github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-01-09 22:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

lead.zk, consnsus/leadcoin.rs fixed lead contract commitments, prefixes, pk, and changed vm lessthan to non strict

Browse Source
This commit is contained in:
mohab metwally
2022-11-19 15:28:57 +02:00
parent 106bd37525
commit d117643e48
3 changed files with 98 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
proof/lead.zk
View File

@@ -34,60 +34,60 @@ circuit "Lead" {
pk = poseidon_hash(PREFIX_PK, c1_sk_root, c1_tau, ZERO);
constrain_instance(pk);
# coin (2) rho/nonce
#c2_rho = poseidon_hash(PREFIX_EVL, c1_sk_root, c1_rho, ZERO);
#constrain_instance(c2_rho);
c2_rho = poseidon_hash(PREFIX_EVL, c1_sk_root, c1_rho, ZERO);
constrain_instance(c2_rho);
# coin (1) cm/commitment
#c1_cm_msg = poseidon_hash(PREFIX_CM, pk, value, c1_rho);
#c1_cm_v = ec_mul_short(c1_cm_msg, VALUE_COMMIT_VALUE);
#c1_cm_r = ec_mul(c1_opening, VALUE_COMMIT_RANDOM);
#c1_cm = ec_add(c1_cm_v, c1_cm_r);
#c1_cm_x = ec_get_x(c1_cm);
#c1_cm_y = ec_get_y(c1_cm);
#c1_cm_hash = poseidon_hash(c1_cm_x, c1_cm_y);
#constrain_instance(c1_cm_x);
#constrain_instance(c1_cm_y);
c1_cm_msg = poseidon_hash(PREFIX_CM, pk, value, c1_rho);
c1_cm_v = ec_mul_base(c1_cm_msg, NULLIFIER_K);
c1_cm_r = ec_mul(c1_opening, VALUE_COMMIT_RANDOM);
c1_cm = ec_add(c1_cm_v, c1_cm_r);
c1_cm_x = ec_get_x(c1_cm);
c1_cm_y = ec_get_y(c1_cm);
c1_cm_hash = poseidon_hash(c1_cm_x, c1_cm_y);
constrain_instance(c1_cm_x);
constrain_instance(c1_cm_y);
# coin (2) cm/commitment
#c2_cm_msg = poseidon_hash(PREFIX_CM, pk, value, c2_rho);
#c2_cm_v = ec_mul_short(c2_cm_msg, VALUE_COMMIT_VALUE);
#c2_cm_r = ec_mul(c2_opening, VALUE_COMMIT_RANDOM);
#c2_cm = ec_add(c2_cm_v, c2_cm_r);
#c2_cm_x = ec_get_x(c2_cm);
#c2_cm_y = ec_get_y(c2_cm);
#constrain_instance(c2_cm_x);
#constrain_instance(c2_cm_y);
c2_cm_msg = poseidon_hash(PREFIX_CM, pk, value, c2_rho);
c2_cm_v = ec_mul_base(c2_cm_msg, NULLIFIER_K);
c2_cm_r = ec_mul(c2_opening, VALUE_COMMIT_RANDOM);
c2_cm = ec_add(c2_cm_v, c2_cm_r);
c2_cm_x = ec_get_x(c2_cm);
c2_cm_y = ec_get_y(c2_cm);
constrain_instance(c2_cm_x);
constrain_instance(c2_cm_y);
# root of path to burnt coin commitment at given pos
#root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm_hash);
#constrain_instance(root);
root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm_hash);
constrain_instance(root);
# root of path at c1_sk_pos
#root_sk = merkle_root(c1_sk_pos, c1_sk_path, c1_sk);
#constrain_instance(root_sk);
root_sk = merkle_root(c1_sk_pos, c1_sk_path, c1_sk);
constrain_instance(root_sk);
# coin (1) sn/nullifier
#sn = poseidon_hash(PREFIX_SN, c1_sk_root, c1_rho, ZERO);
#constrain_instance(sn);
sn = poseidon_hash(PREFIX_SN, c1_sk_root, c1_rho, ZERO);
constrain_instance(sn);
# lottery seed
#seed = poseidon_hash(PREFIX_SEED, c1_sk_root, c1_rho, ZERO);
seed = poseidon_hash(PREFIX_SEED, c1_sk_root, c1_rho, ZERO);
# y
#y_v = ec_mul_short(seed, VALUE_COMMIT_VALUE);
#y_r = ec_mul(y_opening, VALUE_COMMIT_RANDOM);
#y = ec_add(y_v, y_r);
#y_x = ec_get_x(y);
#y_y = ec_get_y(y);
#y_hash = poseidon_hash(y_x, y_y);
#constrain_instance(y_x);
#constrain_instance(y_y);
y_v = ec_mul_base(seed, NULLIFIER_K);
y_r = ec_mul(y_opening, VALUE_COMMIT_RANDOM);
y = ec_add(y_v, y_r);
y_x = ec_get_x(y);
y_y = ec_get_y(y);
y_hash = poseidon_hash(y_x, y_y);
constrain_instance(y_x);
constrain_instance(y_y);
# rho
#rho_v = ec_mul_short(seed, VALUE_COMMIT_VALUE);
#rho_r = ec_mul(rho_opening, VALUE_COMMIT_RANDOM);
#rho = ec_add(rho_v, rho_r);
#rho_x = ec_get_x(rho);
#rho_y = ec_get_y(rho);
#constrain_instance(rho_x);
#constrain_instance(rho_y);
rho_v = ec_mul_base(seed, NULLIFIER_K);
rho_r = ec_mul(rho_opening, VALUE_COMMIT_RANDOM);
rho = ec_add(rho_v, rho_r);
rho_x = ec_get_x(rho);
rho_y = ec_get_y(rho);
constrain_instance(rho_x);
constrain_instance(rho_y);
# target
#term1 = base_mul(sigma1, value);
#term2_1 = base_mul(sigma2, value);
#term2 = base_mul(term2_1, value);
#target = base_add(term1, term2);
# lottery
#less_than(y_hash, target);
term1 = base_mul(sigma1, value);
term2_1 = base_mul(sigma2, value);
term2 = base_mul(term2_1, value);
target = base_add(term1, term2);
#lottery
less_than(y_hash, target);
}

