Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    hou
    @turfT
    @dark64 help a lot, thx
    Neo
    @creepteks
    Hi, there; I am having trouble converting the u32 arrays to be used in javascript or python. Imagine this scenario: I have a circut that checks if a u32[16] is the actual preimage for a u32[8] hash. I can feed the arguments properly to Zokrates CLI and it yields the expected result. However, I want to store this hash as a bytes32 inside an Ethereum smart contract, and later on, provide zksnarks proof of knowing the preimage. If I use a circuit, as what is presented in RNG tutorial to produce the hash using zokrates CLI, how I can I later on convert the outputted hash to byte32 or hex string? if I use cryptographic libraries like Crypto-js to compute the hash, how can I convert the preimage and its hash to the in the proper format, u32[16] preimage and u32[8] hash, to be passed to zokrates CLI to compute the witness and generate the proof?
    prographo
    @prographo
    Hi, what is the difference between zokrates and snarkjs/circom ?
    prographo
    @prographo
    I am reading through the documentation, here https://zokrates.github.io/language/types.html
    it says "when working with the ALT_BN128 curve supported by Ethereum." although I don't see anything in the generated verifier.sol contract specific to ethereum, there are no special primitives used afaics
    Neo
    @creepteks
    @prographo This is actually a very good observation. I took a look at these EIPs: https://eips.ethereum.org/EIPS/eip-196, https://eips.ethereum.org/EIPS/eip-197 and https://eips.ethereum.org/EIPS/eip-1108. So Ethereum uses precompiled contracts to reduce the gas costs for scalar addition and multiplication and paring check on this specific curve. I expected to see some invocation of some precompiled contract such as ECADD at 0x06 or ECMUL at 0x07 but could not find any. Istanbul fork list EIP1108 as included, but I do not know why it is not there in the verifier.sol. Sorry if I did not answer your question... :-(
    Thibaut Schaeffer
    @Schaeff
    ZoKrates relies on this library for proof verification, where you'll find calls to the precompiles
    Neo
    @creepteks
    @Schaeff would you be so kind to help me with the question I asked a few lines before? I would really appreciate it.
    Neo
    @creepteks

    ZoKrates relies on this library for proof verification, where you'll find calls to the precompiles

    Also, I was under the impression that EIPs of numbers 196, 197 and 1108 were referring to precompiled EVM opcodes as primitives for skSNARKs computations, but what you provided us with was a series of pre-written solidity contracts that are exported based on the type of the zkp scheme used via zokrates export-verifier command.

    Thibaut Schaeffer
    @Schaeff
    Yes, depending on the scheme you're using, different on chain libraries are required. The central one is the one I linked to above, and it calls the precompiled contracts introduced by the EIPs you just mentioned. Note that only verification happens on chain, proof generation happens off chain.
    Matheus Faria de Alencar
    @mtsalenc
    Hey dev team, how long do you think it will be before you feel comfortable saying that ZoKrates is production ready?
    I'd really like to use it
    Thibaut Schaeffer
    @Schaeff
    Hi @mtsalenc , thanks for the interest! We do not have a date to share on this as the toolbox is still undergoing substantial breaking changes
    Neo
    @creepteks

    Yes, depending on the scheme you're using, different on chain libraries are required. The central one is the one I linked to above, and it calls the precompiled contracts introduced by the EIPs you just mentioned. Note that only verification happens on chain, proof generation happens off chain.

    That's right, but I cannot find the addresses like 0x06 or 0x07 for , respectively,ECADD and ECMUL, as specified by EIPs 196 and 197. How does zorates calls these underlying opcodes?

    Thibaut Schaeffer
    @Schaeff
    @creepteks Addition here
    Neo
    @creepteks
    @Schaeff wow; thanks, man. The thing that misguided me was the fact that EIP 196 referred to ECADD opcode with addr 0x06, not 0x60.
    Darko Macesic
    @dark64
    @creepteks it is actually 0x06, 0x60 is the outsize: staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) second param a is 6
    Neo
    @creepteks

    @creepteks it is actually 0x06, 0x60 is the outsize: staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) second param a is 6

    I think I officially proved how noob I am in Solidity :-) thanks for the patience and clarification, man.

    Alexey Tsvetkov
    @aitsvet
    hi all! i'm trying to use ZoKrates to build a custom hash preimage proof
    i have u8[256] pi = [ \ ...
    and i want output[i] = pi[input[i]]
    in def main(u8[64] input) -> u8[64]: ...
    sadly i get Expression input[i] of type u8 cannot be used as type field
    is there any trick to convert u8 to field in ZoKrates ?
    Alexey Tsvetkov
    @aitsvet
    ah, here it is
    Alexey Tsvetkov
    @aitsvet
    well, it's not in the EMBED, had to import that .zok, got stack overflow when called u8_to_bits
    copied the function from the link to my .zok, still got stack overflow
    Thibaut Schaeffer
    @Schaeff
    @aitsvet would you mind opening an issue about this with steps to reproduce?
    Alexey Tsvetkov
    @aitsvet
    then i added -- --test-threads=1 to my cargo test ... and it fixed the SO
    Thibaut Schaeffer
    @Schaeff
    are you running it with --release ?
    Alexey Tsvetkov
    @aitsvet
    no, i just name a specific test, i'll try with --release
    runs faster with same result, thanks!
    Chaitanya Konda
    @ChaitanyaKonda
    Hi, is there a way to optimise memory consumption during compilation? I have a circuit that requires more than a whopping 512GB of memory and so compilation gets killed when it reaches this maximum. Don't think even setup would require this memory
    Alexey Tsvetkov
    @aitsvet
    i double this, a test for one of my functions requires 36 Gb to run, on a 32 Gb host it needs an hour to pass due to swap IO. more of it, i need to stack and loop calls of that function, so would one call require a day to process?
    any ideas on where to look at in core ?
    Thibaut Schaeffer
    @Schaeff
    Hey @ChaitanyaKonda sorry to hear that, we're working on a number of improvements on memory consumption, do you also have the issue when running zokrates check? In the past the optimiser has been the main cause of issues like this
    Michael Connor
    @iAmMichaelConnor

