Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    m.zohaib🌕.∞
    @zohaib__29_twitter
    Execution failed: Sum check failed
    The default ZoKrates interpreter should not yield this error. Please open an issue.
    1 reply
    scrypt
    @scryptsv:matrix.org
    [m]
    the default seems to be Ark, not Bellman as the documentation says
    Darko Macesic
    @dark64

    the default seems to be Ark, not Bellman as the documentation says

    good catch

    m.zohaib🌕.∞
    @zohaib__29_twitter

    Can anybody explain what parameter are expectd in this function as pk and sk are in hexa and what is context
    import "ecc/edwardsAdd" as add;
    import "ecc/edwardsScalarMult" as multiply;
    import "utils/pack/bool/nonStrictUnpack256" as unpack256;
    from "ecc/babyjubjubParams" import BabyJubJubParams;

    /// Verifies match of a given public/private keypair.
    ///
    /// Checks if the following equation holds for the provided keypair:
    /// pk = skG
    /// where G is the chosen base point of the subgroup
    /// and
    denotes scalar multiplication in the subgroup
    ///
    /// Arguments:
    /// pk: Curve point. Public key.
    /// sk: Field element. Private key.
    /// context: Curve parameters (including generator G) used to create keypair.
    ///
    /// Returns:
    /// Return true for pk/sk being a valid keypair, false otherwise.
    def main(field[2] pk, field sk, BabyJubJubParams context) -> bool {
    field[2] G = [context.Gu, context.Gv];

    bool[256] skBits = unpack256(sk);
    field[2] ptExp = multiply(skBits, G, context);
    
    bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1];
    return out;

    }

    4 replies
    davidgks
    @davidgks

    Could somebody help me with how to use the compilation with custom options for zokrates-js?
    When I try to compile my root module that imports other .zok-scripts I've written, I always get an UnhandledPromiseRejection error with the message:

    "Could not resolve ./pathImportedModule: error thrown in resolve callback."

    The zokrates documentation for zokrates-js regarding the resolveCallback doesn't really help me with that issue

    1 reply
    msinkec
    @msinkec
    Hello! How do I get the output of zokrates log statements via the js library?
    2 replies
    davidgks
    @davidgks

    Hi, I am having troubles with using the zokrates-js when I am trying to compile a the following zok-script.

    import "hashes/sha256/sha256";
    import "utils/casts/u8_to_bits";
    import "utils/casts/u32_to_bits";
    import "utils/casts/u32_from_bits";
    
    
    // length / 512 + 1 == M
    // (M-1)*512 = L + 64 + 1
    
    // M = (L + 64 + 1) / 512 + 1
    // L = (M-1)*512 - 65
    
    
    // A padding function that takes a bool[L] array as input and pads it to 512-bit blocks
    def pad<L, M>(bool[L] m) -> u32[M][16] {
        u32 length = L + 64 + 1;
        assert(length / 512 + 1 == M);
    
        u32 r = length % 512;
        u32 k = 512 - r;
        bool[M * 512] result_in_bits = [...m, true, ...[false; k + 32], ...u32_to_bits(L)];
        u32[M][16] mut result = [[0; 16]; M];
    
        for u32 i in 0..M {
            for u32 j in 0..16 {
                u32 start = i * 512 + j * 32;
                u32 end = start + 32;
                result[i][j] = u32_from_bits(result_in_bits[start..end]);
            }
        }
        return result;
    }
    
    // A function that takes a bool[N] array as input, pads it,
    // and returns the sha256 output as a u32[8]
    def sha256Padded<N>(bool[N] input) -> u32[8] {
        u32 block_count = (N + 64 + 1) / 512 + 1;
        u32[block_count][16] padded = pad(input);
        return sha256(padded);
    }
    
