diff --git a/src/blockchain/epoch.rs b/src/blockchain/epoch.rs index b01a7367c..69ec972f9 100644 --- a/src/blockchain/epoch.rs +++ b/src/blockchain/epoch.rs @@ -174,11 +174,12 @@ impl Epoch { //random sampling of the same size of prf, //pseudo random sampling that is the size of pederson commitment // coin slot number - //TODO (fix) need to be multiplied by the ep + + //TODO this has to be absolute path let c_sl = pallas::Base::from(u64::try_from(i).unwrap()); // - //TODO (fix) - let c_tau = pallas::Base::from(u64::try_from(i).unwrap()); // let's assume it's sl for simplicity + //let's assume it's sl for simplicity + let c_tau = pallas::Base::from(u64::try_from(i).unwrap()); // let c_root_sk: MerkleNode = root_sks[i]; @@ -187,7 +188,6 @@ impl Epoch { c_root_sk.inner(), ]; let c_pk : pallas::Base = poseidon::Hash::<_, poseidon::P128Pow5T3, poseidon::ConstantLength<2>, 3, 2>::init().hash(coin_pk_msg); - //let c_pk = pedersen_commitment_base(c_tau, mod_r_p(c_root_sk.inner())); let c_seed = pallas::Base::from(seeds[i]); let sn_msg = [ @@ -197,15 +197,6 @@ impl Epoch { let c_sn : pallas::Base = poseidon::Hash::<_, poseidon::P128Pow5T3, poseidon::ConstantLength<2>, 3, 2>::init().hash(coin_pk_msg); - //let lead_coin_msg = [ - // c_pk.clone(), - - //c_v, - // *c_seed_pt.x(), //TODO(fix) will be c_seed(base) only after calculating c_seed as hash - //*c_seed_pt.y(), - //]; - //let lead_coin_msg_hash : pallas::Scalar = poseidon::Hash::<_, poseidon::P128Pow5T3, poseidon::ConstantLength<1>, 3, 2>::init().hash(lead_coin_msg); - let coin_commit_msg = c_pk*c_v*c_seed; let c_cm: pallas::Point = pedersen_commitment_scalar(mod_r_p(coin_commit_msg), c_cm1_blind); let c_cm_coordinates = c_cm.to_affine().coordinates().unwrap(); @@ -225,25 +216,10 @@ impl Epoch { let c_seed2_pt_x = c_seed2.clone(); let c_seed2_pt_y = c_seed2.clone(); - //let lead_coin_msg = [ - //c_pk_pt_y.clone(), - //c_pk_pt_x.clone(), - //c_v, - //c_seed, - //pallas::Base::one(), - //]; - //let lead_coin_msg_hash : pallas::Base = poseidon::Hash::<_, poseidon::P128Pow5T3, poseidon::ConstantLength<1>, 3, 2>::init().hash(lead_coin_msg); let coin2_commit_msg = c_pk*c_seed2_pt_x*c_seed2_pt_y*c_v; let c_cm2 = pedersen_commitment_base(coin2_commit_msg, c_cm2_blind); let c_root_sk = root_sks[i]; - - let c_root_sk_bytes: [u8; 32] = c_root_sk.inner().to_repr(); - let mut c_root_sk_base_bytes: [u8; 32] = [0; 32]; - //TODO (fix) using only first 24, use the whole root - c_root_sk_base_bytes[..23].copy_from_slice(&c_root_sk_bytes[..23]); - let _c_root_sk_base = pallas::Base::from_repr(c_root_sk_base_bytes); - let c_path_sk = path_sks[i]; // election seeds diff --git a/src/zk/circuit/lead_contract.rs b/src/zk/circuit/lead_contract.rs index efbe7e6be..1f442534a 100644 --- a/src/zk/circuit/lead_contract.rs +++ b/src/zk/circuit/lead_contract.rs @@ -438,7 +438,9 @@ impl Circuit for LeadContract { )?; - + // ================================================ + // coin2 commiment H=COMMIT(pk||V||nonce2||r2) + // ================================================ let coin2_hash_cm = ar_chip.mul( layouter.namespace(|| ""), &coin_pk_commit, @@ -484,6 +486,9 @@ impl Circuit for LeadContract { LEAD_COIN_COMMIT2_Y_OFFSET, )?; + + // =========================== + // path is valid path to cm1 // =========================== let path : Value<[pallas::Base;MERKLE_DEPTH_ORCHARD]> = self.path.map(|typed_path| gen_const_array(|i| typed_path[i].inner())); @@ -514,10 +519,10 @@ impl Circuit for LeadContract { LEAD_COIN_COMMIT_PATH_OFFSET, )?; - //let _node = MerkleNode::from_bytes(&self.root_sk.unwrap().to_repr()).unwrap(); - //let serialized = serde_json::to_string(&node).unwrap(); - //println!("root_sk: {}", serialized); + //================================ + // y as COMIT(root_sk*nonce, mau_y) + //================================ let y_commit_exp = ar_chip.mul( layouter.namespace(|| ""), &_root_sk.clone(), @@ -550,7 +555,7 @@ impl Circuit for LeadContract { let y_commit_base = y_commit.inner().x(); // ============================ - // constraint rho + // constraint rho as COMIT(root_sk*nonce, mau_rho) // ============================ let (com, _) = { let rho_commit_v = ValueCommitV; @@ -572,7 +577,7 @@ impl Circuit for LeadContract { }; let _rho_commit = com.add(layouter.namespace(|| "nonce commit"), &blind)?; - // that the coin value never get past it. + //used for fine tuning the leader election frequency let scalar = self.load_private( layouter.namespace(|| "load scalar "), config.advices[0], @@ -585,21 +590,21 @@ impl Circuit for LeadContract { config.advices[0], Value::known(pallas::Base::one()), // note! this parameter to be tuned. )?; - //let ord = ar_chip.mul(layouter.namespace(|| ""), &scalar, &c)?; - //let target = ar_chip.mul(layouter.namespace(|| "calculate target"), &ord, &coin_value.clone())?; - //eb_chip.decompose(layouter.namespace(|| "target range check"), target.clone())?; - //eb_chip.decompose(layouter.namespace(|| "y_commit range check"), y_commit_base.clone())?; - - //let (helper, is_gt) = greater_than_chip.greater_than( - // layouter.namespace(|| "t>y"), - //target.into(), - // y_commit_base.into(), - // )?; - //eb_chip.decompose(layouter.namespace(|| "helper range check"), helper.0)?; - - //layouter.constrain_instance(is_gt.0.cell(), config.primary, LEAD_THRESHOLD_OFFSET)? + /* + let ord = ar_chip.mul(layouter.namespace(|| ""), &scalar, &c)?; + let target = ar_chip.mul(layouter.namespace(|| "calculate target"), &ord, &coin_value.clone())?; + eb_chip.decompose(layouter.namespace(|| "target range check"), target.clone())?; + eb_chip.decompose(layouter.namespace(|| "y_commit range check"), y_commit_base.clone())?; + let (helper, is_gt) = greater_than_chip.greater_than( + layouter.namespace(|| "t>y"), + target.into(), + y_commit_base.into(), + )?; + eb_chip.decompose(layouter.namespace(|| "helper range check"), helper.0)?; + layouter.constrain_instance(is_gt.0.cell(), config.primary, LEAD_THRESHOLD_OFFSET)? + */ Ok(()) } }