add example proof script

README.md

@@ -15,10 +15,10 @@ At the moment only the `BN254` (aka. `alt-bn128`) curve is supported.
 
 - [ ] make it a nimble package
 - [ ] proper MSM implementation (I couldn't make constantine's one to work)
-- [ ] proper polynomial implemention (constantine's one is essentially missing)
 - [ ] compare `.r1cs` to the "coeffs" section of `.zkey`
-- [ ] make it work for different curves
+- [ ] generate fake circuit-specific setup ourselves
 - [ ] multithreaded support (MSM, and possibly also FFT)
 - [ ] add Groth16 notes
 - [ ] document the `snarkjs` circuit-specific setup `H` points convention
+- [ ] make it work for different curves
 

example/.gitignore

@@ -0,0 +1,2 @@
+build/
+example

example/example.nim

@@ -0,0 +1,11 @@
+
+import ../test_proof
+import ../export_json
+
+let zkey_fname : string = "./build/product.zkey"
+let wtns_fname : string = "./build/product.wtns"
+let proof = testProveAndVerify( zkey_fname, wtns_fname)
+
+exportPublicIO( "./build/nim_public.json" , proof )
+exportProof(    "./build/nim_proof.json"  , proof )
+

example/product.circom

@@ -0,0 +1,40 @@
+pragma circom 2.0.0;
+
+//
+// prove a simple factorization
+//
+
+//------------------------------------------------------------------------------
+
+template Product(n) {
+  signal input  inp[n];
+  signal output out;
+
+  signal aux[n];
+  aux[0] <== inp[0];
+  for(var i=1; i<n; i++) {
+    aux[i] <== aux[i-1] * inp[i];
+  }
+
+  out <== aux[n-1];
+}
+
+//------------------------------------------------------------------------------
+
+// a[0]*a[1]*...*a[n-1] + b
+template Main(n) {
+  signal input  plus;
+  signal input  inp[n];
+  signal output out;
+
+  component prod = Product(n);
+  inp ==> prod.inp;
+  out <== prod.out + plus;
+  log("out =",out);
+
+  out === 2023;
+}
+
+//------------------------------------------------------------------------------
+
+component main {public [plus]} = Main(3);

example/prove.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+ORIG=`pwd`
+NAME="product"
+
+# --- create build directory ---
+mkdir -p build
+
+# --- compile the circom code ---
+circom --r1cs --wasm -o build ${NAME}.circom
+
+cd build
+
+# --- download powers-of-tau ceremony, if necessary ---
+PTAU_FILE="power_of_tau_10.ptau"
+if ! test -f ./${PTAU_FILE}; then
+  echo "downloading powers-of-tau..."
+  curl https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_10.ptau --output $PTAU_FILE
+else
+  echo "powers-of-tau file already exists, skip downloading"
+fi
+PTAU_FILE="`pwd`/${PTAU_FILE}"
+
+# --- perform circuit-specific setup ---
+snarkjs groth16 setup ${NAME}.r1cs $PTAU_FILE ${NAME}_0000.zkey
+echo "foobar entropy" | \
+snarkjs zkey contribute ${NAME}_0000.zkey ${NAME}_0001.zkey --name="1st Contributor Name" -v
+echo "baz entropy" | \
+snarkjs zkey contribute ${NAME}_0001.zkey ${NAME}_0002.zkey --name="2nd Contributor Name" -v
+rm ${NAME}_0000.zkey
+rm ${NAME}_0001.zkey
+mv ${NAME}_0002.zkey ${NAME}.zkey
+
+# --- export vericiation key ---
+snarkjs zkey export verificationkey ${NAME}.zkey ${NAME}_vkey.json
+
+# --- create public input ---
+cd $ORIG
+echo '{ "inp": [7,11,13] , "plus": 1022 }' >build/${NAME}_input.json
+
+# --- generate witness ---
+cd $ORIG/build/${NAME}_js
+node generate_witness.js ${NAME}.wasm ../${NAME}_input.json ../${NAME}.wtns
+cd $ORIG/build
+
+# --- create proof with snarkjs ---
+# echo "creating the proof with snarkjs..."
+# snarkjs groth16 prove ${NAME}.zkey ${NAME}.wtns snarkjs_proof.json snarkjs_public.json
+
+# --- build & execute nim prover ---
+echo "building and executing the Nim prover..."
+cd $ORIG
+nim c -r --processing:off example.nim
+
+cd $ORIG/build
+echo "verifying the proof with snarkjs..."
+snarkjs groth16 verify ${NAME}_vkey.json nim_public.json nim_proof.json
+
+cd $ORIG
+

export_json.nim

@@ -64,6 +64,8 @@ proc writeG2( f: File, p: G2 ) =
   writeFp2( f , ',' , oneFp2 )
   f.writeLine("    ]")
 
+#-------------------------------------------------------------------------------
+
 # exports the proof into as a JSON file
 proc exportProof*( fpath: string, prf: Proof ) = 
 
@@ -79,6 +81,7 @@ proc exportProof*( fpath: string, prf: Proof ) =
 
 #-------------------------------------------------------------------------------
 
+#[
 func getFakeProof*() : Proof = 
   let pub : seq[Fr] = map( [1,101,102,103,117,119] , intToFr )
   let p = unsafeMkG1( intToFp(666) , intToFp(777) )
@@ -92,4 +95,6 @@ proc exportFakeProof*() =
   let prf = getFakeProof()
   exportPublicIO( "fake_pub.json" , prf )
   exportProof(    "fake_prf.json" , prf )
+]#
 
+#-------------------------------------------------------------------------------

test_proof.nim

@@ -7,22 +7,24 @@ import ./zkey_types
 
 #-------------------------------------------------------------------------------
 
-proc testProveAndVerify*( zkey_fname, wtns_fname: string) = 
+proc testProveAndVerify*( zkey_fname, wtns_fname: string): Proof = 
 
   echo("parsing witness & zkey files...")
   let witness = parseWitness( wtns_fname)
   let zkey    = parseZKey( zkey_fname)
 
   echo("generating proof...")
-  let vkey    = extractVKey( zkey)
+  let vkey  = extractVKey( zkey)
-  let proof   = generateProof( zkey, witness )
+  let proof = generateProof( zkey, witness )
-
-  echo("exporting proof...")
-  exportPublicIO( "my_pub.json" , proof )
-  exportProof(    "my_prf.json" , proof )
 
   echo("verifying the proof...")
-  let ok      = verifyProof( vkey, proof)
+  let ok = verifyProof( vkey, proof)
   echo("verification succeeded = ",ok)
 
+  # echo("exporting proof...")
+  # exportPublicIO( "my_pub.json" , proof )
+  # exportProof(    "my_prf.json" , proof )
+
+  return proof
+
 #-------------------------------------------------------------------------------