iang
/
pedersen-libsnark


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
							#include <stdlib.h>
#include <iostream>
#include <fstream>

#include "ecgadget.hpp"
#include "scalarmul.hpp"

using namespace libsnark;
using namespace std;

int main()
{
  // Initialize the curve parameters

  default_r1cs_gg_ppzksnark_pp::init_public_params();

  typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;
  
  // Create protoboard

  libff::start_profiling();

  cout << "Keypair" << endl;

  protoboard<FieldT> pb;
  pb_variable<FieldT> outx, outy;
  pb_variable<FieldT> accinx, acciny, accoutx, accouty;
  pb_variable<FieldT> s;

  // An accumulator initial value.  Its DL representation with respect
  // to C and P should be unknown.
  const FieldT Ax = FieldT("7536839002660211356286040193441766649532044555061394833845553337792579131020");
  const FieldT Ay = FieldT("11391058648720923807988142436733355540810929560298907319389650598553246451302");
  FieldT AXSx = Ax;
  FieldT AXSy = Ay;
  const FieldT Px = FieldT(0);
  const FieldT Py = FieldT("11977228949870389393715360594190192321220966033310912010610740966317727761886");

  // Allocate variables

  outx.allocate(pb, "outx");
  outy.allocate(pb, "outy");
  accinx.allocate(pb, "accinx");
  acciny.allocate(pb, "acciny");
  accoutx.allocate(pb, "accoutx");
  accouty.allocate(pb, "accouty");
  s.allocate(pb, "s");

  // This sets up the protoboard variables so that the first n of them
  // represent the public input and the rest is private input

  pb.set_input_sizes(2);

  // Initialize the accumulator
  pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, Ax));
  pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, Ay));
  // Initialize the gadget
  ec_constant_scalarmul_gadget<FieldT> sm(pb, accoutx, accouty, accinx, acciny, s, Px, Py, AXSx, AXSy);
  sm.generate_r1cs_constraints();
  // Subtract the accumulator excess to get the result
  ec_constant_add_gadget<FieldT> ad(pb, outx, outy, accoutx, accouty, AXSx, -AXSy);

  const r1cs_constraint_system<FieldT> constraint_system = pb.get_constraint_system();

  const r1cs_gg_ppzksnark_keypair<default_r1cs_gg_ppzksnark_pp> keypair = r1cs_gg_ppzksnark_generator<default_r1cs_gg_ppzksnark_pp>(constraint_system);

  // Add witness values

  cout << "Prover" << endl;
  
  pb.val(accinx) = Ax;
  pb.val(acciny) = Ay;
  pb.val(s) = FieldT::random_element();
  cout << "Computing " << pb.val(s) << "*G" << endl;

  sm.generate_r1cs_witness();
  ad.generate_r1cs_witness();

  const r1cs_gg_ppzksnark_proof<default_r1cs_gg_ppzksnark_pp> proof = r1cs_gg_ppzksnark_prover<default_r1cs_gg_ppzksnark_pp>(keypair.pk, pb.primary_input(), pb.auxiliary_input());

  cout << "Verifier" << endl;

  bool verified = r1cs_gg_ppzksnark_verifier_strong_IC<default_r1cs_gg_ppzksnark_pp>(keypair.vk, pb.primary_input(), proof);

  cout << "Number of R1CS constraints: " << constraint_system.num_constraints() << endl;
  cout << "Primary (public) input: " << pb.primary_input() << endl;
  cout << "Auxiliary (private) input length: " << pb.auxiliary_input().size() << endl;
  //cout << "Auxiliary (private) input: " << pb.auxiliary_input() << endl;
  cout << "Verification status: " << verified << endl;

  ofstream pkfile("pk_scalarmul");
  pkfile << keypair.pk;
  pkfile.close();
  ofstream vkfile("vk_scalarmul");
  vkfile << keypair.vk;
  vkfile.close();
  ofstream pffile("proof_scalarmul");
  pffile << proof;
  pffile.close();

  cout << pb.val(s) << "*G" << " = (" << pb.val(outx) << ", " << pb.val(outy) << ")" << endl;


  return 0;
}