initial commit

Author: meilof

.gitignore

@@ -0,0 +1,10 @@
+
+docs/.DS_Store
+.DS_Store
+.idea/workspace.xml
+build/*
+examples/pysnark_*
+*.pyc
+pysnark/qaptools/*.exe
+qaptools/*.o
+

.idea/misc.xml

@@ -0,0 +1,36 @@
+Copyright (c) 2016-2018 Koninklijke Philips N.V. All rights reserved. A
+copyright license for redistribution and use in source and binary forms,
+with or without modification, is hereby granted for non-commercial,
+experimental and research purposes, provided that the following conditions
+are met:
+
+* Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimers.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimers in the
+  documentation and/or other materials provided with the distribution. If
+  you wish to use this software commercially, kindly contact
+  [email protected] to obtain a commercial license.
+
+This license extends only to copyright and does not include or grant any
+patent license or other license whatsoever.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+Some files in this package have their own copyright conditions. Please refer
+to the respective files for details:
+
+* everything under `qaptools/xbyak` is copyright by MITSUNARI Shigeo, see `qaptools/xbyak/COPYRIGHT`
+* everything under `qaptools/ate-pairing` is released under the BSD 3-Clause License, see `qaptools/ate-pairing/readme.md`  
+* `pysnark/contracts/Pairing.sol` is copyright by Christian Reitwiessner, see the file itself
+* `examples/DRBG.py` is copyright by David Lazar, see the file itself

