From d2b3be19ef66d8ee8a68efea2765336e620bac54 Mon Sep 17 00:00:00 2001 From: adriamb Date: Tue, 18 Jun 2019 17:07:11 +0200 Subject: [PATCH] Revert "Generate contract name by its name output" This reverts commit 22a5b7bc46a0a1a69019af9feb99fe3cdbe1411b. --- cli.js | 17 ++---- templates/verifier_groth.sol | 59 ++++++++++++-------- templates/verifier_original.sol | 97 +++++++++++++++++---------------- 3 files changed, 90 insertions(+), 83 deletions(-) diff --git a/cli.js b/cli.js index 5c846f2..0d92abf 100755 --- a/cli.js +++ b/cli.js @@ -318,14 +318,12 @@ try { } else if (argv._[0].toUpperCase() == "GENERATEVERIFIER") { const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync(verificationKeyName, "utf8"))); - let contractName = path.parse(verifierName).name - contractName = contractName.charAt(0).toUpperCase() + contractName.slice(1) let verifierCode; if (verificationKey.protocol == "original") { - verifierCode = generateVerifier_original(contractName,verificationKey); + verifierCode = generateVerifier_original(verificationKey); } else if (verificationKey.protocol == "groth") { - verifierCode = generateVerifier_groth(contractName,verificationKey); + verifierCode = generateVerifier_groth(verificationKey); } else { throw new Error("InvalidProof"); } @@ -376,11 +374,9 @@ try { } -function generateVerifier_original(contractName, verificationKey) { +function generateVerifier_original(verificationKey) { let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_original.sol"), "utf-8"); - template = template.replace("<%contractName%>", contractName); - const vka_str = `[${verificationKey.vk_a[0][1].toString()},`+ `${verificationKey.vk_a[0][0].toString()}], `+ `[${verificationKey.vk_a[1][1].toString()},` + @@ -426,7 +422,7 @@ function generateVerifier_original(contractName, verificationKey) { let vi = ""; for (let i=0; i", vi); @@ -435,10 +431,9 @@ function generateVerifier_original(contractName, verificationKey) { } -function generateVerifier_groth(contractName,verificationKey) { +function generateVerifier_groth(verificationKey) { let template = fs.readFileSync(path.join( __dirname, "templates", "verifier_groth.sol"), "utf-8"); - template = template.replace("<%contractName%>", contractName); const vkalfa1_str = `${verificationKey.vk_alfa_1[0].toString()},`+ `${verificationKey.vk_alfa_1[1].toString()}`; @@ -469,7 +464,7 @@ function generateVerifier_groth(contractName,verificationKey) { let vi = ""; for (let i=0; i", vi); diff --git a/templates/verifier_groth.sol b/templates/verifier_groth.sol index 8c0efa1..ed890d9 100644 --- a/templates/verifier_groth.sol +++ b/templates/verifier_groth.sol @@ -10,8 +10,7 @@ // added requiere error messages // pragma solidity ^0.5.0; -contract <%contractName%> { - +library Pairing { struct G1Point { uint X; uint Y; @@ -34,6 +33,16 @@ contract <%contractName%> { [4082367875863433681332203403145435568316851327593401208105741076214120093531, 8495653923123431417604973247489272438418190587263600148770280649306958101930] ); + +/* + // Changed by Jordi point + return G2Point( + [10857046999023057135944570762232829481370756359578518086990519993285655852781, + 11559732032986387107991004021392285783925812861821192530917403151452391805634], + [8495653923123431417604973247489272438418190587263600148770280649306958101930, + 4082367875863433681332203403145435568316851327593401208105741076214120093531] + ); +*/ } /// @return the negation of p, i.e. p.addition(p.negate()) should be zero. function negate(G1Point memory p) internal pure returns (G1Point memory) { @@ -149,37 +158,39 @@ contract <%contractName%> { p2[3] = d2; return pairing(p1, p2); } - +} +contract Verifier { + using Pairing for *; struct VerifyingKey { - G1Point alfa1; - G2Point beta2; - G2Point gamma2; - G2Point delta2; - G1Point[] IC; + Pairing.G1Point alfa1; + Pairing.G2Point beta2; + Pairing.G2Point gamma2; + Pairing.G2Point delta2; + Pairing.G1Point[] IC; } struct Proof { - G1Point A; - G2Point B; - G1Point C; + Pairing.G1Point A; + Pairing.G2Point B; + Pairing.G1Point C; } function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alfa1 = G1Point(<%vk_alfa1%>); - vk.beta2 = G2Point(<%vk_beta2%>); - vk.gamma2 = G2Point(<%vk_gamma2%>); - vk.delta2 = G2Point(<%vk_delta2%>); - vk.IC = new G1Point[](<%vk_ic_length%>); + vk.alfa1 = Pairing.G1Point(<%vk_alfa1%>); + vk.beta2 = Pairing.G2Point(<%vk_beta2%>); + vk.gamma2 = Pairing.G2Point(<%vk_gamma2%>); + vk.delta2 = Pairing.G2Point(<%vk_delta2%>); + vk.IC = new Pairing.G1Point[](<%vk_ic_length%>); <%vk_ic_pts%> } function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { VerifyingKey memory vk = verifyingKey(); require(input.length + 1 == vk.IC.length,"verifier-bad-input"); // Compute the linear combination vk_x - G1Point memory vk_x = G1Point(0, 0); + Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); for (uint i = 0; i < input.length; i++) - vk_x = addition(vk_x, scalar_mul(vk.IC[i + 1], input[i])); - vk_x = addition(vk_x, vk.IC[0]); - if (!pairingProd4( - negate(proof.A), proof.B, + vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); + vk_x = Pairing.addition(vk_x, vk.IC[0]); + if (!Pairing.pairingProd4( + Pairing.negate(proof.A), proof.B, vk.alfa1, vk.beta2, vk_x, vk.gamma2, proof.C, vk.delta2 @@ -193,9 +204,9 @@ contract <%contractName%> { uint[<%vk_input_length%>] memory input ) public view returns (bool r) { Proof memory proof; - proof.A = G1Point(a[0], a[1]); - proof.B = G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = G1Point(c[0], c[1]); + proof.A = Pairing.G1Point(a[0], a[1]); + proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); + proof.C = Pairing.G1Point(c[0], c[1]); uint[] memory inputValues = new uint[](input.length); for(uint i = 0; i < input.length; i++){ inputValues[i] = input[i]; diff --git a/templates/verifier_original.sol b/templates/verifier_original.sol index c1972b4..addc9b0 100644 --- a/templates/verifier_original.sol +++ b/templates/verifier_original.sol @@ -10,8 +10,7 @@ // added requiere error messages // pragma solidity ^0.5.0; -contract <%contractName%> { - +library Pairing { struct G1Point { uint X; uint Y; @@ -149,58 +148,60 @@ contract <%contractName%> { p2[3] = d2; return pairing(p1, p2); } - +} +contract Verifier { + using Pairing for *; struct VerifyingKey { - G2Point A; - G1Point B; - G2Point C; - G2Point gamma; - G1Point gammaBeta1; - G2Point gammaBeta2; - G2Point Z; - G1Point[] IC; + Pairing.G2Point A; + Pairing.G1Point B; + Pairing.G2Point C; + Pairing.G2Point gamma; + Pairing.G1Point gammaBeta1; + Pairing.G2Point gammaBeta2; + Pairing.G2Point Z; + Pairing.G1Point[] IC; } struct Proof { - G1Point A; - G1Point A_p; - G2Point B; - G1Point B_p; - G1Point C; - G1Point C_p; - G1Point K; - G1Point H; + Pairing.G1Point A; + Pairing.G1Point