From 792ce8756158ec5085bc2f0d18b25a98004cd7df Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 6 Jul 2022 15:09:14 +0200 Subject: [PATCH] remove pghr13 --- changelogs/unreleased/1181-schaeff | 1 + zokrates_book/src/toolbox/proving_schemes.md | 1 - zokrates_cli/src/ops/print_proof.rs | 5 +- zokrates_cli/tests/integration.rs | 11 +- zokrates_common/src/constants.rs | 1 - zokrates_common/src/helpers.rs | 4 +- zokrates_js/src/lib.rs | 2 - zokrates_proof_systems/src/scheme/mod.rs | 2 - zokrates_proof_systems/src/scheme/pghr13.rs | 219 ------------------- zokrates_proof_systems/src/to_token.rs | 57 ----- 10 files changed, 4 insertions(+), 299 deletions(-) create mode 100644 changelogs/unreleased/1181-schaeff delete mode 100644 zokrates_proof_systems/src/scheme/pghr13.rs diff --git a/changelogs/unreleased/1181-schaeff b/changelogs/unreleased/1181-schaeff new file mode 100644 index 00000000..225c69f3 --- /dev/null +++ b/changelogs/unreleased/1181-schaeff @@ -0,0 +1 @@ +Drop support for PGHR13 proving scheme \ No newline at end of file diff --git a/zokrates_book/src/toolbox/proving_schemes.md b/zokrates_book/src/toolbox/proving_schemes.md index 07096975..1c7330fa 100644 --- a/zokrates_book/src/toolbox/proving_schemes.md +++ b/zokrates_book/src/toolbox/proving_schemes.md @@ -28,7 +28,6 @@ ZoKrates supports different proving schemes. We identify the schemes by the refe | [G16](https://eprint.iacr.org/2016/260) | `--proving-scheme g16` | ALTBN_128, BLS12_381 | No | | [GM17](https://eprint.iacr.org/2017/540) | `--proving-scheme gm17` | ALTBN_128, BLS12_381, BLS12_377, BW6_761 | No | | [Marlin](https://eprint.iacr.org/2019/1047) | `--proving-scheme marlin` | ALTBN_128, BLS12_381, BLS12_377, BW6_761 | Yes | -| [PGHR13](https://eprint.iacr.org/2013/279) | `--proving-scheme pghr13` | ALTBN_128 | No | All schemes have a circuit-specific setup phase called `setup`. Universal schemes also feature a preliminary, circuit-agnostic step called `universal-setup`. The advantage of universal schemes is that only the `universal-setup` step requires trust, so that it can be run a single time and reused trustlessly for many programs. diff --git a/zokrates_cli/src/ops/print_proof.rs b/zokrates_cli/src/ops/print_proof.rs index 9c2e54f5..a6df505a 100644 --- a/zokrates_cli/src/ops/print_proof.rs +++ b/zokrates_cli/src/ops/print_proof.rs @@ -7,7 +7,7 @@ use std::path::Path; use zokrates_common::helpers::{CurveParameter, SchemeParameter}; use zokrates_field::Bn128Field; use zokrates_proof_systems::{ - Marlin, Proof, SolidityCompatibleField, SolidityCompatibleScheme, G16, GM17, PGHR13, + Marlin, Proof, SolidityCompatibleField, SolidityCompatibleScheme, G16, GM17, }; pub fn subcommand() -> App<'static, 'static> { @@ -62,9 +62,6 @@ pub fn exec(sub_matches: &ArgMatches) -> Result<(), String> { (curve.try_into().unwrap(), scheme.try_into().unwrap()); match parameters { - (CurveParameter::Bn128, SchemeParameter::PGHR13) => { - cli_print_proof::(sub_matches, proof) - } (CurveParameter::Bn128, SchemeParameter::G16) => { cli_print_proof::(sub_matches, proof) } diff --git a/zokrates_cli/tests/integration.rs b/zokrates_cli/tests/integration.rs index 8408ccc6..b3fb9ba4 100644 --- a/zokrates_cli/tests/integration.rs +++ b/zokrates_cli/tests/integration.rs @@ -22,7 +22,7 @@ mod integration { use zokrates_ast::typed::abi::Abi; use zokrates_field::Bn128Field; use zokrates_proof_systems::{ - to_token::ToToken, Marlin, Proof, SolidityCompatibleScheme, G16, GM17, PGHR13, + to_token::ToToken, Marlin, Proof, SolidityCompatibleScheme, G16, GM17, SOLIDITY_G2_ADDITION_LIB, }; @@ -343,15 +343,6 @@ mod integration { test_solidity_verifier(contract_str, proof); } - "pghr13" => { - // Get the proof - let proof: Proof = serde_json::from_reader( - File::open(proof_path.to_str().unwrap()).unwrap(), - ) - .unwrap(); - - test_solidity_verifier(contract_str, proof); - } _ => unreachable!