2

Very new to ZKsnarks. I'm trying to build a simple application to check whether the input number matches a certain predefined number or not. I have followed all the steps mentioned in the SnarkJs doc.

Here is the circuit for my use case:

pragma circom 2.0.0;

template IsZero() {
    signal input in;
    signal output out;

    signal inv;

    inv <-- in!=0 ? 1/in : 0;

    out <== -in*inv +1;
    in*out === 0;
}
template verifier() {
    signal input a;
    signal output b;
    signal c <== 9429723347216097781814234269377894115729242880998740711935743712243189718113;
    
    component isz = IsZero();

    a - c ==> isz.in;

    isz.out ==> b;
}

component main = verifier();

However, when I try to verify an incorrect witness, the verifier contract still validates it.

This is what I'm doing:

First get the calldata params

proof = await snarkjs.plonk.fullProve( { a: 5}, "circuit_js/circuit.wasm", "circuit_final.zkey");
await snarkjs.plonk.exportSolidityCallData(proof["proof"], proof["publicSignals"]);

Then try to verify with verifier.sol contract. However it still validates it. What I'm doing wrong?

Razor Sharp
  • 41
  • 1
  • 4

1 Answers1

1

If you want to check whether a is matching the predefined c, you need to have a constraint for that specific check. So it's not enough to assign a - c to the output. You need to have the following constraint: isz.out === 1. Otherwise, b is merely an output. So 5 - 9429723347216097781814234269377894115729242880998740711935743712243189718113 is nonzero, however, there is no violation of any constraint. In fact, you were proving that 5 - 9429723347216097781814234269377894115729242880998740711935743712243189718113 is non-zero, and the circuit output was indeed 0 (false), which is correct. If you add the aforementioned constraint, you can remove the output signal altogether.

Alex Kuzmin
  • 725
  • 5
  • 17