Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/reilabs/gnark-lean-demo

Verification of the gnark implementation of the Semaphore protocol using Reilabs' extractor to Lean.
https://github.com/reilabs/gnark-lean-demo

formal-verification gnark lean lean4 zero-knowledge

Last synced: 21 days ago
JSON representation

Verification of the gnark implementation of the Semaphore protocol using Reilabs' extractor to Lean.

Host: GitHub
URL: https://github.com/reilabs/gnark-lean-demo
Owner: reilabs
License: apache-2.0
Created: 2023-07-17T11:03:29.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-03-03T23:36:35.000Z (11 months ago)
Last Synced: 2024-11-14T04:14:04.936Z (3 months ago)
Topics: formal-verification, gnark, lean, lean4, zero-knowledge
Language: Lean
Homepage: https://reilabs.io
Size: 111 KB
Stars: 14
Watchers: 1
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

# Formal Verification of Gnark Circuits

This repository contains an example of using Reilabs'
[gnark-lean-extractor](https://github.com/reilabs/gnark-lean-extractor) library
to prove the correctness of a [gnark](https://github.com/ConsenSys/gnark)
reimplementation of the circuits necessary to implement and operate the
[Semaphore](https://semaphore.appliedzkp.org) protocol.

Under the hood, this repository makes heavy use of Reilabs'
[proven-zk](https://github.com/reilabs/proven-zk) library. It is a
[lean](https://leanprover.github.io) library to aid in the formal verification
of circuits produced by the extractor.

For guidelines on how to build these things for yourself, or to contribute to
the repository, see our [contributing guide](./CONTRIBUTING.md). It also
contains a guide to the structure of the repository.

## Verified Properties

The [main lean file](lean-circuit/Main.lean) contains formulations and
accompanying proofs of the following properties for the circuit.

1. **Poseidon Equivalence:** The equivalence of the
[Poseidon hash implementation](./go-circuit/poseidon.go) to an
[implementation](./lean-circuit/LeanCircuit/Poseidon/Spec.lean) very closely
based on the Poseidon
[reference implementation](https://extgit.iaik.tugraz.at/krypto/hadeshash).
2. **No Censorship:** A proof, given knowledge of secrets relating to
an identity and that the identity commitment being included in the tree, that
it is _always_ possible to generate a valid proof.
3. **No Double Signalling:** A proof that any attempt to signal twice using the
same identity commitment will result in the equality of the corresponding
nullifier hashes.
4. **No Unauthorized Signalling:** A proof that it is not possible to have the
circuit accept a proof where the identity commitment generating that proof is
not already included in the tree of identity commitments.