-
Notifications
You must be signed in to change notification settings - Fork 0
/
prover.go
93 lines (80 loc) · 2.61 KB
/
prover.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package hollowprover
import (
"errors"
"math/big"
"os"
)
const bn254PrimeStr = "21888242871839275222246405745257275088548364400416034343698204186575808495617"
// A Groth16-based zero-knowledge prover utility to be used with HollowDB.
// Use NewProver function to create it.
type prover struct {
wasmBytes []byte
zkeyBytes []byte
bn254prime *big.Int
}
// Creates a Groth16-based zero-knowledge prover utility to be used with HollowDB.
//
// You will need to provide paths to a WASM circuit, and a prover key.
// You can find these files at: https://github.com/firstbatchxyz/hollowdb-prover-go/tree/master/circuits
//
// It is up to you to decide where to place them for your application.
// For example, in a web-app you may place under the `public` directory.
func Prover(wasmPath string, proverKeyPath string) (*prover, error) {
wasmBytes, err := os.ReadFile(wasmPath)
if err != nil {
return nil, err
}
pkeyBytes, err := os.ReadFile(proverKeyPath)
if err != nil {
return nil, err
}
bn254Prime, ok := new(big.Int).SetString(bn254PrimeStr, 10)
if !ok {
return nil, errors.New("could not prepare BN254 prime")
}
return &prover{wasmBytes, pkeyBytes, bn254Prime}, nil
}
// Generates a proof, returns (proof, publicSignals).
//
// Current value and next value can be anything, they will be hashed-to-group and then ProveHashed
// will be called to generate the actual proof.
func (prover *prover) Prove(preimage *big.Int, curValue any, nextValue any) (string, string, error) {
curValueHash, err := HashToGroup(curValue)
if err != nil {
return "", "", err
}
nextValueHash, err := HashToGroup(nextValue)
if err != nil {
return "", "", err
}
return prover.ProveHashed(preimage, curValueHash, nextValueHash)
}
// Generates a proof, returns (proof, publicSignals).
//
// Inputs are assumed to be hashed-to-group.
func (prover *prover) ProveHashed(preimage *big.Int, curValueHash *big.Int, nextValueHash *big.Int) (string, string, error) {
InputTooLargeErr := errors.New("input larger than BN254 order")
if preimage.Cmp(prover.bn254prime) != -1 {
return "", "", InputTooLargeErr
}
if curValueHash.Cmp(prover.bn254prime) != -1 {
return "", "", InputTooLargeErr
}
if nextValueHash.Cmp(prover.bn254prime) != -1 {
return "", "", InputTooLargeErr
}
input := map[string]interface{}{
"preimage": preimage,
"curValueHash": curValueHash,
"nextValueHash": nextValueHash,
}
wtnsBytes, err := computeWitness(prover.wasmBytes, input)
if err != nil {
return "", "", err
}
proof, publicInputs, err := generateProof(wtnsBytes, prover.zkeyBytes)
if err != nil {
return "", "", err
}
return proof, publicInputs, nil
}