Where communities thrive

• Join over 1.5M+ people
• Join over 100K+ communities
• Free without limits
Activity
m.zohaib🌕.∞
Execution failed: Sum check failed
The default ZoKrates interpreter should not yield this error. Please open an issue.
scrypt
@scryptsv:matrix.org
[m]
the default seems to be Ark, not Bellman as the documentation says
Darko Macesic
@dark64

the default seems to be Ark, not Bellman as the documentation says

good catch

m.zohaib🌕.∞

Can anybody explain what parameter are expectd in this function as pk and sk are in hexa and what is context
import "ecc/edwardsScalarMult" as multiply;
import "utils/pack/bool/nonStrictUnpack256" as unpack256;
from "ecc/babyjubjubParams" import BabyJubJubParams;

/// Verifies match of a given public/private keypair.
///
/// Checks if the following equation holds for the provided keypair:
/// pk = skG
/// where G is the chosen base point of the subgroup
/// and
denotes scalar multiplication in the subgroup
///
/// Arguments:
/// pk: Curve point. Public key.
/// sk: Field element. Private key.
/// context: Curve parameters (including generator G) used to create keypair.
///
/// Returns:
/// Return true for pk/sk being a valid keypair, false otherwise.
def main(field[2] pk, field sk, BabyJubJubParams context) -> bool {
field[2] G = [context.Gu, context.Gv];

bool[256] skBits = unpack256(sk);
field[2] ptExp = multiply(skBits, G, context);

bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1];
return out;

}

4 replies
davidgks
@davidgks

Could somebody help me with how to use the compilation with custom options for zokrates-js?
When I try to compile my root module that imports other .zok-scripts I've written, I always get an UnhandledPromiseRejection error with the message:

"Could not resolve ./pathImportedModule: error thrown in resolve callback."

The zokrates documentation for zokrates-js regarding the resolveCallback doesn't really help me with that issue

msinkec
@msinkec
Hello! How do I get the output of zokrates log statements via the js library?
2 replies
davidgks
@davidgks

Hi, I am having troubles with using the zokrates-js when I am trying to compile a the following zok-script.

import "hashes/sha256/sha256";
import "utils/casts/u8_to_bits";
import "utils/casts/u32_to_bits";
import "utils/casts/u32_from_bits";

// length / 512 + 1 == M
// (M-1)*512 = L + 64 + 1

// M = (L + 64 + 1) / 512 + 1
// L = (M-1)*512 - 65

// A padding function that takes a bool[L] array as input and pads it to 512-bit blocks
def pad<L, M>(bool[L] m) -> u32[M][16] {
u32 length = L + 64 + 1;
assert(length / 512 + 1 == M);

u32 r = length % 512;
u32 k = 512 - r;
bool[M * 512] result_in_bits = [...m, true, ...[false; k + 32], ...u32_to_bits(L)];
u32[M][16] mut result = [[0; 16]; M];

for u32 i in 0..M {
for u32 j in 0..16 {
u32 start = i * 512 + j * 32;
u32 end = start + 32;
result[i][j] = u32_from_bits(result_in_bits[start..end]);
}
}
return result;
}

// A function that takes a bool[N] array as input, pads it,
// and returns the sha256 output as a u32[8]
def sha256Padded<N>(bool[N] input) -> u32[8] {
u32 block_count = (N + 64 + 1) / 512 + 1;
}

// A function that takes a u8[N] array as input, pads it,
// and returns the sha256 output as a u32[8]
def main(u8[800] input) -> u32[8] {
u32 L = 800 * 8;
bool[L] mut input_bits = [false; L];

for u32 i in 0..800 {
bool[8] bits = u8_to_bits(input[i]);
for u32 j in 0..8 {
input_bits[i * 8 + j] = bits[j];
}
}

}

Then I try to run zokrates-js like this:

const { initialize } = require('zokrates-js');
const fs = require("fs");
const path = require("path");

initialize().then((zokratesProvider) => {

// compilation
const artifacts = zokratesProvider.compile(source);
});

