Documentation
¶
Overview ¶
voteverifier package contains the Gnark circuit definition that verifies a vote package to be aggregated by the vote aggregator and included in a new state transition. A vote package includes a ballot proof (generated from a circom circuit with snarkjs), the public inputs of the ballot proof circuit, the signature of the public inputs, and a census proof. The vote package is valid if the ballot proof is valid if:
- The public inputs of the ballot proof are valid (match with the hash provided).
- The ballot proof is valid for the public inputs.
- The public inputs of the verification circuit are valid (match with the hash provided).
- The signature of the public inputs is valid for the public key of the voter.
- The address derived from the user public key is part of the census, and verifies the census proof with the user weight provided.
Public inputs:
- InputsHash: The hash of all the inputs that could be public.
Private inputs:
- NumFields: The maximum number of votes that can be included in the package.
- UniqueValues: A flag that indicates if the votes in the package values should be unique.
- MaxValue: The maximum value that a vote can have.
- MinValue: The minimum value that a vote can have.
- MaxValueSum: The maximum total cost of the votes in the package.
- MinValueSum: The minimum total cost of the votes in the package.
- CostExponent: The exponent used to calculate the cost of a vote.
- CostFromWeight: A flag that indicates if the cost of a vote is calculated from the weight of the user or from the value of the vote.
- Address: The address of the voter.
- UserWeight: The weight of the user that is voting.
- EncryptionPubKey: The public key used to encrypt the votes in the package.
- ProcessId: The process id of the votes in the package.
- Ballot: The encrypted votes in the package.
- CensusRoot: The root of the census tree.
- CensusSiblings: The siblings of the address in the census tree.
- Msg: The hash of the public inputs of the ballot proof but as scalar element of the Secp256k1 curve.
- PublicKey: The public key of the voter.
- Signature: The signature of the inputs hash.
- CircomProof: The proof of the ballot proof.
- CircomPublicInputsHash: The hash of the public inputs of the ballot proof.
- CircomVerificationKey: The verification key of the ballot proof (fixed).
Note: The inputs of the circom circuit should be provided as elements of the bn254 scalar field, and the inputs of the gnark circuit should be provided as elements of the current compiler field (BLS12377 expected).
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Artifacts = circuits.NewCircuitArtifacts( params.VoteVerifierCurve, &circuits.Artifact{ Name: "vote-verifier ccs", RemoteURL: config.VoteVerifierCircuitURL, Hash: types.HexStringToHexBytesMustUnmarshal(config.VoteVerifierCircuitHash), }, &circuits.Artifact{ Name: "vote-verifier proving key", RemoteURL: config.VoteVerifierProvingKeyURL, Hash: types.HexStringToHexBytesMustUnmarshal(config.VoteVerifierProvingKeyHash), }, &circuits.Artifact{ Name: "vote-verifier verification key", RemoteURL: config.VoteVerifierVerificationKeyURL, Hash: types.HexStringToHexBytesMustUnmarshal(config.VoteVerifierVerificationKeyHash), }, )
Artifacts contains the circuit artifacts for the vote verifier circuit, which includes the proving and verification keys.
Functions ¶
func DummyWitness ¶
DummyWitness function returns a dummy witness for the VerifyVoteCircuit with dummy values. It needs the desired BallotProof circuit verification key and the curve of the points used for the ballots to generate the witness. This function can be used to generate dummy proofs to fill a chunk of votes that does not reach the required number of votes to be valid.
Types ¶
type VerifyVoteCircuit ¶
type VerifyVoteCircuit struct {
IsValid frontend.Variable `gnark:",public"`
// Hash of the public inputs of the ballot proof circuit (circom)
BallotHash emulated.Element[sw_bn254.ScalarField] `gnark:",public"`
// The following variables are private inputs and they are used to verify
// the user identity ownership
Address emulated.Element[sw_bn254.ScalarField]
VoteID frontend.Variable
PublicKey ecdsa.PublicKey[emulated.Secp256k1Fp, emulated.Secp256k1Fr]
Signature ecdsa.Signature[emulated.Secp256k1Fr]
// The ballot proof is passed as private inputs
CircomProof groth16.Proof[sw_bn254.G1Affine, sw_bn254.G2Affine]
CircomVerificationKey groth16.VerifyingKey[sw_bn254.G1Affine, sw_bn254.G2Affine, sw_bn254.GTEl] `gnark:"-"`
}
func DummyAssignment ¶
func DummyAssignment(ballotProofVKey []byte, curve ecc.Point) (*VerifyVoteCircuit, error)
DummyAssignment function returns a dummy assignment for the VerifyVoteCircuit with dummy values. It needs the desired BallotProof circuit verification key and the curve of the points used for the ballots to generate the assignment. This function can be used to generate dummy proofs to fill a chunk of votes that does not reach the required number of votes to be valid.
func DummyPlaceholder ¶
func DummyPlaceholder(ballotProofVKey []byte) (*VerifyVoteCircuit, error)
DummyPlaceholder function returns a placeholder for the VerifyVoteCircuit with dummy values. It needs the desired BallotProof circuit verification key to generate inner circuit placeholders. This function can be used to generate dummy proofs to fill a chunk of votes that does not reach the required number of votes to be valid.
func (*VerifyVoteCircuit) Prove ¶
func (a *VerifyVoteCircuit) Prove() (groth16.Proof, error)
Prove method of VoteVerifierCircuit instance generates a proof of the validity values of the current assignment. It loads the required circuit artifacts and decodes them to the proper format. It returns the proof or an error.
func (*VerifyVoteCircuit) VerifyProof ¶
func (a *VerifyVoteCircuit) VerifyProof(proof groth16.Proof) error
VerifyProof method verifies the proof of the circuit with the current assignment. It loads the verifying key from circuit artifacts, encodes the witness and tries to verify the given proof. It is usefull to validate the proofs before include them in a batch for recursion. If something fails return an error.
Source Files