2021年4月

德甲下注官网_零知识证明:ZoKrates 使用和案例说明

ZoKrates 是一个针对以太坊的 zk-SNARKs 工具类项目, 利用它可以较为更容易地构建链下分解零科学知识证明, 再行递交到以太坊链上用智能合约展开检验的功能.ZoKrates 本身主要用 rust 构建, 底层 zkp 方案依赖 bellman, libsnark 构建.本文详细讲解 ZoKrates 的用于以及 V 神 zkSNARKs 涉及文章里的一个案例用 ZoKrates 构建解释.关于 zkSNARKs, ZoKrates 更加详尽的讲解和解释可以参照文末参考资料.命令行解释compile编译器源码: 将 zok 源码压平成逻辑条件语句形式, 分解两个文件(配置文件 out, out.ztf), 其中 .ztf 文件是格式化版.命令样例: zokrates compile [-o out] -i sample.zokzok 源码文件 sample.zok:def main(private field a, field b) – (field): field result = if a * a == b then 1 else 0 fi return result分解的 ztf 文件:def main(_0, _1) – (1): (1 * _0) * (1 * _0) == 1 * _4 # _2, _3 = Rust::ConditionEq((-1) * _1 + 1 * _4) ((-1) * _1 + 1 * _4) * (1 * _3) == 1 * _2 (1 * ~one + (-1) * _2) * ((-1) * _1 + 1 * _4) == 0 (1 * ~one) * (1 * ~one + (-1) * _2) == 1 * ~out_0 return ~out_0setup可靠启动: 继续执行可靠启动(trusted setup)操作者, 分解 CRS(Common Reference String).命令样例: zokrates setup [-i out] [-s G16] [-p proving.key] [-v verification.key]setup 输出为 compile 分解的 out, 在分解 CRS 前会不会先生成 R1CS 等操作者, 最后输入两个文件: proving.key 和 verification.key.可以用参数 -s 登录使用的零科学知识证明方案, 目前反对 G16、PGHR13、GM17, 配置文件为 G16.分解的 verification.key:vk.alpha = 0x0570e3c9d82099fa7387140f1c16a521c600c62109cdc023a7dafd45698f22de, 0x04ad4ecb02c73f674c264eab35f2ef763f0fc7b758fa554385cc419c72fa4b8cvk.beta = [0x0c81950e8454719fcdae412f554bac62071f0dcfbc0df5a10dbfe3530b5b980c, 0x1cd6933716f38d239eb6fd2416c22f1e7ba3bbd367b007e9d94a29c243486858], [0x1bdcbd9b7306f051de4ff26979fddac6e376a94416521f30233451ef03d59b75, 0x1165ef2b53fe7172d3bada68df3200db2931c991b4602299127f0195983575b8]vk.gamma = [0x0fa0718df95c498bc1f50ec2a5f4f7b1214bf0b5c3f28d439740588a4c42ece6, 0x013f7042472ce1b5e8c546d18761c3a27ae786b1258050cc486d0258cc401e24], [0x0cf0f1d42a320b73e579d7828712c08b663ecec595bb3d893f10acebbb5d8658, 0x296b67405655ee6d0edd69fbfcab20f400da0ad9b87cbca98a4fa96e133773e0]vk.delta = [0x063fa2f6cd8ad00b35af4348fd7e627dcf8bb3530d0e50e23046abe054900d06, 0x06f008e36d2c0c05978785e4cce3dfc169fbb078aa891dc83a14f96d56572d52], [0x1347ce64162496c450dc725aef975e2a0744712a487106739883df311af91057, 0x234e180f25487b444d0f1f8ac0c02b45ceeffc0ce171e2507e270d1aea44d67f]vk.gamma_abc.len() = 3vk.gamma_abc[0] = 0x18149018b7c0ee29906ef20c544efb732a822d4a562100c20aef1a301bb1dc20, 0x18a913b2026e7fb7fccef60c0b577dbd7a80b95c7575de8a5314ed88f0a1ae1bvk.gamma_abc[1] = 0x17b95318ccf8382281b3f6811a44f107d3df1984bb8ce3d25bda15966e4ac243, 0x05c08e28b1d45692a3bb7e51a7a784553695ee373047a095560d9702f02f46bcvk.gamma_abc[2] = 0x2c820e3b6ca96c8a98a98085fe4d29b237a23dac00abb0cc5dcb7a96d45fa042, 0x00937b10d0c409ab576d9739f895b4e8a4f0b3f0daa8bde00d83239a691e3471compute-witness计算出来 witness: 这是分解证明的一个步骤, 根据原计算出来问题的输出分解 witness.命令样例: zokrates compute-witness [-i out] [-o witness] -a 4 16命令的输出为 compile 分解的 out, 以及计算出来问题(函数)的输出参数; 输入一个文件, 配置文件文件名为 witness.generate-proof分解证明: 基于约束系统(计算出来问题)以及 witness 分解对应的零科学知识证明.