106
src/consensus/leadcoin.rs
View File

@@ -151,76 +151,69 @@ impl LeadCoin {
// Merkle tree of coin commitments
coin_commitment_tree: &mut BridgeTree<MerkleNode, MERKLE_DEPTH>,
) -> Self {
let zero = pallas::Base::zero();
let one = pallas::Base::one();
let prefix_evl = pallas::Base::from(2);
let prefix_seed = pallas::Base::from(3);
let prefix_cm = pallas::Base::from(4);
let prefix_pk = pallas::Base::from(5);
let prefix_sn = pallas::Base::from(6);
// Generate random blinding values for commitments:
let coin1_blind = pallas::Scalar::random(&mut OsRng);
let coin2_blind = pallas::Scalar::random(&mut OsRng);
// Derive a public key from the secret key
let public_key = PublicKey::from_secret(secret_key);
let (coin_pk_x, coin_pk_y) = public_key.xy();
debug!("coin_pk[{}] x: {:?}", slot_index, coin_pk_x);
debug!("coin_pk[{}] y: {:?}", slot_index, coin_pk_y);
// Derive a nullifier
let sn_msg = [
pallas::Base::from(seed),
let tau = pallas::Base::from(slot_index as u64);
// pk
let pk_msg = [prefix_pk, coin1_sk_root.inner(), tau, zero];
let pk = poseidon_hash(pk_msg);
// Derive the nonce for coin2
let coin2_nonce_msg = [
prefix_evl,
coin1_sk_root.inner(),
pallas::Base::zero(),
pallas::Base::one(),
pallas::Base::from(seed),
zero,
];
let c_sn = poseidon_hash(sn_msg);
let coin2_seed = poseidon_hash(coin2_nonce_msg);
debug!("coin2_seed[{}]: {:?}", slot_index, coin2_seed);
// Derive input for the commitment of coin1
let coin1_commit_msg = [
pallas::Base::from(PRF_NULLIFIER_PREFIX),
coin_pk_x,
coin_pk_y,
prefix_cm,
pk,
pallas::Base::from(value),
pallas::Base::from(seed),
pallas::Base::one(),
];
let coin1_commit_v = poseidon_hash(coin1_commit_msg);
// Create commitment to coin1
let coin1_commit_v = poseidon_hash(coin1_commit_msg);
let coin1_commitment = pedersen_commitment_base(coin1_commit_v, coin1_blind);
// Hash its coordinates to get a base field element
let c1_cm_coords = coin1_commitment.to_affine().coordinates().unwrap();
let c1_base_msg = [*c1_cm_coords.x(), *c1_cm_coords.y()];
let coin1_commitment_base = poseidon_hash(c1_base_msg);
// Append the element to the Merkle tree
coin_commitment_tree.append(&MerkleNode::from(coin1_commitment_base));
let leaf_pos = coin_commitment_tree.witness().unwrap();
let coin1_commitment_root = coin_commitment_tree.root(0).unwrap();
let coin1_commitment_merkle_path =
coin_commitment_tree.authentication_path(leaf_pos, &coin1_commitment_root).unwrap();
// Derive the nonce for coin2
let coin2_nonce_msg = [
pallas::Base::from(seed),
coin1_sk_root.inner(),
pallas::Base::one(),
pallas::Base::one(),
];
let coin2_seed = poseidon_hash(coin2_nonce_msg);
debug!("coin2_seed[{}]: {:?}", slot_index, coin2_seed);
