Skip to content

Instantly share code, notes, and snippets.

@ebfull

ebfull/lousy_test.diff

Created May 23, 2017 21:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ebfull/4cf9d6b9b0c088db490cea3c075f6f63 to your computer and use it in GitHub Desktop.
Save ebfull/4cf9d6b9b0c088db490cea3c075f6f63 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
lousy_test.diff
diff --git a/src/gtest/test_proofs.cpp b/src/gtest/test_proofs.cpp
index 49202f1f6..0d678a414 100644
--- a/src/gtest/test_proofs.cpp
+++ b/src/gtest/test_proofs.cpp
@@ -3,6 +3,7 @@
#include <iostream>
+#include "algebra/knowledge_commitment/knowledge_commitment.hpp"
#include "libsnark/common/default_types/r1cs_ppzksnark_pp.hpp"
#include "libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp"
#include "zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp"
@@ -394,9 +395,10 @@ TEST(proofs, g2_serializes_properly)
TEST(proofs, zksnark_serializes_properly)
{
+ std::vector<libsnark::knowledge_commitment<curve_G1, curve_G1> > zeroed_out_a_query;
auto example = libsnark::generate_r1cs_example_with_field_input<curve_Fr>(250, 4);
example.constraint_system.swap_AB_if_beneficial();
- auto kp = libsnark::r1cs_ppzksnark_generator<curve_pp>(example.constraint_system);
+ auto kp = libsnark::r1cs_ppzksnark_generator<curve_pp>(example.constraint_system, &zeroed_out_a_query);
auto vkprecomp = libsnark::r1cs_ppzksnark_verifier_process_vk(kp.vk);
for (size_t i = 0; i < 20; i++) {
@@ -471,6 +473,36 @@ TEST(proofs, zksnark_serializes_properly)
newproof
));
}
+
+ // Compute a proof that hands the pairing function a G1 point at infinity,
+ // and make sure the verifier still rejects the proof.
+ {
+ // Construct a valid proof:
+ auto proof = libsnark::r1cs_ppzksnark_prover<curve_pp>(
+ kp.pk,
+ example.primary_input,
+ example.auxiliary_input,
+ example.constraint_system
+ );
+
+ // Compute a new answer to the A query with negative input
+ proof.g_A.g = -(zeroed_out_a_query[0].g);
+ proof.g_A.h = -(zeroed_out_a_query[0].h);
+
+ size_t i = 1;
+ for (curve_Fr in : example.primary_input) {
+ proof.g_A.g = proof.g_A.g + ((-in) * zeroed_out_a_query[i].g);
+ proof.g_A.h = proof.g_A.h + ((-in) * zeroed_out_a_query[i].h);
+
+ i++;
+ }
+
+ ASSERT_FALSE(libsnark::r1cs_ppzksnark_verifier_strong_IC<curve_pp>(
+ kp.vk,
+ example.primary_input,
+ proof
+ ));
+ }
}
TEST(proofs, g1_deserialization)
diff --git a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp
index 36f6c1499..5a975a12d 100644
--- a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp
+++ b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp
@@ -368,7 +368,10 @@ public:
* Given a R1CS constraint system CS, this algorithm produces proving and verification keys for CS.
*/
template<typename ppT>
-r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs);
+r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
+ const r1cs_ppzksnark_constraint_system<ppT> &cs,
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query = NULL
+);
template<typename ppT>
r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
@@ -380,7 +383,8 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
const Fr<ppT>& rA,
const Fr<ppT>& rB,
const Fr<ppT>& beta,
- const Fr<ppT>& gamma
+ const Fr<ppT>& gamma,
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query = NULL
);
/**
diff --git a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc
index aeb2bbb85..789a29cc6 100644
--- a/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc
+++ b/src/libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc
@@ -232,7 +232,8 @@ r1cs_ppzksnark_verification_key<ppT> r1cs_ppzksnark_verification_key<ppT>::dummy
}
template <typename ppT>
-r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs)
+r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs,
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query)
{
/* draw random element at which the QAP is evaluated */
const Fr<ppT> t = Fr<ppT>::random_element();
@@ -245,7 +246,7 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constr
beta = Fr<ppT>::random_element(),
gamma = Fr<ppT>::random_element();
- return r1cs_ppzksnark_generator<ppT>(cs, t, alphaA, alphaB, alphaC, rA, rB, beta, gamma);
+ return r1cs_ppzksnark_generator<ppT>(cs, t, alphaA, alphaB, alphaC, rA, rB, beta, gamma, zeroed_out_a_query);
}
template <typename ppT>
@@ -258,7 +259,8 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
const Fr<ppT>& rA,
const Fr<ppT>& rB,
const Fr<ppT>& beta,
- const Fr<ppT>& gamma
+ const Fr<ppT>& gamma,
+ std::vector<knowledge_commitment<G1<ppT>, G1<ppT> > > *zeroed_out_a_query
)
{
enter_block("Call to r1cs_ppzksnark_generator");
@@ -328,6 +330,9 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
IC_coefficients.reserve(qap_inst.num_inputs() + 1);
for (size_t i = 0; i < qap_inst.num_inputs() + 1; ++i)
{
+ if (zeroed_out_a_query) {
+ zeroed_out_a_query->emplace_back((At[i] * rA) * G1<ppT>::one(), (At[i] * rA * alphaA) * G1<ppT>::one());
+ }
IC_coefficients.emplace_back(At[i]);
assert(!IC_coefficients[i].is_zero());
At[i] = Fr<ppT>::zero();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment