Qortal/pirate-librustzcash
1
0
Fork 1
mirror of https://github.com/Qortal/pirate-librustzcash.git synced 2025-08-01 12:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Utility for witnessing points on the curve.

Browse Source
This commit is contained in:
Sean Bowe
2018-02-20 18:36:53 -07:00
parent c221bc9126
commit e8480a2b2c
1 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/circuit/ecc.rs
View File

@@ -18,6 +18,7 @@ use super::num::{
}; };
use ::jubjub::{ use ::jubjub::{
edwards,
JubjubEngine, JubjubEngine,
JubjubParams, JubjubParams,
FixedGenerators FixedGenerators
@@ -91,6 +92,41 @@ pub fn fixed_base_multiplication<E, CS>(
} }
impl<E: JubjubEngine> EdwardsPoint<E> { impl<E: JubjubEngine> EdwardsPoint<E> {
/// This 'witnesses' a point inside the constraint system.
/// It guarantees the point is on the curve.
pub fn witness<Order, CS>(
mut cs: CS,
p: Option<edwards::Point<E, Order>>,
params: &E::Params
) -> Result<Self, SynthesisError>
where CS: ConstraintSystem<E>
{
let p = p.map(|p| p.into_xy());
// Allocate x
let x = AllocatedNum::alloc(
cs.namespace(|| "x"),
|| {
Ok(p.get()?.0)
}
)?;
// Allocate y
let y = AllocatedNum::alloc(
cs.namespace(|| "y"),
|| {
Ok(p.get()?.1)
}
)?;
Self::interpret(
cs.namespace(|| "point interpretation"),
&x,
&y,
params
)
}
/// This extracts the x-coordinate, which is an injective /// This extracts the x-coordinate, which is an injective
/// encoding for elements of the prime order subgroup. /// encoding for elements of the prime order subgroup.
pub fn into_num(&self) -> AllocatedNum<E> { pub fn into_num(&self) -> AllocatedNum<E> {
@@ -723,6 +759,23 @@ mod test {
let params = &JubjubBls12::new(); let params = &JubjubBls12::new();
let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
for _ in 0..100 {
let p = edwards::Point::<Bls12, _>::rand(rng, &params);
let mut cs = TestConstraintSystem::<Bls12>::new();
let q = EdwardsPoint::witness(
&mut cs,
Some(p.clone()),
&params
).unwrap();
let p = p.into_xy();
assert!(cs.is_satisfied());
assert_eq!(q.x.get_value().unwrap(), p.0);
assert_eq!(q.y.get_value().unwrap(), p.1);
}
for _ in 0..100 { for _ in 0..100 {
let p = edwards::Point::<Bls12, _>::rand(rng, &params); let p = edwards::Point::<Bls12, _>::rand(rng, &params);
let (x, y) = p.into_xy(); let (x, y) = p.into_xy();