Open HarryR opened 6 years ago
Hello @HarryR
Thanks a lot, we were already considering to disembowel the libsnark to change the VK format for groth16!
Sincerely, Alex
Sent with GitHawk
In the ethsnarks repo we have a stripped down verifier/prover which doesn't need to build most of libsnark/libff etc. Many thanks to the ZoKrates people for the _zok
prover variant of Groth16, there is also work on libsnark to introduce the newer SE-SNARK variant (See https://eprint.iacr.org/2017/540.pdf ยง 5 which describes a similar method to removing the reliance upon GT, as is used by the links above).
What's the best way to make go-snarks
and ethsnarks
compatible with each other? We have lots of interesting stuff in the pipeline :D
A good one would be using JSON as the format for the verification key and proofs, e.g. https://gist.github.com/HarryR/1d79f1557aefaf09ee1452f37506336b
Where G1 points are represented as:
["0xhex...", "0xhex..."]
And G2 points as:
[["0x...", "0x..."], ["0x...", "0x..."]]
The ethsnarks tooling outputs the verification key and proofs in this format, string-encoded-hex is used to avoid problems with Javascript bigint conversion.
Having a common format which is interchangeable between tools could make it easier for everybody.
The
ethsnarks
project has shorter proofs than the proof format you're using.See:
This reduces on the on-chain cost of verifying a zkSNARK proof to ~450k gas + 40k gas per public input. Likewise, any Go implementation would be cheaper - requiring only four pairing operations and GT multiply operations.
This improvement reduces the size of both the verification key and the proving key, it's a modification of the Groth16 proving algorithm, but without the proof requiring any GT element.
The source code for the libsnark prover module is: https://github.com/HarryR/ethsnarks/tree/master/src/r1cs_gg_ppzksnark_zok
Any additional input would be appreciated ๐