Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Thibaut Schaeffer
    @Schaeff
    @smithsen did you use the one-line installer?
    smithsen
    @smithsen

    Oh yeah you mean "curl -LSfs get.zokrat.es | sh" ? Yes I did. It gives me "curl: (22) The requested URL returned error: 404 Not Found

    gzip: stdin: unexpected end of file
    tar: Child returned status 1
    tar: Error is not recoverable: exiting now" Not sure I know how to fix this

    Thibaut Schaeffer
    @Schaeff
    Thanks for reporting this, we'll look into it
    Thibaut Schaeffer
    @Schaeff
    @smithsen I tested with Ubuntu 16.04 x86_64 and couldn't reproduce the error, could you submit an issue with steps to reproduce if you're still hitting this?
    smithsen
    @smithsen
    @Schaeff no it works. I realize that my ubuntu version was not accurate. I accidentally got another version of ubuntu 16.04 and hence was problem in almost everything. So the problem was with my OS and has been sorted. Thanks though. I have another question after doing the installation how do I test it? So, after I run the first line I see successful results but then in the subsection "Hello Zokrates", it says create a text file named root.zok, since it does not mention anything else, I simply do "gedit root.zok" and also I have mentioned explicit path previously according to the prompt I got while doing the installation. What I am confused is now once I do "zokrates compile -i root.zok" I get a prompt "zokrates: command not found". don't know what I am doing wrong. Can you please help me with the subsection Hello Zokrates on https://zokrates.github.io/gettingstarted.html It is not very clear to me how it works.
    Thibaut Schaeffer
    @Schaeff
    if you run the one liner, it should tell you how to make sure the zokrates executable is in your PATH
    smithsen
    @smithsen
    Yeah I did that. Alright, I will try it again and put here what error I got
    Hi, yeah I was writing wrong path. I am sorry it works fully now. Thanks
    smithsen
    @smithsen
    Hey, could you tell me how to get an estimate of timing for a circuit with different snark i.e. groth or pinochio ? Do I need to write a different code to see the timing or is there a tool in zokrates that can be used
    smithsen
    @smithsen

    Hey, could you tell me how to get an estimate of timing for a circuit with different snark i.e. groth or pinochio ? Do I need to write a different code to see the timing or is there a tool in zokrates that can be used

    @Schaeff @ucwong

    Paul Etscheit
    @petscheit
    Hi, I have a quick question regarding passing u32 parameters in the compute-witness step. In a .zok program I'm able to define u32's in hex format, however, I'm unable to pass a u32 parameter in hex. Is there something I'm missing or do I have to convert the params to integers?
    Paul Etscheit
    @petscheit

    Hey, could you tell me how to get an estimate of timing for a circuit with different snark i.e. groth or pinochio ? Do I need to write a different code to see the timing or is there a tool in zokrates that can be used

    Not sure what you mean with timing of the circuit, but all ZoKrates programs are compatible with the different proving systems. You can simply switch them in the CLI and compare how they perform. Take a look here: https://zokrates.github.io/toolbox/proving_schemes.html

    Thibaut Schaeffer
    @Schaeff
    @petscheit https://zokrates.github.io/toolbox/abi.html you can pipe your inputs as JSON with the --abi flag, with the -a flag you can only pass field elements (which for u32 comes down to what you said, convert to decimal)
    smithsen
    @smithsen

    Hey, could you tell me how to get an estimate of timing for a circuit with different snark i.e. groth or pinochio ? Do I need to write a different code to see the timing or is there a tool in zokrates that can be used

    Not sure what you mean with timing of the circuit, but all ZoKrates programs are compatible with the different proving systems. You can simply switch them in the CLI and compare how they perform. Take a look here: https://zokrates.github.io/toolbox/proving_schemes.html

    From timing I mean that I want to see how much CPU timing is required for each of the protocols. My objective now is to compare different CPU timings on same circuit given different protocols. So I was wondering if there is a way I can see the timing. Let me know. Thanks

    Paul Etscheit
    @petscheit

    @petscheit https://zokrates.github.io/toolbox/abi.html you can pipe your inputs as JSON with the --abi flag, with the -a flag you can only pass field elements (which for u32 comes down to what you said, convert to decimal)

    Thanks, will take a look. Also got this to work with the node package which works well.