    // A function that takes a u8[N] array as input, pads it,
    // and returns the sha256 output as a u32[8]
    def main(u8[800] input) -> u32[8] {
        u32 L = 800 * 8;
        bool[L] mut input_bits = [false; L];
    
        for u32 i in 0..800 {
            bool[8] bits = u8_to_bits(input[i]);
            for u32 j in 0..8 {
                input_bits[i * 8 + j] = bits[j];
            }
        }
    
        return sha256Padded(input_bits);
    }

    Then I try to run zokrates-js like this:

    const { initialize } = require('zokrates-js');
    const fs = require("fs");
    const path = require("path");
    
    initialize().then((zokratesProvider) => {
    
        const source = fs.readFileSync("./sha256ByteInput.zok").toString();
    
        // compilation
        const artifacts = zokratesProvider.compile(source);
    });

    I receive this error in the CLI:

    wasm://wasm/044b6f8e:1
    
    
    RuntimeError: unreachable
        at wasm://wasm/044b6f8e:wasm-function[15693]:0x10b0813
        at wasm://wasm/044b6f8e:wasm-function[6198]:0xdd9c0a
        at wasm://wasm/044b6f8e:wasm-function[2668]:0xa5b430
        at wasm://wasm/044b6f8e:wasm-function[8993]:0xf47dde
        at wasm://wasm/044b6f8e:wasm-function[855]:0x65f6b6
        at wasm://wasm/044b6f8e:wasm-function[260]:0x32d811
        at wasm://wasm/044b6f8e:wasm-function[3965]:0xc07efb
        at wasm://wasm/044b6f8e:wasm-function[718]:0x5c709a
        at wasm://wasm/044b6f8e:wasm-function[8451]:0xf0edc3
        at Object.module.exports.compile (/Users/david/Studium/Master_FU/Semester04/Zokrates_testing/zokrates_hash_preimage/node_modules/zokrates-js/node/pkg/index.js:136:14)

    I tried to configure a webpack.configure.js with experiments.syncWebAssembly: true like it is suggested in the zokrates documentation but it seems not to work. I am not too familiar with webpack and wasm.
    This is how I tried to configure webpack:

    const path = require('path');
    
    module.exports = {
        mode: 'development',
        entry: './run_sha256ByteInput.js',
        output: {
          path: path.resolve(__dirname, 'dist'),
          filename: "main.js"
        },
        experiments: {
          asyncWebAssembly: true,
          buildHttp: true,
          layers: true,
          lazyCompilation: true,
          outputModule: true,
          syncWebAssembly: true,
          topLevelAwait: true,
        },
      };

    Any help on that issue would be much appreciated.

    2 replies
    scrypt
    @scryptsv:matrix.org
    [m]
    can solidity verifier other than groth16 be exported, such as gm17 & Marlin?
    davidgks
    @davidgks

    Is there a way to compile zokrates programs that compile to very large circuits with zokrates-js? I have this code that compiles without problems in the CLI but not with zokrates-js. This code compiles to 474468 constraints.

    import "hashes/sha256/sha256Padded";
    
    def main(u8[800] input) -> u32[8] {
        return sha256Padded(input);
    }

    With zokrates-js in node I receive a RuntimeError because of the wasm module.

    I was already given the hint that this runtime error occurs due to the 32-bit nature of the implemented wasm module in the npm package. Is there a way to adjust this so that I can compile large programs as for example the one described above?

    1 reply
    Darko Macesic
    @dark64

    can solidity verifier other than groth16 be exported, such as gm17 & Marlin?

    yes, solidity verifier is available for all supported schemes; which verifier to export is determined automatically from the verification key

    nn0n
    @nn0n:matrix.org
    [m]
    Is still example still up to date? https://blog.decentriq.com/proving-hash-pre-image-zksnarks-zokrates/ do you need to expand the inputs to their binary to compare a byte32 in solidity?
    m.zohaib🌕.∞
    @zohaib__29_twitter

    @dark64 what is PK referencing here, and from where it derives?

    from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS;
    import "ecc/proofOfOwnership" as proofOfOwnership;
    import "ecc/edwardsScalarMult" as multiply;