(), } } diff --git a/zokrates_common/src/constants.rs b/zokrates_common/src/constants.rs index 0ef486b0..18c4cf29 100644 --- a/zokrates_common/src/constants.rs +++ b/zokrates_common/src/constants.rs @@ -9,4 +9,3 @@ pub const BW6_761: &str = "bw6_761"; pub const G16: &str = "g16"; pub const GM17: &str = "gm17"; pub const MARLIN: &str = "marlin"; -pub const PGHR13: &str = "pghr13"; diff --git a/zokrates_common/src/helpers.rs b/zokrates_common/src/helpers.rs index aa65f9fb..b36f91c2 100644 --- a/zokrates_common/src/helpers.rs +++ b/zokrates_common/src/helpers.rs @@ -48,7 +48,6 @@ impl std::fmt::Display for BackendParameter { pub enum SchemeParameter { G16, GM17, - PGHR13, MARLIN, } @@ -59,7 +58,6 @@ impl std::fmt::Display for SchemeParameter { match self { G16 => write!(f, "g16"), GM17 => write!(f, "gm17"), - PGHR13 => write!(f, "pghr13"), MARLIN => write!(f, "marlin"), } } @@ -100,7 +98,6 @@ impl TryFrom<&str> for SchemeParameter { match s { G16 => Ok(SchemeParameter::G16), GM17 => Ok(SchemeParameter::GM17), - PGHR13 => Ok(SchemeParameter::PGHR13), MARLIN => Ok(SchemeParameter::MARLIN), _ => Err(format!("Unknown proving scheme {}", s)), } @@ -151,6 +148,7 @@ impl TryFrom<(&str, &str, &str)> for Parameters { (BackendParameter::Ark, CurveParameter::Bls12_377, SchemeParameter::MARLIN) => Ok(()), #[cfg(feature = "ark")] (BackendParameter::Ark, CurveParameter::Bw6_761, SchemeParameter::MARLIN) => Ok(()), + #[cfg(feature = "bellman")] _ => Err(format!( "Unsupported combination of parameters (backend: {}, curve: {}, proving scheme: {})", s.0, s.1, s.2 diff --git a/zokrates_js/src/lib.rs b/zokrates_js/src/lib.rs index 3d0192a1..6d2b1b11 100644 --- a/zokrates_js/src/lib.rs +++ b/zokrates_js/src/lib.rs @@ -551,7 +551,6 @@ pub fn generate_proof( internal::generate_proof::<_, Marlin, Ark>(p, witness, pk) } }, - _ => Err(JsValue::from_str("Unsupported scheme")), } } @@ -620,7 +619,6 @@ pub fn verify(vk: JsValue, proof: JsValue) -> Result { CurveParameter::Bls12_377 => internal::verify::(vk, proof), CurveParameter::Bw6_761 => internal::verify::(vk, proof), }, - _ => Err(JsValue::from_str("Unsupported scheme")), } } diff --git a/zokrates_proof_systems/src/scheme/mod.rs b/zokrates_proof_systems/src/scheme/mod.rs index ffcc3214..e841d812 100644 --- a/zokrates_proof_systems/src/scheme/mod.rs +++ b/zokrates_proof_systems/src/scheme/mod.rs @@ -5,12 +5,10 @@ use zokrates_field::Field; pub mod gm17; pub mod groth16; pub mod marlin; -pub mod pghr13; pub use self::gm17::GM17; pub use self::groth16::G16; pub use self::marlin::Marlin; -pub use self::pghr13::PGHR13; pub trait Scheme: Serialize { const NAME: &'static str; diff --git a/zokrates_proof_systems/src/scheme/pghr13.rs b/zokrates_proof_systems/src/scheme/pghr13.rs deleted file mode 100644 index 7bc4e0d3..00000000 --- a/zokrates_proof_systems/src/scheme/pghr13.rs +++ /dev/null @@ -1,219 +0,0 @@ -use crate::scheme::{NonUniversalScheme, Scheme}; -use crate::solidity::solidity_pairing_lib; -use crate::{G1Affine, G2Affine, SolidityCompatibleField, SolidityCompatibleScheme}; -use regex::Regex; -use serde::{Deserialize, Serialize}; -use zokrates_field::Field; - -#[allow(clippy::upper_case_acronyms)] -#[derive(Serialize)] -pub struct PGHR13; - -#[derive(Serialize, Deserialize, Clone)] -pub struct ProofPoints { - pub a: G1, - pub a_p: G1, - pub b: G2, - pub b_p: G1, - pub c: G1, - pub c_p: G1, - pub h: G1, - pub k: G1, -} - -#[derive(Serialize, Deserialize)] -pub struct VerificationKey { - pub a: G2, - pub b: G1, - pub c: G2, - pub gamma: G2, - pub