2023-11-09 15:20:07 +01:00
|
|
|
|
2023-11-11 13:35:13 +01:00
|
|
|
Groth16 prover written in Nim
|
|
|
|
|
-----------------------------
|
2023-11-09 15:20:07 +01:00
|
|
|
|
|
|
|
|
This is Groth16 prover implementation in Nim, using the
|
|
|
|
|
[`constantine`](https://github.com/mratsim/constantine)
|
|
|
|
|
library as an arithmetic / curve backend.
|
|
|
|
|
|
2023-11-13 19:40:15 +01:00
|
|
|
The implementation is compatible with the `circom` + `snarkjs` ecosystem.
|
2023-11-09 15:20:07 +01:00
|
|
|
|
|
|
|
|
At the moment only the `BN254` (aka. `alt-bn128`) curve is supported.
|
2023-11-11 13:35:13 +01:00
|
|
|
|
2023-11-11 17:14:23 +01:00
|
|
|
### License
|
|
|
|
|
|
2023-11-13 19:40:15 +01:00
|
|
|
Licensed and distributed under either of the
|
2023-11-11 17:14:23 +01:00
|
|
|
[MIT license](http://opensource.org/licenses/MIT) or
|
|
|
|
|
[Apache License, v2.0](http://www.apache.org/licenses/LICENSE-2.0),
|
2023-11-13 19:40:15 +01:00
|
|
|
at your choice.
|
2023-11-11 13:35:13 +01:00
|
|
|
|
|
|
|
|
### TODO
|
|
|
|
|
|
2024-03-04 09:27:12 +01:00
|
|
|
- [x] find and fix the _second_ totally surreal bug
|
2023-11-17 09:43:43 +01:00
|
|
|
- [ ] clean up the code
|
2024-01-25 13:00:26 +01:00
|
|
|
- [ ] make it compatible with the latest constantine and also Nim 2.0.x
|
2023-11-17 09:43:43 +01:00
|
|
|
- [x] make it a nimble package
|
2024-01-25 13:00:26 +01:00
|
|
|
- [ ] compare `.r1cs` to the "coeffs" section of `.zkey`
|
2023-11-13 19:40:15 +01:00
|
|
|
- [x] generate fake circuit-specific setup ourselves
|
2024-01-25 13:00:26 +01:00
|
|
|
- [x] make a CLI interface
|
2024-03-04 09:27:12 +01:00
|
|
|
- [x] multithreading support (MSM, and possibly also FFT)
|
2023-11-11 13:35:13 +01:00
|
|
|
- [ ] add Groth16 notes
|
|
|
|
|
- [ ] document the `snarkjs` circuit-specific setup `H` points convention
|
2023-11-11 14:37:31 +01:00
|
|
|
- [ ] make it work for different curves
|
2023-11-11 13:35:13 +01:00
|
|
|
|