    Hi all, it's been a while :)
    What's the most efficient way to check for underflows / overflows?
    E.g. If I have a = b + c, what's the neatest way to ensure b + c doesn't overflow the field modulus?
    E.g. If I have a = b - c, what's the neatest way to ensure b > c?
    E.g. If I have a = b * c, what's the neatest way to ensure b * c doesn't overflow the field modulus?
    E.g. If I have a = b / c, is there a way to ensure c 'divides' b in the 'integer' sense? Like passing a, b, c as inputs and asserting that c * a == b and ensuring c * a doesn't overflow the field modulus (somehow)?

    Presumably I'd need to do the calculations in bits, to check for bits 'carrying over' 2**253?
    Does anyone have any neat implementations? :)

    Paul Etscheit
    @petscheit
    Hi, i've switched to using the develop version to make use of the embedded sha256 libraries. I just realized that the develop includes unconstrained variable checks now which is kind of a problem for my usecase. Is there a way to deactivate them?
    Paul Etscheit
    @petscheit
    Update:
    Disabling this was easy enough and tests still pass so I guess that's fine. I am wondering if this can be disabled when compiling (a .zok) though, as it can be limiting for some use-cases. For example, I'm working on a program that batch checks and updates a merkle tree. Depending on the position of the leafs I have a different number leafs and proof hashes. By using some booleans and padding I was able to build this in a way that works for a large number of leaf combinations all in the same program. However, this required passing variables which are never used, which is prevented by the unconstrained variable checks. Maybe that's something to consider.
    Michael Connor
    @iAmMichaelConnor
    ^^^ It would be useful if the "unconstrained private parameters" error could be 'turned off' sometimes. To debug a circuit, I used to comment-out lots of lines of code, to hone in on the bug. But now the "unconstrained private parameters" error prevents me from using this debugging technique. I end up having to create lots of dummy constraints, just so that the test will run.
    Duncan Westland
    @Westlad
    ^^^ There's an issue about this already, we just need someone with time to work on it Zokrates/ZoKrates#686
    Thibaut Schaeffer
    @Schaeff
    Hey everyone thanks for flagging this again, the develop now has a flag to disable unused parameter checks at compile time
    Duncan Westland
    @Westlad
    @Schaeff @dark64 Addition of this flag is brilliant! Thank you so much for doing that!
    Paul Etscheit
    @petscheit
    @Schaeff Nice! Thanks for the quick response
    Paul Etscheit
    @petscheit
    Hi, I think there is a problem with the current develop branch. I'm getting errors when executing, that I dont get when I compile with the current master release, and I feel like it has to do with the unconstrained variable checks. I made a repo outlining the problem, maybe someone can reproduce it. https://github.com/petscheit/zok_dev_unused_vari
    smithsen
    @smithsen
    Hi, I had a few questions in Zokrates. First, I wanted to know if I want to run an image through a circuit is that possible? Last time I asked this question, I was told that this is difficult and complicated, next I think I would like to use an ASCII file in a circuit, is that possible? Also, I was wondering, if importing a file in current directory for instance "from "./mycode" import foo
    ", in "https://zokrates.github.io/language/imports.html" mean that I can import an ASCII file, if so can I perform a hash on it as well ? Also if it is possible to give some sample code which can help in this regard. Hoping to hear soon.
    Thibaut Schaeffer
    @Schaeff
    @petscheit thanks, looking into it
    Thibaut Schaeffer
    @Schaeff
    @petscheit We pushed a fix to develop
    Paul Etscheit
    @petscheit
    Wow, impressive speed! Thanks a lot!
    Chaitanya Konda
    @ChaitanyaKonda

    Hi all,

    I’m working on a bit of an edge case where I need to check if a field is a positive number by doing either assert(field > 0) or assert(field < (field_prime-1)/2). The problem here is that ZoKrates implements comparison operators such that the operands have to be strictly less than biggest power of 2 lower than p/2. Let’s take the example of Bn128, the operands here will have to be lower than 2^252 even though the field elements can be greater than 2^252 and lower than bn128_prime of 2592827839077369332604021086610909215435616943586837466384278596745456903517. So assert(field > 0) would fail during compute witness stage if field passed into witness is greater than 2^252 but less than bn128_prime. Andassert(field < (bn128_prime-1)/2) would fail at compile stage because (bn128_prime-1)/2 is already greater than 2^252. Can this limitation be worked on in ZoKrates’s rust code ? Thank you

    Thibaut Schaeffer
    @Schaeff
    Hi @ChaitanyaKonda yes there is actually a cheaper and complete (works for any x) x < constant check, the one we have now is x < y for x and y both variables. We already use it internally (here https://github.com/Zokrates/ZoKrates/blob/master/zokrates_core/src/flatten/mod.rs#L204)