From 5afd4a930a3f49f42756aa5764cd03a830f10fd3 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Thu, 10 Oct 2019 16:41:10 -0700 Subject: [PATCH] Verifier-specific logic --- .../bulletproofs/constaint_system_test.go | 16 +++++++++---- primitives/bulletproofs/constraint_system.go | 23 +++++++++++++++---- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/primitives/bulletproofs/constaint_system_test.go b/primitives/bulletproofs/constaint_system_test.go index 847a5c8..69d15f5 100644 --- a/primitives/bulletproofs/constaint_system_test.go +++ b/primitives/bulletproofs/constaint_system_test.go @@ -35,15 +35,20 @@ func TestConstraintSystem(t *testing.T) { V3, x_lc := cs.Commit(x, prng.Next()) V4, y_lc := cs.Commit(y, prng.Next()) - cs.VerifierCommit(V1) - cs.VerifierCommit(V2) - cs.VerifierCommit(V3) - cs.VerifierCommit(V4) + vcs := NewConstrainSystem(Setup(2, core.NewTranscript(""))) + va_lc := vcs.VerifierCommit(V1) + vb_lc := vcs.VerifierCommit(V2) + vx_lc := vcs.VerifierCommit(V3) + vy_lc := vcs.VerifierCommit(V4) _, _, in := cs.Multiply(a_lc, b_lc) _, _, out := cs.Multiply(x_lc, y_lc) cs.Constrain(in.Sub(out)) + _, _, vin := vcs.Multiply(va_lc, vb_lc) + _, _, vout := vcs.Multiply(vx_lc, vy_lc) + vcs.Constrain(vin.Sub(vout)) + wL, wR, wO, wV := cs.flatten(core.One()) lhs := new(ristretto.Scalar) @@ -62,7 +67,7 @@ func TestConstraintSystem(t *testing.T) { proof := cs.Prove(cs.params, core.NewTranscript("")) - t.Logf("Proof Result: %v", cs.Verify(proof, cs.params, core.NewTranscript(""))) + t.Logf("Proof Result: %v", vcs.Verify(proof, cs.params, core.NewTranscript(""))) } func TestConstraintSystemMix(t *testing.T) { @@ -81,6 +86,7 @@ func TestConstraintSystemMix(t *testing.T) { V3, x_lc := cs.Commit(four, prng.Next()) V4, y_lc := cs.Commit(two, prng.Next()) + // todo make this an actual verifier! cs.VerifierCommit(V1) cs.VerifierCommit(V2) cs.VerifierCommit(V3) diff --git a/primitives/bulletproofs/constraint_system.go b/primitives/bulletproofs/constraint_system.go index dc0b5ed..e6ab669 100644 --- a/primitives/bulletproofs/constraint_system.go +++ b/primitives/bulletproofs/constraint_system.go @@ -110,7 +110,11 @@ func (cs *ConstraintSystem) eval(lc *LinearCombination) *ristretto.Scalar { case "output": result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, cs.aO[term.Index])) case "committed": - result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, cs.v[term.Index])) + if len(cs.V) > 0 { + result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, core.One())) + } else { + result.Add(result, new(ristretto.Scalar).Multiply(term.Coefficient, cs.v[term.Index])) + } case "one": result.Add(result, term.Coefficient) default: @@ -130,8 +134,10 @@ func (cs *ConstraintSystem) Commit(v *ristretto.Scalar, vBlind *ristretto.Scalar return V, &LinearCombination{[]Term{{Variable{"committed", i}, core.One()}}} } -func (cs *ConstraintSystem) VerifierCommit(V *ristretto.Element) { +func (cs *ConstraintSystem) VerifierCommit(V *ristretto.Element) *LinearCombination { + i := len(cs.V) cs.V = append(cs.V, V) + return &LinearCombination{[]Term{{Variable{"committed", i}, core.One()}}} } // Constrain adds the given linear combination to the constraints vector @@ -148,21 +154,28 @@ func (cs *ConstraintSystem) flatten(z *ristretto.Scalar) (wL core.ScalarVector, wL = make(core.ScalarVector, len(cs.aL)) wR = make(core.ScalarVector, len(cs.aL)) wO = make(core.ScalarVector, len(cs.aL)) - wV = make(core.ScalarVector, len(cs.v)) + var m int + if len(cs.V) > 0 { + m = len(cs.V) + wV = make(core.ScalarVector, len(cs.V)) + } else { + m = len(cs.v) + wV = make(core.ScalarVector, len(cs.v)) + } for i := 0; i < len(cs.aL); i++ { wL[i] = new(ristretto.Scalar) wR[i] = new(ristretto.Scalar) wO[i] = new(ristretto.Scalar) } - for i := 0; i < len(cs.v); i++ { + for i := 0; i < m; i++ { wV[i] = new(ristretto.Scalar) } expZ := new(ristretto.Scalar).Add(z, new(ristretto.Scalar).Zero()) for _, constraint := range cs.constraints { for _, term := range constraint.Terms { - // log.Debugf("term: %v", term) + log.Debugf("term: %v", term) switch term.Enum { case "left": wL[term.Index].Add(wL[term.Index], new(ristretto.Scalar).Multiply(expZ, term.Coefficient))