mirror of
https://github.com/darkrenaissance/darkfi.git
synced 2026-01-08 22:28:12 -05:00
64 lines
1.6 KiB
Plaintext
64 lines
1.6 KiB
Plaintext
# The k parameter defining the number of rows used in our circuit (2^k)
|
|
k = 13;
|
|
field = "pallas";
|
|
|
|
# The constants we define for our circuit
|
|
constant "Mint_V1" {
|
|
EcFixedPointShort VALUE_COMMIT_VALUE,
|
|
EcFixedPoint VALUE_COMMIT_RANDOM,
|
|
EcFixedPointBase NULLIFIER_K,
|
|
}
|
|
|
|
# The witness values we define for our circuit
|
|
witness "Mint_V1" {
|
|
# X coordinate for public key
|
|
Base pub_x,
|
|
# Y coordinate for public key
|
|
Base pub_y,
|
|
# The value of this coin
|
|
Base value,
|
|
# The token ID
|
|
Base token,
|
|
# Unique serial number corresponding to this coin
|
|
Base serial,
|
|
# Allows composing this ZK proof to invoke other contracts
|
|
Base spend_hook,
|
|
# Data passed from this coin to the invoked contract
|
|
Base user_data,
|
|
# Random blinding factor for the value commitment
|
|
Scalar value_blind,
|
|
# Random blinding factor for the token ID
|
|
Base token_blind,
|
|
}
|
|
|
|
# The definition of our circuit
|
|
circuit "Mint_V1" {
|
|
# Poseidon hash of the coin
|
|
C = poseidon_hash(
|
|
pub_x,
|
|
pub_y,
|
|
value,
|
|
token,
|
|
serial,
|
|
spend_hook,
|
|
user_data,
|
|
);
|
|
constrain_instance(C);
|
|
|
|
# Pedersen commitment for coin's value
|
|
vcv = ec_mul_short(value, VALUE_COMMIT_VALUE);
|
|
vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
|
|
value_commit = ec_add(vcv, vcr);
|
|
# Since the value commit is a curve point, we fetch its coordinates
|
|
# and constrain them:
|
|
constrain_instance(ec_get_x(value_commit));
|
|
constrain_instance(ec_get_y(value_commit));
|
|
|
|
# Commitment for coin's token ID. We do a poseidon hash since it's
|
|
# cheaper than EC operations and doesn't need the homomorphic prop.
|
|
token_commit = poseidon_hash(token, token_blind);
|
|
constrain_instance(token_commit);
|
|
|
|
# At this point we've enforced all of our public inputs.
|
|
}
|