Creating zero knowledge proofs using the Bulletproofs implementation from dalek-cryptography. This repo contains several examples that show how various statements can be represented as arithmetic circuits which can be converted to R1CS. A blog post was written that explains the Bulletproofs API with several examples, though the API has changed slightly.
- Prove a number is in certain range
- Prove value is non-zero
- Prove value is not equal to a given value
- Proof of set membership, 2 implementations 1, 2
- Proof of set non-membership
- Proof knowledge of preimage given image of MiMC hash function
- Poseidon permutation, a 2:1 (2 inputs, 1 output) and 4:1 (4 inputs, 1 output) hash function based on it. 2 kinds of S-boxes, cube and inverse. Described in this paper. The parameters are generated using a sage worksheet supplied by Dmitry Khovratovich and a Jupyter notebook for that worksheet is present in the repo called Poseidon_Ristretto.ipynb.
- Proof of knowledge of leaf in a sparse merkle tree of width 2, i.e. each node has 2 children. Uses Poseidon 2:1 hash function.
- Proof of knowledge of leaf in a sparse merkle tree of width 4, i.e. each node has 4 children. Uses Poseidon 4:1 hash function.
This project uses a slightly modified implementation of Bulletproofs's
develop branch. The difference is addition of the methods
to return the number of constraints and multipliers respectively and addition of some new methods in constraint system and linear combinations
evaluate_lc: to evaluate a linear constraint
allocate_single: to return output variable when allocating right multiplier.
simplify: to simplify a linear combination, eg. simplify a linear combination like
2*x + 3*y + 4*xto
6*x + 3*y.
Use the nightly compiler to run tests like
cargo +nightly test --all-features