Closed eerkaijun closed 7 months ago
Amazing! How does it work wrt to the trusted setup? I thought groth required a circuit-specific setup, but we're still just using the powers of tau here?
Amazing! How does it work wrt to the trusted setup? I thought groth required a circuit-specific setup, but we're still just using the powers of tau here?
The zkey that is used will be the one involved in the trusted ceremony. Currently in the Makefile
we just use a zkey that has no contribution. In production, the final zkey that is used will be the output of the trusted ceremony with contributions by those that participated in the trusted ceremony.
Context (Problem, Motivation, Solution)
Link to issue: https://github.com/0xFableOrg/0xFable/issues/74
Switch ZK proving system from Plonk to Groth16 - major improvement in client side proving time. DrawInitalHand circuit proving reduced from 20s to 1.5s!
Describe Your Changes
Main changes are:
An interesting observation is that when using
snarkjs.groth16.fullProve
to generate the proof, it uses a different Endian that what the Solidity verifier would take it, so when parsing the proof we have to switch the Endian. Spent so long trying to figure this out LOL and have to dig through their source code.Checklist
make check
and fixed resulting issuesTesting
Updated some circuit tests and also tested on frontend.