snarkjs - npm Package Compare versions

Comparing version 0.6.7 to 0.6.8

doc/fflonk_zkey_format.md

		@@ -450,10 +450,3 @@ # zkey format for fflonk
		┃ fs bytes ┃ C0 coefficient_{Domain size * 8} ┃
		┣━━━━━━━━━━━━━┫ ━┫
		┃ fs bytes ┃ C0 evaluation_1 ┃
		┗━━━━━━━━━━━━━┛ ┃
		... ... ┃ C0 evaluations
		┏━━━━━━━━━━━━━┓ ┃
		┃ fs bytes ┃ C0 evaluation_{Domain size + 16} ┃
		┗━━━━━━━━━━━━━┛ ━┛

		````

package.json

		{
		"name": "snarkjs",
		"type": "module",
		"version": "0.6.7",
		"version": "0.6.8",
		"description": "zkSNARKs implementation in JavaScript",
		@@ -6,0 +6,0 @@ "main": "./build/main.cjs",

README.md

		@@ -93,3 +93,3 @@

		The second parameter, in this case `12`, is the power of two of the maximum number of constraints that the ceremony can accept: in this case, the number of constraints is `2 ^ 12 = 4096`. The maximum value supported here is `28`, which means you can use `snarkjs` to securely generate zk-snark parameters for circuits with up to `2 ^ 28` (≈268 million) constraints.
		The second parameter, in this case `14`, is the power of two of the maximum number of constraints that the ceremony can accept: in this case, the number of constraints is `2 ^ 14 = 16,384`. The maximum value supported here is `28`, which means you can use `snarkjs` to securely generate zk-snark parameters for circuits with up to `2 ^ 28` (≈268 million) constraints.

		@@ -96,0 +96,0 @@

src/fflonk_prove.js

		@@ -46,3 +46,2 @@ /*
		import { Evaluations } from "./polynomial/evaluations.js";
		import { MulZ } from "./mul_z.js";
		import { CPolynomial } from "./polynomial/cpolynomial.js";
		@@ -376,2 +375,10 @@

		// Blind a(X), b(X) and c(X) polynomials coefficients with blinding scalars b
		buffers.A.set(challenges.b[1], sDomain - 64);
		buffers.A.set(challenges.b[2], sDomain - 32);
		buffers.B.set(challenges.b[3], sDomain - 64);
		buffers.B.set(challenges.b[4], sDomain - 32);
		buffers.C.set(challenges.b[5], sDomain - 64);
		buffers.C.set(challenges.b[6], sDomain - 32);

		buffers.A = await Fr.batchToMontgomery(buffers.A);
		@@ -397,15 +404,10 @@ buffers.B = await Fr.batchToMontgomery(buffers.B);

		// Blind a(X), b(X) and c(X) polynomials coefficients with blinding scalars b
		polynomials.A.blindCoefficients([challenges.b[2], challenges.b[1]]);
		polynomials.B.blindCoefficients([challenges.b[4], challenges.b[3]]);
		polynomials.C.blindCoefficients([challenges.b[6], challenges.b[5]]);

		// Check degrees
		if (polynomials.A.degree() >= zkey.domainSize + 2) {
		if (polynomials.A.degree() >= zkey.domainSize) {
		throw new Error("A Polynomial is not well calculated");
		}
		if (polynomials.B.degree() >= zkey.domainSize + 2) {
		if (polynomials.B.degree() >= zkey.domainSize) {
		throw new Error("B Polynomial is not well calculated");
		}
		if (polynomials.C.degree() >= zkey.domainSize + 2) {
		if (polynomials.C.degree() >= zkey.domainSize) {
		throw new Error("C Polynomial is not well calculated");
		@@ -436,9 +438,6 @@ }

		// Reserve memory for buffers T0 and T0z
		// Reserve memory for buffers T0
		buffers.T0 = new BigBuffer(sDomain * 4);
		buffers.T0z = new BigBuffer(sDomain * 4);

		if (logger) logger.info("··· Computing T0 evaluations");
		// Initial omega
		let omega = Fr.one;
		for (let i = 0; i < zkey.domainSize * 4; i++) {
		@@ -458,7 +457,2 @@ if (logger && (0 !== i) && (i % 100000 === 0)) logger.info(` T0 evaluation ${i}/${zkey.domainSize * 4}`);

