Skip to content
/ sonic Public

Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings

www.adjoint.io

License

MIT license
45 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sdiehl/sonic

1 Branch2 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

sdiehlsdiehl
Merge pull request #7 from Bodigrim/master
Apr 5, 2020
44d9841 · Apr 5, 2020

History

23 Commits
.assets
.assets
Sep 16, 2019
.circleci
.circleci
Oct 15, 2019
.github/workflows
.github/workflows
Feb 12, 2020
bench
bench
Apr 3, 2020
examples
examples
Oct 15, 2019
src/Sonic
src/Sonic
Apr 4, 2020
test
test
Apr 4, 2020
.gitignore
.gitignore
Feb 12, 2020
ChangeLog.md
ChangeLog.md
Sep 29, 2019
LICENSE
LICENSE
May 30, 2019
README.md
README.md
Nov 9, 2019
Setup.hs
Setup.hs
May 29, 2019
cabal.project
cabal.project
Apr 3, 2020
package.yaml
package.yaml
Apr 3, 2020
sonic.cabal
sonic.cabal
Apr 3, 2020
stack.yaml
stack.yaml
Apr 3, 2020
stack.yaml.lock
stack.yaml.lock
Apr 3, 2020

Repository files navigation

Adjoint Logo

Sonic [1] is a zk-SNARK protocol for general arithmetic circuit satisfiability with universal and updatable Structured Reference String (SRS) proposed by Groth et al. [2] that scales linearly in size. Despite requiring a trusted setup for an SRS, the SRS can be continually strengthened and Sonic only requires a single setup for all circuits.

Sonic allows a prover to demonstrate knowledge of a hidden witness for a given constraint system. It defines its constraint system with respect to the two-variate polynomial equation used in Bulletproofs [3].

Usage

The Sonic protocol can be outlined in three steps: Setup, Prover and Verifier. Due to the universality property of the SRS, the setup phase needs only to be run once. This implementation uses BLS12-381 elliptic curve.

sonicProtocol :: ArithCircuit Fr -> Assignment Fr -> Fr -> IO Bool
sonicProtocol circuit assignment x = do
  -- Setup for an SRS
  srs <- SRS.new <$> randomD n <*> pure x <*> rnd
  -- Prover
  (proof, y, z, ys) <- prove srs assignment circuit
  -- Verifier
  pure $ verify srs circuit proof y z ys
  where
    -- Number of multiplication constraints
    n = length $ aL assignment
    -- Note that 'd' should be large enough to support the circuit depth 'n'
    randomD n = getRandomR (3 * n + 9, 100 * n)

The following example takes an arithmetic circuit of 5 linear constraints and 2 multiplication constraints:

runExample :: IO ()
runExample = do
  pX <- rnd
  pZ <- rnd
  let (arithCircuit, assignment@Assignment{..}) = arithCircuitExample pX pZ
  success <- sonicProtocol arithCircuit assignment pX
  putText $ "Success: " <> show success

The complete code of the example above can be found here.

Disclaimer

This is experimental code meant for research-grade projects only. Please do not use this code in production until it has matured significantly.

References

  1. Maller M., Bowe S., Kohlweiss M. and Meiklejohn S. "Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updateable Structured Reference Strings", 2019. https://eprint.iacr.org/2019/099

  2. Groth J., Kohlweiss M., Maller M., Meiklejohn S., Miers M. "Updatable and Universal Common Reference Strings with Applications to zk-SNARKs", 2018. https://eprint.iacr.org/2018/280.pdf

  3. Bunz B., Bootle J., Boneh D., Poelstra A., Wuille P., Maxwell G. "Bulletproofs: Short Proofs for Confidential Transactions and More", 2018. https://eprint.iacr.org/2017/1066.pdf

About

Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings

www.adjoint.io

Topics

cryptography privacy srs crs multiparty-computation zksnarks

Resources

Readme

License

MIT license
Activity

Stars

45 stars

Watchers

8 watching

Forks

9 forks
Report repository

Releases 2

0.3 Release Latest
Oct 18, 2019
+ 1 release

Packages

No packages published

Contributors 3

Languages