    // Code to create test cases:
    // https://github.com/Zokrates/pycrypto
    def testOwnershipTrue() -> bool {
    field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174];
    field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025;

    bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS);
    
    assert(out);
    return true;

    }

    def testOwnershipFalse() -> bool {
    field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529];
    field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025;
    bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS);

    assert(!out);
    return true;

    }

    def main() {
    assert(testOwnershipTrue());
    assert(testOwnershipFalse());
    return;
    }

    m.zohaib🌕.∞
    @zohaib__29_twitter
    can somebody explain me, from where PK and SK are generated?
    I convert my public and private key into decimal but didn't work, above code is taken from example and it work with hardcoded PK and sK values, but not working on my input values.
    Akshay ⛓️
    @akshay_111meher_twitter

    Is it possible to avoid the size of array

    def main(field[3] a)

    Can the above be modified to ?

    def main(field[] a)
    2 replies
    Akshay ⛓️
    @akshay_111meher_twitter

    Also where can I find the list of standard imports

    like the one here

    import "hashes/sha256/512bit" as sha256;
    2 replies
    adluong
    @adluong
    Hello folks, I want to use the MiMC hash function to reduce the computational cost of my program. However, I found that there are two functions 'mimcFeistel' and 'mimcSponge' in stdlib/hashes/mimcSponge/, so I'm wondering which one should I use
    scrypt
    @scryptsv:matrix.org
    [m]
    bls12_381 is supported, per the documentation https://zokrates.github.io/toolbox/proving_schemes.html

    however, when I run:

    zokrates compile --curve bls12_381 -i test.zok
    zokrates export-verifier

    the following error is shown:
    Could not export verifier with given parameters (curve: bls12_381, scheme: g16): not supported

    1 reply
    scrypt
    @scryptsv:matrix.org
    [m]
    also how does BLS12-381 compare against BN254?
    TokyoSwap
    @MatteoLeonesi
    there is way to exit from the loop when something is true?
    3 replies
    after an if statment
    Akshay ⛓️
    @akshay_111meher_twitter

    is there a code snippet that will help me generate the signatures for verifyEdDSA?

    I tried with this code https://github.com/Zokrates/ZoKrates/blob/latest/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok

    But got stuck what BabyJubJub params are?

    3 replies
    Akshay ⛓️
    @akshay_111meher_twitter

    There is another issue.

    I have written down a complex circuit. However the process gets killed while compilation itself.

    Any idea what should be done.

    1 reply
    Ruslan Gilemzyanov
    @ruslangm

    Hey folks, I just generated verifier contract, compiled it and successfully deployed. Invocation of verifyTx function in Remix works good for generated proof but I don't understand how to invoke verifyTx function from another .sol contract.
    Here is my input (works normally in Remix) -

    [["0x2f3810050479b65ea38134fdf7f5b3b0920a0c8aa23e92bb3889755b3a1164d7","0x1e8f1ef8b5f945bad8b6af69ff2e68ba55c185eeba86876d40831f38a1a4649f"],[["0x1459a0000de6687e91a043671b1bec91780ac08644b6bc8290819c8f98b78fbc","0x17b0342bc3ca52e458ad4422b854a8d59b6a3a316fa29520a5203a0015635a2e"],["0x10b05e9fa7685bb4252cbfa072801ebb088daaac9d0128529f86ae24e40af823","0x1a2d7ed27ad2d76cf6b9e6b4de4e65cf8e49e361675dd9975ab7b847dbf4dde1"]],["0x19abc4d49cf06c1c83949f9d0e1359b3db242a51390f30a1d5bf9d5a0693926c","0x2f090bcb548d661042988f2f7a5816df8c37e59f65bb012d338873c9b5ce2aee"]],["0x00000000000000000000000000000000c2b08378039e63f41c443fa0f747eeba","0x00000000000000000000000000000000c2e402cf88bcbe6ab09f882ebe79276b","0x00000000000000000000000000000000f5a5fd42d16a20302798ef6ed309979b","0x00000000000000000000000000000000c2b08378039e63f41c443fa0f747eeba","0x00000000000000000000000000000000c2b08378039e63f41c443fa0f747eeba","0x0000000000000000000000000000000000000000000000000000000000000001"]

    But when I do:

    import "./verifier.sol";
    ...
    verifier.verify([["0x2f3810050479b65ea38134fdf7f5b3b0920a0c8aa23e92bb3889755b3a1164d7", ....])

