|
| 1 | +import { CircuitSetup } from "."; |
| 2 | +import * as snarkjs from "snarkjs"; |
| 3 | +const { unstringifyBigInts } = require("snarkjs/src/stringifybigint"); |
| 4 | + |
| 5 | +const LOG_PREFIX = "[embarkjs-snark]: "; |
| 6 | + |
| 7 | +export default class Circuit { |
| 8 | + constructor(private setup: CircuitSetup) { |
| 9 | + this.setup.provingKey = unstringifyBigInts(this.setup.provingKey); |
| 10 | + this.setup.verificationKey = unstringifyBigInts(this.setup.verificationKey); |
| 11 | + } |
| 12 | + |
| 13 | + /** |
| 14 | + * Given public signals and a proof to prove those public signals can be verified, |
| 15 | + * generates an array of inputs the can be used to call the verifyProof function |
| 16 | + * in the verification contract (Solidity). |
| 17 | + * |
| 18 | + * @remarks Derived from the {@link https://github.com/iden3/snarkjs/blob/f2e5bc56b33aedbbbf7fed38b3f234d3d2b1adb7/cli.js#L365-L392 | "generatecall" snarkjs cli function} |
| 19 | + * |
| 20 | + * @param publicSignals - public inputs to be verified using the proof |
| 21 | + * @param proof - the proof used to verify the inputs are valid |
| 22 | + * @returns an array of solidity inputs that can be used to call the "verifyProof" |
| 23 | + * function of the deployed vertificadtion contract |
| 24 | + */ |
| 25 | + private generateSolidityInputs(publicSignals, proof): string[] { |
| 26 | + publicSignals = unstringifyBigInts(publicSignals); |
| 27 | + proof = unstringifyBigInts(proof); |
| 28 | + |
| 29 | + const p256 = (n) => { |
| 30 | + let nstr = n.toString(16); |
| 31 | + while (nstr.length < 64) { nstr = "0" + nstr; } |
| 32 | + nstr = `0x${nstr}`; |
| 33 | + return nstr; |
| 34 | + }; |
| 35 | + |
| 36 | + let inputs = ""; |
| 37 | + for (const publicSignal of publicSignals) { |
| 38 | + if (inputs !== "") { inputs = inputs + ","; } |
| 39 | + inputs = inputs + p256(publicSignal); |
| 40 | + } |
| 41 | + |
| 42 | + let S; |
| 43 | + if ((typeof proof.protocol === "undefined") || (proof.protocol === "original")) { |
| 44 | + S = [ |
| 45 | + [proof.pi_a[0], proof.pi_a[1]], |
| 46 | + [proof.pi_ap[0], proof.pi_ap[1]], |
| 47 | + [[proof.pi_b[0][1], proof.pi_b[0][0]], [proof.pi_b[1][1], proof.pi_b[1][0]]], |
| 48 | + [proof.pi_bp[0], proof.pi_bp[1]], |
| 49 | + [proof.pi_c[0], proof.pi_c[1]], |
| 50 | + [proof.pi_cp[0], proof.pi_cp[1]], |
| 51 | + [proof.pi_h[0], proof.pi_h[1]], |
| 52 | + [proof.pi_kp[0], proof.pi_kp[1]] |
| 53 | + ]; |
| 54 | + } else if ((proof.protocol === "groth") || (proof.protocol === "kimleeoh")) { |
| 55 | + S = [ |
| 56 | + [proof.pi_a[0], proof.pi_a[1]], |
| 57 | + [[proof.pi_b[0][1], proof.pi_b[0][0]], [proof.pi_b[1][1], proof.pi_b[1][0]]], |
| 58 | + [proof.pi_c[0], proof.pi_c[1]] |
| 59 | + ]; |
| 60 | + } else { |
| 61 | + throw new Error("InvalidProof"); |
| 62 | + } |
| 63 | + |
| 64 | + const two56ify = (arr: any[]): any[] => { |
| 65 | + return arr.map(n => { |
| 66 | + if (Array.isArray(n)) { |
| 67 | + return two56ify(n); |
| 68 | + } |
| 69 | + return p256(n); |
| 70 | + }); |
| 71 | + }; |
| 72 | + S = two56ify(S); |
| 73 | + S.push([inputs]); |
| 74 | + return S; |
| 75 | + } |
| 76 | + |
| 77 | + public async calculate(inputs: any) { |
| 78 | + const circuit = new snarkjs.Circuit(this.setup.compiledCircuit); |
| 79 | + const witness = circuit.calculateWitness(inputs); |
| 80 | + const { proof, publicSignals } = snarkjs[this.setup.config.protocol].genProof( |
| 81 | + this.setup.provingKey, |
| 82 | + witness |
| 83 | + ); |
| 84 | + |
| 85 | + return { proof, publicSignals }; |
| 86 | + } |
| 87 | + |
| 88 | + public async verify(inputs: any) { |
| 89 | + console.log(`${LOG_PREFIX}NOTE -- Private inputs will **not** be sent to the blockchain. They are used to calculate the witness and generate a proof.`); |
| 90 | + if (!this.setup.verificationContract) { |
| 91 | + return console.error(`Error verifying inputs, verification contract for '${this.setup.name}' not found.`); |
| 92 | + } |
| 93 | + |
| 94 | + console.log(`${LOG_PREFIX}Calculating witness and generating proof...`); |
| 95 | + const { proof, publicSignals } = await this.calculate(inputs); |
| 96 | + const solidityInputs = this.generateSolidityInputs(publicSignals, proof); |
| 97 | + |
| 98 | + console.log(`${LOG_PREFIX}Verifying inputs on chain...`); |
| 99 | + return await this.setup.verificationContract.methods.verifyProof(...solidityInputs).call(); |
| 100 | + } |
| 101 | + |
| 102 | + public async verifyOffChain(inputs) { |
| 103 | + console.log(`${LOG_PREFIX}Calculating witness and generating proof...`); |
| 104 | + const { proof, publicSignals } = await this.calculate(inputs); |
| 105 | + |
| 106 | + console.log(`${LOG_PREFIX}Verifying inputs off chain...`); |
| 107 | + return snarkjs[this.setup.config.protocol].isValid(this.setup.verificationKey, proof, publicSignals); |
| 108 | + } |
| 109 | +} |
0 commit comments