typedef libff::Fr<default_r1cs_ppzksnark_pp> FieldT;
default_r1cs_ppzksnark_pp::init_public_params();
定義有限域,初始化橢圓曲線參數;
protoboard<FieldT> pb;
pb_variable<FieldT> out;
pb_variable<FieldT> x;
pb_variable<FieldT> sym_1;
pb_variable<FieldT> y;
pb_variable<FieldT> sym_2;
定義protoboard和變量,其中變量1會在protoboard中自動定義;
out.allocate(pb, "out");
x.allocate(pb, "x");
sym_1.allocate(pb, "sym_1");
y.allocate(pb, "y");
sym_2.allocate(pb, "sym_2");
在pb中聲明變量,將各個變量與pb關聯起來,以便在pb中使用變量定義R1CS約束;
pb中primary爲public變量,auxiliary爲private變量,primary變量在前面定義(如“out”);
使用*set_input_sizes(n)*函數指出前面的n個變量爲primary變量,後面剩下的則爲auxiliary變量;
pb.set_input_sizes(1);
第一個爲primary變量,後面的都是auxiliary變量;
// x*x = sym_1
pb.add_r1cs_constraint(r1cs_constraint<FieldT>(x, x, sym_1));
// sym_1 * x = y
pb.add_r1cs_constraint(r1cs_constraint<FieldT>(sym_1, x, y));
// y + x = sym_2
pb.add_r1cs_constraint(r1cs_constraint<FieldT>(y + x, 1, sym_2));
// sym_2 + 5 = out
pb.add_r1cs_constraint(r1cs_constraint<FieldT>(sym_2 + 5, 1, out));
在pb中增加R1CS約束(constraints);
const r1cs_constraint_system<FieldT> constraint_system = pb.get_constraint_system();
r1cs_ppzksnark_keypair<default_r1cs_ppzksnark_pp> keypair = r1cs_ppzksnark_generator<default_r1cs_ppzksnark_pp>(constraint_system);
運行生成器(Generator)來生成證明和驗證密鑰;
如上步驟即爲可信設置(trusted setup),可通過keypair.pk來訪問證明密鑰。通過keypair.vk來訪問驗證密鑰;
pb.val(out) = 35;
pb.val(x) = 3;
pb.val(sym_1) = 9;
pb.val(y) = 27;
pb.val(sym_2) = 30;
設置變量的值,設置好之後通過pb.primary_input()來訪問共有值,通過pb.auxiliary_input()來訪問私有值;
r1cs_ppzksnark_proof<default_r1cs_ppzksnark_pp> proof = r1cs_ppzksnark_prover<default_r1cs_ppzksnark_pp>(keypair.pk, pb.primary_input(), pb.auxiliary_input());
使用證明密鑰,共有值和私有值來創建證明;
bool verified = r1cs_ppzksnark_verifier_strong_IC<default_r1cs_ppzksnark_pp>(keypair.vk, pb.primary_input(), proof);
使用創建好的證明,驗證密鑰和公有值來驗證證明;
證明結果爲一個bool值,true則證明我們的答案正確(witness),否則則證明我們的答案錯誤。