (
|
||||
|
||||
### 10. Compile the circuit
|
||||
```sh
|
||||
circom circuit.circom --r1cs --wasm --sym -v
|
||||
circom circuit.circom --r1cs --wasm --sym
|
||||
```
|
||||
|
||||
The `circom` command takes one input (the circuit to compile, in our case `circuit.circom`) and three options:
|
||||
@ -300,11 +305,27 @@ cat circuit.r1cs.json
|
||||
We export `r1cs` to `json` format to make it human readable.
|
||||
|
||||
|
||||
### 14. Setup
|
||||
### 14. Calculate the witness
|
||||
|
||||
First, we create a file with the inputs for our circuit:
|
||||
|
||||
```sh
|
||||
cat <<EOT > input.json
|
||||
{"a": 3, "b": 11}
|
||||
EOT
|
||||
```
|
||||
|
||||
Now, we use the Javascript/WASM program created by `circom` in the directory *circuit_js* to create the witness (values of all the wires) for our inputs:
|
||||
|
||||
```sh
|
||||
circuit_js$ node generate_witness.js circuit.wasm ../input.json ../witness.wtns
|
||||
```
|
||||
|
||||
### 15. Setup
|
||||
|
||||
Currently, snarkjs supports 2 proving systems: groth16 and PLONK.
|
||||
|
||||
Groth16 requires a trusted ceremony for each circuit. PLONK does not require it, it's enought with the powers of tau ceremony which is universal.
|
||||
Groth16 requires a trusted ceremony for each circuit. PLONK does not require it, it's enough with the powers of tau ceremony which is universal.
|
||||
|
||||
#### Plonk
|
||||
```sh
|
||||
@ -332,7 +353,7 @@ Note that `circuit_0000.zkey` (the output of the `zkey` command above) does not
|
||||
|
||||
*The following steps (15-20) are similar to the equivalent phase 1 steps, except we use `zkey` instead of `powersoftau` as the main command, and we generate `zkey` rather that `ptau` files.*
|
||||
|
||||
### 15. Contribute to the phase 2 ceremony
|
||||
### 16. Contribute to the phase 2 ceremony
|
||||
```sh
|
||||
snarkjs zkey contribute circuit_0000.zkey circuit_0001.zkey --name="1st Contributor Name" -v
|
||||
```
|
||||
@ -342,14 +363,14 @@ The `zkey contribute` command creates a `zkey` file with a new contribution.
|
||||
As in phase 1, you'll be prompted to enter some random text to provide an extra source of entropy.
|
||||
|
||||
|
||||
### 16. Provide a second contribution
|
||||
### 17. Provide a second contribution
|
||||
```sh
|
||||
snarkjs zkey contribute circuit_0001.zkey circuit_0002.zkey --name="Second contribution Name" -v -e="Another random entropy"
|
||||
```
|
||||
|
||||
We provide a second contribution.
|
||||
|
||||
### 17. Provide a third contribution using third party software
|
||||
### 18. Provide a third contribution using third party software
|
||||
|
||||
```sh
|
||||
snarkjs zkey export bellman circuit_0002.zkey challenge_phase2_0003
|
||||
@ -359,7 +380,7 @@ snarkjs zkey import bellman circuit_0002.zkey response_phase2_0003 circuit_0003.
|
||||
|
||||
And a third using [third-party software](https://github.com/kobigurk/phase2-bn254).
|
||||
|
||||
### 18. Verify the latest `zkey`
|
||||
### 19. Verify the latest `zkey`
|
||||
```sh
|
||||
snarkjs zkey verify circuit.r1cs pot12_final.ptau circuit_0003.zkey
|
||||
```
|
||||
@ -376,7 +397,7 @@ If everything checks out, you should see the following:
|
||||
[INFO] snarkJS: ZKey Ok!
|
||||
```
|
||||
|
||||
### 19. Apply a random beacon
|
||||
### 20. Apply a random beacon
|
||||
```sh
|
||||
snarkjs zkey beacon circuit_0003.zkey circuit_final.zkey 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon phase2"
|
||||
```
|
||||
@ -385,42 +406,21 @@ The `zkey beacon` command creates a `zkey` file with a contribution applied in t
|
||||
|
||||
We use it to apply a random beacon to the latest `zkey` after the final contribution has been made (this is necessary in order to generate a final `zkey` file and finalise phase 2 of the trusted setup).
|
||||
|
||||
### 20. Verify the final `zkey`
|
||||
### 21. Verify the final `zkey`
|
||||
```sh
|
||||
snarkjs zkey verify circuit.r1cs pot12_final.ptau circuit_final.zkey
|
||||
```
|
||||
|
||||
Before we go ahead and export the verification key as a `json`, we perform a final check and verify the final protocol transcript (`zkey`).
|
||||
|
||||
### 21. Export the verification key
|
||||
### 22. Export the verification key
|
||||
```sh
|
||||
snarkjs zkey export verificationkey circuit_final.zkey verification_key.json
|
||||
```
|
||||
We export the verification key from `circuit_final.zkey` into `verification_key.json`.
|
||||
|
||||
### 22. Calculate the witness
|
||||
```sh
|
||||
cat <<EOT > input.json
|
||||
{"a": 3, "b": 11}
|
||||
EOT
|
||||
snarkjs wtns calculate circuit.wasm input.json witness.wtns
|
||||
```
|
||||
|
||||
Calculate the witness (given the inputs `a = 3` and `b = 11`).
|
||||
|
||||
|
||||
### 23. Debug the final witness calculation
|
||||
```sh
|
||||
snarkjs wtns debug circuit.wasm input.json witness.wtns circuit.sym --trigger --get --set
|
||||
```
|
||||
|
||||
And check for any errors in the witness calculation process (best practice).
|
||||
|
||||
|
||||
The `wtns debug` command logs every time a new component starts/ends (`--trigger`), when a signal is set (`--set`) and when it's read (`--get`).
|
||||
|
||||
|
||||
### 24. Create the proof
|
||||
### 23. Create the proof
|
||||
|
||||
#### PLONK
|
||||
|
||||
@ -442,7 +442,7 @@ We create the proof. this command generates the files `proof.json` and `public.j
|
||||
> ```
|
||||
|
||||
|
||||
### 25. Verify the proof
|
||||
### 24. Verify the proof
|
||||
|
||||
#### PLONK
|
||||
```sh
|
||||
@ -459,14 +459,14 @@ We use the this command to verify the proof, passing in the `verification_key` w
|
||||
If all is well, you should see that `OK` has been outputted to your console. This signifies the proof is valid.
|
||||
|
||||
|
||||
### 26. Turn the verifier into a smart contract
|
||||
### 25. Turn the verifier into a smart contract
|
||||
```sh
|
||||
snarkjs zkey export solidityverifier circuit_final.zkey verifier.sol
|
||||
```
|
||||
|
||||
Finally, we export the verifier as a Solidity smart-contract so that we can publish it on-chain -- using [remix](https://remix.ethereum.org/) for example. For the details on how to do this, refer to section 4 of [this tutorial](https://blog.iden3.io/first-zk-proof.html).
|
||||
|
||||
### 27. Simulate a verification call
|
||||
### 26. Simulate a verification call
|
||||
```sh
|
||||
snarkjs zkey export soliditycalldata public.json proof.json
|
||||
```
|
||||
|
||||
Loading…
Reference in New Issue
Block a user