https://github.com/adria0/za

An experimental rust zksnarks compiler with embeeded bellman-bn128 prover
https://github.com/adria0/za

cryptography ethereum learning-by-doing rust smartcontract zk-snarks

Last synced: about 1 month ago
JSON representation

An experimental rust zksnarks compiler with embeeded bellman-bn128 prover

• Host: GitHub
• URL: https://github.com/adria0/za
• Owner: adria0
• License: lgpl-2.1
• Archived: true
• Created: 2020-01-08T16:53:12.000Z (almost 5 years ago)
• Default Branch: master
• Last Pushed: 2021-05-29T09:15:38.000Z (over 3 years ago)
• Last Synced: 2024-08-02T03:07:55.087Z (4 months ago)
• Topics: cryptography, ethereum, learning-by-doing, rust, smartcontract, zk-snarks
• Language: Rust
• Homepage:
• Size: 19.1 MB
• Stars: 41
• Watchers: 5
• Forks: 5
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-blockchain-rust - Za!

README

        
Za!




    

    

    

    

    



An experimental port of the [circom] zk-SNARK compiler in Rust with embedded bellman-bn128 prover. I created it as a PoC port of the existing JavaScript compiler to Rust when I was working for iden3.

**WARNING**: This is a proof-of-concept prototype, and in particular has not received careful code review.

[circom]: https://github.com/iden3/circom

### Building 

Install rust

`curl https://sh.rustup.rs -sSf | sh`

Install additional dependencies, you may need to install the `clang` `build-essentials` and `openssl-dev`

Clone the repo

`git clone https://github.com/adria0/za.git`

Build

`cargo build --release`

The final binary will be in `target/release/za`

### Usage

#### Generating trusted setup

`za setup --circuit  --pk  --verifier  --verifiertype `

- `circuit.za` is an input file with the `main` component that specifies the circuit

- `proving.key` is a generated output with the key required to generate proofs

- `verifier.sol` is a generated output with the smartcontract to verify the generated proofs

_if you want to do a test, create a file with name `circuit.za` with the following contents and run the `za setup`_

```

template T() {

    signal private input p;

    signal private input q;

    signal output r;

    r <== p*q;

}

component main = T();

```

#### Generating a proof

`za prove --input  --pk  --proof `

- `input.json` is an input file with the required input signals to generate the full witness

- `proving.key` is an input file with the key required to generate proofs

- `proof.json` is the input required by the smartcontract to verify the proof

_if you want to do a test, create a file with name `input.json` with the following contents and run the `za prove`_

```

{ "p" : "2", "q": "3" , "r" : "6"}

```

_then deploy the `verifier.sol` smartcontract and exec the `verifyTx` method with the contents of the `proof.json`_

#### Testing a circuit

In order to test if a circuit is correct is possible to write an embedded test by using the `#[test]` tag before a template definition (see `interop/circomlib/babyjub.circom`), to execute the test, run:

- `za test --circuit `

this will run the tests found in the circuit and all the tests found in the included templates

### Golang verification

you can verify the za! generated proofs generated with za! with the https://github.com/arnaucube/go-bellman-verifier tool (thanks @arnaucube)

### JavaScript bindings

to compile the JavaScript bindings, go to the `binding/js` folder and run:

- `npm i`

- `npm run install`

- `npm test`

check the test located in `binding/js/test/test.js`

### Differences with circom

There are few differences between this implementation and the official circom:

- Precedence of operators rust-like instead C-like:

  - `DECNUMBER`, `HEXNUMBER`, `"(" exp ")"`

  - Unary `-` `!`

  - `**`      

  - `*` `/` `\\` `%`

  - `+` `-`     

  - `<<` `>>`  

  - `&` 

  - `^` 

  - `|` 

  - `==` `!=` `<` `>` `<=` `>=`

  - `&&`

  - `||`

- Removed `++`, `--` and `:?`

- Matrix access is only accessible with `[x][y]` (not with `[x,y]`) 

- End statement semicolons are mandatory

- Loops/conditionals statements must be inside blocks `{ }`

- Added `dbg!` function to trace variables, signals and components

- Do now allow to use component `signal output`s until all `signal input` are set  

- Signal input/outputs arrays should be evaluable with template parameters

- Stamements tagged with `#[w]` are only evaluated in witness generation

- `#[test]` tagged templates are used to verify embeeded tests

- `#[]` expressions can be comment-scapped by using `/*#[]#*/` to be compatible with circom circuits.