merge conflict resolved

proof/lead.zk

@@ -59,33 +59,33 @@ circuit "Lead" {
         constrain_instance(c2_cm_x);
         constrain_instance(c2_cm_y);
         # root of path to burnt coin commitment at given pos
-        root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm_hash);
-        constrain_instance(root);
+        #root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm_hash);
+        #constrain_instance(root);
         # root of path at c1_sk_pos
-        root_sk = merkle_root(c1_sk_pos, c1_sk_path, c1_sk);
-        constrain_instance(root_sk);
+        #root_sk = merkle_root(c1_sk_pos, c1_sk_path, c1_sk);
+        #constrain_instance(root_sk);
         # coin (1) sn/nullifier
-        sn = poseidon_hash(PREFIX_SN, c1_sk_root, c1_rho, ZERO);
-        constrain_instance(sn);
+        #sn = poseidon_hash(PREFIX_SN, c1_sk_root, c1_rho, ZERO);
+        #constrain_instance(sn);
         # lottery seed
-        seed = poseidon_hash(PREFIX_SEED, c1_sk_root, c1_rho, ZERO);
+        #seed = poseidon_hash(PREFIX_SEED, c1_sk_root, c1_rho, ZERO);
         # y
-        y = poseidon_hash(seed, mu_y);
-        constrain_instance(mu_y);
-        constrain_instance(y);
+        #y = poseidon_hash(seed, mu_y);
+        #constrain_instance(mu_y);
+        #constrain_instance(y);
         # rho
-        rho = poseidon_hash(seed, mu_rho);
-        constrain_instance(mu_rho);
-        constrain_instance(rho);
+        #rho = poseidon_hash(seed, mu_rho);
+        #constrain_instance(mu_rho);
+        #constrain_instance(rho);
         # target
-        term1 =  base_mul(sigma1, value);
-        term2_1 = base_mul(sigma2, value);
-        term2 = base_mul(term2_1, value);
-        target = base_add(term1, term2);
+        #term1 =  base_mul(sigma1, value);
+        #term2_1 = base_mul(sigma2, value);
+        #term2 = base_mul(term2_1, value);
+        #target = base_add(term1, term2);
         #lottery
         #constrain public value sigma1
-        constrain_instance(sigma1);
+        #constrain_instance(sigma1);
         # constrain public value sigma2
-        constrain_instance(sigma2);
-        less_than_loose(y, target);
+        #constrain_instance(sigma2);
+        #less_than_loose(y, target);
 }

src/consensus/leadcoin.rs

@@ -315,13 +315,21 @@ impl LeadCoin {
         coin_commitment_tree: &mut BridgeTree<MerkleNode, MERKLE_DEPTH>,
     ) -> LeadCoin {
         info!("LeadCoin::derive_coin()");
-        let rho = self.derived_rho();
+        let derived_c1_rho = self.derived_rho();
         let blind = pallas::Scalar::random(&mut OsRng);
-        let cm = self.derived_commitment(blind);
-        let cm_coord = cm.to_affine().coordinates().unwrap();
-        let cm_msg = [*cm_coord.x(), *cm_coord.y()];
-        let cm_base = poseidon_hash(cm_msg);
-        coin_commitment_tree.append(&MerkleNode::from(cm_base));
+        let derived_c2_cm = Self::commitment(self.pk(),
+                                                pallas::Base::from(self.value+2*constants::REWARD),
+                                                Self::util_derived_rho(self.coin1_sk_root, derived_c1_rho),
+                                                blind
+
+        );
+        let derived_c1_cm = {
+             self.derived_commitment(self.coin2_blind)
+        };
+        let derived_c1_cm_coord = derived_c1_cm.to_affine().coordinates().unwrap();
+        let derived_c1_cm_msg = [*derived_c1_cm_coord.x(), *derived_c1_cm_coord.y()];
+        let derived_c1_cm_base = poseidon_hash(derived_c1_cm_msg);
+        coin_commitment_tree.append(&MerkleNode::from(derived_c1_cm_base));
         let leaf_pos = coin_commitment_tree.witness().unwrap();
         let commitment_root = coin_commitment_tree.root(0).unwrap();
         let commitment_merkle_path =
@@ -329,10 +337,10 @@ impl LeadCoin {
         LeadCoin {
             value: self.value + constants::REWARD,
             coin1_commitment: self.coin2_commitment,
-            coin2_commitment: cm,
+            coin2_commitment: derived_c2_cm,
             idx: u32::try_from(usize::from(leaf_pos)).unwrap(),
             tau: self.tau,
-            nonce: rho,
+            nonce: derived_c1_rho,
             coin1_commitment_root: commitment_root,
             coin1_sk: self.coin1_sk,
             coin1_sk_root: self.coin1_sk_root,

src/consensus/state.rs

@@ -150,6 +150,7 @@ impl SlotCheckpoint {
         let sigma1 = pallas::Base::zero();
         let sigma2 = pallas::Base::zero();
 
+
         Self::new(0, eta, sigma1, sigma2)
     }
 }

src/consensus/validator.rs

@@ -653,7 +653,7 @@ impl ValidatorState {
             self.consensus.leaders_history.last().unwrap().clone(),
         );
         // Replacing old coin with the derived coin
-        //self.consensus.coins[relative_slot][idx] = coin.derive_coin(&mut self.consensus.coins_tree);
+        self.consensus.coins[relative_slot][idx] = coin.derive_coin(&mut self.consensus.coins_tree);
 
         Ok(Some(BlockProposal::new(header, unproposed_txs, lead_info)))
     }
@@ -852,14 +852,6 @@ impl ValidatorState {
 
         let prop_cm_x: pallas::Base = lf.public_inputs[constants::PI_COMMITMENT_X_INDEX];
         let prop_cm_y: pallas::Base = lf.public_inputs[constants::PI_COMMITMENT_Y_INDEX];
-        /*
-        for cm in &self.consensus.leaders_spent_coins {
-            if *cm == (prop_cm_x, prop_cm_y) {
-                error!("receive_proposal(): Proposal coin already spent.");
-                return Err(Error::ProposalIsSpent)
-            }
-        }
-        */
 
         // Check if proposal extends any existing fork chains
         let index = self.find_extended_chain_index(proposal)?;