The proof always validate for any public input
jmagan opened this issue · comments
Hello,
I'm learning snarkjs and as first excersice I'm playing with the Pedersen hash example. My circom code is:
pragma circom 2.0.0;
include "../node_modules/circomlib/circuits/pedersen.circom";
include "../node_modules/circomlib/circuits/bitify.circom";
template CommitmentHasher() {
signal input secret;
signal input commitment;
component hasher = Pedersen(248);
component secretBits = Num2Bits(248);
secretBits.in <== secret;
for (var i = 0; i < 248; i++) {
hasher.in[i] <== secretBits.out[i];
}
log(hasher.out[0], "hasher.out[0]");
commitment === hasher.out[0];
}
component main {public [commitment]} = CommitmentHasher();
I have this Makefile for the setup:
SHELL = sh
circom = circuit/test.circom
r1cs = test.r1cs
wasm = test_js/test.wasm
wit_gen = test_js/generate_witness.js
compile_outputs = test_js/witness_calculator.js $(r1cs) $(wasm) $(wit_gen)
pk = test.pk
pk_1 = test_1.pk
pk_2 = test_2.pk
pk_3 = test_3.pk
pk_final = test_final.pk
vk = test.vk
ptau = test.ptau
keys = $(pk) $(pk_1) $(pk_2) $(pk_3) $(pk_final) $(vk)
p_input = test.input.json
wit = test.wtns
pf = test.pf.json
inst = test.inst.json
prove_outputs = $(pf) $(inst)
all: verify
$(compile_outputs): $(circom)
circom $< --r1cs --wasm
$(ptau):
snarkjs powersoftau new bn128 12 tmp.ptau
snarkjs powersoftau prepare phase2 tmp.ptau $(ptau)
$(keys): $(ptau) $(r1cs)
snarkjs groth16 setup $(r1cs) $(ptau) $(pk)
snarkjs zkey contribute $(pk) $(pk_1) --name="Frist contribution" -v -e="$$(head -c 1024 /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 128)"
snarkjs zkey contribute $(pk_1) $(pk_2) --name="Second contribution" -v -e="$$(head -c 1024 /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 128)"
snarkjs zkey contribute $(pk_2) $(pk_3) --name="Third contribution" -v -e="$$(head -c 1024 /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 128)"
snarkjs zkey beacon $(pk_3) $(pk_final) 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon phase2"
snarkjs zkey verify $(r1cs) $(ptau) $(pk_3)
snarkjs zkey export verificationkey $(pk_final) $(vk)
rm tmp.ptau
$(wit): $(p_input) $(wasm) $(wit_gen)
node $(wit_gen) $(wasm) $(p_input) $@
$(prove_outputs): $(wit) $(pk_final)
snarkjs groth16 prove $(pk_final) $(wit) $(pf) $(inst)
.PHONY = verify clean
verify: $(pf) $(inst) $(vk)
snarkjs groth16 verify $(vk) $(inst) $(pf)
clean:
rm -f $(compile_outputs) $(ptau) $(keys) $(wit) $(prove_outputs)
rmdir test_js
If I put the following json file, it's compile, make a proof and verify it correctly:
{
"commitment": "12021025806200141690679194420197200494969179888553883489898910811655313694236",
"secret": "5330"
}
My issue is that I was playing with test.inst.json:
[
"12021025806200141690679194420197200494969179888553883489898910811655313694236"
]
And I can change that number in the file and the command snarkjs groth16 verify test.vk test.inst.json test.pf.json
still verifies. What am I doing wrong?
Thanks
Hey @jmagan
I ran the experiment you have described here, and I could not find the issue that you are facing. Do let us know if you're still facing the same issue
Thanks
Hello @madhav-madhusoodanan,
I had the issue. I did a research and I found that the IC components where always as points to infinity. That's why the public inputs were ignored in the proof. I solved it rewriting the setup but I don't know where was the error.
I close the issue, thank you for your time.