docs
API
Generated with
docs/scalus/scalus.examples/Groth16

Groth16

scalus.examples.Groth16
object Groth16

Groth16 Zero-Knowledge Proof Verification Implementation

This object provides functionality for verifying Groth16 zero-knowledge proofs using the BLS12-381 curve. The implementation follows the Groth16 verification algorithm which verifies that a prover knows a witness satisfying a given arithmetic circuit without revealing the witness.

This implementation is a transaction of https://github.com/Modulo-P/ak-381.

Attributes

See also
Graph
Supertypes
class Object
trait Matchable
class Any
Self type
Groth16.type

Members list

Type members

Classlikes

case class Proof(piA: ByteString, piB: ByteString, piC: ByteString)

Proof structure for the Groth16 proof system

Proof structure for the Groth16 proof system

Contains the three main elements of a Groth16 proof: πA, πB, and πC

Value parameters

piA

First proof element in G1

piB

Second proof element in G2

piC

Third proof element in G1

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
case class SnarkVerificationKey(nPublic: BigInt, vkAlpha: ByteString, vkBeta: ByteString, vkGamma: ByteString, vkDelta: ByteString, vkAlphaBeta: List[ByteString], vkIC: List[ByteString])

Verification key for the Groth16 proof system

Verification key for the Groth16 proof system

Contains the necessary elements for verifying a proof, including the encoded points on the BLS12-381 curve

Value parameters

nPublic

Number of public inputs

vkAlpha

Alpha parameter in G1

vkAlphaBeta

Precomputed alpha*beta in G2

vkBeta

Beta parameter in G2

vkDelta

Delta parameter in G2

vkGamma

Gamma parameter in G2

vkIC

List of IC coefficients in G1 for linear combination of inputs

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all

Value members

Concrete methods

def derive(vk_ic: List[ByteString], public: List[BigInt], result: BLS12_381_G1_Element): BLS12_381_G1_Element

Recursively derives the linear combination of IC elements with public inputs

Recursively derives the linear combination of IC elements with public inputs

This function computes: result + Σ(vk_ic[i] * public[i])

Value parameters

public

List of public inputs

result

Accumulator for the result

vk_ic

List of IC coefficients in G1

Attributes

Returns

Final G1 element representing the linear combination

Throws
RuntimeException

if lists have incompatible lengths

def grothVerify(vk: SnarkVerificationKey, proof: Proof, public: List[BigInt]): Boolean

Verifies a Groth16 proof

Verifies a Groth16 proof

Implements the verification equation: e(πA, πB) = e(vk_alpha, vk_beta) * e(vk_IC(public), vk_gamma) * e(πC, vk_delta)

Where e() is the optimal Ate pairing on BLS12-381

Value parameters

proof

The proof to verify

public

List of public inputs

vk

Verification key

Attributes

Returns

true if the proof is valid, false otherwise

Throws
RuntimeException

if vkIC is empty

def pairing(g1: ByteString, g2: ByteString): BLS12_381_MlResult

Computes a pairing (Miller loop) between two curve points

Computes a pairing (Miller loop) between two curve points

Value parameters

g1

Compressed G1 point

g2

Compressed G2 point

Attributes

Returns

Result of Miller loop pairing

Givens

Givens

given given_ToData_Proof: () => Proof
Generated with