命令样例:zokrates generateproof [-i out] [-p proving.key] [-w witness] [-s G16] [-j proof.json]命令的输出为 compile 和 setup 分解的(out, proving.key) 以及 compute-witness 分解的(witness); 输入证明文件, 配置文件为 proof.json.proof.json 样例:{ “proof”: {“a”: [“0x00079e628b230588e245fda5edf8866ce711c7de8d5cc37cf54b80f51aa37c37”, “0x167b3260cf4af269c4914dfbe180477097a988f6bb778705e76e489a42e0bfd0″],”b”: [[“0x1afb08d6f40254ef449b504d1f6530879ddb3effc7b729620a736701dec6d6dc”, “0x1e89599001bc3572bfefaf041c624d72be516ca3cb6be479fb4daf0442566c4d”], [“0x24f83adc32a54235ad72c7e61e93990c1d97c3ef72417892b7bb01f64a53c42e”, “0x0adc5cb25f7de45483b027f9afa12eff92a910d277ccc28bf39e6d79f7c5569f”]],”c”: [“0x2019bdafca45c38f26a5e3ab23764e2650d13f0b64c2b4dee3ad705fbacbbafd”, “0x26aa019ae205ae1b91bf8dab69d16e24395b3e17983377f25d2f3730e53ae17d”] }, “inputs”: [“0x0000000000000000000000000000000000000000000000000000000000000010”, “0x0000000000000000000000000000000000000000000000000000000000000001”]}export-verifier给定检验合约: 根据 verification.key 分解 verifier 合约.命令样例: zokrates export-verifier [-i verification.key] [-s G16] [-o verifier.sol]证明方案docs: Proving Schemes当前 ZoKrates 反对三个证明方案:1. PGHR13: pghr13, 依赖 libsnark2. G16: groth16, 配置文件方案, 不倚赖 libsnark, 依赖 bellman3. GM17: gm17, 依赖 libsnarksetup, export-verifier, generate-proof 三个命令可以通过 -s 登录证明方案, 但需保持一致.要用于 PGHR13 或者 GM17, 必须在编译器分解 zokrates 命令时减少额外的参数来重新加入 libsnark: cargo +nightly -Z package-features build –release –package zokrates_cli –features=”libsnark”解释: G16 不存在延展性(malleability)问题, 引荐用于 gm17.检验方法检验方法就是调用 export-verifier 命令分解的 verifier.sol 合约的 verifyTx 函数.function verifyTx(uint[2] memory a, uint[2][2] memory b, uint[2] memory c, uint[2] memory input) public returns (bool r)函数的参数来自 generte-proof 命令的输入结果.案例: x^3+x+3=35本案例来自 vitalik 的 QAP 文章:· Quadratic Arithmetic Programs: from Zero to Hero· 白话零科学知识证明 (二)继续执行过程:1. 用于 DSL 来对问题编码:· main.zokdef main(private field x) – (bool): x*x*x + x + 5 == 35 return true2. 编译器:· 命令: zokrates compile -i main.zok· 结果:Compiling main.zokCompiled program:def main(_0) – (1):(1 * _0) * (1 * _0) == 1 * _1(1 * _1) * (1 * _0) == 1 * _2(1 * ~one) * (35 * ~one) == 5 * ~one + 1 * _0 + 1 * _2(1 * ~one) * (1 * ~one) == 1 * ~out_0return ~out_0Compiled code written to ‘out’Human readable code to ‘out.ztf’Number of constraints: 4· 根据结果可以告诉:~one = 1~out_0=1_0 = x_1 = _0*_1 = x^33. setup命令: zokrates setup输入结果:Performing setup…def main(_0) – (1):(1 * _0) * (1 * _0) == 1 * _1(1 * _1) * (1 * _0) == 1 * _2(1 * ~one) * (35 * ~one) == 5 * ~one + 1 * _0 + 1 * _2(1 * ~one) * (1 * ~one) == 1 * ~out_0return ~out_0WARNING: You are using the G16 scheme which is subject to malleability. See zokrates.github.io/reference/proving_schemes.html#g16-malleability for implications.Has generated 5 points4. 分解检验合约命令: zokrates export-verifier5. 编译器并公布合约· 用于 remix 和 Metamask 来编译器和公布.