-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: How to verify if a public witness is associated with certain public inputs? #1125
Comments
The public witness contains exactly the values designated as |
Hi, not sure if I understand your issue correctly, is your question about 1) how does groth16 deal with public inputs in general or 2) do you want to know how to bound a hash to public values inside of a circuit ? In the case of 1) the proof simply doesn't pass if the public inputs are not related to the proof. For 2), you could instead of having a lot of public inputs, hash them, make the hash public, make the public inputs private, and prove inside of the circuit that the now public hash corresponds to the hash of the private (formerly public) inputs |
@Tabaie @ThomasPiellard thanks for the replies. Let me rephrase my question again. Inputs 1: data-1, Hash 1 First inputs will generate zkProof-1, and second will generate zkProof-2.. but how do the verifier can differentiate between them? That zkProof-1 is indeed of Hash-1 and zkProof-2 is indeed of Hash-2? @Tabaie answer does give the idea but I don't have much background in crypto graphy. So it would great if there is any high level code example or libraries I can refer. Thank you. |
ok so it was my option 1) I think, so the verifier works by doing a succint computation (namely some pairings in the case of plonk and groth16) on a tuple (public inputs, proof, verification key). A proof contains different components, a part |
"so the verifier computes on its own a commitment to the public inputs PI.." I think this answers my questions. Does the public_witness play it's part here? If the public_witness is encrypted data of public data( homomorphic hidings or something), can a verifier check if the public_witness is indeed of the given Hash (public data). Sorry if I'm being confusing. I am new to ZK stack. I just want to know how can the verifier differentiate between Valid zk-proofs of same circuits at HIGH LEVEL. If the method was something like this |
yes the public_witness plays its part in the computation of PI. But I don't understand the last remark, the signature of Verify is |
At a HIGH level, Problem statement: The prover sent ZkProof, public witness to me (verifier) I run the groth16.verify(zkProof, public witness, vk) and can be assured that the proof is indeed right. But whether if it's the zkProof or public Witness, they are more some encrypted data. It could be any valid inputs ( valid data that hashes some valid Hash).. but How can I make sure it is not some random valid inputs but the Hash-1 ( the one I'm expecting). |
Or simply, Can I independently construct public_witness knowing the public inputs of the circuit or vice versa ? |
yes public_witness and public inputs are the same thing, and it's not encrypted, in your example the raw result of the hash is used as public input, it's not encrypted or anything |
I see. So it's just a matter of encoding and decoding. Thanks a lot for your time. I'm new to gnark and this has been bugging me a lot. I didn't find any example or unit test ensuring this check, so it was hella confusing. Thanks again 😀 |
How do the verifier make sure that the proof is indeed related to given Hash (public input). Is there a way to verify this? If Im not wrong, the public witness might help here, but I am not sure how?
I have a simple Mimc circuit here
and
The text was updated successfully, but these errors were encountered: