search

arkworks-rs / groth16

A Rust implementation of the Groth16 zkSNARK
https://www.arkworks.rs
Apache License 2.0
252 stars 101 forks source link

Invalid circuit when using a snarkjs zkey #65

Closed vaqxai closed 2 months ago

vaqxai commented 2 months ago

Summary of Bug

When trying to use a zkey read from a .zkey file (imported using ark_circom::read_zkey), and passing it to a prove function, then using proving_key.vk (from the zkey import also) in a verifier function, the proof will not verify correctly.

It does however verify correctly when using generate_random_parameters. ^ but it won't verify with snarkjs afterwards (with the pre-generated verifying key)

Version

0.5.0-alpha (https://github.com/arkworks-rs/groth16/tree/release-0.5.0)

Steps to Reproduce

  1. let zkey_cursor = Cursor::new(std::fs::read(circuit.zkey))
  2. let (proving_key, constraint_matrices) = ark_circom::read_zkey(&mut zkey_cursor) should constraint_matrices be used for something?
  3. let cfg = CircomConfig::<ark_bn254::Fr>::new("circuit.wasm","circuit.r1cs")
  4. let mut builder = CircomBuilder::new(cfg)
  5. for (k, v) in inputs { builder.push_input(&k, v) } inputs are Vec<(String, Vec<BigInt>)>
  6. let circom = builder.build()
  7. let pub_inputs = circom.get_public_inputs() input amount matches the amount specified in verifying key
  8. let proof = Groth16::<Bn254>::prove(&proving_key, circom, &mut rng) rng is rand::thread_rng
  9. let verified = Groth16::<Bn254>::verify(&proving_key.vk, &pub_inputs, &proof) == false!
mmagician commented 2 months ago

I think these notes might help you: https://github.com/arkworks-rs/circom-compat/tree/release-0.5?tab=readme-ov-file#notes

vaqxai commented 2 months ago

Thanks, using CircomReduction helped, but it increased proving time. Ah well.