@reclaimprotocol/zk-symmetric-crypto
v3.0.2
Published
JS Wrappers for Various ZK Snark Circuits
Downloads
281
Readme
ZK Symmetric Crypto - JS
The JS (typescript really) package for generating & verifying ZK proofs for symmetric encryption, on the browser or NodeJS.
Install
npm i @reclaimprotocol/zk-symmetric-crypto
The individual backends are optional dependencies. You can install them as needed.
For snarkjs
: npm i snarkjs
For gnark
: npm i koffi
- Also ensure you download the gnark
binaries. See here
- Note: gnark
is not supported on the browser.
- Note: gnark
binaries are only built for linux
- x86_64
& arm64
For expander
: No additional dependencies needed
Usage
Generating & Verifying Proofs
import { generateProof, verifyProof, makeSnarkJsZkOperator } from '@reclaimprotocol/zk-symmetric-crypto'
import { createCipheriv, randomBytes } from 'crypto'
async function main() {
const key = randomBytes(32)
const iv = randomBytes(12)
const algorithm = 'chacha20'
const data = 'Hello World!'
const cipher = createCipheriv('chacha20-poly1305', key, iv)
const ciphertext = Buffer.concat([
cipher.update(data),
cipher.final()
])
// the operator is the abstract interface for
// the snarkjs library to generate & verify the proof
const operator = makeLocalSnarkJsZkOperator(algorithm)
// generate the proof that you have the key to the ciphertext
const {
// groth16-snarkjs proof as a JSON string
proofJson,
// the plaintext, obtained from the output of the circuit
plaintext,
} = await generateProof({
algorithm,
// key, iv & counter are the private inputs to the circuit
privateInput: {
key,
iv,
// this is the counter from which to start
// the stream cipher. Read about
// the counter here: https://en.wikipedia.org/wiki/Stream_cipher
offset: 0
},
// the public ciphertext input to the circuit
publicInput: { ciphertext },
operator,
})
// you can check that the plaintext obtained from the circuit
// is the same as the plaintext obtained from the ciphertext
const plaintextBuffer = plaintext
// slice in case the plaintext was padded
.slice(0, data.length)
// "Hello World!"
console.log(Buffer.from(plaintextBuffer).toString())
// you can verify the proof with the public inputs
// and the proof JSON string
await verifyProof({
proof: {
proofJson,
plaintext,
algorithm
},
// the public inputs to the circuit
publicInput: { ciphertext },
operator
})
console.log('Proof verified')
}
main()
Obtaining Files Locally
Since the proving keys, binaries, circuits etc. are quite large, they aren't included by default in this package. Instead, the package will remotely fetch them as needed from this repository.
Limitations of Remote Fetching:
gnark
requires the binaries to be present locally. So the files need to be present in thebin
folder of the repo.- It can of course be quite a pain to keep downloading dozens of MBs of files every time you run your code, especially when you're developing.
Thus, to overcome this, you can locally download the files & use the local file fetching by running the script:
node node_modules/@reclaimprotocol/zk-symmetric-crypto/lib/scripts/download-files
Now, you can use the local file fetcher
right out of the box.
Do keep in mind, if you update the package, you will need to run this script again. This is intentional as newer versions of the package may need newer files or just may not be compatible with the old ones
Local Dev
- Of course, clone the repo
cd
into this directory (js
)npm i
npm run test
to run the tests
Note: just FYI, the circuit files are symlinked to the root of the repo (i.e. resources
& bin
folders). So during local dev, the default local fetching works right out of the box.
To publish the package, we've a Github Action that will build the package & publish it to the Github Package Registry. It can be manually triggered by running the workflow Publish to NPM
in the Actions tab.