This is a toy exmaple about how to use libsnark. libsnark implements zkSNARK algorithm. This toy example do the following:
-
The prover know a merkle tree root
rt
, a leafleaf
, a valid merkle branchpath
fromleaf
tort
, andprev_leaf
, the relation betweenprev_leaf
andleaf
is :prev_leaf = sha256(leaf)
. -
The verifier is given
rt
andprev_leaf
, can verify that prover know a valid preimage ofprev_leaf
, and a valid merkle brachpath
fromleaf
toroot
using zkSNARK algorithm.
./get-libsnark && make && ./main
see here for details.
-
proof generation time : 10.297805s
-
proof verification time : 0.041092s
-
proof size : 2294 bits == 7 G1 and 1 G2 element. sizeof(G1 element) = sizeof(x,y) = 512 can be compressed into x coordinate and flag(8 bits) which represent y coordinate even or odd,so sizeof(compressed G1) = 264; Similarly, sizeof(compressed G2 element) = sizeof (x coordinate of G2) + 8 bits = 520 bits, so proof size is 2368 bits. the output of libsnark is different, see zcash/zips#43
gadget 是构建 R1CS 实例的基础组件,gadget 是个基类,任何针对具体功能的 gadget 都继承自 gadget,比如说针对 sha256 功能的 sha256_compression_function_gadget、针对 Merkle 树的 merkle_tree_check_read_gadget 等。组合使用这些基本的 gadget,我们构建出复杂的 R1CS 实例。
-
src/gadget.hpp : 提供了 toy_gadget 类,使用其它基础 gadget 构建 zkSNARK-toy 相关的 constraint 与 witness
-
src/snark.hpp : 提供对密钥生成、零知识证明生成以及验证零知识证明的简单封装,在 main.cpp 中使用
-
sha256_compression_function_gadget : 进行 sha256 哈希运算时用到的 gadget
-
merkle_authentication_path_variable : 保存了 merkle 分支
-
merkle_tree_check_read_gadget : 进行 merkle 分支验证的 gadget