.idea/modules.xml

@@ -0,0 +1,243 @@
+# PySNARK
+
+PySNARK is a Python-based system for performing verifiable computations based on the [Pinocchio](https://eprint.iacr.org/2013/279) system and the [Geppetri](https://eprint.iacr.org/2017/013) extension for proofs on authenticated data.
+
+PySNARK is free to use for non-commercial,
+experimental and research purposes, see `LICENSE.md` for details.
+
+## Installation
+
+### Unix (Linux/MacOS/...)
+
+First, download the PySNARK dependencies, `ate-pairing` and `xbyak`:
+
+```
+git submodule init
+git submodule update
+```
+
+Build the `ate-pairing` library:
+
+```
+cd qaptools/ate-pairing
+make SUPPORT_SNARK=1
+```
+
+Build the `qaptools` library:
+
+```
+cd qaptools
+make
+```
+
+Build and install the `pysnark` library:
+
+```
+python setup.py install
+```
+
+### Windows
+
+PySNARK comes with precompiled Windows executables of `qaptools`, meaning it is possible to build an install PySNARK by just running
+
+```
+python setup.py install
+```
+
+To recompiling `qaptools` from source, set up a Unix-like build environment such as Mingw with MSYS and use the Unix instructions above.
+
+### Using without installation
+
+It is also possible to run PySNARK applications without installing PySNARK. For this, follow the above steps but run `python setup.py build` instead of `python setup.py install`. This makes sure all files are compiled and put in their correct locations. Then, run the application with the `PYTHONPATH` environment variable set to the PySNARK library, e.g.:
+
+```
+PYTHONPATH=/path/to/pysnark/sources python script.py
+``` 
+
+## The PySNARK toolchain
+
+We discuss the usage of the PySNARK toolchain based on running one of the provided examples acting as each
+of the different types of parties in a verifiable computation: trusted party, prover, or verifier.
+
+### As trusted party
+
+To try out running PySNARK as trusted party performing key generation, do the following:
+
+```
+cd examples
+python cube.py 3
+```
+
+If PySNARK has been correctly installed, this will perform a verifiable computation that will compute the cube of the input value, `3`.
+At the same time, it will generate all key material needed to verifiably perform the computation in the script.
+(Performing an example computation is the only way to generate this key material.)
+PySNARK produces the following files:
+
+* Files that should be kept secret by the trusted party generating the key material:
+    * `pysnark_mastersk`: zk-SNARK master secret key
+* Files that the trusted party should distribute to provers along with the Python script (i.e., `cube.py` in this case):
+    * `pysnark_schedule`: schedule of functions called in the computation
+    * `pysnark_masterek`: master evaluation key
+    * `pysnark_ek_main`: zk-SNARK evaluation
+     key for the main function of the computation
+    * `pysnark_eqs_main`: equations for the main function of the computation
+* Files that the trusted party should distribute to verifiers:
+    * `pysnark_schedule`: schedule of functions called in the computation
+    * `pysnark_masterpk`: master public key
+    * `pysnark_vk_main`: verificaiton key for the main function
+* Files that the prover should distribute to verifiers:
+    * `pysnark_proof`: proof that the particular computation was performed correctly
+    * `pysnark_values`: input/output values of the computation
+* Files that are not needed anymore after the execution:
+    * `pysnark_eqs`: equations for the zk-SNARK
+    * `pysnark_wires`: wire values of the computation
+    
+### As prover
+
+To try out running PySNARK as a prover, put the files discussed above (i.e.,  `pysnark_schedule`, `pysnark_masterek`, `pysnark_ek_main`, and `pysnark_eqs_main`) together with `cube.py` in a directory and run the same command:
+
+```
+cd examples
+python cube.py 3
+```
+
+This will perform a verifiable computation based on the previously generated key material.
+
+### As verifier
+
+To try out running PySNARK as a verifier, put the files discussed above (i.e.,  `pysnark_schedule`, `pysnark_masterpk` and `pysnark_vk_main` received from the trusted party, and `pysnark_proof` and `pysnark_values` received from the prover) in a folder and run
+
+```
+PYTHONPATH=../.. python -m pysnark.qaptools.runqapver
+```
+
+This will verify the computation proof with respect to the input/output values from the `pysnark_values` file, e.g,:
+
+```
+# PySNARK i/o
+main/o_in: 21
+main/o_out: 9261
+```
+
+In this case, we have verifiably computed the fact that the cube of 21 is 9261. See the `examples` folder for additional examples.
+
+
+### Using commitments
+
+PySNARK allows proofs to refer to committed data using [Geppetri](https://eprint.iacr.org/2017/013).
+This has three applications:
+ - it allows proofs to refer to external private inputs from parties other than the trusted third party;
+ - it allows different verifiable computations to share secret data with each other; and
+ - it allows to divide a verifiable computation into multiple subcomputations, each with their own evaluation and verification keys (but all based on the same master secret key)
+ 
+See `examples/testcomm.py` for examples.
+ 
+#### External secret inputs
+ 
+To commit to data, use `pysnark.qaptools.runqapinput`, e.g., to commit to values 1, 2, and 3 using a commitment named `test`, use:
+
+```python -m pysnark.qaptools.runqapinput test 1 2 3```
+
+Share `pysnark_wires_test` with any prover who wants to perform a computation with respect to this committed data, and `pysnark_comm_test` to any verifier. 
+Alternatively, use `pysnark.qaptools.runqapinput.gencomm` from a Python script.
+
+Import this data into the verifiable computation with 
+
+```[one,two,three] = pysnark.runtime.importcomm("test")```
+
+#### Sharing data between verifiable computations
+
+In the first computation, do
+
+```pysnark.runtime.exportcomm([Var(1),Var(2),Var(3)], "test")```
+
+and share `pysnark_wires_test` and `pysnark_comm_test` with the other prover and the verifier, respectively.
+
+In the second verifiable computation, do
+
+```[one,two,three] = pysnark.runtime.importcomm("test")```
+
+#### Sharing data between different parts of a verifiable computation
+
+This is implicitly used whenever a function is called that is decorated with `@pysnark.runtime.subqap`.
+When a particular functon is used multiple times in a verifiable computation, using `@pysnark.runtime.subqap` prevents the circuit for the function to be replicated, resulting in smaller key material (but slower verification). 
+
+## Using PySNARK for smart contracts 
+
+PySNARK supports the automatic generation of smart contracts that verify the correctness of the given zk-SNARK.
+These smart contracts are written in Solidity and require support for the recent zkSNARK verification opcodes ([EIP 196](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-196.md), [EIP 197](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-197.md)).
+To test them out, install a development version of Truffle using [these instructions](https://github.com/trufflesuite/truffle/blob/develop/CONTRIBUTING.md).
+
+Continuing the above example, as verifier first run
+```
+truffle init
+```
+to initialise Truffle (to just see the Solidity code without installing truffle, create two empty directories `contracts` and `test`).
+Next, run 
+```
+python -m pysnark.contract
+```
+to generate smart contract `contracts/Pysnark.sol` to verify computations of the `cube.py` script (using library `contracts/Pairing.sol` that is also copied into the directory), and test script `test/TestPysnark.sol` that gives a test case for the contract based on the current I/O and proof.
+Finally, run
+```
+truffle test
+```
+to run the test script and check that the given proof can indeed be verified in Solidity.
+
+Note that `test/TestPysnark.sol` indeed contains the I/O from the computation:
+```
+pragma solidity ^0.4.2;
+
+import "truffle/Assert.sol";
+import "../contracts/Pysnark.sol";
+
+contract TestPysnark {
+    function testVerifies() public {
+        Pysnark ps = new Pysnark();
+        uint[] memory proof = new uint[](22);
+        uint[] memory io = new uint[](2);
+        proof[0] = ...;
+        ...
+        proof[21] = ...;
+        io[0] = 21; // main/o_in
+        io[1] = 9261; // main/o_out
+        Assert.equal(ps.verify(proof, io), true, "Proof should verify");
+    }
+}
+```
+
+Smart contracts can also refer to commitments, e.g., as imported with the `pysnark.runtime.importcomm` API call. 
+In this case, the commitment becomes an argument to the verification function (a six-valued integer array), and the test case shows how the commitment used in the present computation should be used as value for that argument, e.g.:
+
+```
+pragma solidity ^0.4.2;
+
+import "truffle/Assert.sol";
+import "../contracts/Pysnark.sol";
+
+contract TestPysnark {
+    function testVerifies() public {
+        Pysnark ps = new Pysnark(); 
+        uint[] memory pysnark_comm_test = new uint[](6);
+        pysnark_comm_test[0] = ...;
+        ...
+        Assert.equal(ps.verify(proof, io, pysnark_comm_test), true, "Proof should verify");
+    }
+}```
+
+### Documentation
+
+To generate PySNARK's documentation, do:
+
+```
+cd docs
+make html
+```
+
+Then, open `docs/_build/html/index.html`.
+
+A compiled PDF of the documentation is available as `docs/_build/latex/PySNARK.pdf` but this file may not always be up-to-date.
+
+## Acknowledgements
+
+This work is part of the [SODA](https://www.soda-project.eu/) project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 731583.

