contract/consensus/proof: removed obselete proofs

src/contract/consensus/proof/proposal_mint_v1.zk

@@ -1,85 +0,0 @@
-constant "ProposalMint_V1" {
-	EcFixedPointShort VALUE_COMMIT_VALUE,
-	EcFixedPoint VALUE_COMMIT_RANDOM,
-	EcFixedPointBase NULLIFIER_K,
-}
-
-witness "ProposalMint_V1" {
-	# X coordinate for public key
-	Base pub_x,
-	# Y coordinate for public key
-	Base pub_y,
-	# The value of this coin
-	Base value,
-	# The token ID
-	Base token,
-	# Burnt coin secret key
-	Base burnt_secret_key,
-	# Unique serial number corresponding to the burnt coin
-	Base burnt_serial,
-	# Random blinding factor for coin
-	Base coin_blind,
-	# Allows composing this ZK proof to invoke other contracts
-	Base spend_hook,
-	# Data passed from this coin to the invoked contract
-	Base user_data,
-	# Random blinding factor for the value commitment
-	Scalar value_blind,
-	# Random blinding factor for the token ID
-	Scalar token_blind,
-	# Random blinding factor for the serial number
-	Scalar serial_blind,
-}
-
-circuit "ProposalMint_V1" {
-	# Constants
-	ZERO = witness_base(0);
-	SERIAL_PREFIX = witness_base(2);
-
-	# TODO: verify if value must be > 0 and add corresponding opcode
-
-	# Derive new coin serial from old one
-	serial = poseidon_hash(SERIAL_PREFIX, burnt_secret_key, burnt_serial, ZERO);
-
-	# Poseidon hash of the coin
-	C = poseidon_hash(
-		pub_x,
-		pub_y,
-		value,
-		token,
-		serial,
-		spend_hook,
-		user_data,
-		coin_blind,
-	);
-	constrain_instance(C);
-
-	# Pedersen commitment for coin's value
-	vcv = ec_mul_short(value, VALUE_COMMIT_VALUE);
-	vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
-	value_commit = ec_add(vcv, vcr);
-	# Since the value commit is a curve point, we fetch its coordinates
-	# and constrain them:
-	constrain_instance(ec_get_x(value_commit));
-	constrain_instance(ec_get_y(value_commit));
-
-	# Pedersen commitment for coin's token ID
-	tcv = ec_mul_base(token, NULLIFIER_K);
-	tcr = ec_mul(token_blind, VALUE_COMMIT_RANDOM);
-	token_commit = ec_add(tcv, tcr);
-	# Since token commit is also a curve point, we'll do the same
-	# coordinate dance:
-	constrain_instance(ec_get_x(token_commit));
-	constrain_instance(ec_get_y(token_commit));
-
-	# Pedersen commitment for coin's serial number
-	scv = ec_mul_base(serial, NULLIFIER_K);
-	scr = ec_mul(serial_blind, VALUE_COMMIT_RANDOM);
-	serial_commit = ec_add(scv, scr);
-	# Since serial commit is also a curve point, we'll do the same
-	# coordinate dance:
-	constrain_instance(ec_get_x(serial_commit));
-	constrain_instance(ec_get_y(serial_commit));
-
-	# At this point we've enforced all of our public inputs.
-}

src/contract/consensus/proof/proposal_reward_v1.zk

@@ -1,103 +0,0 @@
-constant "ProposalReward_V1" {
-	EcFixedPointShort VALUE_COMMIT_VALUE,
-	EcFixedPoint VALUE_COMMIT_RANDOM,
-	EcFixedPointBase NULLIFIER_K,
-}
-
-witness "ProposalReward_V1" {
-	# Burnt coin secret key
-	Base secret_key,
-	# Unique serial number corresponding to the burnt coin
-	Base serial,
-	# The value of the burnt coin
-	Base value,
-	# The reward value
-	Base reward,
-	# Random blinding factor for the value commitment
-	Scalar value_blind,
-	# Random blinding factor for the serial number of the new coin
-	Scalar new_serial_blind,
-	# Election seed y
-	Base mu_y,
-	# Election seed rho
-	Base mu_rho,
-	# Sigma1
-	Base sigma1,
-	# Sigma2
-	Base sigma2,
-	# Lottery headstart
-	Base headstart,
-}
-
-circuit "ProposalReward_V1" {
-	# Constants
-	ZERO = witness_base(0);
-	SERIAL_PREFIX = witness_base(2);
-	SEED_PREFIX = witness_base(3);
-
-	# TODO: verify if value or reward must be > 0 and add corresponding opcodes
-
-	# Poseidon hash of the coin nullifier
-	nullifier = poseidon_hash(secret_key, serial);
-	constrain_instance(nullifier);
-
-	# Derive public key that will be used in VRF proof and constrain it
-	pub = ec_mul_base(secret_key, NULLIFIER_K);
-	constrain_instance(ec_get_x(pub));
-	constrain_instance(ec_get_y(pub));
-
-	# Pedersen commitment for coin's value
-	vcv = ec_mul_short(value, VALUE_COMMIT_VALUE);
-	vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
-	value_commit = ec_add(vcv, vcr);
-	# Since the value commit is a curve point, we fetch its coordinates
-	# and constrain them:
-	constrain_instance(ec_get_x(value_commit));
-	constrain_instance(ec_get_y(value_commit));
-
-	# Derive new coin serial from burnt one and constrain the pedersen commitment
-	new_serial = poseidon_hash(SERIAL_PREFIX, secret_key, serial, ZERO);
-	scv = ec_mul_base(new_serial, NULLIFIER_K);
-	scr = ec_mul(new_serial_blind, VALUE_COMMIT_RANDOM);
-	serial_commit = ec_add(scv, scr);
-	# Since serial commit is also a curve point, we'll do the same
-	# coordinate dance:
-	constrain_instance(ec_get_x(serial_commit));
-	constrain_instance(ec_get_y(serial_commit));
-
-	# Pedersen commitment for new coin's value
-	new_value = base_add(value, reward);
-	nvcv = ec_mul_short(new_value, VALUE_COMMIT_VALUE);
-	nvcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
-	new_value_commit = ec_add(nvcv, nvcr);
-	# Since the new value commit is also a curve point, we'll do the same
-	# coordinate dance:
-	constrain_instance(ec_get_x(new_value_commit));
-	constrain_instance(ec_get_y(new_value_commit));
-
-	# Coin y:
-	seed = poseidon_hash(SEED_PREFIX, serial, ZERO);
-	y = poseidon_hash(seed, mu_y);
-	constrain_instance(mu_y);
-	constrain_instance(y);
-
-	# Coin rho(seed):
-	rho = poseidon_hash(seed, mu_rho);
-	constrain_instance(mu_rho);
-	constrain_instance(rho);
-
-	# Calculate lottery target
-	term_1 = base_mul(sigma1, value);
-	term_2 = base_mul(sigma2, value);
-	shifted_term_2 = base_mul(term_2, value);
-	target = base_add(term_1, shifted_term_2);
-	shifted_target = base_add(target, headstart);
-	constrain_instance(sigma1);
-	constrain_instance(sigma2);
-	constrain_instance(headstart);
-
-	# Play lottery
-	less_than_loose(y, shifted_target);
-
-	# At this point we've enforced all of our public inputs.
-}