merge dev

zokrates_book/src/reference/proving_schemes.md

@@ -17,10 +17,20 @@ When not using the default, the CLI flag has to be provided for the following co
 - `export-verifier`
 - `generate-proof`
 
+## Supporting backends
+
+As shown in the table above, the `PGHR13` and `GM17`schemes require [libsnark](https://github.com/scipr-lab/libsnark) as a backend, while G16 uses [bellman](https://github.com/zkcrypto/bellman), which is included as the default backend.
+
+To include libsnark in the build, compile ZoKrates from [source](https://github.com/ZoKrates/ZoKrates/) with the `libsnark` feature:
+```bash
+cargo +nightly -Z package-features build --release --package zokrates_cli --features="libsnark"
+```
+ Note, that this is only tested for Linux. If you are on another OS, consider using our Docker container, which includes a libsnark installation.
+
 ## G16 malleability
 
 When using G16, developers should pay attention to the fact that an attacker seeing a valid proof can very easily generate a different but still valid proof. Therefore, depending on the use case, making sure on chain that the same proof cannot be submitted twice may *not* be enough to guarantee that attackers cannot replay proofs. Mechanisms to solve this issue include:
 - signed proofs
 - nullifiers
 - usage of an ethereum address as a public input to the program
-- usage of non-malleable schemes such as GM17
+- usage of non-malleable schemes such as GM17

zokrates_book/src/sha256example.md

@@ -106,7 +106,7 @@ Finally, Peggy can run the command to construct the proof:
 
 As the inputs were declared as private in the program, they do not appear in the proof thanks to the zero knowledge property of the protocol.
 
-ZoKrates creates a file, `proof.json`,  consisting of the eight variables that make up the zkSNARKs proof. The `verifyTx` function in the smart contract deployed by Victor accepts these eight values, along with an array of public inputs. The array of public inputs consists of:
+ZoKrates creates a file, `proof.json`,  consisting of the three elliptic curve points that make up the zkSNARKs proof. The `verifyTx` function in the smart contract deployed by Victor accepts these three values, along with an array of public inputs. The array of public inputs consists of:
 
 * any public inputs to the main function, declared without the `private` keyword
 * the return values of the ZoKrates function

zokrates_cli/tests/code/arithmetics.arguments.json

@@ -0,0 +1,4 @@
+[
+    1,
+    2
+]

zokrates_cli/tests/code/arithmetics.code

@@ -0,0 +1,2 @@
+def main(field a, field b) -> (field):
+  return 3*a+(b+a)**2

zokrates_cli/tests/code/arithmetics.expected.witness

@@ -0,0 +1 @@
+~out_0 12

zokrates_cli/tests/code/no_return.arguments.json

@@ -0,0 +1,4 @@
+[
+    1,
+    1
+]

zokrates_cli/tests/code/no_return.code

@@ -0,0 +1,3 @@
+def main(field a, field b) -> ():
+	a==b
+	return

zokrates_core/src/static_analysis/mod.rs

@@ -6,12 +6,10 @@
 
 mod flat_propagation;
 mod inline;
-mod power_check;
 mod propagation;
 mod unroll;
 
 use self::inline::Inliner;
-use self::power_check::PowerChecker;
 use self::propagation::Propagator;
 use self::unroll::Unroller;
 use crate::flat_absy::FlatProg;
@@ -24,9 +22,8 @@ pub trait Analyse {
 
 impl<'ast, T: Field> Analyse for TypedProgram<'ast, T> {
     fn analyse(self) -> Self {
-        let r = PowerChecker::check(self);
         // unroll
-        let r = Unroller::unroll(r);
+        let r = Unroller::unroll(self);
         // inline
         let r = Inliner::inline(r);
         // propagate

zokrates_core/src/static_analysis/power_check.rs

@@ -1,33 +0,0 @@
-use crate::typed_absy::folder::*;
-use crate::typed_absy::Folder;
-use crate::typed_absy::*;
-use zokrates_field::field::Field;
-
-pub struct PowerChecker {}
-
-impl PowerChecker {
-    fn new() -> Self {
-        PowerChecker {}
-    }
-
-    pub fn check<T: Field>(p: TypedProgram<T>) -> TypedProgram<T> {
-        PowerChecker::new().fold_program(p)
-    }
-}
-
-impl<'ast, T: Field> Folder<'ast, T> for PowerChecker {
-    fn fold_field_expression(
-        &mut self,
-        e: FieldElementExpression<'ast, T>,
-    ) -> FieldElementExpression<'ast, T> {
-        match e {
-            FieldElementExpression::Pow(box FieldElementExpression::Identifier(..), _) |  FieldElementExpression::Pow(box FieldElementExpression::Number(..), _)=> {
-				fold_field_expression(self, e)
-            },
-            FieldElementExpression::Pow(e, _) => {
-            	panic!(format!("Base of an exponentiation has to be a number or identifier, found {}. Please use intermediate variables.", e))
-            },
-            e => fold_field_expression(self, e)
-        }
-    }
-}