mirror of
https://github.com/tornadocash/snarkjs.git
synced 2024-06-30 22:01:52 +02:00
bls12-381 all working
This commit is contained in:
parent
6b08298526
commit
1d3ad357c1
2
cli.js
2
cli.js
|
@ -916,7 +916,7 @@ async function zkeyChallangeContribute(params, options) {
|
||||||
let challangeName;
|
let challangeName;
|
||||||
let responseName;
|
let responseName;
|
||||||
|
|
||||||
const curve = curves.getCurveFromName(params[0]);
|
const curve = await curves.getCurveFromName(params[0]);
|
||||||
|
|
||||||
challangeName = params[1];
|
challangeName = params[1];
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ async function applyKeyToSection(fdOld, sections, fdNew, idSection, curve, group
|
||||||
buff = await fdOld.read(n*sG);
|
buff = await fdOld.read(n*sG);
|
||||||
buff = await G.batchApplyKey(buff, t, inc);
|
buff = await G.batchApplyKey(buff, t, inc);
|
||||||
await fdNew.write(buff);
|
await fdNew.write(buff);
|
||||||
t = curve.Fr.mul(t, curve.Fr.pow(inc, n));
|
t = curve.Fr.mul(t, curve.Fr.exp(inc, n));
|
||||||
}
|
}
|
||||||
|
|
||||||
await binFileUtils.endWriteSection(fdNew);
|
await binFileUtils.endWriteSection(fdNew);
|
||||||
|
|
|
@ -33,8 +33,7 @@ module.exports = async function beacon(zkeyNameOld, zkeyNameNew, name, numIterat
|
||||||
const {fd: fdOld, sections: sections} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
|
const {fd: fdOld, sections: sections} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
|
||||||
const zkey = await zkeyUtils.readHeader(fdOld, sections, "groth16");
|
const zkey = await zkeyUtils.readHeader(fdOld, sections, "groth16");
|
||||||
|
|
||||||
const curve = getCurve(zkey.q);
|
const curve = await getCurve(zkey.q);
|
||||||
await curve.loadEngine();
|
|
||||||
|
|
||||||
const mpcParams = await zkeyUtils.readMPCParams(fdOld, curve, sections);
|
const mpcParams = await zkeyUtils.readMPCParams(fdOld, curve, sections);
|
||||||
|
|
||||||
|
@ -52,15 +51,15 @@ module.exports = async function beacon(zkeyNameOld, zkeyNameNew, name, numIterat
|
||||||
curContribution.delta = {};
|
curContribution.delta = {};
|
||||||
curContribution.delta.prvKey = curve.Fr.fromRng(rng);
|
curContribution.delta.prvKey = curve.Fr.fromRng(rng);
|
||||||
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
||||||
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesScalar(curContribution.delta.g1_s, curContribution.delta.prvKey));
|
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesFr(curContribution.delta.g1_s, curContribution.delta.prvKey));
|
||||||
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
|
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
|
||||||
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
|
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
|
||||||
curContribution.transcript = transcriptHasher.digest();
|
curContribution.transcript = transcriptHasher.digest();
|
||||||
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
|
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
|
||||||
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesScalar(curContribution.delta.g2_sp, curContribution.delta.prvKey));
|
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesFr(curContribution.delta.g2_sp, curContribution.delta.prvKey));
|
||||||
|
|
||||||
zkey.vk_delta_1 = curve.G1.timesScalar(zkey.vk_delta_1, curContribution.delta.prvKey);
|
zkey.vk_delta_1 = curve.G1.timesFr(zkey.vk_delta_1, curContribution.delta.prvKey);
|
||||||
zkey.vk_delta_2 = curve.G2.timesScalar(zkey.vk_delta_2, curContribution.delta.prvKey);
|
zkey.vk_delta_2 = curve.G2.timesFr(zkey.vk_delta_2, curContribution.delta.prvKey);
|
||||||
|
|
||||||
curContribution.deltaAfter = zkey.vk_delta_1;
|
curContribution.deltaAfter = zkey.vk_delta_1;
|
||||||
|
|
||||||
|
|
|
@ -44,10 +44,10 @@ async function challangeContribute(curve, challangeFilename, responesFileName, e
|
||||||
await copy(sG2); // beta2
|
await copy(sG2); // beta2
|
||||||
await copy(sG2); // gamma2
|
await copy(sG2); // gamma2
|
||||||
const oldDelta1 = await readG1();
|
const oldDelta1 = await readG1();
|
||||||
const delta1 = curve.G1.timesScalar(oldDelta1, delta);
