forked from cwtch.im/tapir
Verifier-specific logic
This commit is contained in:
parent
ec8c9352ec
commit
5afd4a930a
|
@ -35,15 +35,20 @@ func TestConstraintSystem(t *testing.T) {
|
|||
V3, x_lc := cs.Commit(x, prng.Next())
|
||||
V4, y_lc := cs.Commit(y, prng.Next())
|
||||
|
||||
cs.VerifierCommit(V1)
|
||||
cs.VerifierCommit(V2)
|
||||
cs.VerifierCommit(V3)
|
||||
cs.VerifierCommit(V4)
|
||||
vcs := NewConstrainSystem(Setup(2, core.NewTranscript("")))
|
||||
va_lc := vcs.VerifierCommit(V1)
|
||||
vb_lc := vcs.VerifierCommit(V2)
|
||||
vx_lc := vcs.VerifierCommit(V3)
|
||||
vy_lc := vcs.VerifierCommit(V4)
|
||||
|
||||
_, _, in := cs.Multiply(a_lc, b_lc)
|
||||
_, _, out := cs.Multiply(x_lc, y_lc)
|
||||
cs.Constrain(in.Sub(out))
|
||||
|
||||
_, _, vin := vcs.Multiply(va_lc, vb_lc)
|
||||
_, _, vout := vcs.Multiply(vx_lc, vy_lc)
|
||||
vcs.Constrain(vin.Sub(vout))
|
||||
|
||||
wL, wR, wO, wV := cs.flatten(core.One())
|
||||
|
||||
lhs := new(ristretto.Scalar)
|
||||
|
@ -62,7 +67,7 @@ func TestConstraintSystem(t *testing.T) {
|
|||
|
||||
proof := cs.Prove(cs.params, core.NewTranscript(""))
|
||||
|
||||
t.Logf("Proof Result: %v", cs.Verify(proof, cs.params, core.NewTranscript("")))
|
||||
t.Logf("Proof Result: %v", vcs.Verify(proof, cs.params, core.NewTranscript("")))
|
||||
}
|
||||
|
||||
func TestConstraintSystemMix(t *testing.T) {
|
||||
|
@ -81,6 +86,7 @@ func TestConstraintSystemMix(t *testing.T) {
|
|||
V3, x_lc := cs.Commit(four, prng.Next())
|
||||
V4, y_lc := cs.Commit(two, prng.Next())
|
||||
|
||||
// todo make this an actual verifier!
|
||||
cs.VerifierCommit(V1)
|
||||
cs.VerifierCommit(V2)
|
||||
cs.VerifierCommit(V3)
|
||||
|
|
|
@ -110,7 +110,11 @@ func (cs *ConstraintSystem) eval(lc *LinearCombination) *ristretto.Scalar {
|
|||
case "output":
|
||||
result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, cs.aO[term.Index]))
|
||||
case "committed":
|
||||
result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, cs.v[term.Index]))
|
||||
if len(cs.V) > 0 {
|
||||
result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, core.One()))
|
||||
} else {
|
||||
result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, cs.v[term.Index]))
|
||||
}
|
||||
case "one":
|
||||
result.Add(result, term.Coefficient)
|
||||
default:
|
||||
|
@ -130,8 +134,10 @@ func (cs *ConstraintSystem) Commit(v *ristretto.Scalar, vBlind *ristretto.Scalar
|
|||
return V, &LinearCombination{[]Term{{Variable{"committed", i}, core.One()}}}
|
||||
}
|
||||
|
||||
func (cs *ConstraintSystem) VerifierCommit(V *ristretto.Element) {
|
||||
func (cs *ConstraintSystem) VerifierCommit(V *ristretto.Element) *LinearCombination {
|
||||
i := len(cs.V)
|
||||
cs.V = append(cs.V, V)
|
||||
return &LinearCombination{[]Term{{Variable{"committed", i}, core.One()}}}
|
||||
}
|
||||
|
||||
// Constrain adds the given linear combination to the constraints vector
|
||||
|
@ -148,21 +154,28 @@ func (cs *ConstraintSystem) flatten(z *ristretto.Scalar) (wL core.ScalarVector,
|
|||
wL = make(core.ScalarVector, len(cs.aL))
|
||||
wR = make(core.ScalarVector, len(cs.aL))
|
||||
wO = make(core.ScalarVector, len(cs.aL))
|
||||
wV = make(core.ScalarVector, len(cs.v))
|
||||
var m int
|
||||
if len(cs.V) > 0 {
|
||||
m = len(cs.V)
|
||||
wV = make(core.ScalarVector, len(cs.V))
|
||||
} else {
|
||||
m = len(cs.v)
|
||||
wV = make(core.ScalarVector, len(cs.v))
|
||||
}
|
||||
|
||||
for i := 0; i < len(cs.aL); i++ {
|
||||
wL[i] = new(ristretto.Scalar)
|
||||
wR[i] = new(ristretto.Scalar)
|
||||
wO[i] = new(ristretto.Scalar)
|
||||
}
|
||||
for i := 0; i < len(cs.v); i++ {
|
||||
for i := 0; i < m; i++ {
|
||||
wV[i] = new(ristretto.Scalar)
|
||||
}
|
||||
|
||||
expZ := new(ristretto.Scalar).Add(z, new(ristretto.Scalar).Zero())
|
||||
for _, constraint := range cs.constraints {
|
||||
for _, term := range constraint.Terms {
|
||||
// log.Debugf("term: %v", term)
|
||||
log.Debugf("term: %v", term)
|
||||
switch term.Enum {
|
||||
case "left":
|
||||
wL[term.Index].Add(wL[term.Index], new(ristretto.Scalar).Multiply(expZ, term.Coefficient))
|
||||
|
|
Loading…
Reference in New Issue