    I'm receiving an error: Unable to deduce common type for array elements..
    Any ideas how to invoke verifier contract by using zokrates proof directly in smart contract in remix? Will appreciate.

    Ruslan Gilemzyanov
    @ruslangm
    Okay, I resolved this, you need to create Proof object by itself and then use it altogether with input array (mb you will have to cast values to uint256 as well):
    Verifier.Proof memory proof;
          proof.a = Pairing.G1Point("...","...");       
          proof.b = Pairing.G2Point(["...", "..."],["...", "..."]);
          proof.c = Pairing.G1Point("...", "...");
    Ruslan Gilemzyanov
    @ruslangm
    Hey, can somebody explain why I have 5 public inputs to my Zokrates program but proof which is generated by Zokrates contains 6 hex input values and the last one is 0x0000000000000000000000000000000000000000000000000000000000000001.
    What does the last one input value mean?
    1 reply
    Sergey Kalich
    @DrHyperKALICH
    Hi everyone! Can someone share basic working example for Merlin proving scheme?
    I am always get "Programs must have a least 2 constraints. This program is too small to generate a setup with Marlin, see arkworks-rs/marlin#79" error...
    1 reply
    Even if I add 2 constraints to code.
    Jalil F.
    @jfarid27
    Hey all. I have a question about the bit packing in Zokrates. I don't think I understand exactly how the packing and numbers work in regards to the sha256 functions. I guess I'm looking for a way to take a known sha256 and run the tutorial code, without just using the number 5. I know I can convert a sha256 hex into a decimal number, but then how do I get that as inputs into zokrates? It looks like in the tutorial, I could "split" the number and use it as inputs, but it's interesting that where I split the numbers matter. I was expecting I could split the number in any way, and the sha256packed would "concatenate" the number and hash it, but that doesn't seem to be the case. You can see this here by the way.
    Screenshot from 2022-10-14 10-21-47.png
    I have 99999 as a number, but I split it in the tutorial in 2 ways, and I get 2 different sha256 witness outputs, so clearly I'm confused about how this works. I was expecting the sha256packed function would actually concatenate the field numbers right?
    xonack
    @xonack
    Hey all! I'm playing around with Zokrates and was wondering - are there specific use cases where it makes sense to use a field vs u64 type beyond range constraints?
    1 reply
    Crypto Meister 33 (5555)
    @CryptoMeister13_twitter
    Hi. Does const keypair = zokratesProvider.setup(artifacts.program); generate toxic waste? I'm assuming yes, so I'm thinking this can be run inside a secure container (private computing like Intel SGX) to ensure no one had access to the process memory to extract the waste. A second question is, does that setup function use any kind of randomness? Can that randomness source be provided? Thanks.
    1 reply
    TokyoSwap
    @MatteoLeonesi
    hi, there is way to prove ownership of an nft with zokrates ?
    xonack
    @xonack

    Hi all, I'm trying to use ABI as input format in the CLI but am getting the following output:
    $ zokrates compute-witness --abi --verbose -i compute -s abi.json ⏎ Computing witness... ABI input as inline argument is not supported. Please use --stdin.

    is ABI still supported as layed out in docs and Zokrates/ZoKrates#105 ?