A_p; + Pairing.G2Point B; + Pairing.G1Point B_p; + Pairing.G1Point C; + Pairing.G1Point C_p; + Pairing.G1Point K; + Pairing.G1Point H; } function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.A = G2Point(<%vk_a%>); - vk.B = G1Point(<%vk_b%>); - vk.C = G2Point(<%vk_c%>); - vk.gamma = G2Point(<%vk_g%>); - vk.gammaBeta1 = G1Point(<%vk_gb1%>); - vk.gammaBeta2 = G2Point(<%vk_gb2%>); - vk.Z = G2Point(<%vk_z%>); - vk.IC = new G1Point[](<%vk_ic_length%>); + vk.A = Pairing.G2Point(<%vk_a%>); + vk.B = Pairing.G1Point(<%vk_b%>); + vk.C = Pairing.G2Point(<%vk_c%>); + vk.gamma = Pairing.G2Point(<%vk_g%>); + vk.gammaBeta1 = Pairing.G1Point(<%vk_gb1%>); + vk.gammaBeta2 = Pairing.G2Point(<%vk_gb2%>); + vk.Z = Pairing.G2Point(<%vk_z%>); + vk.IC = new Pairing.G1Point[](<%vk_ic_length%>); <%vk_ic_pts%> } function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { VerifyingKey memory vk = verifyingKey(); require(input.length + 1 == vk.IC.length,"verifier-bad-input"); // Compute the linear combination vk_x - G1Point memory vk_x = G1Point(0, 0); + Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); for (uint i = 0; i < input.length; i++) - vk_x = addition(vk_x, scalar_mul(vk.IC[i + 1], input[i])); - vk_x = addition(vk_x, vk.IC[0]); - if (!pairingProd2(proof.A, vk.A, negate(proof.A_p), P2())) return 1; - if (!pairingProd2(vk.B, proof.B, negate(proof.B_p), P2())) return 2; - if (!pairingProd2(proof.C, vk.C, negate(proof.C_p), P2())) return 3; - if (!pairingProd3( + vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); + vk_x = Pairing.addition(vk_x, vk.IC[0]); + if (!Pairing.pairingProd2(proof.A, vk.A, Pairing.negate(proof.A_p), Pairing.P2())) return 1; + if (!Pairing.pairingProd2(vk.B, proof.B, Pairing.negate(proof.B_p), Pairing.P2())) return 2; + if (!Pairing.pairingProd2(proof.C, vk.C, Pairing.negate(proof.C_p), Pairing.P2())) return 3; + if (!Pairing.pairingProd3( proof.K, vk.gamma, - negate(addition(vk_x, addition(proof.A, proof.C))), vk.gammaBeta2, - negate(vk.gammaBeta1), proof.B + Pairing.negate(Pairing.addition(vk_x, Pairing.addition(proof.A, proof.C))), vk.gammaBeta2, + Pairing.negate(vk.gammaBeta1), proof.B )) return 4; - if (!pairingProd3( - addition(vk_x, proof.A), proof.B, - negate(proof.H), vk.Z, - negate(proof.C), P2() + if (!Pairing.pairingProd3( + Pairing.addition(vk_x, proof.A), proof.B, + Pairing.negate(proof.H), vk.Z, + Pairing.negate(proof.C), Pairing.P2() )) return 5; return 0; } @@ -216,14 +217,14 @@ contract <%contractName%> { uint[<%vk_input_length%>] memory input ) view public returns (bool r) { Proof memory proof; - proof.A = G1Point(a[0], a[1]); - proof.A_p = G1Point(a_p[0], a_p[1]); - proof.B = G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.B_p = G1Point(b_p[0], b_p[1]); - proof.C = G1Point(c[0], c[1]); - proof.C_p = G1Point(c_p[0], c_p[1]); - proof.H = G1Point(h[0], h[1]); - proof.K = G1Point(k[0], k[1]); + proof.A = Pairing.G1Point(a[0], a[1]); + proof.A_p = Pairing.G1Point(a_p[0], a_p[1]); + proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); + proof.B_p = Pairing.G1Point(b_p[0], b_p[1]); + proof.C = Pairing.G1Point(c[0], c[1]); + proof.C_p = Pairing.G1Point(c_p[0], c_p[1]); + proof.H = Pairing.G1Point(h[0], h[1]); + proof.K = Pairing.G1Point(k[0], k[1]); uint[] memory inputValues = new uint[](input.length); for(uint i = 0; i < input.length; i++){ inputValues[i] = input[i];