github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-01-09 22:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
be9013ed31c7291ee0248f276ea109e3d817e9a3
darkfi/src/contract/consensus/proof/reward_v1.zk
parazyd be9013ed31 zkas: Rename "contract" to "witness".
2023-05-10 13:24:02 +02:00

78 lines
2.0 KiB
Plaintext
Raw Blame History

constant "Reward_V1" {
EcFixedPointShort VALUE_COMMIT_VALUE,
EcFixedPoint VALUE_COMMIT_RANDOM,
}
witness "Reward_V1" {
# Burnt coin
Base coin,
# Burnt coin secret key
Base secret_key,
# The value of the burnt coin
Base value,
# The reward value
Base reward,
# Random blinding factor for the value commitment
Scalar value_blind,
# Election seed y
Base mu_y,
# Election seed rho
Base mu_rho,
# Lottery headstart
Base headstart,
# Sigma1
Base sigma1,
# Sigma2
Base sigma2,
}
circuit "Reward_V1" {
# Constants
ZERO = witness_base(0);
SEED_PREFIX = witness_base(3);
# Pedersen commitment for coin's value
vcv = ec_mul_short(value, VALUE_COMMIT_VALUE);
vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
value_commit = ec_add(vcv, vcr);
# Since the value commit is a curve point, we fetch its coordinates
# and constrain them:
constrain_instance(ec_get_x(value_commit));
constrain_instance(ec_get_y(value_commit));
# Pedersen commitment for new coin's value
new_value = base_add(value, reward);
nvcv = ec_mul_short(new_value, VALUE_COMMIT_VALUE);
nvcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM);
new_value_commit = ec_add(nvcv, nvcr);
# Since the new value commit is also a curve point, we'll do the same
# coordinate dance:
constrain_instance(ec_get_x(new_value_commit));
constrain_instance(ec_get_y(new_value_commit));
# Coin y:
seed = poseidon_hash(SEED_PREFIX, coin, secret_key, ZERO);
y = poseidon_hash(seed, mu_y);
constrain_instance(mu_y);
constrain_instance(y);
# Coin rho(seed):
rho = poseidon_hash(seed, mu_rho);
constrain_instance(mu_rho);
constrain_instance(rho);
# Calculate lottery target
term_1 = base_mul(sigma1, value);
term_2 = base_mul(sigma2, value);
shifted_term_2 = base_mul(term_2, value);
target = base_add(term_1, shifted_term_2);
shifted_target = base_add(target, headstart);
constrain_instance(sigma1);
constrain_instance(sigma2);
# Play lottery
less_than_loose(y, shifted_target);
# At this point we've enforced all of our public inputs.
}
Reference in New Issue View Git Blame Copy Permalink