Qortal/pirate-librustzcash
3
0
Fork 0
mirror of https://github.com/Qortal/pirate-librustzcash.git synced 2025-02-12 10:05:47 +00:00
Code Issues Projects Releases Wiki Activity

Slight refactor of representations

Browse Source
This commit is contained in:
Sean Bowe 2018-02-22 18:43:07 -07:00
parent ba7298de3f
commit c812805b31
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
2 changed files with 61 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/circuit/ecc.rs
View File

@ -92,6 +92,33 @@ pub fn fixed_base_multiplication<E, CS>(
} }
impl<E: JubjubEngine> EdwardsPoint<E> { impl<E: JubjubEngine> EdwardsPoint<E> {
/// This converts the point into a representation.
pub fn repr<CS>(
&self,
mut cs: CS
) -> Result<Vec<Boolean>, SynthesisError>
where CS: ConstraintSystem<E>
{
let mut tmp = vec![];
let mut x = self.x.into_bits_strict(
cs.namespace(|| "unpack x")
)?;
let mut y = self.y.into_bits_strict(
cs.namespace(|| "unpack y")
)?;
// We want the representation in little endian bit order
x.reverse();
y.reverse();
tmp.extend(y);
tmp.push(x[0].clone());
Ok(tmp)
}
/// This 'witnesses' a point inside the constraint system. /// This 'witnesses' a point inside the constraint system.
/// It guarantees the point is on the curve. /// It guarantees the point is on the curve.
pub fn witness<Order, CS>( pub fn witness<Order, CS>(

137
src/circuit/mod.rs
View File

@ -173,39 +173,17 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
// Unpack ak and rk for input to BLAKE2s // Unpack ak and rk for input to BLAKE2s
let mut vk = vec![]; let mut vk = vec![];
{
let mut ak_x = ak.x.into_bits_strict(
cs.namespace(|| "unpack ak.x")
)?;
let mut ak_y = ak.y.into_bits_strict(
cs.namespace(|| "unpack ak.y")
)?;
// We want the representation in little endian bit order
ak_x.reverse();
ak_y.reverse();
vk.extend(ak_y);
vk.push(ak_x[0].clone());
}
let mut rho_preimage = vec![]; let mut rho_preimage = vec![];
vk.extend(
ak.repr(cs.namespace(|| "representation of ak"))?
);
{ {
let mut rk_x = rk.x.into_bits_strict( let repr_rk = rk.repr(
cs.namespace(|| "unpack rk.x") cs.namespace(|| "representation of rk")
)?;
let mut rk_y = rk.y.into_bits_strict(
cs.namespace(|| "unpack rk.y")
)?; )?;
// We want the representation in little endian bit order vk.extend(repr_rk.iter().cloned());
rk_x.reverse(); rho_preimage.extend(repr_rk);
rk_y.reverse();
vk.extend(rk_y.iter().cloned());
vk.push(rk_x[0].clone());
rho_preimage.extend(rk_y.iter().cloned());
rho_preimage.push(rk_x[0].clone());
} }
assert_eq!(vk.len(), 512); assert_eq!(vk.len(), 512);
@ -218,7 +196,7 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
// Little endian bit order // Little endian bit order
ivk.reverse(); ivk.reverse();
ivk.truncate(251); // drop_5 ivk.truncate(E::Fs::CAPACITY as usize); // drop_5
// Witness g_d // Witness g_d
let g_d = ecc::EdwardsPoint::witness( let g_d = ecc::EdwardsPoint::witness(
@ -237,38 +215,12 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
// Compute note contents // Compute note contents
let mut note_contents = vec![]; let mut note_contents = vec![];
note_contents.extend(value_bits); note_contents.extend(value_bits);
{ note_contents.extend(
// Unpack g_d for inclusion in the note. g_d.repr(cs.namespace(|| "representation of g_d"))?
let mut g_d_x = g_d.x.into_bits_strict( );
cs.namespace(|| "unpack g_d.x") note_contents.extend(
)?; pk_d.repr(cs.namespace(|| "representation of pk_d"))?
let mut g_d_y = g_d.y.into_bits_strict( );
cs.namespace(|| "unpack g_d.y")
)?;
// We want the representation in little endian bit order
g_d_x.reverse();
g_d_y.reverse();
note_contents.extend(g_d_y);
note_contents.push(g_d_x[0].clone());
}
{
// Unpack g_d for inclusion in the note.
let mut pk_d_x = pk_d.x.into_bits_strict(
cs.namespace(|| "unpack pk_d.x")
)?;
let mut pk_d_y = pk_d.y.into_bits_strict(
cs.namespace(|| "unpack pk_d.y")
)?;
// We want the representation in little endian bit order
pk_d_x.reverse();
pk_d_y.reverse();
note_contents.extend(pk_d_y);
note_contents.push(pk_d_x[0].clone());
}
assert_eq!( assert_eq!(
note_contents.len(), note_contents.len(),
@ -359,36 +311,26 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
// TODO: cur is now the root of the tree, expose it as public input // TODO: cur is now the root of the tree, expose it as public input
let tmp = ecc::fixed_base_multiplication( {
cs.namespace(|| "g^position"), let position = ecc::fixed_base_multiplication(
FixedGenerators::NullifierPosition, cs.namespace(|| "g^position"),
&position_bits, FixedGenerators::NullifierPosition,
self.params &position_bits,
)?; self.params
)?;
cm = cm.add( cm = cm.add(
cs.namespace(|| "faerie gold prevention"), cs.namespace(|| "faerie gold prevention"),
&tmp, &position,
self.params self.params
)?; )?;
}
// Let's compute rho = BLAKE2s(rk || cm + position) // Let's compute rho = BLAKE2s(rk || cm + position)
{ rho_preimage.extend(
// Unpack g_d for inclusion in the note. cm.repr(cs.namespace(|| "representation of cm"))?
let mut cm_x = cm.x.into_bits_strict( );
cs.namespace(|| "unpack (cm + position).x")
)?;
let mut cm_y = cm.y.into_bits_strict(
cs.namespace(|| "unpack (cm + position).y")
)?;
// We want the representation in little endian bit order
cm_x.reverse();
cm_y.reverse();
rho_preimage.extend(cm_y);
rho_preimage.push(cm_x[0].clone());
}
let mut rho = blake2s::blake2s( let mut rho = blake2s::blake2s(
cs.namespace(|| "rho computation"), cs.namespace(|| "rho computation"),
@ -625,20 +567,9 @@ impl<'a, E: JubjubEngine> Circuit<E> for Output<'a, E> {
g_d.x.assert_nonzero(cs.namespace(|| "check not inf"))?; g_d.x.assert_nonzero(cs.namespace(|| "check not inf"))?;
} }
// Unpack g_d for inclusion in the note. note_contents.extend(
let mut g_d_x = g_d.x.into_bits_strict( g_d.repr(cs.namespace(|| "representation of g_d"))?
cs.namespace(|| "unpack g_d.x") );
)?;
let mut g_d_y = g_d.y.into_bits_strict(
cs.namespace(|| "unpack g_d.y")
)?;
// We want the representation in little endian bit order
g_d_x.reverse();
g_d_y.reverse();
note_contents.extend(g_d_y);
note_contents.push(g_d_x[0].clone());
// Compute epk from esk // Compute epk from esk
let esk = boolean::field_into_allocated_bits_be( let esk = boolean::field_into_allocated_bits_be(