|
const delta1 = curve.G1.timesFr(oldDelta1, delta);
|
||||||
await writeG1(delta1);
|
await writeG1(delta1);
|
||||||
const oldDelta2 = await readG2();
|
const oldDelta2 = await readG2();
|
||||||
const delta2 = curve.G2.timesScalar(oldDelta2, delta);
|
const delta2 = curve.G2.timesFr(oldDelta2, delta);
|
||||||
await writeG2(delta2);
|
await writeG2(delta2);
|
||||||
|
|
||||||
// IC
|
// IC
|
||||||
|
@ -108,12 +108,12 @@ async function challangeContribute(curve, challangeFilename, responesFileName, e
|
||||||
curContribution.delta = {};
|
curContribution.delta = {};
|
||||||
curContribution.delta.prvKey = delta;
|
curContribution.delta.prvKey = delta;
|
||||||
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
||||||
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesScalar(curContribution.delta.g1_s, delta));
|
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesFr(curContribution.delta.g1_s, delta));
|
||||||
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
|
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
|
||||||
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
|
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
|
||||||
curContribution.transcript = transcriptHasher.digest();
|
curContribution.transcript = transcriptHasher.digest();
|
||||||
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
|
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
|
||||||
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesScalar(curContribution.delta.g2_sp, delta));
|
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesFr(curContribution.delta.g2_sp, delta));
|
||||||
curContribution.deltaAfter = delta1;
|
curContribution.deltaAfter = delta1;
|
||||||
curContribution.type = 0;
|
curContribution.type = 0;
|
||||||
mpcParams.contributions.push(curContribution);
|
mpcParams.contributions.push(curContribution);
|
||||||
|
|
|
@ -14,8 +14,7 @@ module.exports = async function phase2contribute(zkeyNameOld, zkeyNameNew, name
|
||||||
const {fd: fdOld, sections: sections} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
|
const {fd: fdOld, sections: sections} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
|
||||||
const zkey = await zkeyUtils.readHeader(fdOld, sections, "groth16");
|
const zkey = await zkeyUtils.readHeader(fdOld, sections, "groth16");
|
||||||
|
|
||||||
const curve = getCurve(zkey.q);
|
const curve = await getCurve(zkey.q);
|
||||||
await curve.loadEngine();
|
|
||||||
|
|
||||||
const mpcParams = await zkeyUtils.readMPCParams(fdOld, curve, sections);
|
const mpcParams = await zkeyUtils.readMPCParams(fdOld, curve, sections);
|
||||||
|
|
||||||
|
@ -34,15 +33,15 @@ module.exports = async function phase2contribute(zkeyNameOld, zkeyNameNew, name
|
||||||
curContribution.delta = {};
|
curContribution.delta = {};
|
||||||
curContribution.delta.prvKey = curve.Fr.fromRng(rng);
|
curContribution.delta.prvKey = curve.Fr.fromRng(rng);
|
||||||
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
||||||
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesScalar(curContribution.delta.g1_s, curContribution.delta.prvKey));
|
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesFr(curContribution.delta.g1_s, curContribution.delta.prvKey));
|
||||||
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
|
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
|
||||||
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
|
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
|
||||||
curContribution.transcript = transcriptHasher.digest();
|
curContribution.transcript = transcriptHasher.digest();
|
||||||
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
|
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
|
||||||
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesScalar(curContribution.delta.g2_sp, curContribution.delta.prvKey));
|
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesFr(curContribution.delta.g2_sp, curContribution.delta.prvKey));
|
||||||
|
|
||||||
zkey.vk_delta_1 = curve.G1.timesScalar(zkey.vk_delta_1, curContribution.delta.prvKey);
|
