Uploading Keys
Guidance for uploading your own proving key.
For nearly all frameworks supported by Sindri, you may include the proving key associated with your circuit. To utilize this option, you must include all of the files described below (organized by framework) at the time of circuit upload.
However, Noir circuits are the exception.
When you compile a Noir circuit via Sindri's API, the corresponding proving and verifying keys utilize the same trusted setup downloaded by Nargo (and trusted by the Aztec team.)
Any proofs produced by Sindri are compatible with Noir solidity verifiers and Nargo verify
.
Circom | Halo2 (Axiom v0.2.2) | Halo2 (Axiom v0.3.0) | Halo2 (PSE v0.3.0) | Gnark |
---|---|---|---|---|
circuit.zkey | proving_key | proving_key | proving_key | proving_key |
trusted_setup | trusted_setup | trusted_setup | verifying_key | |
breakpoints |
If you include some but not all of the requisite files, your circuit compilation will fail.
Expected Structure​
- Circom
- Halo2
- Gnark
circuit.zkey
For Circom circuits, simply place your circuit.zkey
file in the top directory of your upload.
The file naming convention is important:
- If you don't specify a
circuit_path
in your Sindri manifest, name your filecircuit.zkey
. - If you use the
circuit_path
option, the.zkey
file must match the name of your main Circom code file. - If
circuit_path
:path/to/mycircom.circom
, you'll need to name your key filemycircom.zkey
.
At the time of circuit upload to Sindri either through the CLI or another preferred method such as the SDK, Sindi will automatically detect and include the key in your compiled project.
Here's a quick look at how your project structure might look for a Circom circuit providing your own proving key:
my_circom_project/
├── circuit.circom
├── input.json
├── circuit.zkey # Your proving key
└── sindri.json
For a complete example, please refer to our sample with key circuit.
Your proving key file should be consistent with the trusted setup files resulting from the Perpetual Powers of Tau ceremony. A concise listing of the components of this file may be found here.
proving_key
Your proving key should conform to PSE's Halo2 proving key structure. In particular, you should serialize the key in raw byte form (uncompressed) form. While this creates a larger file size, the key may be loaded faster. As an example, suppose your key is given the variable name pk. You can serialize the key in a way compatible with Sindri via the following (rust) line:
std::fs::write(filename, &pk.to_bytes(SerdeFormat::RawBytes))
trusted_setup
The trusted setup (corresponding with your proving key) should conform to PSE's Halo2 public parameters for KZG. The built in write method for this struct will produce a compatible trusted setup for Sindri. In particular, all of the structured reference strings provided by Axiom are compatible.
breakpoints
(Axiom v0.3.0)
Refer to Axiom's Halo2-Base documentation for more information on the nature of circuit breakpoints.
After producing your proving key, you should extract the break points from the circuit and save this struct (a Vec<Vec<usize>>
) in plaintext format.
proving_key
Your proving key should conform to Gnark's raw key serialization format. While this creates a larger file size, the key may be loaded faster. As an example, suppose your key is given the variable name pk. You can serialize the key in a way compatible with Sindri via the following:
buf := new(bytes.Buffer)
pk.WriteRawTo(buf)
pk_string := b64.StdEncoding.EncodeToString(buf.Bytes())
verifying_key
Similar to the proving key, you will need to save your verifying key in raw (uncompressed format). While this key is unnecessary for proving, Sindri may use the verification key for quality assurance purposes. You can serialize the key in a way compatible with Sindri via the following:
buf := new(bytes.Buffer)
vk.WriteRawTo(buf)
vk_string := b64.StdEncoding.EncodeToString(buf.Bytes())