// Derive input for the commitment of coin2
let coin2_commit_msg = [
pallas::Base::from(PRF_NULLIFIER_PREFIX),
coin_pk_x,
coin_pk_y,
prefix_cm,
pk,
pallas::Base::from(value),
coin2_seed,
pallas::Base::one(),
pallas::Base::from(coin2_seed),
];
let coin2_commit_v = poseidon_hash(coin2_commit_msg);
// Create commitment to coin2
let coin2_commitment = pedersen_commitment_base(coin2_commit_v, coin2_blind);
// Derive election seeds
let (y_mu, rho_mu) = Self::election_seeds(eta, pallas::Base::from(slot_index as u64));
// Derive a nullifier
let sn_msg = [
prefix_sn,
coin1_sk_root.inner(),
pallas::Base::from(seed),
zero
];
let c_sn = poseidon_hash(sn_msg);
// Return the object
Self {
@@ -231,7 +224,7 @@ impl LeadCoin {
idx: u32::try_from(usize::from(leaf_pos)).unwrap(),
sl: pallas::Base::from(slot_index as u64),
// Assume tau is sl for simplicity
tau: pallas::Base::from(slot_index as u64),
tau: tau,
nonce: pallas::Base::from(seed),
nonce_cm: coin2_seed,
sn: c_sn,
@@ -270,10 +263,11 @@ impl LeadCoin {
/// Create a vector of `pallas::Base` elements from the `LeadCoin` to be
/// used as public inputs for the ZK proof.
pub fn public_inputs(&self) -> Vec<pallas::Base> {
let prefix_evl = pallas::Base::from(2);
let prefix_pk = pallas::Base::from(4);
let prefix_pk = pallas::Base::from(5);
let zero = pallas::Base::zero();
let prefix_evl = pallas::Base::from(2);
let prefix_seed = pallas::Base::from(3);
let prefix_pk = pallas::Base::from(5);
// pk
let pk_msg = [prefix_pk, self.coin1_sk_root.inner(), self.tau, zero];
let pk = poseidon_hash(pk_msg);
@@ -284,7 +278,7 @@ impl LeadCoin {
let c1_cm = self.coin1_commitment.to_affine().coordinates().unwrap();
let c2_cm = self.coin2_commitment.to_affine().coordinates().unwrap();
// lottery seed
let seed_msg = [self.coin1_sk_root.inner(), self.nonce];
let seed_msg = [prefix_seed, self.coin1_sk_root.inner(), self.nonce, zero];
let seed = poseidon_hash(seed_msg);
// y
let y = pedersen_commitment_base(seed, mod_r_p(self.y_mu));
@@ -294,18 +288,18 @@ impl LeadCoin {
let rho_coord = rho.to_affine().coordinates().unwrap();
vec![
pk,
//c2_rho,
//*c1_cm.x(),
//*c1_cm.y(),
//*c2_cm.x(),
//*c2_cm.y(),
//self.coin1_commitment_root.inner(),
//self.coin1_sk_root.inner(),
//self.sn,
//*y_coords.x(),
//*y_coords.y(),
//*rho_coord.x(),
//*rho_coord.y(),
c2_rho,
*c1_cm.x(),
*c1_cm.y(),
*c2_cm.x(),
*c2_cm.y(),
self.coin1_commitment_root.inner(),
self.coin1_sk_root.inner(),
self.sn,
*y_coords.x(),
*y_coords.y(),
*rho_coord.x(),
*rho_coord.y(),
]
}

2
src/zk/vm.rs
View File

@@ -730,7 +730,7 @@ impl Circuit<pallas::Base> for ZkCircuit {
a,
b,
0,
true,
false,
)?;
}