Crate powersoftau [−] [src]
This ceremony constructs the "powers of tau" for Jens Groth's 2016 zk-SNARK proving system using the BLS12-381 pairing-friendly elliptic curve construction.
Overview
Participants of the ceremony receive a "challenge" file containing:
- the BLAKE2b hash of the last file entered into the transcript
- an
Accumulator
(with curve points encoded in uncompressed form for fast deserialization)
The participant runs a tool which generates a random keypair (PublicKey
, PrivateKey
)
used for modifying the Accumulator
from the "challenge" file. The keypair is then used to
transform the Accumulator
, and a "response" file is generated containing:
- the BLAKE2b hash of the "challenge" file (thus forming a hash chain over the entire transcript)
- an
Accumulator
(with curve points encoded in compressed form for fast uploading) - the
PublicKey
This "challenge" file is entered into the protocol transcript. A given transcript is valid
if the transformations between consecutive Accumulator
s verify with their respective
PublicKey
s. Participants (and the public) can ensure that their contribution to the
Accumulator
was accepted by ensuring the transcript contains their "response" file, ideally
by comparison of the BLAKE2b hash of the "response" file.
After some time has elapsed for participants to contribute to the ceremony, a participant is
simulated with a randomness beacon. The resulting Accumulator
contains partial zk-SNARK
public parameters for all circuits within a bounded size.
Structs
Accumulator |
The |
HashReader |
Abstraction over a reader which hashes the data being read. |
HashWriter |
Abstraction over a writer which hashes the data being written. |
PrivateKey |
Contains the secrets τ, α and β that the participant of the ceremony must destroy. |
PublicKey |
Contains terms of the form (s1, s1x, H(s1x)2, H(s1x)2x) for all x in τ, α and β, and some s chosen randomly by its creator. The function H "hashes into" the group G2. No points in the public key may be the identity. |
Enums
CheckForCorrectness |
Determines if points should be checked for correctness during deserialization. This is not necessary for participants, because a transcript verifier can check this theirself. |
DeserializationError |
Errors that might occur during deserialization. |
UseCompression |
Determines if point compression should be used. |
Constants
ACCUMULATOR_BYTE_SIZE |
The size of the accumulator on disk. |
CONTRIBUTION_BYTE_SIZE |
The size of the contribution on disk. |
PUBLIC_KEY_SIZE |
The "public key" is used to verify a contribution was correctly computed. |
Functions
blank_hash |
Compute BLAKE2b("") |
keypair |
Constructs a keypair given an RNG and a 64-byte transcript |
verify_transform |
Verifies a transformation of the |