pedersen_hash: prints hashes, adds comments

zcash_primitives/src/pedersen_hash.rs

@@ -38,12 +38,14 @@ where
     let mut generators = params.pedersen_hash_exp_table().iter();
 
     loop {
+        // acc is <M_i>
         let mut acc = E::Fs::zero();
         let mut cur = E::Fs::one();
         let mut chunks_remaining = params.pedersen_hash_chunks_per_generator();
         let mut encountered_bits = false;
 
         // Grab three bits from the input
+        // spec: iterate over chunks (a,b,c)
         while let Some(a) = bits.next() {
             encountered_bits = true;
 
@@ -51,6 +53,7 @@ where
             let c = bits.next().unwrap_or(false);
 
             // Start computing this portion of the scalar
+            // tmp is enc(m_j)
             let mut tmp = cur;
             if a {
                 tmp.add_assign(&cur);
@@ -105,3 +108,16 @@ where
 
     result
 }
+
+#[cfg(test)]
+mod test {
+    use crate::jubjub::*;
+
+    #[test]
+    fn test_pedersen_hash_generators() {
+        let params = &JubjubBls12::new();
+        for (i, generator) in params.pedersen_hash_generators().iter().enumerate() {
+            println!("generator {}, x={}, y={}", i, generator.to_xy().0, generator.to_xy().1)
+        }
+    }
+}

zcash_proofs/src/circuit/pedersen_hash.rs

@@ -26,6 +26,7 @@ where
     assert_eq!(personalization.len(), 6);
 
     let mut edwards_result = None;
+    //REVIEW: bit cloning
     let mut bits = personalization.iter().chain(bits.iter()).peekable();
     let mut segment_generators = params.pedersen_circuit_generators().iter();
     let boolean_false = Boolean::constant(false);