spawn-zk-snarks 0.1.5

Zero-knowledge proof library with EVM compatibility
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

// Copyright (c) 2023 spawn-zk-snarks developers
//
// Licensed under the MIT License
// <LICENSE-MIT or http://opensource.org/licenses/MIT>

use ark_bn254::{Bn254, Fr};
use ark_groth16::{
    PreparedVerifyingKey, Proof as ArkProof, ProvingKey, VerifyingKey,
};
use ark_snark::SNARK;
use ark_groth16::Groth16;
use ark_ec::pairing::Pairing;
use ark_serialize::CanonicalSerialize;
use ark_std::rand::thread_rng;
use thiserror::Error;
use crate::circuits::{CircuitError, ArithmeticCircuit};

/// Represents all possible errors that can occur during Groth16 operations.
/// 
/// This enum provides a comprehensive set of errors that might occur during
/// setup, proving, verification, and other related operations.
#[derive(Error, Debug)]
pub enum Groth16Error {
    /// Occurs when the setup phase fails, typically due to invalid parameters
    /// or insufficient randomness.
    #[error("Setup failed")]
    SetupError,

    /// Occurs when proof generation fails, usually due to invalid witness
    /// or constraint system issues.
    #[error("Proving failed")]
    ProvingError,

    /// Occurs when proof verification fails, indicating either an invalid proof
    /// or mismatched public inputs.
    #[error("Verification failed")]
    VerificationError,

    /// Wraps an error from the underlying circuit implementation.
    /// This can occur during constraint generation or witness computation.
    #[error("Circuit error: {0}")]
    CircuitError(#[from] CircuitError),

    /// Occurs when serialization or deserialization of proofs, keys,
    /// or other data structures fails.
    #[error("Serialization error")]
    SerializationError,
}

/// Contains all necessary parameters for the Groth16 proving system.
/// 
/// This structure holds the proving key, verifying key, and prepared verifying key
/// needed for generating and verifying zero-knowledge proofs.
#[derive(Debug)]
pub struct Groth16Setup<E: Pairing> {
    /// The proving key used to generate proofs. This contains the secret parameters
    /// and should be kept private in some applications.
    pub proving_key: ProvingKey<E>,

    /// The verification key used to verify proofs. This can be made public
    /// and distributed to verifiers.
    pub verifying_key: VerifyingKey<E>,

    /// A preprocessed version of the verification key that allows for
    /// more efficient proof verification.
    pub prepared_verifying_key: PreparedVerifyingKey<E>,
}

impl Groth16Setup<Bn254> {
    /// Creates a new Groth16 setup for a circuit with the specified parameters.
    /// 
    /// This function generates the proving and verification keys necessary for
    /// creating and verifying zero-knowledge proofs.
    /// 
    /// # Arguments
    /// * `num_constraints` - Number of constraints in the arithmetic circuit
    /// * `num_variables` - Number of variables used in the circuit
    /// 
    /// # Returns
    /// * `Result<Self, Groth16Error>` - The setup parameters or an error
    /// 
    /// # Example
    /// ```
    /// # use spawn_zk_snarks::Groth16Setup;
    /// let setup = Groth16Setup::new(3, 2)?;
    /// ```
    pub fn new(num_constraints: usize, num_variables: usize) -> Result<Self, Groth16Error> {
        let circuit: ArithmeticCircuit<Fr> = ArithmeticCircuit::new(num_constraints, num_variables, 1);
        let rng = &mut thread_rng();
        
        let (pk, vk) = Groth16::<Bn254>::circuit_specific_setup(
            circuit,
            rng,
        ).map_err(|_| Groth16Error::SetupError)?;

        let pvk = match Groth16::<Bn254>::process_vk(&vk) {
            Ok(pvk) => pvk,
            Err(_) => return Err(Groth16Error::SetupError),
        };

        Ok(Self {
            proving_key: pk,
            verifying_key: vk,
            prepared_verifying_key: pvk,
        })
    }

    /// Generates a zero-knowledge proof using the provided inputs and witness.
    /// 
    /// # Arguments
    /// * `inputs` - Public inputs to the circuit
    /// * `witness` - Private witness values
    /// 
    /// # Returns
    /// * `Result<ArkProof<Bn254>, Groth16Error>` - The generated proof or an error
    /// 
    /// # Example
    /// ```
    /// # use spawn_zk_snarks::{Groth16Setup, Fr};
    /// # let setup = Groth16Setup::new(3, 2)?;
    /// let proof = setup.prove(&inputs, &witness)?;
    /// ```
    pub fn prove(&self, inputs: &[Fr], witness: &[Fr]) -> Result<ArkProof<Bn254>, Groth16Error> {
        let rng = &mut thread_rng();
        
        let circuit = ArithmeticCircuit {
            num_constraints: inputs.len(),
            num_variables: witness.len(),
            num_inputs: 1,
            witness: witness.to_vec(),
        };

        Groth16::<Bn254>::create_random_proof_with_reduction(
            circuit,
            &self.proving_key,
            rng,
        ).map_err(|_| Groth16Error::ProvingError)
    }

    /// Verifies a zero-knowledge proof against the provided public inputs.
    /// 
    /// # Arguments
    /// * `proof` - The proof to verify
    /// * `public_inputs` - Public inputs used in the proof
    /// 
    /// # Returns
    /// * `Result<bool, Groth16Error>` - Whether the proof is valid
    /// 
    /// # Example
    /// ```
    /// # use spawn_zk_snarks::Groth16Setup;
    /// # let setup = Groth16Setup::new(3, 2)?;
    /// let is_valid = setup.verify(&proof, &public_inputs)?;
    /// assert!(is_valid);
    /// ```
    pub fn verify(
        &self,
        proof: &ArkProof<Bn254>,
        public_inputs: &[Fr],
    ) -> Result<bool, Groth16Error> {
        <Groth16<Bn254> as SNARK<Fr>>::verify_with_processed_vk(
            &self.prepared_verifying_key,
            public_inputs,
            proof,
        ).map_err(|_| Groth16Error::VerificationError)
    }

    /// Converts a proof to EVM-compatible format for on-chain verification.
    /// 
    /// # Arguments
    /// * `proof` - The proof to convert
    /// 
    /// # Returns
    /// * `Result<Vec<u8>, Groth16Error>` - The serialized proof bytes
    pub fn proof_to_evm_format(proof: &ArkProof<Bn254>) -> Result<Vec<u8>, Groth16Error> {
        let mut bytes = Vec::new();
        proof.serialize_compressed(&mut bytes)
            .map_err(|_| Groth16Error::SerializationError)?;
        Ok(bytes)
    }

    /// Estimates the gas cost for verifying a proof on Ethereum.
    /// 
    /// # Arguments
    /// * `proof_size` - Size of the proof in bytes
    /// * `num_inputs` - Number of public inputs
    /// 
    /// # Returns
    /// * `u64` - Estimated gas cost in units
    pub fn estimate_verification_gas(proof_size: usize, num_inputs: usize) -> u64 {
        let base_cost = 150_000;
        let input_cost = num_inputs as u64 * 1_000;
        let data_cost = proof_size as u64 * 16;
        base_cost + input_cost + data_cost
    }
}