github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-01-10 07:08:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

debugging lead circuit

Browse Source
This commit is contained in:
mohab metwally
2022-06-24 10:25:02 +02:00
parent 570a7b1eda
commit 663c67ce10
6 changed files with 370 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
_slice().try_into().unwrap()), Normal file
View File

@@ -0,0 +1,258 @@
SSUUMMMMAARRYY OOFF LLEESSSS CCOOMMMMAANNDDSS
Commands marked with * may be preceded by a number, _N.
Notes in parentheses indicate the behavior if _N is given.
A key preceded by a caret indicates the Ctrl key; thus ^K is ctrl-K.
h H Display this help.
q :q Q :Q ZZ Exit.
---------------------------------------------------------------------------
MMOOVVIINNGG
e ^E j ^N CR * Forward one line (or _N lines).
y ^Y k ^K ^P * Backward one line (or _N lines).
f ^F ^V SPACE * Forward one window (or _N lines).
b ^B ESC-v * Backward one window (or _N lines).
z * Forward one window (and set window to _N).
w * Backward one window (and set window to _N).
ESC-SPACE * Forward one window, but don't stop at end-of-file.
d ^D * Forward one half-window (and set half-window to _N).
u ^U * Backward one half-window (and set half-window to _N).
ESC-) RightArrow * Right one half screen width (or _N positions).
ESC-( LeftArrow * Left one half screen width (or _N positions).
ESC-} ^RightArrow Right to last column displayed.
ESC-{ ^LeftArrow Left to first column.
F Forward forever; like "tail -f".
ESC-F Like F but stop when search pattern is found.
r ^R ^L Repaint screen.
R Repaint screen, discarding buffered input.
---------------------------------------------------
Default "window" is the screen height.
Default "half-window" is half of the screen height.
---------------------------------------------------------------------------
SSEEAARRCCHHIINNGG
/_p_a_t_t_e_r_n * Search forward for (_N-th) matching line.
?_p_a_t_t_e_r_n * Search backward for (_N-th) matching line.
n * Repeat previous search (for _N-th occurrence).
N * Repeat previous search in reverse direction.
ESC-n * Repeat previous search, spanning files.
ESC-N * Repeat previous search, reverse dir. & spanning files.
ESC-u Undo (toggle) search highlighting.
ESC-U Clear search highlighting.
&_p_a_t_t_e_r_n * Display only matching lines.
---------------------------------------------------
A search pattern may begin with one or more of:
^N or ! Search for NON-matching lines.
^E or * Search multiple files (pass thru END OF FILE).
^F or @ Start search at FIRST file (for /) or last file (for ?).
^K Highlight matches, but don't move (KEEP position).
^R Don't use REGULAR EXPRESSIONS.
^W WRAP search if no match found.
---------------------------------------------------------------------------
JJUUMMPPIINNGG
g < ESC-< * Go to first line in file (or line _N).
G > ESC-> * Go to last line in file (or line _N).
p % * Go to beginning of file (or _N percent into file).
t * Go to the (_N-th) next tag.
T * Go to the (_N-th) previous tag.
{ ( [ * Find close bracket } ) ].
} ) ] * Find open bracket { ( [.
ESC-^F _<_c_1_> _<_c_2_> * Find close bracket _<_c_2_>.
ESC-^B _<_c_1_> _<_c_2_> * Find open bracket _<_c_1_>.
---------------------------------------------------
Each "find close bracket" command goes forward to the close bracket
matching the (_N-th) open bracket in the top line.
Each "find open bracket" command goes backward to the open bracket
matching the (_N-th) close bracket in the bottom line.
m_<_l_e_t_t_e_r_> Mark the current top line with <letter>.
M_<_l_e_t_t_e_r_> Mark the current bottom line with <letter>.
'_<_l_e_t_t_e_r_> Go to a previously marked position.
'' Go to the previous position.
^X^X Same as '.
ESC-M_<_l_e_t_t_e_r_> Clear a mark.
---------------------------------------------------
A mark is any upper-case or lower-case letter.
Certain marks are predefined:
^ means beginning of the file
$ means end of the file
---------------------------------------------------------------------------
CCHHAANNGGIINNGG FFIILLEESS
:e [_f_i_l_e] Examine a new file.
^X^V Same as :e.
:n * Examine the (_N-th) next file from the command line.
:p * Examine the (_N-th) previous file from the command line.
:x * Examine the first (or _N-th) file from the command line.
:d Delete the current file from the command line list.
= ^G :f Print current file name.
---------------------------------------------------------------------------
MMIISSCCEELLLLAANNEEOOUUSS CCOOMMMMAANNDDSS
-_<_f_l_a_g_> Toggle a command line option [see OPTIONS below].
--_<_n_a_m_e_> Toggle a command line option, by name.
__<_f_l_a_g_> Display the setting of a command line option.
___<_n_a_m_e_> Display the setting of an option, by name.
+_c_m_d Execute the less cmd each time a new file is examined.
!_c_o_m_m_a_n_d Execute the shell command with $SHELL.
|XX_c_o_m_m_a_n_d Pipe file between current pos & mark XX to shell command.
s _f_i_l_e Save input to a file.
v Edit the current file with $VISUAL or $EDITOR.
V Print version number of "less".
---------------------------------------------------------------------------
OOPPTTIIOONNSS
Most options may be changed either on the command line,
or from within less by using the - or -- command.
Options may be given in one of two forms: either a single
character preceded by a -, or a name preceded by --.
-? ........ --help
Display help (from command line).
-a ........ --search-skip-screen
Search skips current screen.
-A ........ --SEARCH-SKIP-SCREEN
Search starts just after target line.
-b [_N] .... --buffers=[_N]
Number of buffers.
-B ........ --auto-buffers
Don't automatically allocate buffers for pipes.
-c ........ --clear-screen
Repaint by clearing rather than scrolling.
-d ........ --dumb
Dumb terminal.
-D xx_c_o_l_o_r . --color=xx_c_o_l_o_r
Set screen colors.
-e -E .... --quit-at-eof --QUIT-AT-EOF
Quit at end of file.
-f ........ --force
Force open non-regular files.
-F ........ --quit-if-one-screen
Quit if entire file fits on first screen.
-g ........ --hilite-search
Highlight only last match for searches.
-G ........ --HILITE-SEARCH
Don't highlight any matches for searches.
-h [_N] .... --max-back-scroll=[_N]
Backward scroll limit.
-i ........ --ignore-case
Ignore case in searches that do not contain uppercase.
-I ........ --IGNORE-CASE
Ignore case in all searches.
-j [_N] .... --jump-target=[_N]
Screen position of target lines.
-J ........ --status-column
Display a status column at left edge of screen.
-k [_f_i_l_e] . --lesskey-file=[_f_i_l_e]
Use a lesskey file.
-K ........ --quit-on-intr
Exit less in response to ctrl-C.
-L ........ --no-lessopen
Ignore the LESSOPEN environment variable.
-m -M .... --long-prompt --LONG-PROMPT
Set prompt style.
-n -N .... --line-numbers --LINE-NUMBERS
Don't use line numbers.
-o [_f_i_l_e] . --log-file=[_f_i_l_e]
Copy to log file (standard input only).
-O [_f_i_l_e] . --LOG-FILE=[_f_i_l_e]
Copy to log file (unconditionally overwrite).
-p [_p_a_t_t_e_r_n] --pattern=[_p_a_t_t_e_r_n]
Start at pattern (from command line).
-P [_p_r_o_m_p_t] --prompt=[_p_r_o_m_p_t]
Define new prompt.
-q -Q .... --quiet --QUIET --silent --SILENT
Quiet the terminal bell.
-r -R .... --raw-control-chars --RAW-CONTROL-CHARS
Output "raw" control characters.
-s ........ --squeeze-blank-lines
Squeeze multiple blank lines.
-S ........ --chop-long-lines
Chop (truncate) long lines rather than wrapping.
-t [_t_a_g] .. --tag=[_t_a_g]
Find a tag.
-T [_t_a_g_s_f_i_l_e] --tag-file=[_t_a_g_s_f_i_l_e]
Use an alternate tags file.
-u -U .... --underline-special --UNDERLINE-SPECIAL
Change handling of backspaces.
-V ........ --version
Display the version number of "less".
-w ........ --hilite-unread
Highlight first new line after forward-screen.
-W ........ --HILITE-UNREAD
Highlight first new line after any forward movement.
-x [_N[,...]] --tabs=[_N[,...]]
Set tab stops.
-X ........ --no-init
Don't use termcap init/deinit strings.
-y [_N] .... --max-forw-scroll=[_N]
Forward scroll limit.
-z [_N] .... --window=[_N]
Set size of window.
-" [_c[_c]] . --quotes=[_c[_c]]
Set shell quote characters.
-~ ........ --tilde
Don't display tildes after end of file.
-# [_N] .... --shift=[_N]
Set horizontal scroll amount (0 = one half screen width).
--file-size
Automatically determine the size of the input file.
--follow-name
The F command changes files if the input file is renamed.
--incsearch
Search file as each pattern character is typed in.
--line-num-width=N
Set the width of the -N line number field to N characters.
--mouse
Enable mouse input.
--no-keypad
Don't send termcap keypad init/deinit strings.
--no-histdups
Remove duplicates from command history.
--rscroll=C
Set the character used to mark truncated lines.
--save-marks
Retain marks across invocations of less.
--status-col-width=N
Set the width of the -J status column to N characters.
--use-backslash
Subsequent options use backslash as escape char.
--use-color
Enables colored text.
--wheel-lines=N
Each click of the mouse wheel moves N lines.
---------------------------------------------------------------------------
LLIINNEE EEDDIITTIINNGG
These keys can be used to edit text being entered
on the "command line" at the bottom of the screen.
RightArrow ..................... ESC-l ... Move cursor right one character.
LeftArrow ...................... ESC-h ... Move cursor left one character.
ctrl-RightArrow ESC-RightArrow ESC-w ... Move cursor right one word.
ctrl-LeftArrow ESC-LeftArrow ESC-b ... Move cursor left one word.
HOME ........................... ESC-0 ... Move cursor to start of line.
END ............................ ESC-$ ... Move cursor to end of line.
BACKSPACE ................................ Delete char to left of cursor.
DELETE ......................... ESC-x ... Delete char under cursor.
ctrl-BACKSPACE ESC-BACKSPACE ........... Delete word to left of cursor.
ctrl-DELETE .... ESC-DELETE .... ESC-X ... Delete word under cursor.
ctrl-U ......... ESC (MS-DOS only) ....... Delete entire line.
UpArrow ........................ ESC-k ... Retrieve previous command line.
DownArrow ...................... ESC-j ... Retrieve next command line.
TAB ...................................... Complete filename & cycle.
SHIFT-TAB ...................... ESC-TAB Complete filename & reverse cycle.
ctrl-L ................................... Complete filename, list all.

