This is an implementation of Pinocchio protocol using Lambdaworks. This source code is the companion of this blog post aimed at those who want to learn about SNARKs.
We encourage to start by reading the blog post to understand the code.
Then, in the tests/
module you will find integration tests that will guide you through the happy path: the setup, the prover and the verifier. Each of these components can be located in their own files:
-
pinocchio/setup.rs
: generates theVerificationKey
and theEvaluationKey
with the relevant data to construct and verify proofs. This data comes from the structure of the program P encoded asPolynomials
in aQAP
(Quadratic arithmetic program). To hide this data, randomFieldElement
s are sampled asToxicWaste
and then mapped toG1Point
's andG2Point
's via repeated addition of thegenerator()
's of the curves. -
pinocchio/prover.rs
: takes the circuit encoded as aQAP
and the trace of the program asFieldElement
s. Then, it applies themsm(...)
operation in order to generate the proof elements, in this case,G1Point
andG2Point
hidings. -
pinocchio/verifier.rs
: verifies the proof by checking the conditions mentioned in the paper. This involves computingPairing::compute(...)
operations between aG1Point
and aG2Point
.
Step 1: Construct a QAP
let test_qap = new_test_r1cs().into();
Step 2: Setup providing Evaluation and Verification keys.
let (evaluation_key, verification_key) = setup(&test_qap, toxic_waste);
Step 3: The prover constructs the proof using the evaluation key, the QAP and the inputs.
let proof = generate_proof(&evaluation_key, &test_qap, &c_vector);
Step 4: The verifier checks the validity of the proof using the verification key and the public inputs.
let accepted = verify(&verification_key, &proof, &c_io_vector);