Created
May 23, 2017 21:10
-
-
Save ebfull/4cf9d6b9b0c088db490cea3c075f6f63 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/gtest/test_proofs.cpp b/src/gtest/test_proofs.cpp | |
index 49202f1f6..0d678a414 100644 | |
--- a/src/gtest/test_proofs.cpp | |
+++ b/src/gtest/test_proofs.cpp | |
@@ -3,6 +3,7 @@ | |
#include <iostream> | |
+#include "algebra/knowledge_commitment/knowledge_commitment.hpp" | |
#include "libsnark/common/default_types/r1cs_ppzksnark_pp.hpp" | |
#include "libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp" | |
#include "zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp" | |
@@ -394,9 +395,10 @@ TEST(proofs, g2_serializes_properly) | |
TEST(proofs, zksnark_serializes_properly) | |
{ | |
+ std::vector<libsnark::knowledge_commitment<curve_G1, curve_G1> > zeroed_out_a_query; | |
auto example = libsnark::generate_r1cs_example_with_field_input<curve_Fr>(250, 4); | |
example.constraint_system.swap_AB_if_beneficial(); | |
- auto kp = libsnark::r1cs_ppzksnark_generator<curve_pp>(example.constraint_system); | |
+ auto kp = libsnark::r1cs_ppzksnark_generator<curve_pp>(example.constraint_system, &zeroed_out_a_query); | |
auto vkprecomp = libsnark::r1cs_ppzksnark_verifier_process_vk(kp.vk); | |
for (size_t i = 0; i < 20; i++) { | |
@@ -471,6 +473,36 @@ TEST(proofs, zksnark_serializes_properly) | |
newproof | |
)); | |
} | |
+ | |
+ // Compute a proof that hands the pairing function a G1 point at infinity, | |
+ // and make sure the verifier still rejects the proof. | |
+ { | |
+ // Construct a valid proof: | |
+ auto proof = libsnark::r1cs_ppzksnark_prover<curve_pp>( | |
+ kp.pk, | |
+ example.primary_input, | |
+ example.auxiliary_input, | |
+ example.constraint_system | |
+ ); | |
+ | |
+ // Compute a new answer to the A query with negative input | |
+ proof.g_A.g = -(zeroed_out_a_query[0].g); | |
+ proof.g_A.h = -(zeroed_out_a_query[0].h); | |
+ | |
+ size_t i = 1; | |
+ for (curve_Fr in : example.primary_input) { | |
+ proof.g_A.g = proof.g_A.g + ((-in) * zeroed_out_a_query[i].g); | |
+ proof.g_A.h = proof.g_A.h + ((-in) * zeroed_out_a_query[i].h); | |
+ | |
+ i++; | |
+ } | |
+ | |
+ ASSERT_FALSE(libsnark::r1cs_ppzksnark_verifier_strong_IC<curve_pp>( | |
+ kp.vk, | |
+ example.primary_input, | |
+ proof | |
+ )); | |
+ } | |
} | |
TEST(proofs, g1_deserialization) | |
diff --git a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp | |
index 36f6c1499..5a975a12d 100644 | |
--- a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp | |
+++ b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp | |
@@ -368,7 +368,10 @@ public: | |
* Given a R1CS constraint system CS, this algorithm produces proving and verification keys for CS. | |
*/ | |
template<typename ppT> | |
-r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs); | |
+r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator( | |
+ const r1cs_ppzksnark_constraint_system<ppT> &cs, | |
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query = NULL | |
+); | |
template<typename ppT> | |
r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator( | |
@@ -380,7 +383,8 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator( | |
const Fr<ppT>& rA, | |
const Fr<ppT>& rB, | |
const Fr<ppT>& beta, | |
- const Fr<ppT>& gamma | |
+ const Fr<ppT>& gamma, | |
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query = NULL | |
); | |
/** | |
diff --git a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc | |
index aeb2bbb85..789a29cc6 100644 | |
--- a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc | |
+++ b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc | |
@@ -232,7 +232,8 @@ r1cs_ppzksnark_verification_key<ppT> r1cs_ppzksnark_verification_key<ppT>::dummy | |
} | |
template <typename ppT> | |
-r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs) | |
+r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs, | |
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query) | |
{ | |
/* draw random element at which the QAP is evaluated */ | |
const Fr<ppT> t = Fr<ppT>::random_element(); | |
@@ -245,7 +246,7 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constr | |
beta = Fr<ppT>::random_element(), | |
gamma = Fr<ppT>::random_element(); | |
- return r1cs_ppzksnark_generator<ppT>(cs, t, alphaA, alphaB, alphaC, rA, rB, beta, gamma); | |
+ return r1cs_ppzksnark_generator<ppT>(cs, t, alphaA, alphaB, alphaC, rA, rB, beta, gamma, zeroed_out_a_query); | |
} | |
template <typename ppT> | |
@@ -258,7 +259,8 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator( | |
const Fr<ppT>& rA, | |
const Fr<ppT>& rB, | |
const Fr<ppT>& beta, | |
- const Fr<ppT>& gamma | |
+ const Fr<ppT>& gamma, | |
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query | |
) | |
{ | |
enter_block("Call to r1cs_ppzksnark_generator"); | |
@@ -328,6 +330,9 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator( | |
IC_coefficients.reserve(qap_inst.num_inputs() + 1); | |
for (size_t i = 0; i < qap_inst.num_inputs() + 1; ++i) | |
{ | |
+ if (zeroed_out_a_query) { | |
+ zeroed_out_a_query->emplace_back((At[i] * rA) * G1<ppT>::one(), (At[i] * rA * alphaA) * G1<ppT>::one()); | |
+ } | |
IC_coefficients.emplace_back(At[i]); | |
assert(!IC_coefficients[i].is_zero()); | |
At[i] = Fr<ppT>::zero(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment