split off codgen functions into a separate module. have working ec ops

2026-01-09 22:57:59 -05:00 · 2020-09-21 10:18:27 +02:00
parent 7833f69ede
commit e710fb2cd4
7 changed files with 69 additions and 33 deletions
--- a/compile_and_run.sh
+++ b/compile_and_run.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x
 python scripts/pism.py proofs/simple.pism > src/simple_circuit.rs
 cargo fmt
 cargo run --release --bin simple
--- a/proofs/simple.pism
+++ b/proofs/simple.pism
@@ -4,9 +4,15 @@ constant G_SPEND FixedGenerator

 contract input_spend
    param secret Fr
+    param ak Point
 start
+    witness ak param:ak
+    assert_not_small_order ak
+
    fr_as_binary_le secret param:secret
    ec_mul_const public secret G_SPEND
+
+    ec_add public public ak
    emit_ec public
 end

--- a/proofs/simple.prf
+++ b/proofs/simple.prf
@@ -1,5 +1,5 @@
-const:
-    G_SPEND: SubgroupPoint
+const G_SPEND: SubgroupPoint
+
 contract input_spend(
    secret: Fr -> BinaryNumber
 ) -> Point:
--- a/proofs/working.pism
+++ b/proofs/working.pism
@@ -33,10 +33,6 @@ contract input_spend
    # ...
    param anchor Scalar
 start
-    fr_as_binary_le secret param:secret
-    ec_mul_const public secret G_SPEND
-    emit_ec public
-
    # let rk: Point = ak + ar * G_SPEND
    witness ak param:ak
    assert_not_small_order ak
--- a/scripts/codegen.py
+++ b/scripts/codegen.py
@@ -0,0 +1,31 @@
+# Functions here are called from pism.py using getattr()
+# and the function name as a string.
+
+def witness(line, out, point):
+    return \
+r"""let %s = ecc::EdwardsPoint::witness(
+    cs.namespace(|| "%s"),
+    %s.map(jubjub::ExtendedPoint::from))?;""" % (out, line, point)
+
+def assert_not_small_order(line, point):
+    return '%s.assert_not_small_order(cs.namespace(|| "%s"))?;' % (point, line)
+
+def fr_as_binary_le(line, out, fr):
+    return \
+r"""let %s = boolean::field_into_boolean_vec_le(
+    cs.namespace(|| "%s"), %s)?;""" % (out, line, fr)
+
+def ec_mul_const(line, out, fr, base):
+    return \
+r"""let %s = ecc::fixed_base_multiplication(
+    cs.namespace(|| "%s"),
+    &%s,
+    &%s,
+)?;""" % (out, line, base, fr)
+
+def ec_add(line, out, a, b):
+    return 'let %s = %s.add(cs.namespace(|| "%s"), &%s)?;' % (out, a, line, b)
+
+def emit_ec(line, point):
+    return '%s.inputize(cs.namespace(|| "%s"))?;' % (point, line)
+
--- a/scripts/pism.py
+++ b/scripts/pism.py
@@ -2,6 +2,8 @@ import json
 import os
 import sys

+import codegen
+
 symbol_table = {
    "contract": 1,
    "param": 2,
@@ -9,8 +11,10 @@ symbol_table = {
    "end": 0,

    "witness": 2,
+    "assert_not_small_order": 1,
    "fr_as_binary_le": 2,
    "ec_mul_const": 3,
+    "ec_add": 3,
    "emit_ec": 1
 }

@@ -27,6 +31,9 @@ command_desc = {
        ("EdwardsPoint",    True),
        ("Point",           False)
    ),
+    "assert_not_small_order": (
+        ("EdwardsPoint",    False),
+    ),
    "fr_as_binary_le": (
        ("Vec<Boolean>",    True),
        ("Fr",              False)
@@ -36,6 +43,11 @@ command_desc = {
        ("Vec<Boolean>",    False),
        ("FixedGenerator",  False)
    ),
+    "ec_add": (
+        ("EdwardsPoint",    True),
+        ("EdwardsPoint",    False),
+        ("EdwardsPoint",    False),
+    ),
    "emit_ec": (
        ("EdwardsPoint",    False),
    )
@@ -291,28 +303,14 @@ use zcash_proofs::circuit::ecc;

        args = [self.carg(arg) for arg in args]

-        if command == "witness":
-            out, point = args
-            return \
-r"""let %s = ecc::EdwardsPoint::witness(
-    cs.namespace(|| "%s"),
-    %s.map(jubjub::ExtendedPoint::from))?;""" % (out, line, point)
-        elif command == "fr_as_binary_le":
-            out, fr = args
-            return \
-r"""let %s = boolean::field_into_boolean_vec_le(
-    cs.namespace(|| "%s"), %s)?;""" % (out, line, fr)
-        elif command == "ec_mul_const":
-            out, fr, base = args
-            return \
-r"""let %s = ecc::fixed_base_multiplication(
-    cs.namespace(|| "%s"),
-    &%s,
-    &%s,
-)?;""" % (out, line, base, fr)
-        elif command == "emit_ec":
-            point = args[0]
-            return '%s.inputize(cs.namespace(|| "%s"))?;' % (point, line)
+        try:
+            codegen_method = getattr(codegen, command)
+        except AttributeError:
+            eprint("error: missing command '%s' does not exist" % command)
+            eprint(line)
+            return None
+
+        return codegen_method(line, *args)

    def carg(self, arg):
        argname, is_param = arg
--- a/src/simple.rs
+++ b/src/simple.rs
@@ -1,25 +1,30 @@
 use bellman::groth16;
 use bls12_381::Bls12;
 use ff::Field;
-use group::Curve;
+use group::{Curve, Group};
 mod simple_circuit;
 use simple_circuit::InputSpend;

 fn main() {
    use rand::rngs::OsRng;
-    //let ak = jubjub::SubgroupPoint::random(&mut OsRng);
+
+    let ak = jubjub::SubgroupPoint::random(&mut OsRng);

    let secret: jubjub::Fr = jubjub::Fr::random(&mut OsRng);
-    let public = zcash_primitives::constants::SPENDING_KEY_GENERATOR * secret;
+    let public = zcash_primitives::constants::SPENDING_KEY_GENERATOR * secret + ak;

    let params = {
-        let c = InputSpend { secret: None };
+        let c = InputSpend {
+            secret: None,
+            ak: None,
+        };
        groth16::generate_random_parameters::<Bls12, _, _>(c, &mut OsRng).unwrap()
    };
    let pvk = groth16::prepare_verifying_key(&params.vk);

    let c = InputSpend {
        secret: Some(secret),
+        ak: Some(ak),
    };

    let proof = groth16::create_random_proof(c, &params, &mut OsRng).unwrap();