UNPKG

@nori-zk/proof-conversion

Version:

Verifying zkVM proofs inside o1js circuits, to generate Mina compatible proof

56 lines 2.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import { G2Line } from '../../lines/index.js'; import { ATE_LOOP_COUNT, Fp12 } from '../../towers/index.js'; import { KZGLineAccumulator } from './accumulate_lines.js'; import { Field, Provable } from 'o1js'; class KZGPairing { constructor(g2_lines, tau_lines, w27) { let parsed_g2_lines = JSON.parse(g2_lines); this.g2_lines = parsed_g2_lines.map((g) => G2Line.fromJSON(g)); let parsed_tau_lines = JSON.parse(tau_lines); this.tau_lines = parsed_tau_lines.map((g) => G2Line.fromJSON(g)); this.w27 = [Fp12.one(), w27, w27.mul(w27)]; } multiMillerLoop(A, negB) { const g = KZGLineAccumulator.accumulate(this.g2_lines, this.tau_lines, A, negB); let mlo = Fp12.one(); let mlo_idx = 0; for (let i = 1; i < ATE_LOOP_COUNT.length; i++) { mlo_idx = i - 1; mlo = mlo.square().mul(g[mlo_idx]); } mlo_idx += 1; mlo = mlo.mul(g[mlo_idx]); return mlo; } proveEqual(A, negB, shift_power, c) { const g = KZGLineAccumulator.accumulate(this.g2_lines, this.tau_lines, A, negB); const c_inv = c.inverse(); let f = c_inv; let idx = 0; for (let i = 1; i < ATE_LOOP_COUNT.length; i++) { idx = i - 1; f = f.square().mul(g[idx]); if (ATE_LOOP_COUNT[i] == 1) { f = f.mul(c_inv); } if (ATE_LOOP_COUNT[i] == -1) { f = f.mul(c); } } idx += 1; f = f.mul(g[idx]); f = f .mul(c_inv.frobenius_pow_p()) .mul(c.frobenius_pow_p_squared()) .mul(c_inv.frobenius_pow_p_cubed()); const shift = Provable.switch([ shift_power.equals(Field(0)), shift_power.equals(Field(1)), shift_power.equals(Field(2)), ], Fp12, [Fp12.one(), this.w27[1], this.w27[2]]); f = f.mul(shift); f.assert_equals(Fp12.one()); } } export { KZGPairing }; //# sourceMappingURL=multi_miller.js.map