4
example/lead.rs
View File

@@ -53,9 +53,9 @@ fn main() {
path_sk: Value::known(coin.path_sk.unwrap()),
coin_timestamp: Value::known(coin.tau.unwrap()), //
coin_nonce: Value::known(coin.nonce.unwrap()),
coin_opening_1: Value::known(mod_r_p(coin.opening1.unwrap())),
coin1_blind: Value::known(coin.c1_blind.unwrap()),
value: Value::known(coin.value.unwrap()),
coin_opening_2: Value::known(mod_r_p(coin.opening2.unwrap())),
coin2_blind: Value::known(coin.c2_blind.unwrap()),
cm_pos: Value::known(coin.idx),
//sn_c1: Value::known(coin.sn.unwrap()),
slot: Value::known(coin.sl.unwrap()),

57
src/blockchain/epoch.rs
View File

@@ -1,5 +1,7 @@
use halo2_proofs::{arithmetic::Field, dev::MockProver, circuit::Value};
use incrementalmerkletree::{bridgetree::BridgeTree, Tree};
use halo2_gadgets::poseidon::primitives as poseidon;
use pasta_curves::{
arithmetic::CurveAffine,
group::{ff::PrimeField, Curve},
@@ -14,13 +16,12 @@ use crate::{
leadcoin::LeadCoin,
merkle_node::MerkleNode,
util::{mod_r_p, pedersen_commitment_scalar},
types::DrkValueBlind,
},
};
const MERKLE_DEPTH: u8 = MERKLE_DEPTH_ORCHARD as u8;
#[derive(Copy,Debug,Default,Clone)]
pub struct EpochItem
{
@@ -66,7 +67,6 @@ impl Epoch {
let sk_base = pallas::Base::one();
prev_sk_base = sk_base;
sk_base.to_repr()
} else {
/*
let base = pedersen_commitment_scalar(pallas::Scalar::one(), mod_r_p(prev_sk_base));
@@ -108,8 +108,8 @@ impl Epoch {
let (root_sks, path_sks) = self.create_coins_sks();
let cm1_val: u64 = rng.gen();
//random commitment blinding values
let cm1_blind: pallas::Base = pallas::Base::random(&mut rng);
let cm2_blind: pallas::Base = pallas::Base::random(&mut rng);
let c_cm1_blind: DrkValueBlind = pallas::Scalar::random(&mut rng);
let c_cm2_blind: DrkValueBlind = pallas::Scalar::random(&mut rng);
let mut tree_cm = BridgeTree::<MerkleNode, MERKLE_DEPTH>::new(self.len.unwrap() as usize);
let mut coins: Vec<LeadCoin> = vec![];
@@ -120,6 +120,7 @@ impl Epoch {
// coin slot number
let c_sl = pallas::Base::from(u64::try_from(i).unwrap());
//
//TODO (fix)
let c_tau = pallas::Base::from(u64::try_from(i).unwrap()); // let's assume it's sl for simplicity
//
let c_root_sk: MerkleNode = root_sks[i];
@@ -132,10 +133,21 @@ impl Epoch {
let c_pk_pt_x: pallas::Base = *c_pk_pt.x();
let c_pk_pt_y: pallas::Base = *c_pk_pt.y();
let c_cm_v = c_v * c_seed * c_pk_pt_x * c_pk_pt_y;
let c_cm1_blind = cm1_blind; //TODO (fix) should be read from DrkValueBlind
