split-witness

The aim of the split-witness command is to take a traditional circom witness.wtns witness file and secret-share it to a number of participants.

Example

co-circom split-witness --witness test_vectors/poseidon/witness.wtns --r1cs test_vectors/poseidon/poseidon.r1cs --protocol REP3 --curve BN254 --out-dir test_vectors/poseidon

The above command takes the witness file test_vectors/poseidon/witness.wtns for the circom circuit defined in test_vectors/poseidon/circuit.circom, with corresponding R1CS file test_vectors/poseidon/poseidon.r1cs and secret shares it using the REP3 MPC protocol. This produces 3 shares witness.wtns.0.shared, witness.wtns.1.shared, witness.wtns.2.shared in the output directory.

These shares can be handed to the 3 different MPC parties for the proof generation phase.

Reference

$ co-circom split-witness --help
Splits an existing witness file generated by Circom into secret shares for use in MPC

Usage: co-circom split-witness [OPTIONS] --witness <WITNESS> --r1cs <R1CS> --protocol <PROTOCOL> --curve <CURVE> --out-dir <OUT_DIR>

Options:
      --witness <WITNESS>          The path to the input witness file generated by Circom
      --r1cs <R1CS>                The path to the r1cs file, generated by Circom compiler
      --protocol <PROTOCOL>        The MPC protocol to be used [possible values: REP3, SHAMIR]
      --curve <CURVE>              The pairing friendly curve to be used [possible values: BN254, BLS12-381]
      --out-dir <OUT_DIR>          The path to the (existing) output directory
  -t, --threshold <THRESHOLD>      The threshold of tolerated colluding parties [default: 1]
  -n, --num-parties <NUM_PARTIES>  The number of parties [default: 3]
  -h, --help                       Print help