I receive this error in the CLI:

wasm://wasm/044b6f8e:1

RuntimeError: unreachable
at wasm://wasm/044b6f8e:wasm-function[15693]:0x10b0813
at wasm://wasm/044b6f8e:wasm-function[6198]:0xdd9c0a
at wasm://wasm/044b6f8e:wasm-function[2668]:0xa5b430
at wasm://wasm/044b6f8e:wasm-function[8993]:0xf47dde
at wasm://wasm/044b6f8e:wasm-function[855]:0x65f6b6
at wasm://wasm/044b6f8e:wasm-function[260]:0x32d811
at wasm://wasm/044b6f8e:wasm-function[3965]:0xc07efb
at wasm://wasm/044b6f8e:wasm-function[718]:0x5c709a
at wasm://wasm/044b6f8e:wasm-function[8451]:0xf0edc3
at Object.module.exports.compile (/Users/david/Studium/Master_FU/Semester04/Zokrates_testing/zokrates_hash_preimage/node_modules/zokrates-js/node/pkg/index.js:136:14)

I tried to configure a webpack.configure.js with experiments.syncWebAssembly: true like it is suggested in the zokrates documentation but it seems not to work. I am not too familiar with webpack and wasm.
This is how I tried to configure webpack:

const path = require('path');

module.exports = {
mode: 'development',
entry: './run_sha256ByteInput.js',
output: {
path: path.resolve(__dirname, 'dist'),
filename: "main.js"
},
experiments: {
asyncWebAssembly: true,
buildHttp: true,
layers: true,
lazyCompilation: true,
outputModule: true,
syncWebAssembly: true,
topLevelAwait: true,
},
};

Any help on that issue would be much appreciated.

2 replies
scrypt
@scryptsv:matrix.org
[m]
can solidity verifier other than groth16 be exported, such as gm17 & Marlin?
davidgks
@davidgks

Is there a way to compile zokrates programs that compile to very large circuits with zokrates-js? I have this code that compiles without problems in the CLI but not with zokrates-js. This code compiles to 474468 constraints.

import "hashes/sha256/sha256Padded";

def main(u8[800] input) -> u32[8] {
}

With zokrates-js in node I receive a RuntimeError because of the wasm module.

I was already given the hint that this runtime error occurs due to the 32-bit nature of the implemented wasm module in the npm package. Is there a way to adjust this so that I can compile large programs as for example the one described above?

Darko Macesic
@dark64

can solidity verifier other than groth16 be exported, such as gm17 & Marlin?

yes, solidity verifier is available for all supported schemes; which verifier to export is determined automatically from the verification key

nn0n
@nn0n:matrix.org
[m]
Is still example still up to date? https://blog.decentriq.com/proving-hash-pre-image-zksnarks-zokrates/ do you need to expand the inputs to their binary to compare a byte32 in solidity?
m.zohaib🌕.∞

@dark64 what is PK referencing here, and from where it derives?

from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS;
import "ecc/proofOfOwnership" as proofOfOwnership;
import "ecc/edwardsScalarMult" as multiply;

// Code to create test cases:
// https://github.com/Zokrates/pycrypto
def testOwnershipTrue() -> bool {
field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174];
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025;

bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS);

assert(out);
return true;

}

def testOwnershipFalse() -> bool {
field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529];
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025;
bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS);

assert(!out);
return true;

}

def main() {
assert(testOwnershipTrue());
assert(testOwnershipFalse());
return;
}

m.zohaib🌕.∞
can somebody explain me, from where PK and SK are generated?
I convert my public and private key into decimal but didn't work, above code is taken from example and it work with hardcoded PK and sK values, but not working on my input values.
Akshay ⛓️

Is it possible to avoid the size of array

def main(field[3] a)

Can the above be modified to ?

def main(field[] a)
2 replies
Akshay ⛓️

Also where can I find the list of standard imports

like the one here

import "hashes/sha256/512bit" as sha256;
2 replies
Hello folks, I want to use the MiMC hash function to reduce the computational cost of my program. However, I found that there are two functions 'mimcFeistel' and 'mimcSponge' in stdlib/hashes/mimcSponge/, so I'm wondering which one should I use
scrypt
@scryptsv:matrix.org
[m]
bls12_381 is supported, per the documentation https://zokrates.github.io/toolbox/proving_schemes.html

however, when I run:

zokrates compile --curve bls12_381 -i test.zok
zokrates export-verifier

the following error is shown:
Could not export verifier with given parameters (curve: bls12_381, scheme: g16): not supported

scrypt
@scryptsv:matrix.org
[m]
also how does BLS12-381 compare against BN254?
TokyoSwap
@MatteoLeonesi
there is way to exit from the loop when something is true?
3 replies
after an if statment
Akshay ⛓️

is there a code snippet that will help me generate the signatures for verifyEdDSA?

