varscalarmul.cpp 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. #include <stdlib.h>
  2. #include <iostream>
  3. #include <fstream>
  4. #include "ecgadget.hpp"
  5. #include "scalarmul.hpp"
  6. using namespace libsnark;
  7. using namespace std;
  8. int main(int argc, char **argv)
  9. {
  10. enum {
  11. MODE_NONE,
  12. MODE_PRIV,
  13. MODE_PUB
  14. } mode = MODE_NONE;
  15. if (argc == 2) {
  16. if (!strcmp(argv[1], "priv")) {
  17. mode = MODE_PRIV;
  18. } else if (!strcmp(argv[1], "pub")) {
  19. mode = MODE_PUB;
  20. }
  21. }
  22. if (mode == MODE_NONE) {
  23. cerr << "Usage: " << argv[0] << " mode" << endl << endl;
  24. cerr << "Where mode is one of:" << endl;
  25. cerr << " priv: use private Ptable" << endl;
  26. cerr << " pub: use public Ptable" << endl;
  27. exit(1);
  28. }
  29. // Initialize the curve parameters
  30. default_r1cs_gg_ppzksnark_pp::init_public_params();
  31. init_curveparams();
  32. typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;
  33. // Create protoboard
  34. libff::start_profiling();
  35. cout << "Keypair" << endl;
  36. protoboard<FieldT> pb;
  37. pb_variable<FieldT> outx, outy;
  38. pb_variable<FieldT> Px, Py;
  39. pb_variable<FieldT> s;
  40. pb_variable_array<FieldT> Ptable;
  41. // Allocate variables
  42. size_t numbits = FieldT::num_bits;
  43. outx.allocate(pb, "outx");
  44. outy.allocate(pb, "outy");
  45. Px.allocate(pb, "Px");
  46. Py.allocate(pb, "Py");
  47. Ptable.allocate(pb, 2*numbits, "Ptable");
  48. s.allocate(pb, "s");
  49. // This sets up the protoboard variables so that the first n of them
  50. // represent the public input and the rest is private input
  51. if (mode == MODE_PRIV) {
  52. pb.set_input_sizes(4);
  53. } else {
  54. pb.set_input_sizes(4+2*numbits);
  55. }
  56. // Initialize the gadget
  57. ec_scalarmul_gadget<FieldT> sm(pb, outx, outy, s, Px, Py, Ptable, mode == MODE_PRIV, true);
  58. sm.generate_r1cs_constraints();
  59. const r1cs_constraint_system<FieldT> constraint_system = pb.get_constraint_system();
  60. const r1cs_gg_ppzksnark_keypair<default_r1cs_gg_ppzksnark_pp> keypair = r1cs_gg_ppzksnark_generator<default_r1cs_gg_ppzksnark_pp>(constraint_system);
  61. // Add witness values
  62. cout << "Prover" << endl;
  63. pb.val(s) = FieldT::random_element();
  64. // A variable base point P
  65. pb.val(Px) = FieldT("1095194319010475832867263440470707690447963461907735667341232728633587089702");
  66. pb.val(Py) = FieldT("9185463202887631101218413269806857706246311016297504828581985913021301344974");
  67. cout << "Computing " << pb.val(s) << "*G" << endl;
  68. sm.generate_r1cs_witness();
  69. const r1cs_gg_ppzksnark_proof<default_r1cs_gg_ppzksnark_pp> proof = r1cs_gg_ppzksnark_prover<default_r1cs_gg_ppzksnark_pp>(keypair.pk, pb.primary_input(), pb.auxiliary_input());
  70. cout << "Verifier" << endl;
  71. bool verified = r1cs_gg_ppzksnark_verifier_strong_IC<default_r1cs_gg_ppzksnark_pp>(keypair.vk, pb.primary_input(), proof);
  72. cout << "Number of R1CS constraints: " << constraint_system.num_constraints() << endl;
  73. cout << "Primary (public) input length: " << pb.primary_input().size() << endl;
  74. // cout << "Primary (public) input: " << pb.primary_input() << endl;
  75. cout << "Auxiliary (private) input length: " << pb.auxiliary_input().size() << endl;
  76. // cout << "Auxiliary (private) input: " << pb.auxiliary_input() << endl;
  77. cout << "Verification status: " << verified << endl;
  78. ofstream pkfile(string("pk_varscalarmul_") + argv[1]);
  79. pkfile << keypair.pk;
  80. pkfile.close();
  81. ofstream vkfile(string("vk_varscalarmul_") + argv[1]);
  82. vkfile << keypair.vk;
  83. vkfile.close();
  84. ofstream pffile(string("proof_varscalarmul_") + argv[1]);
  85. pffile << proof;
  86. pffile.close();
  87. cout << pb.val(s) << "*P" << " = (" << pb.val(outx) << ", " << pb.val(outy) << ")" << endl;
  88. return 0;
  89. }