-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: Groth16Commitments is empty after trusted setup #1046
Comments
Hmm, there may be several aspects here which may be related, but would have to debug further to figure out the issue:
All in all, will look into it, but relies on several non-default code paths. |
@mattstam - looking at the failing test |
Sorry it's a little confusing, the keys are generated here https://github.com/worldcoin/semaphore-mtb-setup/blob/d46ef6be3eb0c43303d7e817f7d0c005530addf0/test/example_test.go#L106 in So the files from |
But in this case, how does the proving key and verification key depend on the circuit? In TestSetup // Compile the circuit
var myCircuit Circuit
ccs, err := frontend.Compile(bn254.ID.ScalarField(), r1cs.NewBuilder, &myCircuit)
if err != nil {
t.Error(err)
}
writer, err := os.Create("circuit.r1cs")
if err != nil {
t.Error(err)
}
defer writer.Close()
ccs.WriteTo(writer) is the only place either Now in TestProveAndVerify, the line which fails is https://github.com/worldcoin/semaphore-mtb-setup/blob/d46ef6be3eb0c43303d7e817f7d0c005530addf0/test/example_test.go#L131C22-L131C27 |
All in all, I do not understand the MPC setup code very well. But something seems to be off here, maybe the proving key is generated for some particular circuit? I'll try to have a look, but I'm not very hopeful. |
Description
semaphore-mtb-setup allows you to run an MPC ceremony for Groth16. They've previously used Gnark v0.8.0 (because at the time v0.9.0 was unaudited). Since then, I have been attempting to update it to v0.9.1.
This repo provides custom functions for exporting the pk and vk:
The purpose of these functions is to export the keys in a way that can be read using Gnark's provided
ReadFrom()
functions. However, when the exported PK is read in this way after migrating tov0.9.1.
, it throws an error.The particular error thrown is "must have as many value vectors as bases" from https://github.com/Consensys/gnark-crypto/blob/2e4aaaaefdbfdf06515663986ed884fed1b2177e/internal/generator/pedersen/template/pedersen.go.tmpl#L104 - I've manually checked the values here, its
len(pk) == 1
vs.len(values) == 0
, causing the error.This led me to debug the cause of why the length of the passed in
values [][]fr.Element
are 0, and it turns out that whenbn254.Prove()
runs:gnark/backend/groth16/bn254/icicle/icicle.go
Line 152 in 9b8efda
commitmentInfo
.Expected Behavior
It's expected that
commitmentInfo
is non-empty, and that the passed in length of the valuesprivateCommittedValues
matches thepk.CommitmentKeys
Actual Behavior
commitmentInfo
is emptyPossible Fix
In this PR to semaphore-mtb-setup, updating from v0.8 to v0.9 required adjustments due to changes in Gnark's API.
Most of these changes can be found in utils.go and keys.go -- if any of these changes from v0.8 -> v0.9 are not 1:1, it could be lead to the unexpected behavior observed.
Steps to Reproduce
git clone https://github.com/worldcoin/semaphore-mtb-setup.git && cd semaphore-mtb-setup
git fetch origin pull/2/head:mattstam-update-gnark
git checkout mattstam-update-gnark
go test ./...
This will lead to error
panic: must have as many value vectors as base
Context
In semaphore-mtb-setup I was attempting to migrate v0.8.0 to 0.9.1 in PR. Although the issue described is not directly in https://github.com/Consensys/gnark, semaphore-mtb-setup is a very useful utility for anyone working with Groth16.
Your Environment
v0.9.1
v0.12.2-0.20231013160410-1f65e75b6dfb
1.19
MacOS 13.4.1
The text was updated successfully, but these errors were encountered: