simple zk contract example

2026-01-09 14:48:08 -05:00 · 2022-04-22 11:34:30 +02:00
parent 89606ee02a
commit 29a9182010
3 changed files with 108 additions and 0 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -320,3 +320,8 @@ required-features = ["async-runtime", "net"]
 name = "tx"
 path = "example/tx.rs"
 required-features = ["node"]
+
+[[example]]
+name = "zk"
+path = "example/zk.rs"
+required-features = ["crypto"]
--- a/example/simple.zk
+++ b/example/simple.zk
@@ -0,0 +1,23 @@
+constant "Simple" {
+	EcFixedPointShort VALUE_COMMIT_VALUE,
+	EcFixedPoint VALUE_COMMIT_RANDOM,
+}
+
+contract "Simple" {
+	Base value,
+	Scalar value_blind,
+}
+
+circuit "Simple" {
+	# Pedersen commitment for coin's value
+	vcv = ec_mul_short(value, VALUE_COMMIT_VALUE);
+	vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
+	value_commit = ec_add(vcv, vcr);
+	# Since the value commit is a curve point, we fetch its coordinates
+	# and constrain them:
+	value_commit_x = ec_get_x(value_commit);
+	value_commit_y = ec_get_y(value_commit);
+	constrain_instance(value_commit_x);
+	constrain_instance(value_commit_y);
+}
+
--- a/example/zk.rs
+++ b/example/zk.rs
@@ -0,0 +1,80 @@
+// ../zkas simple.zk
+
+use darkfi::{
+    crypto::{
+        keypair::PublicKey,
+        proof::{ProvingKey, VerifyingKey},
+        util::{mod_r_p, pedersen_commitment_scalar, pedersen_commitment_u64},
+        Proof,
+    },
+    zk::{
+        vm::{Witness, ZkCircuit},
+        vm_stack::empty_witnesses,
+    },
+    zkas::decoder::ZkBinary,
+    Result,
+};
+use halo2_gadgets::primitives::{
+    poseidon,
+    poseidon::{ConstantLength, P128Pow5T3},
+};
+use pasta_curves::{
+    arithmetic::CurveAffine,
+    group::{ff::Field, Curve},
+    pallas,
+};
+use rand::rngs::OsRng;
+
+fn main() -> Result<()> {
+    let bincode = include_bytes!("simple.zk.bin");
+    let zkbin = ZkBinary::decode(bincode)?;
+
+    // ======
+    // Prover
+    // ======
+    // Bigger k = more rows, but slower circuit
+    // Number of rows is 2^k
+    let k = 13;
+
+    // Witness values
+    let value = 42;
+    let value_blind = pallas::Scalar::random(&mut OsRng);
+
+    let prover_witnesses =
+        vec![Witness::Base(Some(pallas::Base::from(value))), Witness::Scalar(Some(value_blind))];
+
+    // Create the public inputs
+    let value_commit = pedersen_commitment_u64(value, value_blind);
+    let value_coords = value_commit.to_affine().coordinates().unwrap();
+
+    let public_inputs = vec![*value_coords.x(), *value_coords.y()];
+
+    // Create the circuit
+    let circuit = ZkCircuit::new(prover_witnesses, zkbin.clone());
+
+    let now = std::time::Instant::now();
+    let proving_key = ProvingKey::build(k, &circuit);
+    println!("ProvingKey built [{} s]", now.elapsed().as_secs_f64());
+    let now = std::time::Instant::now();
+    let proof = Proof::create(&proving_key, &[circuit], &public_inputs, &mut OsRng)?;
+    println!("Proof created [{} s]", now.elapsed().as_secs_f64());
+
+    // ========
+    // Verifier
+    // ========
+
+    // Construct empty witnesses
+    let verifier_witnesses = empty_witnesses(&zkbin);
+
+    // Create the circuit
+    let circuit = ZkCircuit::new(verifier_witnesses, zkbin);
+
+    let now = std::time::Instant::now();
+    let verifying_key = VerifyingKey::build(k, &circuit);
+    println!("VerifyingKey built [{} s]", now.elapsed().as_secs_f64());
+    let now = std::time::Instant::now();
+    proof.verify(&verifying_key, &public_inputs)?;
+    println!("proof verify [{} s]", now.elapsed().as_secs_f64());
+
+    Ok(())
+}