let c_cm2_blind = cm2_blind; //TODO (fix) should be read from DrkValueBlind
let c_cm: pallas::Point = pedersen_commitment_scalar(mod_r_p(c_cm_v), mod_r_p(c_cm1_blind));
//
let lead_coin_msg = [
//TODO (fix)
pallas::Scalar::one(),
//c_pk_pt_x.clone(),
//c_pk_pt_y.clone(),
//c_v,
//*c_seed_pt.x(), //TODO(fix) will be c_seed(base) only after calculating c_seed as hash
//*c_seed_pt.y(),
];
let lead_coin_msg_hash : pallas::Scalar = poseidon::Hash::<_, poseidon::P128Pow5T3, poseidon::ConstantLength<1>, 3, 2>::init().hash(lead_coin_msg);
//TODO (FIX) THIS PANICS, ONLY PANICS ON LARGE VALUES!
//let c_cm: pallas::Point = pedersen_commitment_scalar(lead_coin_msg_hash, c_cm1_blind);
//note c_v is set to zero, should work
let c_cm: pallas::Point = pedersen_commitment_scalar(mod_r_p(c_v), c_cm1_blind);
let c_cm_coordinates = c_cm.to_affine().coordinates().unwrap();
let c_cm_base: pallas::Base = c_cm_coordinates.x() * c_cm_coordinates.y();
@@ -147,23 +159,22 @@ impl Epoch {
// lead coin commitment
let c_seed2 = pedersen_commitment_scalar(mod_r_p(c_seed), mod_r_p(c_root_sk.inner()));
let c_seed2_pt = c_seed2.to_affine().coordinates().unwrap();
/*
let lead_coin_msg = [c_pk_pt_y.clone(),
c_pk_pt_x.clone(),
c_v,
*c_seed2_pt.x(),
*c_seed2_pt.y()
let lead_coin_msg = [
//c_pk_pt_y.clone(),
//c_pk_pt_x.clone(),
//c_v,
//c_seed,
pallas::Base::one(),
];
let lead_coin_msg_hash =
poseidon::Hash::<_, P128Pow5T3, ConstantLength<5>, 3, 2>::init().hash(lead_coin_msg);
*/
//TODO (fix) hash this
let lead_coin_msg = c_pk_pt_y * c_pk_pt_x * c_v * *c_seed2_pt.x() * *c_seed2_pt.y();
let c_cm2 = pedersen_commitment_scalar(mod_r_p(lead_coin_msg), mod_r_p(c_cm2_blind));
let lead_coin_msg_hash = poseidon::Hash::<_, poseidon::P128Pow5T3, poseidon::ConstantLength<1>, 3, 2>::init().hash(lead_coin_msg);
let c_cm2 = pedersen_commitment_scalar(mod_r_p(lead_coin_msg_hash), c_cm2_blind);
let c_root_sk = root_sks[i];
let c_root_sk_bytes: [u8; 32] = c_root_sk.inner().to_repr();
let mut c_root_sk_base_bytes: [u8; 32] = [0; 32];
//TODO (fix) using only first 24, use the whoel root
c_root_sk_base_bytes[..23].copy_from_slice(&c_root_sk_bytes[..23]);
let _c_root_sk_base = pallas::Base::from_repr(c_root_sk_base_bytes);
@@ -186,8 +197,8 @@ impl Epoch {
root_sk: Some(c_root_sk.inner()),
path: Some(c_cm_path.as_slice().try_into().unwrap()),
path_sk: Some(c_path_sk),
opening1: Some(c_cm1_blind),
opening2: Some(c_cm2_blind),
c1_blind: Some(c_cm1_blind),
c2_blind: Some(c_cm2_blind),
};
coins.push(coin);
}

