Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/ConsenSys/gnark
gnark
zk-SNARK librarygnark
is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open source and developed under the Apache 2.0 license.
gnark
uses gnark-crypto
for the finite-field arithmetic and out-circuit implementation of cryptographic algorithms.
gnark
powers Linea zk-rollup
. Include your project in the known users section by opening a PR.
gnark
User Documentationgnark
Playgroundgnark
Issuesgnark
Benchmarks 🏁gnark-announce
- Announcement list for new releases and security patchesgnark
UsersTo get started with gnark
and write your first circuit, follow these instructions.
Checkout the online playground to compile circuits and visualize constraint systems.
gnark
and gnark-crypto
have been extensively audited, but are provided as-is, we make no guarantees or warranties to its safety and reliability. In particular, gnark
makes no security guarantees such as constant time implementation or side-channel attack resistance.
To report a security bug, please refer to gnark
Security Policy.
Refer to known security advisories for a list of known security issues.
gnark
employs the following testing procedures:
gnark-solidity-checker
gnark
circuit compiler.The tests are automatically run during every PR and merge commit. We run full test suite only for the Linux on amd64
target, but run short tests both for Windows target (amd64
) and macOS target (arm64
).
gnark
and gnark-crypto
packages are optimized for 64bits architectures (x86 amd64
) using assembly operations. We have generic implementation of the same arithmetic algorithms for ARM backends (arm64
). We do not implement vector operations.
gnark
tries to be backwards compatible when possible, however we do not guarantee that serialized object formats are static over different versions of gnark
. Particularly - we do not have versioning implemented in the serialized formats, so using files between different versions of gnark may lead to undefined behaviour or even crash the program.
gnark
issues are tracked in the GitHub issues tab.
To report a security bug, please refer to gnark
Security Policy.
If you have any questions, queries or comments, GitHub discussions is the place to find us.
You can also get in touch directly: gnark@consensys.net
Refer to Proving schemes and curves for more details.
gnark
support the following zk-SNARKs:
which can be instantiated with the following curves
Refer to the gnark
User Documentation
Here is what x**3 + x + 5 = y
looks like
package main
import (
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/backend/groth16"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/frontend/cs/r1cs"
)
// CubicCircuit defines a simple circuit
// x**3 + x + 5 == y
type CubicCircuit struct {
// struct tags on a variable is optional
// default uses variable name and secret visibility.
X frontend.Variable `gnark:"x"`
Y frontend.Variable `gnark:",public"`
}
// Define declares the circuit constraints
// x**3 + x + 5 == y
func (circuit *CubicCircuit) Define(api frontend.API) error {
x3 := api.Mul(circuit.X, circuit.X, circuit.X)
api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5))
return nil
}
func main() {
// compiles our circuit into a R1CS
var circuit CubicCircuit
ccs, _ := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)
// groth16 zkSNARK: Setup
pk, vk, _ := groth16.Setup(ccs)
// witness definition
assignment := CubicCircuit{X: 3, Y: 35}
witness, _ := frontend.NewWitness(&assignment, ecc.BN254.ScalarField())
publicWitness, _ := witness.Public()
// groth16: Prove & Verify
proof, _ := groth16.Prove(ccs, pk, witness)
groth16.Verify(proof, vk, publicWitness)
}
The following schemes and curves support experimental use of Ingonyama's Icicle GPU library for low level zk-SNARK primitives such as MSM, NTT, and polynomial operations:
instantiated with the following curve(s)
To use GPUs, add the icicle
buildtag to your build/run commands, e.g. go run -tags=icicle main.go
.
You can then toggle on or off icicle acceleration by providing the WithIcicleAcceleration
backend ProverOption:
// toggle on
proofIci, err := groth16.Prove(ccs, pk, secretWitness, backend.WithIcicleAcceleration())
// toggle off
proof, err := groth16.Prove(ccs, pk, secretWitness)
For more information about prerequisites see the Icicle repo.
If you use gnark
in your research a citation would be appreciated.
Please use the following BibTeX to cite the most recent release.
@software{gnark-v0.11.0,
author = {Gautam Botrel and
Thomas Piellard and
Youssef El Housni and
Ivo Kubjas and
Arya Tabaie},
title = {ConsenSys/gnark: v0.11.0},
month = sep,
year = 2024,
publisher = {Zenodo},
version = {v0.11.0},
doi = {10.5281/zenodo.5819104},
url = {https://doi.org/10.5281/zenodo.5819104}
}
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
This project is licensed under the Apache 2 License - see the LICENSE file for details
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.