From 33d2aecf00af0029386730bf1e05de7ed889bb67 Mon Sep 17 00:00:00 2001 From: mohab metwally Date: Thu, 17 Nov 2022 18:22:39 +0200 Subject: [PATCH] proof/tx.zk created --- proof/lead.zk | 10 ++--- proof/tx.zk | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 121 insertions(+), 5 deletions(-) create mode 100644 proof/tx.zk diff --git a/proof/lead.zk b/proof/lead.zk index 56b343a73..675fbfcf1 100644 --- a/proof/lead.zk +++ b/proof/lead.zk @@ -22,13 +22,13 @@ Base c1_rho, Scalar c1_opening, Base value, Scalar c2_opening, -Scalar rho_mu, -Scalar y_mu, +Scalar rho_opening, +Scalar y_opening, Base sigam1, Base sigma2 } -Circuit "Lead" { +circuit "Lead" { # coin (1) pk pk = poseidon_hash(PREFIX_PK, c1_sk_root, c1_tau, ZERO); constrain_instance(pk); @@ -66,7 +66,7 @@ constrain_instance(sn); seed = poseidon_hash(PREFIX_SEED, c1_sk_root, c1_rho, ZERO); # y y_v = ec_mul_short(seed, VALUE_COMMIT_VALUE); -y_r = ec_mul(y_mu, VALUE_COMMIT_RANDOM); +y_r = ec_mul(y_opening, VALUE_COMMIT_RANDOM); y = ec_add(y_v, y_r); y_x = ec_get_x(y); y_y = ec_get_y(y); @@ -74,7 +74,7 @@ constrain_instance(y_x); constrain_instance(y_y); # rho rho_v = ec_mul_short(seed, VALUE_COMMIT_VALUE); -rho_r = ec_mul(rho_mu, VALUE_COMMIT_RANDOM); +rho_r = ec_mul(rho_opening, VALUE_COMMIT_RANDOM); rho = ec_add(rho_v, rho_r); rho_x = ec_get_x(rho); rho_y = ec_get_y(rho); diff --git a/proof/tx.zk b/proof/tx.zk new file mode 100644 index 000000000..cf746e81b --- /dev/null +++ b/proof/tx.zk @@ -0,0 +1,116 @@ +constant "tx" { +EcFixedPointShort VALUE_COMMIT_VALUE, +EcFixedPoint VALUE_COMMIT_RANDOM, +EcFixedPointBase NULLIFIER_K, +Base PREFIX_CM, +Base PREFIX_PK, +Base PREFIX_EVL, +BASE PREFIX_SEED, +Base ONE, +Base ZERO, +} + +contract "tx" { +Base root, +Base c1_root_sk, +Base c1_sk, +Base c1_sk_path, +Base c1_sk_pos, +Base c1_rho, +Scalar c1_opening, +Base c1_value, +MerklePath c1_cm_path, +Uint32 c1_cm_pos, +Base c1_sn, + +Base c2_root_sk, +Base c2_sk, +MerklePath c2_sk_path, +Uint32 c2_sk_pos, +Base c2_rho, +Scalar c2_opening, +Base c2_value, +MerklePath c2_cm_path, +Uint32 c2_cm_pos, +Base c2_sn, + +Base c3_pk, +Base c3_rho, +Scalar c3_opening, +Base c3_value, +EcPoint c3_cm, + +Base c4_pk, +Base c4_rho, +Scalar c4_opening, +Base c4_value, +EcPoint c4_cm, +} + +circuit "tx { +# coin (1) pk/public key +c1_pk = poseidon_hash(PREFIX_PK, c1_root_sk); +constrain_instance(c1_pk); +# coin (2) pk/public key +c2_pk = poseidon_hash(PREFIX_PK, c2_root_sk); +constrain_instance(c2_pk); +# coin (1) cm/commitment +c1_cm_msg = poseidon_hash(PREFIX_CM, c1_pk, c1_value, c1_rho); +c1_cm_v = ec_mul_short(c1_cm_msg, VALUE_COMMIT_VALUE); +c1_cm_r = ec_mul(c1_opening, VALUE_COMMIT_RANDOM); +c1_cm = ec_add(c1_cm_v, c1_cm_r); +c1_cm_x = ec_get_x(c1_cm); +c1_cm_y = ec_get_y(c1_cm); +c1_cm_hash = poseidon_hash(c1_cm_x, c1_cm_y); +constrain_instance(c1_cm_x); +constrain_instance(c1_cm_y); +# coin (2) cm/commitment +c2_cm_msg = poseidon_hash(PREFIX_CM, c2_pk, c2_value, c2_rho); +c2_cm_v = ec_mul_short(c2_cm_msg, VALUE_COMMIT_VALUE); +c2_cm_r = ec_mul(c2_opening, VALUE_COMMIT_RANDOM); +c2_cm = ec_add(c2_cm_v, c2_cm_r); +c2_cm_x = ec_get_x(c2_cm); +c2_cm_y = ec_get_y(c2_cm); +c2_cm_hash = poseidon_hash(c2_cm_x, c2_cm_y); +constrain_instance(c2_cm_x); +constrain_instance(c2_cm_y); +# coin (3) cm/commitment +c3_cm_msg = poseidon_hash(PREFIX_CM, c3_pk, c3_value, c3_rho); +c3_cm_v = ec_mul_short(c3_cm_msg, VALUE_COMMIT_VALUE); +c3_cm_r = ec_mul(c3_opening, VALUE_COMMIT_RANDOM); +c3_cm = ec_add(c3_cm_v, c3_cm_r); +c3_cm_x = ec_get_x(c3_cm); +constrain_instance(c3_cm_x); +c3_cm_y = ec_get_y(c3_cm); +constrain_instance(c3_cm_y); +# coin (4) cm/commitment +c4_cm_msg = poseidon_hash(PREFIX_CM, c4_pk, c4_value, c4_rho); +c4_cm_v = ec_mul_short(c4_cm_msg, VALUE_COMMIT_VALUE); +c4_cm_r = ec_mul(c4_opening, VALUE_COMMIT_RANDOM); +c4_cm = ec_add(c4_cm_v, c4_cm_r); +c4_cm_x = ec_get_x(c4_cm); +constrain_instance(c4_cm_x); +c4_cm_y = ec_get_y(c4_cm); +constrain_instance(c4_cm_y); +v1v2 = base_add(c1_value, c2_value); +v2v3 = base_add(v3_value, v4_value); +constrain_equal(v1v2, v2v3); +# root of path to coin1 commitment at given position +c1_root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm_hash); +constrain_instance(c1_root); +# root of path to coin2n commitment at given position +c2_root = merkle_root(c2_cm_pos, c2_cm_path, c2_cm_hash); +constrain_instance(c2_root); +# root of path to coin(1) sk at given position +c1_sk_root = merkle_root_c1_sk_pos, c1_sk_path, c1_sk); +constrain_instance(c1_sk_root); +# root of path to coin(2) sk at given position +c2_sk_root = merkle_root_c2_sk_pos, c2_sk_path, c2_sk); +constrain_instance(c2_sk_root); +# coin (1) sn/nullifier +c1_sn = PRF(PREFIX_SN, c1_root_sk, c1_rho, ZERO); +constrain_instance(c1_sn); +# coin (2) sn/nullifier +c2_sn = PRF(PREFIX_SN, c1_root_sk, c2_rho, ZERO); +constrain_instance(c2_sn); +}