mirror of
https://github.com/darkrenaissance/darkfi.git
synced 2026-01-08 22:28:12 -05:00
lead circuit in zkas
This commit is contained in:
mohab metwally
90
proof/lead.zk
Normal file
90
proof/lead.zk
Normal file
@@ -0,0 +1,90 @@
|
||||
constant "Lead" {
|
||||
EcFixedPointShort VALUE_COMMIT_VALUE,
|
||||
EcFixedPoint VALUE_COMMIT_RANDOM,
|
||||
EcFixedPointBase NULLIFIER_K,
|
||||
Base PREFIX_CM,
|
||||
Base PREFIX_PK,
|
||||
Base PREFIX_EVL,
|
||||
BASE PREFIX_SEED,
|
||||
Base ONE,
|
||||
Base ZERO,
|
||||
}
|
||||
|
||||
contract "Lead" {
|
||||
MerklePath c1_cm_path,
|
||||
Uint32 c1_cm_pos,
|
||||
Unit32 c1_sk_pos,
|
||||
Base c1_sk,
|
||||
Base c1_sk_root,
|
||||
MerklePath c1_sk_path,
|
||||
Base c1_tau,
|
||||
Base c1_rho,
|
||||
Scalar c1_opening,
|
||||
Base value,
|
||||
Scalar c2_opening,
|
||||
Scalar rho_mu,
|
||||
Scalar y_mu,
|
||||
Base sigam1,
|
||||
Base sigma2
|
||||
}
|
||||
|
||||
Circuit "Lead" {
|
||||
# coin (1) pk
|
||||
pk = poseidon_hash(PREFIX_PK, c1_sk_root, c1_tau, ZERO);
|
||||
constrain_instance(pk);
|
||||
# coin (2) rho/nonce
|
||||
c2_rho = poseidon_hash(PREFIX_EVL, c1_sk_root, c1_rho, ZERO);
|
||||
constrain_instance(c2_rho);
|
||||
# coin (1) cm/commitment
|
||||
c1_cm_msg = poseidon_hash(PREFIX_CM, pk, value, c1_rho);
|
||||
c1_cm_v = ec_mul_short(c1_cm_msg, VALUE_COMMIT_VALUE);
|
||||
c1_cm_r = ec_mul(c1_opening, VALUE_COMMIT_RANDOM);
|
||||
c1_cm = ec_add(c1_cm_v, c1_cm_r);
|
||||
c1_cm_x = ec_get_x(c1_cm);
|
||||
c1_cm_y = ec_get_y(c1_cm);
|
||||
constrain_instance(c1_cm_x);
|
||||
constrain_instance(c1_cm_y);
|
||||
# coin (2) cm/commitment
|
||||
c2_cm_msg = poseidon_hash(PREFIX_CM, pk, value, c2_rho);
|
||||
c2_cm_v = ec_mul_short(c2_cm_msg, VALUE_COMMIT_VALUE);
|
||||
c2_cm_r = ec_mul(c2_opening, VALUE_COMMIT_RANDOM);
|
||||
c2_cm = ec_add(c2_cm_v, c2_cm_r);
|
||||
c2_cm_x = ec_get_x(c2_cm);
|
||||
c2_cm_y = ec_get_y(c2_cm);
|
||||
constrain_instance(c2_cm_x);
|
||||
constrain_instance(c2_cm_y);
|
||||
# root of path to burnt coin commitment at given pos
|
||||
root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm);
|
||||
constrain_instance(root);
|
||||
# root of path at c1_sk_pos
|
||||
root_sk = merkle_root(c1_sk_pos, c1_sk_path, c1_sk);
|
||||
constrain_instance(root_sk);
|
||||
# coin (1) sn/nullifier
|
||||
sn = poseidon_hash(PREFIX_SN, c1_sk_root, c1_rho, ZERO);
|
||||
constrain_instance(sn);
|
||||
# lottery seed
|
||||
seed = poseidon_hash(PREFIX_SEED, c1_sk_root, c1_rho, ZERO);
|
||||
# y
|
||||
y_v = ec_mul_short(seed, VALUE_COMMIT_VALUE);
|
||||
y_r = ec_mul(y_mu, VALUE_COMMIT_RANDOM);
|
||||
y = ec_add(y_v, y_r);
|
||||
y_x = ec_get_x(y);
|
||||
y_y = ec_get_y(y);
|
||||
constrain_instance(y_x);
|
||||
constrain_instance(y_y);
|
||||
# rho
|
||||
rho_v = ec_mul_short(seed, VALUE_COMMIT_VALUE);
|
||||
rho_r = ec_mul(rho_mu, VALUE_COMMIT_RANDOM);
|
||||
rho = ec_add(rho_v, rho_r);
|
||||
rho_x = ec_get_x(rho);
|
||||
rho_y = ec_get_y(rho);
|
||||
constrain_instance(rho_x);
|
||||
constrain_instance(rho_y);
|
||||
# target
|
||||
term1 = base_mul(sigma1, value);
|
||||
term2_1 = base_mul(sigam2, value);
|
||||
term2 = base_mul(term_2_1, value);
|
||||
target = base_add(term1, term2);
|
||||
# lottery
|
||||
less_than(y, target)
|
||||
}
|
||||
Reference in New Issue
Block a user