But got stuck what BabyJubJub params are?

3 replies
Akshay ⛓️

There is another issue.

I have written down a complex circuit. However the process gets killed while compilation itself.

Any idea what should be done.

Ruslan Gilemzyanov
@ruslangm

Hey folks, I just generated verifier contract, compiled it and successfully deployed. Invocation of verifyTx function in Remix works good for generated proof but I don't understand how to invoke verifyTx function from another .sol contract.
Here is my input (works normally in Remix) -

[["0x2f3810050479b65ea38134fdf7f5b3b0920a0c8aa23e92bb3889755b3a1164d7","0x1e8f1ef8b5f945bad8b6af69ff2e68ba55c185eeba86876d40831f38a1a4649f"],[["0x1459a0000de6687e91a043671b1bec91780ac08644b6bc8290819c8f98b78fbc","0x17b0342bc3ca52e458ad4422b854a8d59b6a3a316fa29520a5203a0015635a2e"],["0x10b05e9fa7685bb4252cbfa072801ebb088daaac9d0128529f86ae24e40af823","0x1a2d7ed27ad2d76cf6b9e6b4de4e65cf8e49e361675dd9975ab7b847dbf4dde1"]],["0x19abc4d49cf06c1c83949f9d0e1359b3db242a51390f30a1d5bf9d5a0693926c","0x2f090bcb548d661042988f2f7a5816df8c37e59f65bb012d338873c9b5ce2aee"]],["0x00000000000000000000000000000000c2b08378039e63f41c443fa0f747eeba","0x00000000000000000000000000000000c2e402cf88bcbe6ab09f882ebe79276b","0x00000000000000000000000000000000f5a5fd42d16a20302798ef6ed309979b","0x00000000000000000000000000000000c2b08378039e63f41c443fa0f747eeba","0x00000000000000000000000000000000c2b08378039e63f41c443fa0f747eeba","0x0000000000000000000000000000000000000000000000000000000000000001"]

But when I do:

import "./verifier.sol";
...
verifier.verify([["0x2f3810050479b65ea38134fdf7f5b3b0920a0c8aa23e92bb3889755b3a1164d7", ....])

I'm receiving an error: Unable to deduce common type for array elements..
Any ideas how to invoke verifier contract by using zokrates proof directly in smart contract in remix? Will appreciate.

Ruslan Gilemzyanov
@ruslangm
Okay, I resolved this, you need to create Proof object by itself and then use it altogether with input array (mb you will have to cast values to uint256 as well):
Verifier.Proof memory proof;
proof.a = Pairing.G1Point("...","...");
proof.b = Pairing.G2Point(["...", "..."],["...", "..."]);
proof.c = Pairing.G1Point("...", "...");
Ruslan Gilemzyanov
@ruslangm
Hey, can somebody explain why I have 5 public inputs to my Zokrates program but proof which is generated by Zokrates contains 6 hex input values and the last one is 0x0000000000000000000000000000000000000000000000000000000000000001.
What does the last one input value mean?
Sergey Kalich
@DrHyperKALICH
Hi everyone! Can someone share basic working example for Merlin proving scheme?
I am always get "Programs must have a least 2 constraints. This program is too small to generate a setup with Marlin, see arkworks-rs/marlin#79" error...
Even if I add 2 constraints to code.
Jalil F.
@jfarid27
Hey all. I have a question about the bit packing in Zokrates. I don't think I understand exactly how the packing and numbers work in regards to the sha256 functions. I guess I'm looking for a way to take a known sha256 and run the tutorial code, without just using the number 5. I know I can convert a sha256 hex into a decimal number, but then how do I get that as inputs into zokrates? It looks like in the tutorial, I could "split" the number and use it as inputs, but it's interesting that where I split the numbers matter. I was expecting I could split the number in any way, and the sha256packed would "concatenate" the number and hash it, but that doesn't seem to be the case. You can see this here by the way.
I have 99999 as a number, but I split it in the tutorial in 2 ways, and I get 2 different sha256 witness outputs, so clearly I'm confused about how this works. I was expecting the sha256packed function would actually concatenate the field numbers right?
xonack
@xonack
Hey all! I'm playing around with Zokrates and was wondering - are there specific use cases where it makes sense to use a field vs u64 type beyond range constraints?
Crypto Meister 33 (5555)
Hi. Does const keypair = zokratesProvider.setup(artifacts.program); generate toxic waste? I'm assuming yes, so I'm thinking this can be run inside a secure container (private computing like Intel SGX) to ensure no one had access to the process memory to extract the waste. A second question is, does that setup function use any kind of randomness? Can that randomness source be provided? Thanks.
TokyoSwap
@MatteoLeonesi
hi, there is way to prove ownership of an nft with zokrates ?
xonack
@xonack

