Open wzjin2017 opened 2 years ago
tromer
commented
2 years ago The key pair is indeed independent of the auxiliary input and proof generation, and would normally be done before these.
I'm not sure which code you're looking at, but it sounds like it sequenced things incorrectly and introduced a wrong ordering dependency.
wzjin2017
commented
2 years ago Thanks for your reply!
The key pair is indeed independent of the auxiliary input and proof generation, and would normally be done before these.
Should the primary inputs be independent of key pair generation too?
I'm not sure which code you're looking at, but it sounds like it sequenced things incorrectly and introduced a wrong ordering dependency.
I am running a customed built SHA256 program (since the gadget provided is just a compression function). The prover code is here and the verifier code is here. The current key generation happens in the prover code at line 239. I would really appreciate it if you could take a look!
wzjin2017
commented
2 years ago Another question I have about this SHA256 program (not sure if I need to create another issue): do I have other setup issues? The verifier program seems to pass proofs no matter what hash digest (named result in verifier code) is fed into primary inputs. I was thinking that I might forget to set some values such that the hash digest doesn't actually get updated on the board. Thanks!
wzjin2017
commented
2 years ago Hi, is it possible that you can help resolve this? Much appreciated!
Hi,
To my understanding, in order to guarantee security, the proving key and verifying key should be generated by a trusted authority (Key Generator). However, the example starter code I am working from (SHA256) would call get_constraint_system() and then generate a keypair after specifying the aux inputs. I think now the keypair is related to the aux inputs here. Does that mean keys are generated on the prover side when generating the proof?
That being said, if I have a keypair that is generated beforehand, I find out I cannot use this keypair to generate a proof with different aux inputs. In other words, I cannot have a keypair reused for different proofs with different inputs. Is this a desired feature?