Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement verifiers that accept Groth16 types #305

Closed
dconnolly opened this issue Mar 10, 2020 · 10 comments · Fixed by #830
Closed

Implement verifiers that accept Groth16 types #305

dconnolly opened this issue Mar 10, 2020 · 10 comments · Fixed by #830
Assignees
@yaahc
Labels
A-dependencies Area: Dependency file updates NU-1 Sapling Network Upgrade: Sapling specific tasks
Milestone
2021 Sprint 2

Comments

@dconnolly
Copy link
Contributor

dconnolly commented Mar 10, 2020
edited
Loading

Require bellman or bellman community, validators can accept our Groth16 types and validate them, with batching or without.

https://github.com/ZcashFoundation/zebra/blob/main/zebra-chain/src/proofs/groth16.rs

image

https://zips.z.cash/protocol/protocol.pdf#groth
@dconnolly dconnolly added A-dependencies Area: Dependency file updates Poll::Ready labels Mar 10, 2020
@dconnolly dconnolly added this to the Validate transactions. milestone Mar 10, 2020
@hdevalence hdevalence mentioned this issue Mar 10, 2020
Closed
@hdevalence
Copy link
Contributor

Because there are multiple proof statements, but only one Groth16Proof type, I think we will have to have each verifier call the bellman API rather than wrapping verification into a Groth16Proof method. So it may make sense to recast this issue as the work required to have all of the infrastructure for using proof verification data.

@hdevalence hdevalence mentioned this issue Mar 25, 2020
Closed
@hdevalence
Copy link
Contributor

To verify proofs we will need to have some mechanism for loading the verification data. Notes from digging through stuff with @dconnolly:

  • Groth16 proof verification is done by bellman::groth16::verify_proof, which takes a PreparedVerificationKey.
  • zcash_proofs/src/lib.rs has a load_parameters function, which notes:

    We only deserialize the verifying key for the Sprout parameters, which appears at the beginning of the parameter file

  • The sizes of the parameter files are large: sapling-output.params is 3.5M, sapling-spend.params is 46M, and sprout-groth16.params is 692M.
  • From looking at the parsing logic, it seems like the verifying key is 3*96 + 3*192 + 4 + n*96 bytes long, with n = 6, 8, 10 respectively. This gives PVK sizes of 1444, 1636, 1828 bytes.

Since we don't ever plan to support Sprout-on-Groth16 proving, we probably don't ever have a reason to ship the 700MB file, and since we will only support transaction creation later, it might make sense to split apart the verification keys from the rest of the parameters (and hardcode them in the source). Then later, when we implement tx creation, we can lazily load the other parameters when we are asked to create transactions.

@hdevalence
Copy link
Contributor

cc @str4d @daira -- is that reasoning correct, or did we miss something?

This was referenced Mar 25, 2020
Closed
Closed
Closed
@daira
Copy link
Contributor

daira commented Mar 27, 2020

That looks correct to me. (I'm making guesses about the format based on a brief skim of https://docs.rs/crate/bellman/0.6.0/source/src/groth16/mod.rs .)

@howardwu
Copy link

Since the Sapling spend and output parameters are of reasonable size, we deployed a crate wagyu-zcash-parameters that allows you to import the Sapling parameters natively into your Rust code. The README gives more context on how we do it (with Crates.io's size limit) and we've added this into wagyu (Sapling transaction tests here) for use (our transaction creation tests are passing)

@howardwu
Copy link

As a quick note, the crate currently returns the data as buffers (Vec<u8>) and we verify the hash and construct Zcash semantic data structures in wagyu.

For those who want to replace the load_parameters function in zcash_proofs, they can reference how we do it in wagyu here.

@dconnolly dconnolly added the NU-1 Sapling Network Upgrade: Sapling specific tasks label Apr 2, 2020
@dconnolly dconnolly self-assigned this Apr 18, 2020
@dconnolly dconnolly changed the title Expose proof validation for Groth16 proof type Implement verifiers that accept Groth16 types May 14, 2020
@dconnolly dconnolly mentioned this issue May 28, 2020
Closed
@dconnolly
Copy link
Contributor Author

Related: #406

@dconnolly
Copy link
Contributor Author

406

@hdevalence hdevalence reopened this Jul 2, 2020
@hdevalence hdevalence assigned hdevalence and unassigned dconnolly Jul 2, 2020
@yaahc yaahc mentioned this issue Jul 9, 2020
Closed
18 tasks
@hdevalence
Copy link
Contributor

Underway in #830

@dconnolly dconnolly mentioned this issue Aug 11, 2020
Closed
27 tasks
@mpguerra mpguerra removed this from the Transaction Validation milestone Jan 5, 2021
@mpguerra mpguerra added this to the 2021 Sprint 1 milestone Jan 25, 2021
@yaahc yaahc mentioned this issue Jan 27, 2021
Closed
10 tasks
@mpguerra mpguerra modified the milestones: 2021 Sprint 1, 2021 Sprint 2 Jan 27, 2021
@dconnolly dconnolly linked a pull request Feb 8, 2021 that will close this issue
Asynchronous Groth16 verification #830
Merged
@dconnolly
Copy link
Contributor Author

Closed in #830

@dconnolly dconnolly mentioned this issue Mar 5, 2021
Closed
53 tasks
skyl added a commit to skyl/zebra that referenced this issue Sep 25, 2024
@skyl
Add GFM support, update markdown deps, prepare for markdown polls (Zc…
f052f1c 
…ashFoundation#305)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yaahc yaahc

Labels
A-dependencies Area: Dependency file updates NU-1 Sapling Network Upgrade: Sapling specific tasks
Projects
None yet
Milestone
2021 Sprint 2
Development

Successfully merging a pull request may close this issue.

Asynchronous Groth16 verification ZcashFoundation/zebra
6 participants
@hdevalence @dconnolly @daira @mpguerra @yaahc @howardwu