		// Compute blinding factors
		const az = Fr.add(Fr.mul(challenges.b[1], omega), challenges.b[2]);
		const bz = Fr.add(Fr.mul(challenges.b[3], omega), challenges.b[4]);
		const cz = Fr.add(Fr.mul(challenges.b[5], omega), challenges.b[6]);

		// Compute current public input
		@@ -479,26 +473,16 @@ let pi = Fr.zero;
		const e1 = Fr.mul(a, ql);
		const e1z = Fr.mul(az, ql);

		// expression 2 -> q_R(X)·b(X)
		const e2 = Fr.mul(b, qr);
		const e2z = Fr.mul(bz, qr);

		// expression 3 -> q_M(X)·a(X)·b(X)
		let [e3, e3z] = MulZ.mul2(a, b, az, bz, i % 4, Fr);
		e3 = Fr.mul(e3, qm);
		e3z = Fr.mul(e3z, qm);
		const e3 = Fr.mul(Fr.mul(a, b), qm);

		// expression 4 -> q_O(X)·c(X)
		const e4 = Fr.mul(c, qo);
		const e4z = Fr.mul(cz, qo);

		// t0 = expressions 1 + expression 2 + expression 3 + expression 4 + qc + pi
		const t0 = Fr.add(e1, Fr.add(e2, Fr.add(e3, Fr.add(e4, Fr.add(qc, pi)))));
		const t0z = Fr.add(e1z, Fr.add(e2z, Fr.add(e3z, e4z)));

		buffers.T0.set(t0, i * sFr);
		buffers.T0z.set(t0z, i * sFr);

		// Next omega
		omega = Fr.mul(omega, Fr.w[zkey.power + 2]);
		}
		@@ -519,17 +503,4 @@

		// Compute the coefficients of the polynomial T0z(X) from buffers.T0z
		if (logger) logger.info("··· Computing T0z ifft");
		polynomials.T0z = await Polynomial.fromEvaluations(buffers.T0z, curve, logger);

		if (logger) logger.info("T0z length: " + polynomials.T0z.length());
		if (logger) logger.info("T0z degree: " + polynomials.T0z.degree());

		// Add the polynomial T0z to T0 to get the final polynomial T0
		polynomials.T0.add(polynomials.T0z);

		if (logger) logger.info("T0 length: " + polynomials.T0.length());
		if (logger) logger.info("T0 degree: " + polynomials.T0.degree());

		// Check degree
		if (polynomials.T0.degree() >= 2 * zkey.domainSize + 2) {
		if (polynomials.T0.degree() >= 2 * zkey.domainSize - 2) {
		throw new Error(`T0 Polynomial is not well calculated (degree is ${polynomials.T0.degree()} and must be less than ${2 * zkey.domainSize + 2}`);
		@@ -539,4 +510,2 @@ }
		delete buffers.T0;
		delete buffers.T0z;
		delete polynomials.T0z;
		}
		@@ -554,3 +523,3 @@
		// Check degree
		if (polynomials.C1.degree() >= 8 * zkey.domainSize + 8) {
		if (polynomials.C1.degree() >= 8 * zkey.domainSize - 8) {
		throw new Error("C1 Polynomial is not well calculated");
		@@ -746,3 +715,3 @@ }

		// Add the polynomial T0z to T0 to get the final polynomial T0
		// Add the polynomial T1z to T1 to get the final polynomial T1
		polynomials.T1.add(polynomials.T1z);
		@@ -781,5 +750,2 @@

		const ap = Fr.add(Fr.mul(challenges.b[1], omega), challenges.b[2]);
		const bp = Fr.add(Fr.mul(challenges.b[3], omega), challenges.b[4]);
		const cp = Fr.add(Fr.mul(challenges.b[5], omega), challenges.b[6]);
		const zp = Fr.add(Fr.add(Fr.mul(challenges.b[7], omega2), Fr.mul(challenges.b[8], omega)), challenges.b[9]);
		@@ -808,3 +774,5 @@ const zWp = Fr.add(Fr.add(Fr.mul(challenges.b[7], omegaW2), Fr.mul(challenges.b[8], omegaW)), challenges.b[9]);

		const [e1, e1z] = MulZ.mul4(e11, e12, e13, z, ap, bp, cp, zp, i % 4, Fr);
		let e1 = Fr.mul(Fr.mul(Fr.mul(e11, e12), e13), z);
		let e1z = Fr.mul(Fr.mul(Fr.mul(e11, e12), e13), zp);
		// const [e1, e1z] = MulZ.mul4(e11, e12, e13, z, ap, bp, cp, zp, i % 4, Fr);

		@@ -821,3 +789,5 @@ // expression 2 -> (a(X) + beta·sigma1(X) + gamma)(b(X) + beta·sigma2(X) + gamma)(c(X) + beta·sigma3(X) + gamma)z(Xω)

