Skip to content

Commit

Permalink
Merge pull request #39 from clearmatics/key-verification
Browse files Browse the repository at this point in the history 
Key verification
  • Loading branch information
@AntoineRondelet
AntoineRondelet authored Sep 30, 2020
2 parents c30af7b + 8eb8fb4 commit a8ac008
Show file tree
Hide file tree
Showing 19 changed files with 871 additions and 504 deletions.
47 changes: 26 additions & 21 deletions aggregator_server/aggregator_server.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@
// Read the zecale config, include the appropriate pairing selector and define
// the corresponding pairing parameters type.

#include "libzecale/circuits/aggregator_circuit_wrapper.hpp"
#include "libzecale/circuits/aggregator_circuit.hpp"
#include "libzecale/circuits/null_hash_gadget.hpp"
#include "libzecale/core/application_pool.hpp"
#include "libzecale/serialization/proto_utils.hpp"
#include "zecale_config.h"
Expand All @@ -19,7 +20,6 @@
#include <grpcpp/server_context.h>
#include <iostream>
#include <libsnark/common/data_structures/merkle_tree.hpp>
#include <libzeth/circuits/circuit_types.hpp>
#include <libzeth/core/utils.hpp>
#include <libzeth/serialization/proto_utils.hpp>
#include <libzeth/serialization/r1cs_serialization.hpp>
Expand Down Expand Up @@ -51,28 +51,29 @@ using npp = libzecale::other_curve<wpp>;
#if defined(ZECALE_SNARK_PGHR13)
#include <libzecale/circuits/pghr13_verifier/pghr13_verifier_parameters.hpp>
#include <libzeth/snarks/pghr13/pghr13_api_handler.hpp>
using wverifier = libzecale::pghr13_verifier_parameters<wpp>;
using wsnark = libzeth::pghr13_snark<wpp>;
using wapi_handler = libzeth::pghr13_api_handler<wpp>;
using nsnark = libzeth::pghr13_snark<npp>;
using nverifier = libzecale::pghr13_verifier_parameters<wpp>;
using napi_handler = libzeth::pghr13_api_handler<npp>;
#elif defined(ZECALE_SNARK_GROTH16)
#include <libzecale/circuits/groth16_verifier/groth16_verifier_parameters.hpp>
#include <libzeth/snarks/groth16/groth16_api_handler.hpp>
using wverifier = libzecale::groth16_verifier_parameters<wpp>;
using wsnark = libzeth::groth16_snark<wpp>;
using wapi_handler = libzeth::groth16_api_handler<wpp>;
using nsnark = libzeth::groth16_snark<npp>;
using nverifier = libzecale::groth16_verifier_parameters<wpp>;
using napi_handler = libzeth::groth16_api_handler<npp>;
#else
#error "ZECALE_SNARK_* variable not set to supported ZK snark"
#endif

using wsnark = typename wverifier::snark;
using nsnark = typename nverifier::snark;
using hash = libzecale::null_hash_gadget<libff::Fr<wpp>>;

static const size_t batch_size = 2;
static const size_t num_inputs_per_nested_proof = 1;

using aggregator_circuit_wrapper = libzecale::
aggregator_circuit_wrapper<npp, wpp, nsnark, wverifier, batch_size>;
using aggregator_circuit =
libzecale::aggregator_circuit<wpp, wsnark, nverifier, hash, batch_size>;

/// The aggregator_server class inherits from the Aggregator service defined in
/// the proto files, and provides an implementation of the service.
Expand All @@ -82,17 +83,17 @@ class aggregator_server final : public zecale_proto::Aggregator::Service
using application_pool =
libzecale::application_pool<npp, nsnark, batch_size>;

aggregator_circuit_wrapper aggregator;
aggregator_circuit &aggregator;

// The keypair is the result of the setup for the aggregation circuit
wsnark::keypair keypair;
const wsnark::keypair &keypair;

// The nested verification key is the vk used to verify the nested proofs
std::map<std::string, application_pool *> application_pools;

public:
explicit aggregator_server(
aggregator_circuit_wrapper &aggregator, const wsnark::keypair &keypair)
aggregator_circuit &aggregator, const wsnark::keypair &keypair)
: aggregator(aggregator), keypair(keypair)
{
}
Expand Down Expand Up @@ -183,12 +184,17 @@ class aggregator_server final : public zecale_proto::Aggregator::Service
application_pool *const app_pool =
application_pools.at(transaction->application_name());

// Add the application to the list of applications supported by
// the server.
// Sanity-check the transaction (number of inputs).
const libzecale::transaction_to_aggregate<npp, nsnark> tx =
libzecale::
transaction_to_aggregate_from_proto<npp, napi_handler>(
*transaction);
if (tx.extended_proof().get_primary_inputs().size() !=
num_inputs_per_nested_proof) {
throw std::invalid_argument("invalid number of inputs");
}

// Add the proof to the pool for the named application.
app_pool->add_tx(tx);

std::cout << "[DEBUG] Registered tx with ext proof:\n";
Expand Down Expand Up @@ -238,10 +244,11 @@ class aggregator_server final : public zecale_proto::Aggregator::Service
std::array<const libzeth::extended_proof<npp, nsnark> *, batch_size>
nested_proofs;
for (size_t i = 0; i < batch_size; ++i) {
nested_proofs[i] = &batch[i].extended_proof();

std::cout << "[DEBUG] got tx " << std::to_string(i)
<< " with ext proof:\n";
batch[i].extended_proof().write_json(std::cout);
nested_proofs[i] = &batch[i].extended_proof();
nested_proofs[i]->write_json(std::cout);
}

// Retrieve the nested verification key for this application.
Expand Down Expand Up @@ -310,8 +317,7 @@ void display_server_start_message()
}

static void RunServer(
aggregator_circuit_wrapper &aggregator,
const typename wsnark::keypair &keypair)
aggregator_circuit &aggregator, const typename wsnark::keypair &keypair)
{
// Listen for incoming connections on 0.0.0.0:50052
// TODO: Move this in a config file
Expand Down Expand Up @@ -401,9 +407,8 @@ int main(int argc, char **argv)
npp::init_public_params();
wpp::init_public_params();

libzecale::
aggregator_circuit_wrapper<npp, wpp, nsnark, wverifier, batch_size>
aggregator(num_inputs_per_nested_proof);
libzecale::aggregator_circuit<wpp, wsnark, nverifier, hash, batch_size>
aggregator(num_inputs_per_nested_proof);
wsnark::keypair keypair = [&keypair_file, &aggregator]() {
if (!keypair_file.empty()) {
#ifdef ZKSNARK_GROTH16
Expand Down
121 changes: 121 additions & 0 deletions libzecale/circuits/aggregator_circuit.hpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
// Copyright (c) 2015-2020 Clearmatics Technologies Ltd
//
// SPDX-License-Identifier: LGPL-3.0+

#ifndef __ZECALE_CORE_AGGREGATOR_CIRCUIT_HPP__
#define __ZECALE_CORE_AGGREGATOR_CIRCUIT_HPP__

#include "libzecale/circuits/aggregator_gadget.hpp"
#include "libzecale/circuits/pairing/pairing_params.hpp"
#include "libzecale/circuits/verification_key_hash_gadget.hpp"

#include <libzeth/core/extended_proof.hpp>

using namespace libzeth;

namespace libzecale
{

/// Creates a circuit for creating a wrapping proof aggregating a batch of
/// nested proofs. Inputs are allocated as follows:
///
/// <hash of nested verification key>
/// <input[1,1]>
/// ...
/// <input[1,M]>
/// <result[1]>
/// ...
/// ...
/// ...
/// <input[N,1]>
/// ...
/// <input[N,M]>
/// <result[N]>
///
/// where:
/// N = NumProofs,
/// M = num_inputs_per_nested_proof,
/// input[i,j] = j-th input to i-th proof,
/// result[i] = result of i-th proof verification)
template<
typename wppT,
typename wsnarkT,
typename nverifierT,
typename hashT,
size_t NumProofs>
class aggregator_circuit
{
private:
using npp = other_curve<wppT>;
using nsnark = typename nverifierT::snark;
using verification_key_variable_gadget =
typename nverifierT::verification_key_variable_gadget;
using proof_variable_gadget = typename nverifierT::proof_variable_gadget;

const size_t _num_inputs_per_nested_proof;

libsnark::protoboard<libff::Fr<wppT>> _pb;

/// (Primary) Variable holding the hash of the verification key for nested
/// proofs. Verified against the actual verification key values, by the
/// _nested_vk_hash_gadget.
libsnark::pb_variable<libff::Fr<wppT>> _nested_vk_hash;

/// (Primary) The nested primary inputs lie in the scalar field
/// `libff::Fr<nppT>`, and must be represented as elements of
/// `libff::Fr<wppT>` for use in the wrapper proof.
std::array<libsnark::pb_variable_array<libff::Fr<wppT>>, NumProofs>
_nested_primary_inputs;

/// (Primary) The array of the results of the verifiers. 1 meaning that the
/// nested proof is valid, 0 meaning it may not be valid.
std::array<libsnark::pb_variable<libff::Fr<wppT>>, NumProofs>
_nested_proof_results;

/// (Auxiliary) Verification key used to verify the nested proofs. Consists
/// of group elements of `nppT`, which again, can be represented using
/// elements in `libff::Fr<wppT>`.
std::shared_ptr<verification_key_variable_gadget> _nested_vk;

/// (Auxiliary) The nested proofs (defined over `nppT`) to verify. As above,
/// these are verified by virtue of the fact that the base field for nppT is
/// the scalar field of wppT. These gadgets handle take a witness in the
/// form of a proof with group elements from nppT and represent them as
/// variables in the wppT scalar field.
/// (Variables are expected to be auxiliary inputs).
std::array<std::shared_ptr<proof_variable_gadget>, NumProofs>
_nested_proofs;

/// Gadget to check the hash of the nested verification key.
std::shared_ptr<verification_key_hash_gadget<wppT, nverifierT, hashT>>
_nested_vk_hash_gadget;

/// Gadget to aggregate proofs.
std::shared_ptr<aggregator_gadget<wppT, nverifierT, NumProofs>>
_aggregator_gadget;

public:
explicit aggregator_circuit(const size_t inputs_per_nested_proof);

aggregator_circuit(const aggregator_circuit &other) = delete;
const aggregator_circuit &operator=(const aggregator_circuit &other) =
delete;

typename wsnarkT::keypair generate_trusted_setup() const;

const libsnark::protoboard<libff::Fr<wppT>> &get_constraint_system() const;

/// Generate a proof and returns an extended proof
extended_proof<wppT, wsnarkT> prove(
const typename nsnark::verification_key &nested_vk,
const std::array<
const libzeth::extended_proof<npp, nsnark> *,
NumProofs> &extended_proofs,
const typename wsnarkT::proving_key &aggregator_proving_key);
};

} // namespace libzecale

#include "aggregator_circuit.tcc"

#endif // __ZECALE_CORE_AGGREGATOR_CIRCUIT_HPP__
Loading

0 comments on commit a8ac008

Please sign in to comment.