The proof always validate for any public input

Question

The proof always validate for any public input

jmagan opened this issue a year ago · comments

Juan Salvador Magán Valero commented a year ago

Hello,

I'm learning snarkjs and as first excersice I'm playing with the Pedersen hash example. My circom code is:

pragma circom 2.0.0;

include "../node_modules/circomlib/circuits/pedersen.circom";
include "../node_modules/circomlib/circuits/bitify.circom";

template CommitmentHasher() {
    signal input secret;
    signal input commitment;      

    component hasher = Pedersen(248);
    component secretBits = Num2Bits(248);
    secretBits.in <== secret;

    for (var i = 0; i < 248; i++) {
        hasher.in[i] <== secretBits.out[i];
    }
    log(hasher.out[0], "hasher.out[0]");

    commitment === hasher.out[0];
}

component main {public [commitment]} = CommitmentHasher();

I have this Makefile for the setup:

SHELL = sh

circom = circuit/test.circom
r1cs = test.r1cs
wasm = test_js/test.wasm
wit_gen = test_js/generate_witness.js
compile_outputs = test_js/witness_calculator.js $(r1cs) $(wasm) $(wit_gen)
pk = test.pk
pk_1 = test_1.pk
pk_2 = test_2.pk
pk_3 = test_3.pk
pk_final = test_final.pk
vk = test.vk
ptau = test.ptau
keys = $(pk) $(pk_1) $(pk_2) $(pk_3) $(pk_final) $(vk)
p_input = test.input.json
wit = test.wtns
pf = test.pf.json
inst = test.inst.json
prove_outputs = $(pf) $(inst)

all: verify

$(compile_outputs): $(circom)
	circom $< --r1cs --wasm

$(ptau):
	snarkjs powersoftau new bn128 12 tmp.ptau
	snarkjs powersoftau prepare phase2 tmp.ptau $(ptau)
	

$(keys): $(ptau) $(r1cs)
	snarkjs groth16 setup $(r1cs) $(ptau) $(pk)
	snarkjs zkey contribute $(pk) $(pk_1) --name="Frist contribution" -v -e="$$(head -c 1024 /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 128)"
	snarkjs zkey contribute $(pk_1) $(pk_2) --name="Second contribution" -v -e="$$(head -c 1024 /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 128)"
	snarkjs zkey contribute $(pk_2) $(pk_3) --name="Third contribution" -v -e="$$(head -c 1024 /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 128)"
	snarkjs zkey beacon $(pk_3) $(pk_final) 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon phase2"
	snarkjs zkey verify $(r1cs) $(ptau) $(pk_3)

	snarkjs zkey export verificationkey $(pk_final) $(vk)
	rm tmp.ptau

$(wit): $(p_input) $(wasm) $(wit_gen)
	node $(wit_gen) $(wasm) $(p_input) $@

$(prove_outputs): $(wit) $(pk_final)
	snarkjs groth16 prove $(pk_final) $(wit) $(pf) $(inst)

.PHONY = verify clean

verify: $(pf) $(inst) $(vk)
	snarkjs groth16 verify $(vk) $(inst) $(pf)

clean:
	rm -f $(compile_outputs) $(ptau) $(keys) $(wit) $(prove_outputs)
	rmdir test_js

If I put the following json file, it's compile, make a proof and verify it correctly:

{
  "commitment": "12021025806200141690679194420197200494969179888553883489898910811655313694236",
  "secret": "5330"
}

My issue is that I was playing with test.inst.json:

[
    "12021025806200141690679194420197200494969179888553883489898910811655313694236"
]

And I can change that number in the file and the command snarkjs groth16 verify test.vk test.inst.json test.pf.json still verifies. What am I doing wrong?

Thanks

Madhav Madhusoodanan · Answer 1 · Mon Mar 04 2024 03:23:52 GMT+0800 (China Standard Time)

Hey @jmagan

I ran the experiment you have described here, and I could not find the issue that you are facing. Do let us know if you're still facing the same issue

Thanks

Juan Salvador Magán Valero · Answer 2 · Mon Mar 04 2024 17:27:51 GMT+0800 (China Standard Time)

Hello @madhav-madhusoodanan,

I had the issue. I did a research and I found that the IC components where always as points to infinity. That's why the public inputs were ignored in the proof. I solved it rewriting the setup but I don't know where was the error.

I close the issue, thank you for your time.