allow the user to set the masking coefficients and the toxic waste (useful for debugging purposes)

groth16.nim

@@ -1,6 +1,12 @@
 
-import groth16/bn128/types
+import groth16/bn128
 import groth16/files/zkey
 import groth16/files/witness
 import groth16/prover
 import groth16/verifier
+
+export bn128
+export zkey
+export witness
+export prover
+export verifier

groth16.nimble

@@ -6,4 +6,4 @@ license     = "MIT OR Apache-2.0"
 skipDirs    = @["groth16/example"]
 binDir      = "build"
 
-requires "https://github.com/mratsim/constantine"
+requires "https://github.com/mratsim/constantine#5f7ba18f2ed351260015397c9eae079a6decaee1"

groth16/fake_setup.nim

@@ -20,14 +20,14 @@ import groth16/misc
 #-------------------------------------------------------------------------------
 
 type 
-  ToxicWaste = object
-    alpha: Fr
-    beta:  Fr
-    gamma: Fr
-    delta: Fr
-    tau:   Fr
+  ToxicWaste* = object
+    alpha*: Fr
+    beta*:  Fr
+    gamma*: Fr
+    delta*: Fr
+    tau*:   Fr
 
-proc randomToxicWaste(): ToxicWaste = 
+proc randomToxicWaste*(): ToxicWaste = 
   let a = randFr()
   let b = randFr()
   let c = randFr()

groth16/prover.nim

@@ -149,7 +149,12 @@ func computeSnarkjsScalarCoeffs( abc: ABC ): seq[Fr] =
 # the prover
 #
 
-proc generateProof*( zkey: ZKey, wtns: Witness ): Proof =
+type
+  Mask* = object
+    r*: Fr              # masking coefficients 
+    s*: Fr              # for zero knowledge
+
+proc generateProofWithMask*( zkey: ZKey, wtns: Witness, mask: Mask ): Proof =
   assert( zkey.header.curve == wtns.curve )
 
   let witness = wtns.values
@@ -186,8 +191,8 @@ proc generateProof*( zkey: ZKey, wtns: Witness ): Proof =
     zs[j-npubs-1] = witness[j]
 
   # masking coeffs
-  let r : Fr = randFr()
-  let s : Fr = randFr()
+  let r = mask.r
+  let s = mask.s
 
   var pi_a : G1 
   pi_a =  spec.alpha1
@@ -214,3 +219,12 @@ proc generateProof*( zkey: ZKey, wtns: Witness ): Proof =
   return Proof( curve:"bn128", publicIO:pubIO, pi_a:pi_a, pi_b:pi_b, pi_c:pi_c )
 
 #-------------------------------------------------------------------------------
+
+proc generateProof*( zkey: ZKey, wtns: Witness ): Proof =
+
+  # masking coeffs
+  let r : Fr = randFr()
+  let s : Fr = randFr()
+  let mask = Mask(r: r, s: s)
+
+  return generateProofWithMask( zkey, wtns, mask )