aarifullin/neoneo-go
1
0
Fork 0
forked from TrueCloudLab/neoneo-go
Code Pull requests Activity

Merge pull request #3234 from nspcc-dev/add-response-source

Browse source 
examples: improve cubic circuit documentation
This commit is contained in:
Roman Khimov 2023-11-28 17:07:12 +03:00 committed by GitHub
commit e8e964e3da
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
examples/zkp/cubic_circuit/README.md
View file

@ -31,20 +31,25 @@ to organize the ceremony and generate proving and verifying keys for a circuit.
However, both phases take a significant amount of time and computations to be However, both phases take a significant amount of time and computations to be
performed. Luckily for the developers, it is possible to omit a curve-specific performed. Luckily for the developers, it is possible to omit a curve-specific
part of the MPC and reuse the existing results of Phase 1 got from a trusted part of the MPC and reuse the existing results of Phase 1 got from a trusted
source, e.g. from [Powers of Tau ceremony](https://github.com/filecoin-project/powersoftau/) source, e.g. from [Zcash PowersOfTau](https://github.com/ZcashFoundation/powersoftau-attestations)
held by the [Filecoin project](https://github.com/filecoin-project/phase2-attestations#phase1). held by the [Zcash Foundation](https://github.com/ZcashFoundation).
`TestCubicCircuit_EndToEnd_Prod` test of the current circuit example demonstrates `TestCubicCircuit_EndToEnd_Prod` test of the current circuit example demonstrates
how to use the `response` output file from the Phase 1 of the Filecoin's Powers how to use the `response` output file from the Phase 1 of the Filecoin's Powers
of Tau ceremony for BLS12-381 curve: of Tau ceremony for BLS12-381 curve:
* [`response8`](./response8) file is the response output from the [Powers of Tau ceremony](https://github.com/filecoin-project/powersoftau/) * [`response8`](./response8) file is the response output from the ceremony that was run locally
with the `REQUIRED_POWER` set to 8 (to reduce computations and response file size) based on the [Filecoin Powers of Tau](https://github.com/filecoin-project/powersoftau/)
that was run locally with the help of [testing script](https://github.com/filecoin-project/powersoftau/blob/master/test.sh). with the `REQUIRED_POWER` set to 8 (to reduce computations and response file size).
The ceremony itself was run with the help of [testing script](https://github.com/filecoin-project/powersoftau/blob/master/test.sh).
To get the response file for a production environment, the user has two options: To get the response file for a production environment, the user has two options:
1. Organize his own ceremony with required number of powers following the 1. Organize his own ceremony with required number of powers following the
[guide](https://github.com/filecoin-project/powersoftau/tree/master#instructions) [guide](https://github.com/filecoin-project/powersoftau/tree/master#instructions)
from the source repo. from the ceremony source repo.
2. Download the existing suitable `response` file from the 2. Download the existing suitable `response` file from the trusted existing ceremony.
[attestations page](https://github.com/arielgabizon/perpetualpowersoftau#perpetual-powers-of-tau-for-bls381). Please, be careful while choosing `response` file and ensure that it has enough
powers computed (at least as much as the number of the circuit's constraints requires).
Example of suitable ceremonies:
* Zcash Powers Of Tau [attestations page](https://github.com/ZcashFoundation/powersoftau-attestations) (up to 2^21)
* Filecoin Perpetual Powers Of Tau [attestations page](https://github.com/arielgabizon/perpetualpowersoftau#perpetual-powers-of-tau-for-bls381) (up to 2^27)
* [main_test](./main_test.go) contains the `TestCubicCircuit_EndToEnd_Prod` test * [main_test](./main_test.go) contains the `TestCubicCircuit_EndToEnd_Prod` test
itself and demonstrates how to properly initialize Phase 2 based on the given itself and demonstrates how to properly initialize Phase 2 based on the given
response file and make some dummy contributions into it. response file and make some dummy contributions into it.