zkey.vk_delta_1 = curve.G1.timesFr(zkey.vk_delta_1, curContribution.delta.prvKey);
|
||||||
zkey.vk_delta_2 = curve.G2.timesScalar(zkey.vk_delta_2, curContribution.delta.prvKey);
|
zkey.vk_delta_2 = curve.G2.timesFr(zkey.vk_delta_2, curContribution.delta.prvKey);
|
||||||
|
|
||||||
curContribution.deltaAfter = zkey.vk_delta_1;
|
curContribution.deltaAfter = zkey.vk_delta_1;
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,7 @@ module.exports = async function phase2exportMPCParams(zkeyName, mpcparamsName,
|
||||||
const {fd: fdZKey, sections: sectionsZKey} = await binFileUtils.readBinFile(zkeyName, "zkey", 2);
|
const {fd: fdZKey, sections: sectionsZKey} = await binFileUtils.readBinFile(zkeyName, "zkey", 2);
|
||||||
const zkey = await zkeyUtils.readHeader(fdZKey, sectionsZKey, "groth16");
|
const zkey = await zkeyUtils.readHeader(fdZKey, sectionsZKey, "groth16");
|
||||||
|
|
||||||
const curve = getCurve(zkey.q);
|
const curve = await getCurve(zkey.q);
|
||||||
await curve.loadEngine();
|
|
||||||
const sG1 = curve.G1.F.n8*2;
|
const sG1 = curve.G1.F.n8*2;
|
||||||
const sG2 = curve.G2.F.n8*2;
|
const sG2 = curve.G2.F.n8*2;
|
||||||
|
|
||||||
|
@ -42,7 +41,7 @@ module.exports = async function phase2exportMPCParams(zkeyName, mpcparamsName,
|
||||||
|
|
||||||
let buffBasesH_Tau;
|
let buffBasesH_Tau;
|
||||||
buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", verbose ? console.log : undefined);
|
buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", verbose ? console.log : undefined);
|
||||||
buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.PFr.w[zkey.power+1], "jacobian", "affine", verbose ? console.log : undefined);
|
buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.Fr.w[zkey.power+1], "jacobian", "affine", verbose ? console.log : undefined);
|
||||||
|
|
||||||
// Remove last element. (The degree of H will be allways m-2)
|
// Remove last element. (The degree of H will be allways m-2)
|
||||||
buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1);
|
buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1);
|
||||||
|
|
|
@ -9,8 +9,7 @@ module.exports = async function phase2importMPCParams(zkeyNameOld, mpcparamsNam
|
||||||
const {fd: fdZKeyOld, sections: sectionsZKeyOld} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
|
const {fd: fdZKeyOld, sections: sectionsZKeyOld} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
|
||||||
const zkeyHeader = await zkeyUtils.readHeader(fdZKeyOld, sectionsZKeyOld, "groth16");
|
const zkeyHeader = await zkeyUtils.readHeader(fdZKeyOld, sectionsZKeyOld, "groth16");
|
||||||
|
|
||||||
const curve = getCurve(zkeyHeader.q);
|
const curve = await getCurve(zkeyHeader.q);
|
||||||
await curve.loadEngine();
|
|
||||||
const sG1 = curve.G1.F.n8*2;
|
const sG1 = curve.G1.F.n8*2;
|
||||||
const sG2 = curve.G2.F.n8*2;
|
const sG2 = curve.G2.F.n8*2;
|
||||||
|
|
||||||
|
@ -39,6 +38,16 @@ module.exports = async function phase2importMPCParams(zkeyNameOld, mpcparamsNam
|
||||||
c.delta.g1_sx = await readG1(fdMPCParams);
|
c.delta.g1_sx = await readG1(fdMPCParams);
|
||||||
c.delta.g2_spx = await readG2(fdMPCParams);
|
c.delta.g2_spx = await readG2(fdMPCParams);
|
||||||
c.transcript = await fdMPCParams.read(64);
|
c.transcript = await fdMPCParams.read(64);
|
||||||
|
if (i<oldMPCParams.contributions.length) {
|
||||||
|
c.type = oldMPCParams.contributions[i].type;
|
||||||
|
if (c.type==1) {
|
||||||
|
c.beaconHash = oldMPCParams.contributions[i].beaconHash;
|
||||||
|
c.numIterationsExp = oldMPCParams.contributions[i].numIterationsExp;
|
||||||
|
}
|
||||||
|
if (oldMPCParams.contributions[i].name) {
|
||||||
|
c.name = oldMPCParams.contributions[i].name;
|
||||||
|
}
|
||||||
|
}
|
||||||
newMPCParams.contributions.push(c);
|
newMPCParams.contributions.push(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -98,7 +107,7 @@ module.exports = async function phase2importMPCParams(zkeyNameOld, mpcparamsNam
|
||||||
buffH = new Uint8Array(zkeyHeader.domainSize*sG1);
|
buffH = new Uint8Array(zkeyHeader.domainSize*sG1);
|
||||||
buffH.set(buffTauLEM); // Let the last one to zero.
|
buffH.set(buffTauLEM); // Let the last one to zero.
