The verification result for SimpleCircuitGenerator is always "PASS" about jsnark HOT 5 CLOSED

Hi, prodia4,

The circuit you provided in the second example computes wire #11 as the product of wires #2 and #3. Both wires have a value of 0x10 (the value is in hexadecimal), so the value of wire #11 will be 256, so I do not see any error.

The circuits that you were trying to change here are "computation circuits", so whenever you change the input, it will give you some correct output. Try playing with a verification circuit instead. If you'd like the change the circuit such that it gives you an error when the inputs are not right, try using the assert opcode. See the generated multiplicative inverse circuit for an example.

Also, when you manipulate the files manually, no need to run the Java executable to run libsnark. Instead you can directly use the executable of the interface provided for libsnark. Additionally, input wire #0 is always assumed to have a value of 1.

from jsnark.

I thought I was doing something wrong there..

Thanks for the kind explanation.

from jsnark.

Hi Ahmed @akosba,

I came across the aforementioned requirement of writing a verification circuit. After reading your reply above, I used 'addEqualityAssertion' method with the two wires I want to verify the equality of, as input to this method and included that method at the end of the buildCircuit() method of my CircuitGenerator class. It worked fine for a very simple circuit.

I would like to see if there is an example of a verification circuit in jsnark. As you have mentioned in the above reply, I tried to find "generated multiplicative inverse circuit", but I did not find such a circuit in the jsnark source.

Could you please point me to any existing example of a verification circuit?

Thank you very much.

from jsnark.

I meant the division circuit here: https://github.com/akosba/jsnark/tree/master/JsnarkCircuitBuilder/src/examples/gadgets/math
The mod circuits in the same package are verification circuits as well.

from jsnark.

Hi Ahmed @akosba,

Thank you very much for your quick reply. I appreciate it a lot.
I looked into these gadgets and tried to use a modified version of ModGadget.java to run a simple proof/verification for the following verification problem.

Let's assume that computing integers modulo (i.e: computing x mod y = z) is a hard problem. And a prover wants to prove the following statement using ZK-SNARK:

_

Given x and z, I know y such that x mod y = z. Here, y is the secret input and y, z are public inputs to the circuit.

_

I wrote a ModCicuitGenerator in which x and z are InputWires and y is a ProverWitnessWire. Then I used a slightly modified version of the existing ModGadget to take the inputs x,y and return the output wire value as the computation of: x mod y.
ModGadget is invoked by the ModCircuitGenerator and ModCircuitGenerator has an equalityAssertion to check if the output wire of ModGadget is equal to the input wire z.

However, R1CS constraints for mod computation was not generated in the .arith file. I think this is because I put the modulo computation logic inside 'specifyProverWitnessComputation' method in ModGadget as the existing example does. According to jsnark documentation, it seems that anything put in this method does not go into the circuit used in ZK-SNARK (since such computation is done independently of the circuit).

Could you please provide me some insights on if it is possible to prove/verify a statement like the aforementioned one using ZK-SANRK, with jsnark? If so, could you please let me know how should I approach it?

Thank you very much for your help.

from jsnark.