    Paul Etscheit
    @petscheit

    Hey, could you tell me how to get an estimate of timing for a circuit with different snark i.e. groth or pinochio ? Do I need to write a different code to see the timing or is there a tool in zokrates that can be used

    Not sure what you mean with timing of the circuit, but all ZoKrates programs are compatible with the different proving systems. You can simply switch them in the CLI and compare how they perform. Take a look here: https://zokrates.github.io/toolbox/proving_schemes.html

    From timing I mean that I want to see how much CPU timing is required for each of the protocols. My objective now is to compare different CPU timings on same circuit given different protocols. So I was wondering if there is a way I can see the timing. Let me know. Thanks

    Im still not sure what you mean by CPU timing tbh. Do you mean execution times of the different steps and comparing them between the different proving schemes? If that's the case, there are a lot of programs that can measure that, this for example: https://github.com/Gabriel439/bench

    smithsen
    @smithsen
    Thanks, I will try it out
    Lei Zhang
    @lei-april
    Hi, there's another active project on ZKP DSL called 'Zinc': https://github.com/matter-labs/zinc. I think it has quite similar functionalities to ZoKrates. Do you guys have any insight on how Zinc and ZoKrates compare?
    smithsen
    @smithsen

    Hi, Sorry for the previous issues I had written down, I was able to sort them out. I am trying to work with the example in https://zokrates.github.io/sha256example.html#computing-a-hash-using-zokrates and when I execute the first line of code "./zokrates compile -i hashexample.zok" I get an error that "Compiling hashexample.zok

    Compilation failed:

    hashexample.zok:1:1
    I/O Error: No file found at hashes/sha256/512bitPacked
    " What could be the possible way to fix this problem? Note I am using the installation from source because I want to compare groth and pinochio

    smithsen
    @smithsen
    Update, I tried looking around, so I found sha512bitPacked.zok in hashes/sha256 and I tried doing doing instead of "import "hashes/sha256/512bitPacked" as sha256packed" to do "import "hashes/sha256/512bitPacked.zok" as sha256packed
    " I tried using the fix mentioned in "https://ethereum.stackexchange.com/questions/67011/in-tutorial-of-ethereum-zokrates-high-level-code-compile-error" But still seems to give the same error. What can be the possible fix ?
    smithsen
    @smithsen
    I actually fixed the problem for now. First I used the single line command to install .zokrates and specified the path and then I also did the installation from the source. When I need pinochio I am using the source installation and for all other compilation I am using "zokrates ....". Hope this is the fix. If there is any other solution which does not require me to use the one line installation and directly do everything from source installation please do let me know
    hou
    @turfT
    hi, I review ethsnark's verifier.sol and zokrate's verifier.sol. It seems that zokrates' compile a lot BN128 code in solidity. any suggestion or document for this design?
    e.g. function pairingProd4 ..
    hou
    @turfT
    zokrates also use precompile (namely EIP1108) assembly. So I am quite confused about other field operations written in solidity.
    Thibaut Schaeffer
    @Schaeff
    Hi @turfT, the delta probably comes from the fact that we implemented proving schemes which require G2 operations that are not offered by the precompiles
    Thibaut Schaeffer
    @Schaeff
    https://eprint.iacr.org/2017/540.pdf 5.4 in this paper, the first verification equation is 4 pairing operations, and the left hand side requires addition on G2
    hou
    @turfT
    great, thx a lot @Schaeff
    Mohsen Rahnamaei
    @mohsen158
    hi, I am testing hello world of Zokrate but always I get true, even in wrong proof. does anybody know where am I wrong?
    Darko Macesic
    @dark64

    You might be confusing the program returning 0/1 and the proof being invalid/valid. Proofs generated by ZoKrates are always valid (the verifier returns always true), you'd need to fiddle with the proof yourself to make it invalid.

    @mohsen158

    Neo
    @creepteks
    Hi, there. I am a little bit confused regarding the ability to prove knowledge of an arbitrary preimage for a hashed value. All examples I have seen so far are covering the fact that the preimage is hardcoded in the .zok file. Am I correct?
    Thibaut Schaeffer
    @Schaeff
    @Mahdad-Baghani do you mean the hash is hardcoded?
    Neo
    @creepteks
    @Schaeff
    Yeah, I think I'm still a little bit confused. Take this for an example: https://blog.decentriq.ch/proving-hash-pre-image-zksnarks-zokrates/
    I think I was looking at some elementary examples which kinda gave me the idea that it is only possible to hardcode the hash digest into zokrates and then create the circuit.
    I actually wanted to understand zkDAI better: https://medium.com/@atvanguard/zkdai-private-dai-transactions-on-ethereum-using-zk-snarks-9e3ef4676e22
    I was inspecting the zk-circut at https://github.com/atvanguard/ethsingapore-zk-dai/blob/master/ethereum/zk-circuit.code, and then I figured that I was probably misguided as this next example shows that you can create a circuit using zokrates to prove/verify knowledge of preimage of arbitrary hashes (with limitations regarding the compile-time determination of size of the hashes, of course). Am I right?
    import "LIBSNARK/sha256packed"
    
    // https://zokrates.github.io/sha256example.html#computing-a-hash-using-zokrates
    // A field value can only hold 254 bits due to the size of the underlying prime field used by zokrates. Therefore, 256 bit values need to be passed as 2 params of 128 bit values.
    
    // https://zokrates.github.io/concepts/stdlib.html?highlight=sha256#sha256packed
    // At the time of writing sha256packed takes 4 field elements as inputs, unpacks each of them to 128 bits (big endian), concatenates them and applies sha256. It then returns two field elements, each representing 128 bits of the result.
    
    // Public inputs
    // onh0 + onh1: Hash of the note (secret note)
    // nn1h0 + nn1h1: Hash of the new note 1
    // nn2h0 + nn1h1: Hash of the new note 2
    
    // Private inputs
    // ona + onb: secret key of the sender
    // onc + ond: (256 bits) representing the value of the note to be spent
    
    // nn1a + nn1b: public key of the receiver
    // nn1c + nn1d: the value of the note to be sent
    
    // nn2c + nn2d: leftover change
    def main(field onh0, field onh1, private field ona, private field onb, private field onc, private field ond, field nn1h0, field nn1h1, private field nn1a, private field nn1b, private field nn1c, private field nn1d, field nn2h0, field nn2h1, private field nn2c, private field nn2d) -> (field):
        // get public key corresponding to private key
        // too complex to implement for the hackathon :p - so sending in the public key instead
        field pka = ona
        field pkb = onb
    
        // old note
        h0, h1 = sha256packed(pka, pkb, onc, ond)
        h0 == onh0 // verify with public input (hash of the note)
        h1 == onh1
    
        // new note 1 that goes to pkreciever
        h0, h1 = sha256packed(nn1a, nn1b, nn1c, nn1d)
        h0 == nn1h0
        h1 == nn1h1
    
        // new note (left over change) that goes back to sender (pk)
        h0, h1 = sha256packed(pka, pkb, nn2c, nn2d)
        h0 == nn2h0
        h1 == nn2h1
    
        ond == nn1d + nn2d // assuming the values fit in 128 bit nums - hence onc, nn1c, nn2c are 0
        return 1
    Thibaut Schaeffer
    @Schaeff
    @Mahdad-Baghani so let me make it clear here: it's absolutely possible to pass the hash as a parameter, typically a public one so that the verifier can see it. The cost for that is a slightly bigger proof and slightly more expensive verification, as is the case with any public input.
    Neo
    @creepteks
    @Schaeff thanks for the clarification
    hou
    @turfT
    Hi, can I use zokrates as a tool for generating circuits for default backend bellman? I wish I could only use Zokrates as a DSL to programming circuit and reuse it in bellman. Any suggestions?
    Thibaut Schaeffer
    @Schaeff
    @turfT Hey, what do you want to do in bellman with the zokrates circuit that you can't do with zokrates itself? Have a zokrates circuit inside a bellman circuit?
    hou
    @turfT
    Transfer a zokrates circuit into bellman circuit. I tried to write some zokrates circuit like a Poseidon hash version payment zk protocol, it works pretty well. So I wonder can I transfer circuits into bellman version, only for learning purposes..
    thx for your kind relay @Schaeff
    reply ..
    smithsen
    @smithsen
    Hey everyone. I was wondering if I can take hash of a matrix (I need this to make a circuit) and what would be the right way in case I want to use sha256?
    Thibaut Schaeffer
    @Schaeff
    @smithsen inside the program, you could iterate through the matrix filling an array that you then hash?
    @turfT Under the hood, zokrates creates a bellman circuit so that it can then use the bellman backend
    here https://github.com/Zokrates/ZoKrates/blob/master/zokrates_core/src/proof_system/bellman/mod.rs#L195 the Computation struct (which can be created from a compiled zokrates program and witness) implements the Circuit trait from bellman, so conceptually it could be used as part of a bigger bellman circuit, if that's what you're intending to do
    Tim
    @timhc22
    Hello, had a chat with the team on twitter (@timhc22) what's the best way to chat?
    15 replies
    smithsen
    @smithsen

    @smithsen inside the program, you could iterate through the matrix filling an array that you then hash?

    Alright, I will try with that

    Tim
    @timhc22
    Hey, would I be right in thinking that zokratesProvider.compile("def main(private field a) -> (field): return a * a") is compiling down to web assembly?
    sorry if thats a pretty basic question, I'm pretty new to this
    smithsen
    @smithsen
    Hi, I am sorry but I was reading an article "https://medium.com/zokrates/building-identity-linked-zksnarks-with-zokrates-a36085cdd40" and I was not very clear with what proofOfOwnership.code does exactly in the second piece of code?