|
||||||
const n2Inv = curve.Fr.neg(curve.Fr.inv(curve.Fr.e(2)));
|
const n2Inv = curve.Fr.neg(curve.Fr.inv(curve.Fr.e(2)));
|
||||||
const wInv = curve.Fr.inv(curve.PFr.w[zkeyHeader.power+1]);
|
const wInv = curve.Fr.inv(curve.Fr.w[zkeyHeader.power+1]);
|
||||||
buffH = await curve.G1.batchApplyKey(buffH, n2Inv, wInv, "affine", "jacobian", verbose ? console.log : undefined);
|
buffH = await curve.G1.batchApplyKey(buffH, n2Inv, wInv, "affine", "jacobian", verbose ? console.log : undefined);
|
||||||
buffH = await curve.G1.ifft(buffH, "jacobian", "affine", verbose ? console.log : undefined);
|
buffH = await curve.G1.ifft(buffH, "jacobian", "affine", verbose ? console.log : undefined);
|
||||||
await binFileUtils.startWriteSection(fdZKeyNew, 9);
|
await binFileUtils.startWriteSection(fdZKeyNew, 9);
|
||||||
|
|
|
@ -46,7 +46,7 @@ async function writeHeader(fd, zkey) {
|
||||||
// Write the Groth header section
|
// Write the Groth header section
|
||||||
///////////
|
///////////
|
||||||
|
|
||||||
const curve = getCurve(zkey.q);
|
const curve = await getCurve(zkey.q);
|
||||||
|
|
||||||
await binFileUtils.startWriteSection(fd, 2);
|
await binFileUtils.startWriteSection(fd, 2);
|
||||||
const primeQ = curve.q;
|
const primeQ = curve.q;
|
||||||
|
|
|
@ -20,8 +20,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
|
||||||
const {fd, sections} = await binFileUtils.readBinFile(zkeyFileName, "zkey", 2);
|
const {fd, sections} = await binFileUtils.readBinFile(zkeyFileName, "zkey", 2);
|
||||||
const zkey = await zkeyUtils.readHeader(fd, sections, "groth16");
|
const zkey = await zkeyUtils.readHeader(fd, sections, "groth16");
|
||||||
|
|
||||||
const curve = getCurve(zkey.q);
|
const curve = await getCurve(zkey.q);
|
||||||
await curve.loadEngine();
|
|
||||||
const sG1 = curve.G1.F.n8*2;
|
const sG1 = curve.G1.F.n8*2;
|
||||||
const sG2 = curve.G2.F.n8*2;
|
const sG2 = curve.G2.F.n8*2;
|
||||||
|
|
||||||
|
@ -60,7 +59,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
|
||||||
const rng = misc.rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
|
const rng = misc.rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
|
||||||
const expected_prvKey = curve.Fr.fromRng(rng);
|
const expected_prvKey = curve.Fr.fromRng(rng);
|
||||||
const expected_g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
const expected_g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
|
||||||
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesScalar(expected_g1_s, expected_prvKey));
|
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesFr(expected_g1_s, expected_prvKey));
|
||||||
if (curve.G1.eq(expected_g1_s, c.delta.g1_s) !== true) {
|
if (curve.G1.eq(expected_g1_s, c.delta.g1_s) !== true) {
|
||||||
console.log(`INVALID(${i}): Key of the beacon does not match. g1_s `);
|
console.log(`INVALID(${i}): Key of the beacon does not match. g1_s `);
|
||||||
return false;
|
return false;
|
||||||
|
@ -288,7 +287,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
|
||||||
// Works*2 const first = curve.Fr.neg(curve.Fr.e(2));
|
// Works*2 const first = curve.Fr.neg(curve.Fr.e(2));
|
||||||
const first = curve.Fr.neg(curve.Fr.e(2));
|
const first = curve.Fr.neg(curve.Fr.e(2));
|
||||||
// const inc = curve.Fr.inv(curve.PFr.w[zkey.power+1]);
|
// const inc = curve.Fr.inv(curve.PFr.w[zkey.power+1]);
|
||||||
const inc = curve.PFr.w[zkey.power+1];
|
const inc = curve.Fr.w[zkey.power+1];
|
||||||
buff_r = await curve.Fr.batchApplyKey(buff_r, first, inc);
|
buff_r = await curve.Fr.batchApplyKey(buff_r, first, inc);
|
||||||
buff_r = await curve.Fr.fft(buff_r);
|
buff_r = await curve.Fr.fft(buff_r);
|
||||||
buff_r = await curve.Fr.batchFromMontgomery(buff_r);
|
buff_r = await curve.Fr.batchFromMontgomery(buff_r);
|
||||||
|
@ -317,7 +316,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
|
||||||
async function batchSubstract(buff1, buff2) {
|
async function batchSubstract(buff1, buff2) {
|
||||||
const sG = curve.G1.F.n8*2;
|
const sG = curve.G1.F.n8*2;
|
||||||
const nPoints = buff1.byteLength / sG;
|
const nPoints = buff1.byteLength / sG;
|
||||||
const concurrency= curve.engine.concurrency;
|
const concurrency= curve.tm.concurrency;
|
||||||
const nPointsPerThread = Math.floor(nPoints / concurrency);
|
const nPointsPerThread = Math.floor(nPoints / concurrency);
|
||||||
const opPromises = [];
|
const opPromises = [];
|
||||||
for (let i=0; i<concurrency; i++) {
|
for (let i=0; i<concurrency; i++) {
|
||||||
|
@ -374,7 +373,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
|
||||||
]});
|
]});
|
||||||
task.push({cmd: "GET", out: 0, var: 2, len: nPoints*sG1});
|
task.push({cmd: "GET", out: 0, var: 2, len: nPoints*sG1});
|
||||||
|
|
||||||
const res = await curve.engine.queueAction(task);
|
const res = await curve.tm.queueAction(task);
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user