Skip to main content

Module 0x2::groth16

Struct Curve

Represents an elliptic curve construction to be used in the verifier. Currently we support BLS12-381 and BN254. This should be given as the first parameter to prepare_verifying_key or verify_groth16_proof.

struct Curve has copy, drop, store
Fields
id: u8

Struct PreparedVerifyingKey

A PreparedVerifyingKey consisting of four components in serialized form.

struct PreparedVerifyingKey has copy, drop, store
Fields
vk_gamma_abc_g1_bytes: vector<u8>
alpha_g1_beta_g2_bytes: vector<u8>
gamma_g2_neg_pc_bytes: vector<u8>
delta_g2_neg_pc_bytes: vector<u8>

Struct PublicProofInputs

A PublicProofInputs wrapper around its serialized bytes.

struct PublicProofInputs has copy, drop, store
Fields
bytes: vector<u8>

Struct ProofPoints

A ProofPoints wrapper around the serialized form of three proof points.

struct ProofPoints has copy, drop, store
Fields
bytes: vector<u8>

Constants

const EInvalidCurve: u64 = 1;
const EInvalidVerifyingKey: u64 = 0;
const ETooManyPublicInputs: u64 = 2;

Function bls12381

Return the Curve value indicating that the BLS12-381 construction should be used in a given function.

public fun bls12381(): groth16::Curve
Implementation
public fun bls12381(): Curve { Curve { id: 0 } }

Function bn254

Return the Curve value indicating that the BN254 construction should be used in a given function.

public fun bn254(): groth16::Curve
Implementation
public fun bn254(): Curve { Curve { id: 1 } }

Function pvk_from_bytes

Creates a PreparedVerifyingKey from bytes.

public fun pvk_from_bytes(vk_gamma_abc_g1_bytes: vector<u8>, alpha_g1_beta_g2_bytes: vector<u8>, gamma_g2_neg_pc_bytes: vector<u8>, delta_g2_neg_pc_bytes: vector<u8>): groth16::PreparedVerifyingKey
Implementation
public fun pvk_from_bytes(vk_gamma_abc_g1_bytes: vector<u8>, alpha_g1_beta_g2_bytes: vector<u8>, gamma_g2_neg_pc_bytes: vector<u8>, delta_g2_neg_pc_bytes: vector<u8>): PreparedVerifyingKey {
PreparedVerifyingKey {
vk_gamma_abc_g1_bytes,
alpha_g1_beta_g2_bytes,
gamma_g2_neg_pc_bytes,
delta_g2_neg_pc_bytes
}
}

Function pvk_to_bytes

Returns bytes of the four components of the PreparedVerifyingKey.

public fun pvk_to_bytes(pvk: groth16::PreparedVerifyingKey): vector<vector<u8>>
Implementation
public fun pvk_to_bytes(pvk: PreparedVerifyingKey): vector<vector<u8>> {
vector[
pvk.vk_gamma_abc_g1_bytes,
pvk.alpha_g1_beta_g2_bytes,
pvk.gamma_g2_neg_pc_bytes,
pvk.delta_g2_neg_pc_bytes,
]
}

Function public_proof_inputs_from_bytes

Creates a PublicProofInputs wrapper from bytes.

public fun public_proof_inputs_from_bytes(bytes: vector<u8>): groth16::PublicProofInputs
Implementation

Function proof_points_from_bytes

Creates a Groth16 ProofPoints from bytes.

public fun proof_points_from_bytes(bytes: vector<u8>): groth16::ProofPoints
Implementation
public fun proof_points_from_bytes(bytes: vector<u8>): ProofPoints {
ProofPoints { bytes }
}

Function prepare_verifying_key

@param curve: What elliptic curve construction to use. See bls12381 and bn254. @param verifying_key: An Arkworks canonical compressed serialization of a verifying key.

Returns four vectors of bytes representing the four components of a prepared verifying key. This step computes one pairing e(P, Q), and binds the verification to one particular proof statement. This can be used as inputs for the verify_groth16_proof function.

public fun prepare_verifying_key(curve: &groth16::Curve, verifying_key: &vector<u8>): groth16::PreparedVerifyingKey
Implementation
public fun prepare_verifying_key(curve: &Curve, verifying_key: &vector<u8>): PreparedVerifyingKey {
prepare_verifying_key_internal(curve.id, verifying_key)
}

Function prepare_verifying_key_internal

Native functions that flattens the inputs into an array and passes to the Rust native function. May abort with EInvalidVerifyingKey or EInvalidCurve.

fun prepare_verifying_key_internal(curve: u8, verifying_key: &vector<u8>): groth16::PreparedVerifyingKey
Implementation
native fun prepare_verifying_key_internal(curve: u8, verifying_key: &vector<u8>): PreparedVerifyingKey;

Function verify_groth16_proof

@param curve: What elliptic curve construction to use. See the bls12381 and bn254 functions. @param prepared_verifying_key: Consists of four vectors of bytes representing the four components of a prepared verifying key. @param public_proof_inputs: Represent inputs that are public. @param proof_points: Represent three proof points.

Returns a boolean indicating whether the proof is valid.

public fun verify_groth16_proof(curve: &groth16::Curve, prepared_verifying_key: &groth16::PreparedVerifyingKey, public_proof_inputs: &groth16::PublicProofInputs, proof_points: &groth16::ProofPoints): bool
Implementation
public fun verify_groth16_proof(curve: &Curve, prepared_verifying_key: &PreparedVerifyingKey, public_proof_inputs: &PublicProofInputs, proof_points: &ProofPoints): bool {
verify_groth16_proof_internal(
curve.id,
&prepared_verifying_key.vk_gamma_abc_g1_bytes,
&prepared_verifying_key.alpha_g1_beta_g2_bytes,
&prepared_verifying_key.gamma_g2_neg_pc_bytes,
&prepared_verifying_key.delta_g2_neg_pc_bytes,
&public_proof_inputs.bytes,
&proof_points.bytes
)
}

Function verify_groth16_proof_internal

Native functions that flattens the inputs into arrays of vectors and passed to the Rust native function. May abort with EInvalidCurve or ETooManyPublicInputs.

fun verify_groth16_proof_internal(curve: u8, vk_gamma_abc_g1_bytes: &vector<u8>, alpha_g1_beta_g2_bytes: &vector<u8>, gamma_g2_neg_pc_bytes: &vector<u8>, delta_g2_neg_pc_bytes: &vector<u8>, public_proof_inputs: &vector<u8>, proof_points: &vector<u8>): bool
Implementation
native fun verify_groth16_proof_internal(curve: u8, vk_gamma_abc_g1_bytes: &vector<u8>, alpha_g1_beta_g2_bytes: &vector<u8>, gamma_g2_neg_pc_bytes: &vector<u8>, delta_g2_neg_pc_bytes: &vector<u8>, public_proof_inputs: &vector<u8>, proof_points: &vector<u8>): bool;