Zero-knowledge proofs toolkit with pure Rust.
This project is part of zkp-toolkit-ckb and is supported by the Nervos Foundation. It provides multiple zkp schemes and curve options, which can also be used to implement on-chain zkp verifiers for the CKB-VM. You can check the original proposal for more feature details.
Use the Mini circuit and Groth16 scheme we supported as an example.
use ark_bls12_381::{Bls12_381, Fr};
use ark_ff::PrimeField;
use zkp_groth16::{
create_random_proof, generate_random_parameters, verifier::prepare_verifying_key, verify_proof,
Parameters, Proof, VerifyKey,
};
use zkp_r1cs::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
use rand::prelude::*;
struct Mini<F: PrimeField> {
pub x: Option<F>,
pub y: Option<F>,
pub z: Option<F>,
pub num: u32,
}
impl<F: PrimeField> ConstraintSynthesizer<F> for Mini<F> {
fn generate_constraints<CS: ConstraintSystem<F>>(
self,
cs: &mut CS,
) -> Result<(), SynthesisError> {
let var_x = cs.alloc(|| "x", || self.x.ok_or(SynthesisError::AssignmentMissing))?;
let var_y = cs.alloc(|| "y", || self.y.ok_or(SynthesisError::AssignmentMissing))?;
let var_z = cs.alloc_input(
|| "z(output)",
|| self.z.ok_or(SynthesisError::AssignmentMissing),
)?;
for _ in 0..self.num {
cs.enforce(
|| "x * (y + 2) = z",
|lc| lc + var_x,
|lc| lc + var_y + (F::from(2u32), CS::one()),
|lc| lc + var_z,
);
}
Ok(())
}
}
/// test for use groth16 & bls12_381 & mimc gadget.
fn main() {
let mut rng = thread_rng();
// TRUSTED SETUP
println!("TRUSTED SETUP...");
let c = Mini::<Fr> {
x: None,
y: None,
z: None,
num: 10, // 10-times constraints
};
let params = generate_random_parameters::<Bls12_381, _, _>(c, &mut rng).unwrap();
// you need to save this verify key,
// when verify, use it as a param.
let vk_bytes = postcard::to_allocvec(¶ms.vk).unwrap();
// you need to save this prove key,
// when prove, use it as a param.
let params_bytes = postcard::to_allocvec(¶ms).unwrap();
// Prepare the verification key (for proof verification)
let pvk = prepare_verifying_key(¶ms.vk);
let x = Fr::from(2u32);
let y = Fr::from(3u32);
let z = Fr::from(10u32);
let circuit = Mini {
x: Some(x),
y: Some(y),
z: Some(z),
num: 10,
};
println!("GROTH16 START PROVE...");
let proof = create_random_proof(¶ms, circuit, &mut rng).unwrap();
println!("GROTH16 START VERIFY...");
assert!(verify_proof(&pvk, &proof, &[Fr::from(10u32)]).unwrap());
}Check more examples at ckb-zkp/examples.
- Efficient computation.
- Variety of curves.
- Variety of zkp schemes.
- Multiple out-of-the-box gadgets.
no-stdis supported.
Currently, We supported multiple zkp schemes and curves, And we also supported some useful gadgets that could be sharable between schemes by standard R1CS.
- Groth16 The most popular zkSNARK scheme, smallest proof size.
- Bulletproofs Short proofs, no trusted-setup.
- Spartan Efficient and general-purpose zkSNARKs without trusted setup.
- Marlin Universal and Updatable SRS.
- CLINKv2 Optimized for parallel data processing, support large-scale data (up to GigaBytes), no trusted-setup.
- Libra Succinct Zero-Knowledge Proofs with Optimal Prover Computation.
- Hyrax Doubly-efficient zkSNARKs without trusted setup.
- aSVC Aggregatable Subvector Commitments for Stateless Cryptocurrencies.
- BLAKE2s
- Boolean
- Lookup
- Merkletree
- MiMC
- Multieq
- Poseidon
- Rangeproof
- Rescue
- SHA256
- ... Many others ...
Check the gadget doc for more details.
Check CLI usage for hands-on examples.
This project is still under active development and is currently being used for research and experimental purposes only. Please DO NOT USE IT IN PRODUCTION for now.
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Inspired by bellman, zexe, libsnark, dalek-bulletproofs and other great projects.