Use groth16 prover / verifier

[HarryR]

This requires using the ZoKrates fork of libsnark or bellman:

• https://github.com/JacobEberhardt/ZoKrates/compare/develop...Schaeff:implement-groth16

Work needed to support this:

• change libsnark submodule to the ZoKrates libsnark
• Push libsnark authors to add Groth16 support
• Python implementation of Groth16 verifier
• ^ Solidity
• in import.cpp and export.cpp add support for r1cs_gg_ppzksnark_zok proof format & VK formats
• IMO we should support both provers using templated types, so the existing stuff can be re-cast from one prover to another easily.
• different modules for supporting one or the other? or same module but multiple methods. e.g. libX_groth16.so and libX_default.so or libX.so with prove_groth16 and prove_default ?

If the new one is groth16 the old one is grothN?, what year was his paper put out that specified the method which uses many more pairings.

[Schaeff]

Hey two cents on this:

• Libsnark does have Groth16, but unfortunately not in a way Ethereum would support due to limitations of the Ethereum pairing. We are working on a modified version which does work with the current precompiles.
• Bellman doesn't have bn support and would suffer from the same problem above

[HarryR]

I have added support for this on the following ethsnarks branch: https://github.com/HarryR/ethsnarks/tree/groth16-eth1

The C++ side is done, some of the Python side is done, need to verify the Python side and then update all the on-chain bits.

But... it's looking possible, pending a more thorough review.

[HarryR]

This has been merged.