.idea/pysnark.iml

@@ -0,0 +1,37 @@
+TODO
+====
+
+ * If only public key needs to be enlarged, do that
+
+ * Hashing: when using packed hashing, re-organise when to assert that inputs
+   are bits (cf. hash tree example)
+
+ * Check whether \alpha's in master public key are used
+
+ * Clean up output -> put qaptools output in log file...
+
+ * qaptools: always output to stdout, or always to file?
+     - does it ever make sense to read from stdin?
+     - would be the case if you ever want to temporarily generate something and not keep it...
+
+FUTURE PLANS
+============
+
+ * Turn hash trees into library?
+
+ * Port VIFF's LP solver and verifier to PySNARK
+
+ * Autogenerate (standalone) Python verifier script (a la solidity contracts)
+
+ * Create one file with both I/O wires and proof (and commitments? and masterpk?)
+
+ * Master commitment keys?
+
+ * Read only relevant part of master key to speed things up
+
+ * qaptools: check whether Ec2 elements can be Ec1 (e.g., p_ravx)
+
+ * qaptools: common approach for reading files, checking first token (avoid readahead...)
+
+ * Comparisons with operator overloading?
+

.idea/vcs.xml

@@ -0,0 +1,26 @@
+# Minimal makefile for Sphinx documentation
+#
+# to force full rebuild: make html SPHINXOPTS=-a
+# based on sphinx-apidoc -o . ../ -e -f
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+SPHINXPROJ    = PySNARK
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	touch ../examples/__init__.py
+	touch ../examples/ggh/__init__.py
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+	rm -f ../examples/__init__.py ../examples/ggh/__init__.py
+