27
examples/zkp/cubic_circuit/main_test.go
View file

@ -1,6 +1,7 @@
package cubic package cubic
import ( import (
"fmt"
"math" "math"
"os" "os"
"path/filepath" "path/filepath"
@ -156,6 +157,12 @@ func TestCubicCircuit_EndToEnd(t *testing.T) {
// result for proving/verifying keys generation and demonstrates how to contribute // result for proving/verifying keys generation and demonstrates how to contribute
// some randomness into it. // some randomness into it.
func TestCubicCircuit_EndToEnd_Prod(t *testing.T) { func TestCubicCircuit_EndToEnd_Prod(t *testing.T) {
const (
// Response file generated locally for 2^8 powers.
pathToResponseFile = "./response8"
// The order of Powers of Tau ceremony, it depends on the response file.
orderOfResponseFile = 8
)
var ( var (
circuit CubicCircuit circuit CubicCircuit
assignment = CubicCircuit{X: 3, Y: 35} assignment = CubicCircuit{X: 3, Y: 35}
@ -166,8 +173,10 @@ func TestCubicCircuit_EndToEnd_Prod(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
// Setup (groth16 zkSNARK), use MPC-based solution for proving and verifying // Setup (groth16 zkSNARK), use MPC-based solution for proving and verifying
// keys generation. // keys generation. Please, be careful while adopting this code for your circuit.
pk, vk := setup(t, ccs, "./response8", 8) // the order of Powers of Tau ceremony, depends on the response file. // Ensure that response file that you've provided contains enough powers computed
// so that the number of constraints in your circuit can be handled.
pk, vk := setup(t, ccs, pathToResponseFile, orderOfResponseFile)
// Intermediate step: witness definition. // Intermediate step: witness definition.
witness, err := frontend.NewWitness(&assignment, ecc.BLS12_381.ScalarField()) witness, err := frontend.NewWitness(&assignment, ecc.BLS12_381.ScalarField())
@ -262,20 +271,21 @@ func setup(t *testing.T, ccs constraint.ConstraintSystem, phase1ResponsePath str
beta_coef_g1 := make([]curve.G1Affine, inN) beta_coef_g1 := make([]curve.G1Affine, inN)
// Accumulator serialization: https://github.com/filecoin-project/powersoftau/blob/ab8f85c28f04af5a99cfcc93a3b1f74c06f94105/src/accumulator.rs#L111 // Accumulator serialization: https://github.com/filecoin-project/powersoftau/blob/ab8f85c28f04af5a99cfcc93a3b1f74c06f94105/src/accumulator.rs#L111
errMessage := fmt.Sprintf("ensure your response file contains exactly 2^%d powers of tau for BLS12-381 curve", inPow)
for i := range coef_g1 { for i := range coef_g1 {
require.NoError(t, dec.Decode(&coef_g1[i])) require.NoError(t, dec.Decode(&coef_g1[i]), errMessage)
} }
for i := range coef_g2 { for i := range coef_g2 {
require.NoError(t, dec.Decode(&coef_g2[i])) require.NoError(t, dec.Decode(&coef_g2[i]), errMessage)
} }
for i := range alpha_coef_g1 { for i := range alpha_coef_g1 {
require.NoError(t, dec.Decode(&alpha_coef_g1[i])) require.NoError(t, dec.Decode(&alpha_coef_g1[i]), errMessage)
} }
for i := range beta_coef_g1 { for i := range beta_coef_g1 {
require.NoError(t, dec.Decode(&beta_coef_g1[i])) require.NoError(t, dec.Decode(&beta_coef_g1[i]), errMessage)
} }
beta_g2 := &curve.G2Affine{} beta_g2 := &curve.G2Affine{}
require.NoError(t, dec.Decode(beta_g2)) require.NoError(t, dec.Decode(beta_g2), errMessage)
// Transform (take exactly those number of powers that needed for the given number of constraints). // Transform (take exactly those number of powers that needed for the given number of constraints).
var ( var (
@ -286,6 +296,9 @@ func setup(t *testing.T, ccs constraint.ConstraintSystem, phase1ResponsePath str
} }
outN := int64(math.Pow(2, float64(outPow))) outN := int64(math.Pow(2, float64(outPow)))
if len(coef_g1) < int(2*outN-1) {
t.Fatalf("number of circuit constraints is too large for the provided response file: nbConstraints is %d, required at least %d powers to be computed", numConstraints, outN)
}
srs1 := mpcsetup.Phase1{} srs1 := mpcsetup.Phase1{}
srs1.Parameters.G1.Tau = coef_g1[:2*outN-1] // outN + (outN-1) srs1.Parameters.G1.Tau = coef_g1[:2*outN-1] // outN + (outN-1)
srs1.Parameters.G2.Tau = coef_g2[:outN] // outN srs1.Parameters.G2.Tau = coef_g2[:outN] // outN