snarkjs/src/verifier.js

/*
    Copyright 2018 0kims association

    This file is part of zksnark javascript library.

    zksnark javascript library is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    zksnark javascript library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with zksnark javascript library.  If not, see <https://www.gnu.org/licenses/>.
*/

const BN128 = require("./BN128.js");

const bn128 = new BN128();
const G1 = bn128.G1;
const G2 = bn128.G2;

const pairing = bn128.pairing;

module.exports = function isValid(vk_verifier, proof, publicSignals) {

    let full_pi_a = vk_verifier.A[0];
    for (let s= 0; s< vk_verifier.nPublic; s++) {
        full_pi_a  = G1.add( full_pi_a, G1.mulScalar( vk_verifier.A[s+1], publicSignals[s]));
    }

    full_pi_a  = G1.add( full_pi_a, proof.pi_a);

    if (! bn128.F12.equals(
        bn128.pairing( proof.pi_a , vk_verifier.vk_a ),
        bn128.pairing( proof.pi_ap , G2.g )))
        return false;

    if (! bn128.F12.equals(
        bn128.pairing( vk_verifier.vk_b,  proof.pi_b ),
        bn128.pairing( proof.pi_bp , G2.g )))
        return false;

    if (! bn128.F12.equals(
        bn128.pairing( proof.pi_c , vk_verifier.vk_c ),
        bn128.pairing( proof.pi_cp , G2.g )))
        return false;

    if (! bn128.F12.equals(
        bn128.pairing( full_pi_a , proof.pi_b  ),
        bn128.F12.mul(
            bn128.pairing( proof.pi_h , vk_verifier.vk_z ),
            bn128.pairing( proof.pi_c , G2.g  ),
        )))
        return false;

    if (! bn128.F12.equals(
        bn128.F12.mul(
            bn128.pairing( G1.add(full_pi_a, proof.pi_c) , vk_verifier.vk_gb_2 ),
            bn128.pairing( vk_verifier.vk_gb_1 , proof.pi_b ),
        ),
        bn128.pairing( proof.pi_kp , vk_verifier.vk_g )))
        return false;


    return true;
};
Prepare license 2018-09-05 04:56:49 +02:00			`/*`
			`Copyright 2018 0kims association`

			`This file is part of zksnark javascript library.`

			`zksnark javascript library is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`zksnark javascript library is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with zksnark javascript library. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

zkSnarks working 2018-08-25 00:16:12 +02:00			`const BN128 = require("./BN128.js");`
snarks part done 2018-08-09 15:31:16 +02:00
zkSnarks working 2018-08-25 00:16:12 +02:00			`const bn128 = new BN128();`
			`const G1 = bn128.G1;`
			`const G2 = bn128.G2;`
snarks part done 2018-08-09 15:31:16 +02:00
zkSnarks working 2018-08-25 00:16:12 +02:00			`const pairing = bn128.pairing;`
Skeleton 2018-08-09 08:16:34 +02:00
			`module.exports = function isValid(vk_verifier, proof, publicSignals) {`

zkSnarks working 2018-08-25 00:16:12 +02:00			`let full_pi_a = vk_verifier.A[0];`
snarks part done 2018-08-09 15:31:16 +02:00			`for (let s= 0; s< vk_verifier.nPublic; s++) {`
zkSnarks working 2018-08-25 00:16:12 +02:00			`full_pi_a = G1.add( full_pi_a, G1.mulScalar( vk_verifier.A[s+1], publicSignals[s]));`
snarks part done 2018-08-09 15:31:16 +02:00			`}`

zkSnarks working 2018-08-25 00:16:12 +02:00			`full_pi_a = G1.add( full_pi_a, proof.pi_a);`
Force 1 in the verifier 2018-08-09 18:59:39 +02:00
zkSnarks working 2018-08-25 00:16:12 +02:00			`if (! bn128.F12.equals(`
			`bn128.pairing( proof.pi_a , vk_verifier.vk_a ),`
			`bn128.pairing( proof.pi_ap , G2.g )))`
snarks part done 2018-08-09 15:31:16 +02:00			`return false;`

zkSnarks working 2018-08-25 00:16:12 +02:00			`if (! bn128.F12.equals(`
			`bn128.pairing( vk_verifier.vk_b, proof.pi_b ),`
			`bn128.pairing( proof.pi_bp , G2.g )))`
snarks part done 2018-08-09 15:31:16 +02:00			`return false;`

zkSnarks working 2018-08-25 00:16:12 +02:00			`if (! bn128.F12.equals(`
			`bn128.pairing( proof.pi_c , vk_verifier.vk_c ),`
			`bn128.pairing( proof.pi_cp , G2.g )))`
snarks part done 2018-08-09 15:31:16 +02:00			`return false;`

zkSnarks working 2018-08-25 00:16:12 +02:00			`if (! bn128.F12.equals(`
			`bn128.pairing( full_pi_a , proof.pi_b ),`
			`bn128.F12.mul(`
			`bn128.pairing( proof.pi_h , vk_verifier.vk_z ),`
			`bn128.pairing( proof.pi_c , G2.g ),`
			`)))`
snarks part done 2018-08-09 15:31:16 +02:00			`return false;`

zkSnarks working 2018-08-25 00:16:12 +02:00			`if (! bn128.F12.equals(`
			`bn128.F12.mul(`
			`bn128.pairing( G1.add(full_pi_a, proof.pi_c) , vk_verifier.vk_gb_2 ),`
			`bn128.pairing( vk_verifier.vk_gb_1 , proof.pi_b ),`
snarks part done 2018-08-09 15:31:16 +02:00			`),`
zkSnarks working 2018-08-25 00:16:12 +02:00			`bn128.pairing( proof.pi_kp , vk_verifier.vk_g )))`
snarks part done 2018-08-09 15:31:16 +02:00			`return false;`

zkSnarks working 2018-08-25 00:16:12 +02:00

snarks part done 2018-08-09 15:31:16 +02:00			`return true;`
			`};`