    1 reply
    Georg Wiese
    @georgwiese
    Hi, I was wondering if you're interested in contributors? :) I spent the past months studying cryptography and learning Rust; now I'm looking for a cool open-source project to get my hands dirty. I'll probably need some pointers here and there, but I got some time to invest until the end of the month.
    2 replies
    Cat
    @catthu
    Is nested proof supported? I want to write something along these lines (pseudo-ish code)
    import "../externalVerify";
    
    def main(private field a, field proof):
      // Some assertions about a here
      // Then check the validity of the proof with another verification key
      assert(externalVerify(proof) == true)
      return;
    4 replies
    Cat
    @catthu
    New question! Sorry if it's a dumb question, my understanding of all this stuff is basic
    I'm seeing that to generate a proof, we need the compiled version of the source. Why is this, and doesn't this mean that the prover has to have access to the source or the circuit, which means they'll need to have additional information?
    What I want to do is to provide my provers (via a web front end, most likely) with only a proving key and a verifying key (or verifying smart contract). They can then use the proving key and their witness to generate a proof, and then use the verifying key or the verifying contract to verify the proof's trueness. But it doesn't seem like this is possible.
    1 reply
    m.zohaib🌕.∞
    @zohaib__29_twitter
    out file (compile program) is taking a lot of time to run inside the AWS Lambda function
    Alvaro Alonso
    @alvaround:matrix.org
    [m]

    Asking this because I haven't found the topic in the previous questions; Is there an elegant solution to specify only certain fields in a struct private and leave some publics?

    The work-around I came up so far is to split this struct in 2, one with public variables and the other a private struct with all the private ones. However this does reduce the readability of it.

    I have a proof which have multiple merkletree proofs, with structs and generics the code is super readable but merkle trees have some of the inputs public and other private :/

    1 reply
    Alvaro Alonso
    @alvaround:matrix.org
    [m]
    Hey again, I am looking to generate a MerkleTree with zokrates, has anyone done it and mind sharing? If not, since I don't see any on zokrates_cli/examples, @dark64 would it made sense to added? should I create a PR from the forked repo?
    1 reply
    Alvaro Alonso
    @alvaround:matrix.org
    [m]
    Maybe I should have extend more on my message. Yes, there is a merkleTree folder in examples, but inside the folder there are only pathProofs. What I am doing is the inverse of a proof path, generating a hash root from an array of leafs. Once I finish programming it, would it be helpful to add to the the folder?
    1 reply
    Alvaro Alonso
    @alvaround:matrix.org
    [m]
    Hello again, has anyone here implemented a signature verification proof using bls12_381 instead of the default ALT_BN128 ? I trying to create a verification contract for tezos instead of eth
    kushagra jindal
    @kushagra_jindal_twitter
    Screenshot 2022-11-28 at 10.57.35 PM.png
    Hi everyone, I am trying to work on the merkleTree sha256PathProof3 (Source:- https://github.com/Zokrates/ZoKrates/blob/latest/zokrates_cli/examples/merkleTree/sha256PathProof3.zok). Can someone please help me with the explanation of the parameters used directionSelection and path. Some sample data would be appreciable for better understanding.
    1 reply
    kushagra jindal
    @kushagra_jindal_twitter
    @Schaeff @dark64 can you please help me with the above query..
    Alvaro Alonso
    @alvaround:matrix.org
    [m]
    Are there plans to support the verification of signatures with the JubJub ecc in the stdlib? Zokrates support currently the export of contracts with bls12_381 so having a way to verify signatures on it, would make sense
    2 replies
    Alvaro Alonso
    @alvaround:matrix.org
    [m]
    I would also like to raise a point that I think is not communicate it clearly in the doc github pages: Looking at export-verifier command source code the command does only accept bn128 curve as argument (https://github.com/Zokrates/ZoKrates/blob/develop/zokrates_cli/src/ops/export_verifier.rs#L61) , but in the github pages it is implied that you can use other curves to export the contract , which is not true (https://zokrates.github.io/toolbox/proving_schemes.html#proving-schemes)
    kushagra jindal
    @kushagra_jindal_twitter
    As per my knowledge, Groth16 requires a trusted ceremony for each circuit. When we compile and validate our circuit with ZoKrates are there any steps to run the ceremony? Or is ZoKrates doing this in the backend (Although, I cannot see any .ptau file created in my directory). @Schaeff @dark64 would appreciate you help or any material that I can refer to?