4
src/crypto/lead_proof.rs
View File

@@ -34,9 +34,9 @@ pub fn create_lead_proof(pk: ProvingKey, coin: LeadCoin) -> Result<Proof> {
path_sk: Value::known(coin.path_sk.unwrap()),
coin_timestamp: Value::known(coin.tau.unwrap()),
coin_nonce: Value::known(coin.nonce.unwrap()),
coin_opening_1: Value::known(mod_r_p(coin.opening1.unwrap())),
coin1_blind: Value::known(coin.c1_blind.unwrap()),
value: Value::known(coin.value.unwrap()),
coin_opening_2: Value::known(mod_r_p(coin.opening2.unwrap())),
coin2_blind: Value::known(coin.c2_blind.unwrap()),
cm_pos: Value::known(coin.idx),
//sn_c1: Value::known(coin.sn.unwrap()),
slot: Value::known(coin.sl.unwrap()),

14
src/crypto/leadcoin.rs
View File

@@ -1,4 +1,3 @@
// FIXME: This needs a cleanup and halo2 0.2 port
use pasta_curves::pallas;
use crate::crypto::{
@@ -12,6 +11,7 @@ use incrementalmerkletree::Hashable;
use pasta_curves::{arithmetic::CurveAffine, group::Curve};
//use halo2_proofs::arithmetic::CurveAffine;
#[derive(Debug, Default, Clone, Copy)]
pub struct LeadCoin {
pub value: Option<pallas::Base>, //stake
@@ -31,8 +31,8 @@ pub struct LeadCoin {
pub root_sk: Option<pallas::Base>,
pub path: Option<[MerkleNode; MERKLE_DEPTH_ORCHARD]>,
pub path_sk: Option<[MerkleNode; MERKLE_DEPTH_ORCHARD]>,
pub opening1: Option<pallas::Base>,
pub opening2: Option<pallas::Base>,
pub c1_blind: Option<pallas::Scalar>,
pub c2_blind: Option<pallas::Scalar>,
}
impl LeadCoin {
@@ -79,10 +79,10 @@ impl LeadCoin {
*po_sn.y(),
*po_cm.x(),
*po_cm.y(),
*po_cm2.x(),
*po_cm2.y(),
cm_root.0,
po_cmp,
//*po_cm2.x(),
//*po_cm2.y(),
//cm_root.0,
//po_cmp,
];
public_inputs
}

