I'm new to ZoKrates and ZK stuff in general. I am confused about how the witness works. If I compute an invalid witness the verifier still verifies the proof as correct. For example (based on ZoKrates "get started").
Given this program:
def main(private field a, field b) -> bool:
return a * a == b
Then running the following:
zokrates compile -i root.zok
zokrates setup
zokrates compute-witness -a 337 113569
zokrates generate-proof
When I run
zokrates verify
It returns PASSED.
However if I provide a bad value to compute-witness it still passes. For example:
zokrates compute-witness -a 1 113569
zokrates generate-proof
zokrates verify // PASSES
I'm clearly miss-understanding something here but after spending a few hours reading different bits online I'm still not sure what.
I have realised the understanding that I was missing and it is rather simple. The proof in this case is not verifying that a * a is equal to b but instead it is simply a proof that I have run the computation.
For example the following generates a proof that I have run this program with a = 337 and b = 113569 and the return value is true.
zokrates compute-witness -a 337 113569
zokrates generate-proof
If I change the inputs to make the computation return false; for example a = 1 and b = 113569.
the following generates a proof that I have run this program with those values for a and b and the return was false.
zokrates compute-witness -a 1 113569
zokrates generate-proof
Thank you to Darko on ZoKrates Gitter for helping me understand this.