https://github.com/reilabs/gnark-lean-demo

Verification of the gnark implementation of the Semaphore protocol using Reilabs' extractor to Lean.
https://github.com/reilabs/gnark-lean-demo

formal-verification gnark lean lean4 zero-knowledge

Last synced: 4 days ago
JSON representation

Verification of the gnark implementation of the Semaphore protocol using Reilabs' extractor to Lean.

• Host: GitHub
• URL: https://github.com/reilabs/gnark-lean-demo
• Owner: reilabs
• License: apache-2.0
• Created: 2023-07-17T11:03:29.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-03-03T23:36:35.000Z (about 2 years ago)
• Last Synced: 2025-03-03T07:45:52.477Z (about 1 year ago)
• Topics: formal-verification, gnark, lean, lean4, zero-knowledge
• Language: Lean
• Homepage: https://reilabs.io
• Size: 111 KB
• Stars: 14
• Watchers: 1
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          


  

  

  



# Formal Verification of Gnark Circuits

This repository contains an example of using Reilabs'

[gnark-lean-extractor](https://github.com/reilabs/gnark-lean-extractor) library

to prove the correctness of a [gnark](https://github.com/ConsenSys/gnark)

reimplementation of the circuits necessary to implement and operate the

[Semaphore](https://semaphore.appliedzkp.org) protocol.

Under the hood, this repository makes heavy use of Reilabs'

[proven-zk](https://github.com/reilabs/proven-zk) library. It is a

[lean](https://leanprover.github.io) library to aid in the formal verification

of circuits produced by the extractor.

For guidelines on how to build these things for yourself, or to contribute to

the repository, see our [contributing guide](./CONTRIBUTING.md). It also

contains a guide to the structure of the repository.

## Verified Properties

The [main lean file](lean-circuit/Main.lean) contains formulations and

accompanying proofs of the following properties for the circuit.

1. **Poseidon Equivalence:** The equivalence of the

   [Poseidon hash implementation](./go-circuit/poseidon.go) to an

   [implementation](./lean-circuit/LeanCircuit/Poseidon/Spec.lean) very closely

   based on the Poseidon

   [reference implementation](https://extgit.iaik.tugraz.at/krypto/hadeshash).

2. **No Censorship:** A proof, given knowledge of secrets relating to

   an identity and that the identity commitment being included in the tree, that

   it is _always_ possible to generate a valid proof.

3. **No Double Signalling:** A proof that any attempt to signal twice using the

   same identity commitment will result in the equality of the corresponding

   nullifier hashes.

4. **No Unauthorized Signalling:** A proof that it is not possible to have the

   circuit accept a proof where the identity commitment generating that proof is

   not already included in the tree of identity commitments.