Zero knowledge functions (Roth16)

Several functions to work with the new ZK operators of Pact 4.6.0.

These functions can be used in conjunction with: https://github.com/CryptoPascal31/pact-zk-generator

Contract / Module:

  • free.util-zk

Dependencies:

  • free.util-math

  • free.util-lists

  • free.util-strings

Obejcts definitions

point-G1

Represents the cordinates of a point on the curve (G1 group)

(defschema point-G1
  x:integer
  y:integer
)

point-G2

Represents the cordinates of a polynomial in the extended field(G2 group)

(defschema point-G2
    x:[integer]
    y:[integer]
)

groth16-proof

Represents a GROTH 16 Proof

(defschema groph16-proof
  A:object{point-G1}
  B:object{point-G2}
  C:object{point-G1}
)

groth16-verify-key

(defschema groth16-verify-key
  alpha:object{point-G1}
  beta:object{point-G2}
  gamma:object{point-G2}
  delta:object{point-G2}
  ic:[object{point-G1}]
)

ECC Arithmetic

neg-G1

in object{point-G1} object{point-G1}

Return the negative of a point in G1

pact> (neg-G1 { "x":17899149025429256540670503450603840524526341770363252849540840688855727610005,
                "y":6794888886586012478899094699714874747255503821264355877996121220781692052981})
{"x": 17899149025429256540670503450603840524526341770363252849540840688855727610005
,"y": -6794888886586012478899094699714874747255503821264355877996121220781692052981}

Proof Management functions

Serialization scheme

To limit transaction size and handle more easily proofs, it is proposed to serialize proofs in a Pact friendly way.

  • Convert A.x and A.y to Base64 (URL) strings (2* 43 bytes)

  • Convert B.x[0..1], and B.y[0..1] to Base64 (URL) strings (4 * 43 bytes)

  • Convert C.x and C.y to Base64 (URL) strings (2* 43 bytes)

  • Concatenate the 8 strings to form a 344 bytes length Base64 string.

serialize-proof

proof object{groth16-proof} string

Serialiaze an object proof to its base64 representation (344 bytes).

pact> (serialize-proof {"A":{ "x":17899149025429256540670503450603840524526341770363252849540840688855727610005,
                              "y":6794888886586012478899094699714874747255503821264355877996121220781692052981},
                        "B":{ "x":[4555160965165375385578562333880156835913586562443164694386914449127412126755, 16845220796436439159658389520454136502557317448502144055381480626643346396453],
                              "y":[15740922883530394503972296892303076718862447518810507376564218784428077030254, 9794083499477745551885635852864140214811154513402172713835626845455029169909]},
                        "C":{ "x":2188339130061078784977610313576641337709587353412678866175084864819379744795,
                              "y":7363399164077520072321162032202323356331016580445157674442815097597932017402}})
"J5KPMJJp-t5MX_VDihVPa1pnaJaiPQb40em6Sb_WGJUDwXFVIN849MbSIvMV3oYdzpuz9yAvuWniXmZJk5WZfUChIhNrGRg36cfcPZL98cHMTCRrSd_6HhhTyWQ_MY1CMJT4OneDYEwY-Z4r9t84PwVrAntjY9k264yYtgS50FSUIs0L78VX8jCJpPcgBNysJpi0fghfIRwgIhFCWmQ7G24FadBO5DrTJZqCVbFb0MU-dYt7j4X_mOdy7BlHYbg7vUBNaOWZwxKVTlnrOdVC3L3M75fMC9u5TS_Lx1YxGqsBsEEeJRrGRtLcCzka6Tg2muE13-egR_CfGnqnyuYbrFvo"

deserialize-proof

proof-str string object{groth16-proof}

Deserialize a base64 proof string to its object representation

pact> (deserialize-proof "J5KPMJJp-t5MX_VDihVPa1pnaJaiPQb40em6Sb_WGJUDwXFVIN849MbSIvMV3oYdzpuz9yAvuWniXmZJk5WZfUChIhNrGRg36cfcPZL98cHMTCRrSd_6HhhTyWQ_MY1CMJT4OneDYEwY-Z4r9t84PwVrAntjY9k264yYtgS50FSUIs0L78VX8jCJpPcgBNysJpi0fghfIRwgIhFCWmQ7G24FadBO5DrTJZqCVbFb0MU-dYt7j4X_mOdy7BlHYbg7vUBNaOWZwxKVTlnrOdVC3L3M75fMC9u5TS_Lx1YxGqsBsEEeJRrGRtLcCzka6Tg2muE13-egR_CfGnqnyuYbrFvo")
{"A": {"x": 17899149025429256540670503450603840524526341770363252849540840688855727610005
,"y": 6794888886586012478899094699714874747255503821264355877996121220781692052981}
,"B": {"x": [4555160965165375385578562333880156835913586562443164694386914449127412126755
16845220796436439159658389520454136502557317448502144055381480626643346396453]
,"y": [15740922883530394503972296892303076718862447518810507376564218784428077030254
9794083499477745551885635852864140214811154513402172713835626845455029169909]}
,"C": {"x": 2188339130061078784977610313576641337709587353412678866175084864819379744795
,"y": 7363399164077520072321162032202323356331016580445157674442815097597932017402}}

Proof Verification

verify-groth16-proof

key object{groth16-verify-key} pub-inputs [integer] proof object{groth16-proof} bool

Verify a Groth16 proof against a list of public inputs and proof object

The verification can have 3 outcomes:

  • Return true, if the proof is vertified

  • Throw a transaction failure in case one of the argument is invalid.- Since this function is pure, this case ban be handled with a (try )

  • Return false, if the proof is not ok.

pact> (verify-groth16-proof VERIFY-KEY-A INPUT-DATA-A PROOF-A-GOOD)
true

pact> (verify-groth16-proof VERIFY-KEY-A INPUT-DATA-A PROOF-A-BAD)
true

pact> (verify-groth16-proof VERIFY-KEY-A INPUT-DATA-A PROOF-A-CORRUPTED)
  util-zk.pact:118:10: Point not on curve
    at <interactive>:0:0: (verify-groth16-proof VERIFY-KEY-A INPUT-DATA-A PROOF-A-CORRUPTED)