Hi all, I'm trying to use ABI as input format in the CLI but am getting the following output:
\$ zokrates compute-witness --abi --verbose -i compute -s abi.json ⏎ Computing witness... ABI input as inline argument is not supported. Please use --stdin.

is ABI still supported as layed out in docs and Zokrates/ZoKrates#105 ?

Georg Wiese
@georgwiese
Hi, I was wondering if you're interested in contributors? :) I spent the past months studying cryptography and learning Rust; now I'm looking for a cool open-source project to get my hands dirty. I'll probably need some pointers here and there, but I got some time to invest until the end of the month.
2 replies
Cat
@catthu
Is nested proof supported? I want to write something along these lines (pseudo-ish code)
import "../externalVerify";

def main(private field a, field proof):
// Some assertions about a here
// Then check the validity of the proof with another verification key
assert(externalVerify(proof) == true)
return;
4 replies
Cat
@catthu
New question! Sorry if it's a dumb question, my understanding of all this stuff is basic
I'm seeing that to generate a proof, we need the compiled version of the source. Why is this, and doesn't this mean that the prover has to have access to the source or the circuit, which means they'll need to have additional information?
What I want to do is to provide my provers (via a web front end, most likely) with only a proving key and a verifying key (or verifying smart contract). They can then use the proving key and their witness to generate a proof, and then use the verifying key or the verifying contract to verify the proof's trueness. But it doesn't seem like this is possible.
m.zohaib🌕.∞
out file (compile program) is taking a lot of time to run inside the AWS Lambda function
Alvaro Alonso
@alvaround:matrix.org
[m]

Asking this because I haven't found the topic in the previous questions; Is there an elegant solution to specify only certain fields in a struct private and leave some publics?

The work-around I came up so far is to split this struct in 2, one with public variables and the other a private struct with all the private ones. However this does reduce the readability of it.

I have a proof which have multiple merkletree proofs, with structs and generics the code is super readable but merkle trees have some of the inputs public and other private :/

Alvaro Alonso
@alvaround:matrix.org
[m]
Hey again, I am looking to generate a MerkleTree with zokrates, has anyone done it and mind sharing? If not, since I don't see any on zokrates_cli/examples, @dark64 would it made sense to added? should I create a PR from the forked repo?
Alvaro Alonso
@alvaround:matrix.org
[m]
Maybe I should have extend more on my message. Yes, there is a merkleTree folder in examples, but inside the folder there are only pathProofs. What I am doing is the inverse of a proof path, generating a hash root from an array of leafs. Once I finish programming it, would it be helpful to add to the the folder?
Alvaro Alonso
@alvaround:matrix.org
[m]
Hello again, has anyone here implemented a signature verification proof using bls12_381 instead of the default ALT_BN128 ? I trying to create a verification contract for tezos instead of eth
kushagra jindal
Hi everyone, I am trying to work on the merkleTree sha256PathProof3 (Source:- https://github.com/Zokrates/ZoKrates/blob/latest/zokrates_cli/examples/merkleTree/sha256PathProof3.zok). Can someone please help me with the explanation of the parameters used directionSelection and path. Some sample data would be appreciable for better understanding.
kushagra jindal
Are there plans to support the verification of signatures with the JubJub ecc in the stdlib? Zokrates support currently the export of contracts with bls12_381 so having a way to verify signatures on it, would make sense
As per my knowledge, Groth16 requires a trusted ceremony for each circuit. When we compile and validate our circuit with ZoKrates are there any steps to run the ceremony? Or is ZoKrates doing this in the backend (Although, I cannot see any .ptau file created in my directory). @Schaeff @dark64 would appreciate you help or any material that I can refer to?