gamma_beta_1: G1, - pub gamma_beta_2: G2, - pub z: G2, - pub ic: Vec, -} - -impl Scheme for PGHR13 { - const NAME: &'static str = "pghr13"; - - type VerificationKey = VerificationKey; - type ProofPoints = ProofPoints; -} - -impl NonUniversalScheme for PGHR13 {} - -impl SolidityCompatibleScheme for PGHR13 { - type Proof = Self::ProofPoints; - - fn export_solidity_verifier(vk: >::VerificationKey) -> String { - let (mut template_text, solidity_pairing_lib) = - (String::from(CONTRACT_TEMPLATE), solidity_pairing_lib(false)); - - // replace things in template - let vk_regex = Regex::new(r#"(<%vk_[^i%]*%>)"#).unwrap(); - let vk_ic_len_regex = Regex::new(r#"(<%vk_ic_length%>)"#).unwrap(); - let vk_ic_repeat_regex = Regex::new(r#"(<%vk_ic_pts%>)"#).unwrap(); - let vk_input_len_regex = Regex::new(r#"(<%vk_input_length%>)"#).unwrap(); - let input_loop = Regex::new(r#"(<%input_loop%>)"#).unwrap(); - let input_argument = Regex::new(r#"(<%input_argument%>)"#).unwrap(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.a.to_string().as_str()) - .into_owned(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.b.to_string().as_str()) - .into_owned(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.c.to_string().as_str()) - .into_owned(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.gamma.to_string().as_str()) - .into_owned(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.gamma_beta_1.to_string().as_str()) - .into_owned(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.gamma_beta_2.to_string().as_str()) - .into_owned(); - - template_text = vk_regex - .replace(template_text.as_str(), vk.z.to_string().as_str()) - .into_owned(); - - let ic_count: usize = vk.ic.len(); - template_text = vk_ic_len_regex - .replace(template_text.as_str(), format!("{}", ic_count).as_str()) - .into_owned(); - - template_text = vk_input_len_regex - .replace(template_text.as_str(), format!("{}", ic_count - 1).as_str()) - .into_owned(); - - // feed input values only if there are any - template_text = if ic_count > 1 { - input_loop.replace( - template_text.as_str(), - r#" - for(uint i = 0; i < input.length; i++){ - inputValues[i] = input[i]; - }"#, - ) - } else { - input_loop.replace(template_text.as_str(), "") - } - .to_string(); - - // take input values as argument only if there are any - template_text = if ic_count > 1 { - input_argument.replace( - template_text.as_str(), - format!(", uint[{}] memory input", ic_count - 1).as_str(), - ) - } else { - input_argument.replace(template_text.as_str(), "") - } - .to_string(); - - let mut ic_repeat_text = String::new(); - for (i, g1) in vk.ic.iter().enumerate() { - ic_repeat_text.push_str( - format!( - "vk.ic[{}] = Pairing.G1Point({});", - i, - g1.to_string().as_str() - ) - .as_str(), - ); - if i < ic_count - 1 { - ic_repeat_text.push_str("\n "); - } - } - - template_text = vk_ic_repeat_regex - .replace(template_text.as_str(), ic_repeat_text.as_str()) - .into_owned(); - - let re = Regex::new(r"(?P0[xX][0-9a-fA-F]{64})").unwrap(); - template_text = re.replace_all(&template_text, "uint256($v)").to_string(); - - format!("{}{}", solidity_pairing_lib, template_text) - } -} - -const CONTRACT_TEMPLATE: &str = r#"contract Verifier { - using Pairing for *; - struct VerifyingKey { - Pairing.G2Point a; - Pairing.G1Point b; - Pairing.G2Point c; - Pairing.G2Point gamma; - Pairing.G1Point gamma_beta_1; - Pairing.G2Point gamma_beta_2; - Pairing.G2Point z; - Pairing.G1Point[] ic; - } - struct Proof { - Pairing.G1Point a; - Pairing.G1Point a_p; - Pairing.G2Point b; - Pairing.G1Point b_p; - Pairing.G1Point c; - Pairing.G1Point c_p; - Pairing.G1Point h; - Pairing.G1Point k; - } - function verifyingKey() pure internal returns (VerifyingKey memory