Comments (2)
This seems to suggest to me that there is something wrong with the way pairings are computed in snarkjs.
Indeed there is a slight difference between the pairing implementations in libsnark and snarkjs, but both are correct. In fact, the final exponentiation (FE) is computed differently and the result should be different because of an exponent cofactor. In the current implementation of snarkjs, the FE is elt^((q^12-1)/r)
while in libsnark it is equal to elt^(2z * ( 6z^2 + 3z + 1 )*(q^12-1)/r
where z=4965661367192848881
is the seed of the alt-bn128 curve. You can always raise to a multiple of (q^12-1)/r
that is not divisible by r
and the pairing would be correct. The point to do so is to find a good LLL decomposition in q^i
-basis and use Frobenius maps instead of modular exponentiations (see [SAC:FueKnaRod11]).
I implemented this in this PR and it should fix your problem.
from snarkjs.
In the new version we are using the wasmcurves lib that uses the right pairing. Closing it.
from snarkjs.
Related Issues (20)
- Getting 'Scalar size does not match' error when proving a simple circuit with addition or subtraction HOT 1
- Way to verify vkey for a circuit? HOT 3
- Troubleshooting Discrepancies: Validating Pre-Image Hashes in SnarkJS HOT 1
- `snarkjs` cannot be used with ES modules
- Not all available cores are used by taskmanager HOT 2
- Error generating a proof for Circom circuit HOT 2
- Why check public signals less than `q` instead of `r` in generated solidity code? HOT 4
- wtns debug dont say anything
- wrong order of proof parameters for 2-d array parameter
- Bug: process is not exited after calling zKey.newZKey, r1cs.info functions
- snarkJS: Error: Error: Assert Failed. HOT 1
- Bug: groth16.fullProve don't work in vite reactjs app HOT 1
- FR: Officially support proof generation for Cardano
- is there any way to optimize the MSM of the verifier contract
- exported circuit proving key invalid
- Common serialization format between shared between all zk-snarks framworks
- r1cs_constraint_processor's join linear combination could be wrong
- How to solve the incompatibility problem in snark.js of the witness file generated by go-rapidsnark? HOT 1
- calculate output without generating proof HOT 1
- Step 15 Setup Command Failed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from snarkjs.