		const [e2, e2z] = MulZ.mul4(e21, e22, e23, zW, ap, bp, cp, zWp, i % 4, Fr);
		let e2 = Fr.mul(Fr.mul(Fr.mul(e21, e22), e23), zW);
		let e2z = Fr.mul(Fr.mul(Fr.mul(e21, e22), e23), zWp);
		// const [e2, e2z] = MulZ.mul4(e21, e22, e23, zW, ap, bp, cp, zWp, i % 4, Fr);

		@@ -850,3 +820,3 @@ let t2 = Fr.sub(e1, e2);
		// Check degree
		if (polynomials.T2.degree() >= 3 * zkey.domainSize + 6) {
		if (polynomials.T2.degree() >= 3 * zkey.domainSize) {
		throw new Error("T2 Polynomial is not well calculated");
		@@ -869,3 +839,3 @@ }
		// Check degree
		if (polynomials.C2.degree() >= 9 * zkey.domainSize + 18) {
		if (polynomials.C2.degree() >= 9 * zkey.domainSize) {
		throw new Error("C2 Polynomial is not well calculated");
		@@ -1097,4 +1067,3 @@ }

		// Check degree < 9n + 12
		if (polynomials.F.degree() >= 9 * zkey.domainSize + 12) {
		if (polynomials.F.degree() >= 9 * zkey.domainSize - 6) {
		throw new Error("F Polynomial is not well calculated");
		@@ -1136,3 +1105,3 @@ }

		if (polynomials.L.degree() >= 9 * zkey.domainSize + 17) {
		if (polynomials.L.degree() >= 9 * zkey.domainSize - 1) {
		throw new Error("Degree of L(X)/(ZTS2(y)(X-y)) is not correct");
		@@ -1204,3 +1173,3 @@ }
		// Check degree
		if (polynomials.L.degree() >= 9 * zkey.domainSize + 18) {
		if (polynomials.L.degree() >= 9 * zkey.domainSize) {
		throw new Error("L Polynomial is not well calculated");
		@@ -1207,0 +1176,0 @@ }

src/fflonk_setup.js

		@@ -111,3 +111,4 @@ /*
		//TODO check!!!!
		settings.cirPower = Math.max(FF_T_POL_DEG_MIN, log2(plonkConstraints.length - 1) + 1);
		// NOTE : plonkConstraints + 2 = #constraints + blinding coefficients for each wire polynomial
		settings.cirPower = Math.max(FF_T_POL_DEG_MIN, log2((plonkConstraints.length + 2) - 1) + 1);
		settings.domainSize = 2 ** settings.cirPower;
		@@ -352,7 +353,12 @@
		buildSigma(plonkConstraints[i][2], settings.domainSize * 2 + i);
		} else {
		} else if (i < settings.domainSize - 2) {
		buildSigma(0, i);
		buildSigma(0, settings.domainSize + i);
		buildSigma(0, settings.domainSize * 2 + i);
		} else {
		sigma.set(w, i * sFr);
		sigma.set(Fr.mul(w, k1), (settings.domainSize + i) * sFr);
		sigma.set(Fr.mul(w, k2), (settings.domainSize * 2 + i) * sFr);
		}

		w = Fr.mul(w, Fr.w[settings.cirPower]);
		@@ -453,11 +459,8 @@
		// Check degree
		if (polynomials.C0.degree() > 8 * settings.domainSize - 1) {
		if (polynomials.C0.degree() >= 8 * settings.domainSize) {
		throw new Error("C0 Polynomial is not well calculated");
		}

		evaluations.C0 = await Evaluations.fromPolynomial(polynomials.C0, 2, curve, logger);

		await startWriteSection(fdZKey, ZKEY_FF_C0_SECTION);
		await fdZKey.write(polynomials.C0.coef);
		await fdZKey.write(evaluations.C0.eval);
		await endWriteSection(fdZKey);
		@@ -558,6 +561,4 @@ }
		}


		}

test/fflonk/circuit_vk.json

		@@ -28,6 +28,6 @@ {
		"C0": [
		"20835705088162781555880235391216428472137724911581951244439337076024289325800",
		"2276561985619270430860305457457202292038568370980001240665015431095434358980",
		"18150792925083893342210918261776177628332786982479792699249082782261858744801",
		"4816847031163457331241584798476187104886564752235279802447710760824534629983",
		"1"
		]
		}

build/cli.cjs

Sorry, the diff of this file is not supported yet

test/fflonk/circuit.zkey

Sorry, the diff of this file is not supported yet

snarkjs - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics