2023-11-09 15:20:07 +01:00
|
|
|
|
2023-11-11 13:35:13 +01:00
|
|
|
Groth16 prover written in Nim
|
|
|
|
|
-----------------------------
|
2023-11-09 15:20:07 +01:00
|
|
|
|
|
|
|
|
This is Groth16 prover implementation in Nim, using the
|
|
|
|
|
[`constantine`](https://github.com/mratsim/constantine)
|
|
|
|
|
library as an arithmetic / curve backend.
|
|
|
|
|
|
2023-11-13 19:40:15 +01:00
|
|
|
The implementation is compatible with the `circom` + `snarkjs` ecosystem.
|
2023-11-09 15:20:07 +01:00
|
|
|
|
|
|
|
|
At the moment only the `BN254` (aka. `alt-bn128`) curve is supported.
|
2023-11-11 13:35:13 +01:00
|
|
|
|
2023-11-11 17:14:23 +01:00
|
|
|
### License
|
|
|
|
|
|
2023-11-13 19:40:15 +01:00
|
|
|
Licensed and distributed under either of the
|
2023-11-11 17:14:23 +01:00
|
|
|
[MIT license](http://opensource.org/licenses/MIT) or
|
|
|
|
|
[Apache License, v2.0](http://www.apache.org/licenses/LICENSE-2.0),
|
2023-11-13 19:40:15 +01:00
|
|
|
at your choice.
|
2023-11-11 13:35:13 +01:00
|
|
|
|
|
|
|
|
### TODO
|
|
|
|
|
|
|
|
|
|
- [ ] make it a nimble package
|
2023-11-11 17:14:23 +01:00
|
|
|
- [ ] refactor `bn128.nim` into smaller files
|
2023-11-11 13:35:13 +01:00
|
|
|
- [ ] proper MSM implementation (I couldn't make constantine's one to work)
|
2023-11-13 19:40:15 +01:00
|
|
|
- [x] compare `.r1cs` to the "coeffs" section of `.zkey`
|
|
|
|
|
- [x] generate fake circuit-specific setup ourselves
|
2023-11-11 13:35:13 +01:00
|
|
|
- [ ] multithreaded support (MSM, and possibly also FFT)
|
|
|
|
|
- [ ] add Groth16 notes
|
|
|
|
|
- [ ] document the `snarkjs` circuit-specific setup `H` points convention
|
2023-11-11 14:37:31 +01:00
|
|
|
- [ ] make it work for different curves
|
2023-11-11 13:35:13 +01:00
|
|
|
|