vk) { - vk.a = Pairing.G2Point(<%vk_a%>); - vk.b = Pairing.G1Point(<%vk_b%>); - vk.c = Pairing.G2Point(<%vk_c%>); - vk.gamma = Pairing.G2Point(<%vk_g%>); - vk.gamma_beta_1 = Pairing.G1Point(<%vk_gb1%>); - vk.gamma_beta_2 = Pairing.G2Point(<%vk_gb2%>); - vk.z = Pairing.G2Point(<%vk_z%>); - vk.ic = new Pairing.G1Point[](<%vk_ic_length%>); - <%vk_ic_pts%> - } - function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { - uint256 snark_scalar_field = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - VerifyingKey memory vk = verifyingKey(); - require(input.length + 1 == vk.ic.length); - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - for (uint i = 0; i < input.length; i++) { - require(input[i] < snark_scalar_field); - vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.ic[i + 1], input[i])); - } - vk_x = Pairing.addition(vk_x, vk.ic[0]); - if (!Pairing.pairingProd2(proof.a, vk.a, Pairing.negate(proof.a_p), Pairing.P2())) return 1; - if (!Pairing.pairingProd2(vk.b, proof.b, Pairing.negate(proof.b_p), Pairing.P2())) return 2; - if (!Pairing.pairingProd2(proof.c, vk.c, Pairing.negate(proof.c_p), Pairing.P2())) return 3; - if (!Pairing.pairingProd3( - proof.k, vk.gamma, - Pairing.negate(Pairing.addition(vk_x, Pairing.addition(proof.a, proof.c))), vk.gamma_beta_2, - Pairing.negate(vk.gamma_beta_1), proof.b - )) return 4; - if (!Pairing.pairingProd3( - Pairing.addition(vk_x, proof.a), proof.b, - Pairing.negate(proof.h), vk.z, - Pairing.negate(proof.c), Pairing.P2() - )) return 5; - return 0; - } - function verifyTx( - Proof memory proof<%input_argument%> - ) public view returns (bool r) { - uint[] memory inputValues = new uint[](<%vk_input_length%>); - <%input_loop%> - if (verify(inputValues, proof) == 0) { - return true; - } else { - return false; - } - } -} -"#; diff --git a/zokrates_proof_systems/src/to_token.rs b/zokrates_proof_systems/src/to_token.rs index 3c3dae53..fbefdc40 100644 --- a/zokrates_proof_systems/src/to_token.rs +++ b/zokrates_proof_systems/src/to_token.rs @@ -3,7 +3,6 @@ use primitive_types::U256; use super::{ Fr, G1Affine, G2Affine, Marlin, SolidityCompatibleField, SolidityCompatibleScheme, G16, GM17, - PGHR13, }; /// Helper methods for parsing group structure @@ -40,62 +39,6 @@ pub trait ToToken: SolidityCompatibleScheme { fn modify(proof: Self::Proof) -> Self::Proof; } -impl ToToken for PGHR13 { - fn to_token(proof: Self::Proof) -> Token { - let a = { - let (x, y) = encode_g1_element(&proof.a); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let a_p = { - let (x, y) = encode_g1_element(&proof.a_p); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let b = { - let ((x0, y0), (x1, y1)) = encode_g2_element(&proof.b); - Token::Tuple(vec![ - Token::FixedArray(vec![Token::Uint(x0), Token::Uint(y0)]), - Token::FixedArray(vec![Token::Uint(x1), Token::Uint(y1)]), - ]) - }; - - let b_p = { - let (x, y) = encode_g1_element(&proof.b_p); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let c = { - let (x, y) = encode_g1_element(&proof.c); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let c_p = { - let (x, y) = encode_g1_element(&proof.c_p); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let h = { - let (x, y) = encode_g1_element(&proof.h); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let k = { - let (x, y) = encode_g1_element(&proof.k); - Token::Tuple(vec![Token::Uint(x), Token::Uint(y)]) - }; - - let proof_tokens = vec![a, a_p, b, b_p, c, c_p, h, k]; - - Token::Tuple(proof_tokens) - } - - fn modify(mut proof: Self::Proof) -> Self::Proof { - proof.a.0 = "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".into(); - proof - } -} - impl ToToken for G16 { fn to_token(proof: Self::Proof) -> Token { let a = {