108
src/zk/circuit/lead_contract.rs
View File

@@ -3,7 +3,7 @@ use halo2_gadgets::{
chip::{EccChip, EccConfig},
FixedPoint, FixedPointShort, ScalarFixed, ScalarFixedShort,
},
poseidon::{primitives as poseidon, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
poseidon::{primitives as poseidon, Hash as PoseidonHash, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
sinsemilla::{
chip::{SinsemillaChip, SinsemillaConfig},
merkle::{
@@ -116,9 +116,9 @@ pub struct LeadContract {
pub path_sk: Value<[MerkleNode; MERKLE_DEPTH_ORCHARD]>, // path to the secret key root_sk
pub coin_timestamp: Value<pallas::Base>,
pub coin_nonce: Value<pallas::Base>,
pub coin_opening_1: Value<pallas::Scalar>,
pub coin1_blind: Value<pallas::Scalar>,
pub value: Value<pallas::Base>,
pub coin_opening_2: Value<pallas::Scalar>,
pub coin2_blind: Value<pallas::Scalar>,
// public advices
pub cm_pos: Value<u32>,
//
@@ -277,6 +277,12 @@ impl Circuit<pallas::Base> for LeadContract {
Value::known(pallas::Base::one()),
)?;
let zero = self.load_private(
layouter.namespace(|| "one"),
config.advices[0],
Value::known(pallas::Base::zero()),
)?;
// coin_timestamp tau
let coin_timestamp = self.load_private(
@@ -292,7 +298,7 @@ impl Circuit<pallas::Base> for LeadContract {
)?;
let coin_value = self.load_private(
layouter.namespace(|| "load opening 1"),
layouter.namespace(|| "load coin value"),
config.advices[0],
self.value,
)?;
@@ -445,15 +451,26 @@ impl Circuit<pallas::Base> for LeadContract {
// commitment of coins c1,c2
// ==========================
//TODO (res) should the reward be added to new minted coin?
/*
let coin_hash = {
let coin_val = {
let coin_val_pt = ar_chip.mul(layouter.namespace(|| ""), &coin_pk_y, &coin_pk_x)?;
//TODO (FIX)
//let coin_val0 = ar_chip.mul(layouter.namespace(|| ""), &coin_nonce, &coin_value)?;
let coin_val0 = ar_chip.mul(layouter.namespace(|| ""), &one.clone(), &zero.clone())?;
ar_chip.mul(layouter.namespace(|| ""), &coin_val_pt, &coin_val0)?
};
*/
let coin_hash : AssignedCell<Fp,Fp> = {
let poseidon_message = [
//coin_pk_commit.inner().x(),
//coin_pk_commit.inner().y(),
//TODO (fix)
//coin_pk_x.clone(),
//coin_pk_y.clone(),
//coin_value.clone(),
//coin_nonce.clone(),
coin_pk_x.clone(),
//coin_nonce.clone(), //TODO (fix) nocne need to be for (x,y), or if the seed is changed to hash it can be just pallas
one.clone(),
];
let poseidon_hasher = PoseidonHash::<_, _, poseidon::P128Pow5T3, poseidon::ConstantLength<1>, 3, 2>::init(
@@ -467,36 +484,40 @@ impl Circuit<pallas::Base> for LeadContract {
let poseidon_output: AssignedCell<Fp, Fp> = poseidon_output;
poseidon_output
};
*/
let coin_val = {
let coin_val_pt = ar_chip.mul(layouter.namespace(|| ""), &coin_pk_y, &coin_pk_x)?;
let coin_val0 = ar_chip.mul(layouter.namespace(|| ""), &coin_nonce, &coin_value)?;
ar_chip.mul(layouter.namespace(|| ""), &coin_val_pt, &coin_val0)?
};
let (com, _) = {
let coin_commit_v = ValueCommitV;
let coin_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), coin_commit_v);
let coin_val = ScalarFixedShort::new(
//TODO (FIX) THIS PANICS, ONLY PANICS ON LARGE VALUES!
/*
let coin_hash_pt = ScalarFixedShort::new(
ecc_chip.clone(),
layouter.namespace(|| "coin_val*1"),
(coin_hash, one.clone()),
)?;
*/
//note c_v is set to zero, should work
let coin_hash_pt = ScalarFixedShort::new(
ecc_chip.clone(),
layouter.namespace(|| "coin_val*1"),
(coin_val, one.clone()),
(coin_value.clone(), one.clone()),
)?;
coin_commit_v.mul(layouter.namespace(|| "coin commit v"), coin_val)?
coin_commit_v.mul(layouter.namespace(|| "coin commit v"), coin_hash_pt)?
};
// r*G_2
let (blind, _) = {
let coin_commit_r = OrchardFixedBasesFull::ValueCommitR;
let coin_commit_r = FixedPoint::from_inner(ecc_chip.clone(), coin_commit_r);
let coin_opening_1 = ScalarFixed::new(
let rcv = ScalarFixed::new(
ecc_chip.clone(),