· Rinkby 上公布并源码证书的合约: 0x53577a6d35da004d1c76397959c594d0426ecd1ahttps://rinkeby.etherscan.io/address/0x53577a6d35da004d1c76397959c594d0426ecd1a6. 分解准确的 witness 和 proof· 命令: zokrates compute-witness -a 3 -o witness.goodComputing witness…Witness:[true]· witness.good:~out_0 1~one 1_0 3_1 9_2 277. 分解准确的 proof· 命令: zokrates generate-proof -w witness.good -j proof-good.jsonGenerating proof…WARNING: You are using the G16 scheme which is subject to malleability. See zokrates.github.io/reference/proving_schemes.html#g16-malleability for implications.generate-proof successful: true· proof-good.json{“proof”: {“a”: [“0x110332d0c8e1d05ce9404fd93105c3fe4584d80ccb5ac717acadc7ebd0fc980e”, “0x030f5b5816274abb8eef5be4fd24991d0de600916d02338be72374e7b9bfdf6c”],”b”: [[“0x047db95379f2de8e6753fc26dfd0254d6f634526062ae70e3545bd50bf8be5df”, “0x187c8851eae58a5713dd46f18dc9598b67598a248edb0cee6b68f5d080f01e9b”], [“0x05ae13857c3b68ea1728fcdf4f41883c78be1fda50b4a54f0aab8c27aa63fdf2”, “0x2402254c268795bb9c1ef973e4fb4a5eacc8e230793a1d6b8208666b436da00a”]],”c”: [“0x141b43d522d0cf6912c12efbb5c5bb783a21a1392573d9073db93f284ba6b008”, “0x2aa86a426ca6b2deeeaff97cbeef7299082cc9753635bb8dee1c8d87e9ef53c2″]},”inputs”: [“0x0000000000000000000000000000000000000000000000000000000000000001”]}%8. 调用 verifier 合约展开检验交易: 0xf84aa9f7cc7b7ef7896f77b295bcce657c18c6053fe33eba0905f86131c6851fhttps://rinkeby.etherscan.io/tx/0xf84aa9f7cc7b7ef7896f77b295bcce657c18c6053fe33eba0905f86131c6851f根据 verifier.sol, 交易有抛事件就解释检验通过.9. 分解错误的 witness 和 proof命令: zokrates compute-witness -a 4 -o witness.badComputing witness…Execution failed: Expected 35 to equal 73witness.bad 无法分解.10. 假造错误的 proof, 基于上面的 proof-good.json 的数据展开给定改动.11. 调用 verifier 合约展开检验· 交易: 0x669936c392f39a10bc0ee594e1472b87a93b0370ed329ab03892e5f702fb1ea3https://rinkeby.etherscan.io/tx/0x669936c392f39a10bc0ee594e1472b87a93b0370ed329ab03892e5f702fb1ea3· 交易: 0x89689b344f88751995641f8f682768aaf99b770f70f404bd003fedc6ecb50393https://rinkeby.etherscan.io/tx/0x89689b344f88751995641f8f682768aaf99b770f70f404bd003fedc6ecb50393· 有些交易会告终, 有些交易会顺利, 但是顺利的交易也是没事件的(解释检验没有通过, 函数回到 false)参考资料· ZoKrates – githubhttps://github.com/Zokrates/ZoKrates· zokrates docshttps://zokrates.github.io/· bellmanhttps://github.com/zkcrypto/bellman· libsnarkhttps://github.com/scipr-lab/libsnark· VitalikButerin – Quadratic Arithmetic Programs: from Zero to Herohttps://medium.com/@VitalikButerin/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649· 零科学知识证明 – 了解解读 ZoKrateshttps://learnblockchain.

德甲下注网站_穿越时空: 你看你看, 未来的脸

Nothing says the future like a disembodied head. As developers and designers begin churning out the next generation of games and entertainment, the pace of technology demos showing what types of computer-generated graphics will soon be possible has picked up. And that means one thing: more creepy-yet-astonishing 3D-generated heads.没什么比起一颗活生生的头部更加能代言“未来”。