Uploading Keys
Guidance for uploading your own proving key.
For nearly all frameworks supported by Sindri, you may include the proving key associated with your circuit. To utilize this option, you must include all of the files described below (organized by framework) at the time of circuit upload.
However, Noir circuits are the exception.
When you compile a Noir circuit via Sindri's API, the corresponding proving and verifying keys utilize the same trusted setup downloaded by Nargo (and trusted by the Aztec team.)
Any proofs produced by Sindri are compatible with Noir solidity verifiers and Nargo verify
.
Circom | Halo2 (Axiom v0.2.2) | Halo2 (Axiom v0.3.0) | Halo2 (PSE v0.3.0) | Gnark |
---|---|---|---|---|
circuit.zkey | proving_key | proving_key | proving_key | proving_key |
trusted_setup | trusted_setup | trusted_setup | verifying_key | |
breakpoints |
If you include some but not all of the requisite files, your circuit compilation will fail.
Expected Structure​
- Circom
- Halo2
- Gnark
circuit.zkey
Your proving key file should be consistent with the trusted setup files resulting from the Perpetual Powers of Tau ceremony. A concise listing of the components of this file may be found here.
proving_key
Your proving key should conform to PSE's Halo2 proving key structure. In particular, you should serialize the key in raw byte form (uncompressed) form. While this creates a larger file size, the key may be loaded faster. As an example, suppose your key is given the variable name pk. You can serialize the key in a way compatible with Sindri via the following (rust) line:
std::fs::write(filename, &pk.to_bytes(SerdeFormat::RawBytes))
trusted_setup
The trusted setup (corresponding with your proving key) should conform to PSE's Halo2 public parameters for KZG. The built in write method for this struct will produce a compatible trusted setup for Sindri. In particular, all of the structured reference strings provided by Axiom are compatible.
breakpoints
(Axiom v0.3.0)
Refer to Axiom's Halo2-Base documentation for more information on the nature of circuit breakpoints.
After producing your proving key, you should extract the break points from the circuit and save this struct (a Vec<Vec<usize>>
) in plaintext format.
proving_key
Your proving key should conform to Gnark's raw key serialization format. While this creates a larger file size, the key may be loaded faster. As an example, suppose your key is given the variable name pk. You can serialize the key in a way compatible with Sindri via the following:
buf := new(bytes.Buffer)
pk.WriteRawTo(buf)
pk_string := b64.StdEncoding.EncodeToString(buf.Bytes())
verifying_key
Similar to the proving key, you will need to save your verifying key in raw (uncompressed format). While this key is unnecessary for proving, Sindri may use the verification key for quality assurance purposes. You can serialize the key in a way compatible with Sindri via the following:
buf := new(bytes.Buffer)
vk.WriteRawTo(buf)
vk_string := b64.StdEncoding.EncodeToString(buf.Bytes())