layouter.namespace(|| "coin_opening_1 scalar"),
self.coin_opening_1,
layouter.namespace(|| "coin1 blind scalar"),
self.coin1_blind,
)?;
coin_commit_r
.mul(layouter.namespace(|| "coin serial number commit R"), coin_opening_1)?
coin_commit_r.mul(layouter.namespace(|| "coin serial number commit R"), rcv)?
};
let coin_commit = com.add(layouter.namespace(|| "nonce commit"), &blind)?;
@@ -520,11 +541,12 @@ impl Circuit<pallas::Base> for LeadContract {
/*
let coin2_hash = {
let poseidon_message = [
coin_pk_commit.inner().x(),
coin_pk_commit.inner().y(),
coin_value.clone(),
coin2_nonce.inner().x(),
coin2_nonce.inner().y(),
//coin_pk_commit.inner().x(),
//coin_pk_commit.inner().y(),
//coin_value.clone(),
//coin2_nonce.inner().x(),
//coin2_nonce.inner().y(),
zero.clone(),
];
let poseidon_hasher = PoseidonHash::<_, _, poseidon::P128Pow5T3, poseidon::ConstantLength<5>, 3, 2>::init(
@@ -538,7 +560,7 @@ impl Circuit<pallas::Base> for LeadContract {
let poseidon_output: AssignedCell<Fp, Fp> = poseidon_output;
poseidon_output
};
*/
/*
let coin2_hash0 = ar_chip.mul(
layouter.namespace(|| ""),
&coin_pk_commit.inner().x(),
@@ -550,29 +572,32 @@ impl Circuit<pallas::Base> for LeadContract {
&coin2_nonce.inner().y(),
)?;
let coin2_hash2 = ar_chip.mul(layouter.namespace(|| ""), &coin2_hash0, &coin2_hash1)?;
let coin2_hash = ar_chip.mul(layouter.namespace(|| ""), &coin_value, &coin2_hash2)?;
//TODO (fix)
//let coin2_hash = ar_chip.mul(layouter.namespace(|| ""), &coin_value.clone(), &coin2_hash2)?;
let coin2_hash = ar_chip.mul(layouter.namespace(|| ""), &one.clone(), &zero.clone())?;
*/
let (com, _) = {
let coin_commit_v = ValueCommitV;
let coin_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), coin_commit_v);
let coin2_hash = ScalarFixedShort::new(
let coin2_hash_pt = ScalarFixedShort::new(
ecc_chip.clone(),
layouter.namespace(|| "coin2_hash*1"),
(coin2_hash, one.clone()),
)?;
coin_commit_v.mul(layouter.namespace(|| "coin commit v"), coin2_hash)?
coin_commit_v.mul(layouter.namespace(|| "coin commit v"), coin2_hash_pt)?
};
// r*G_2
let (blind, _) = {
let coin_commit_r = OrchardFixedBasesFull::ValueCommitR;
let coin_commit_r = FixedPoint::from_inner(ecc_chip.clone(), coin_commit_r);
let coin_opening_2 = ScalarFixed::new(
let coin2_blind = ScalarFixed::new(
ecc_chip.clone(),
layouter.namespace(|| "coin_opening_2 scalar"),
self.coin_opening_2,
layouter.namespace(|| "coin2 blind scalar"),
self.coin2_blind,
)?;
coin_commit_r
.mul(layouter.namespace(|| "coin serial number commit R"), coin_opening_2)?
.mul(layouter.namespace(|| "coin serial number commit R"), coin2_blind)?
};
let coin2_commit = com.add(layouter.namespace(|| "nonce commit"), &blind)?;
let coin2_commit_x: AssignedCell<Fp, Fp> = coin2_commit.inner().x();
@@ -691,7 +716,7 @@ impl Circuit<pallas::Base> for LeadContract {
let y_commit_base = ScalarFixedShort::new(
ecc_chip.clone(),
layouter.namespace(|| "y_commit_base*1"),
(y_commit_base.clone(), one),
(y_commit_base.clone(), one.clone()),
)?;
rho_commit_v.mul(layouter.namespace(|| "coin commit v"), y_commit_base)?
};
@@ -718,11 +743,12 @@ impl Circuit<pallas::Base> for LeadContract {
Value::known(pallas::Base::one()), // note! this parameter to be tuned.
)?;
let ord = ar_chip.mul(layouter.namespace(|| ""), &scalar, &c)?;
let target = ar_chip.mul(layouter.namespace(|| "calculate target"), &ord, &coin_value)?;
//TODO (fix)
//let target = ar_chip.mul(layouter.namespace(|| "calculate target"), &ord, &coin_value.clone())?;
let target = ar_chip.mul(layouter.namespace(|| "calculate target"), &one.clone(), &zero.clone())?;
eb_chip.decompose(layouter.namespace(|| "target range check"), target.clone())?;
eb_chip.decompose(layouter.namespace(|| "y_commit range check"), y_commit_base.clone())?;
*/
//let (helper, is_gt) = greater_than_chip.greater_than(
// layouter.namespace(|| "t>y"),
//target.into(),