-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcircuit1.go
108 lines (88 loc) · 2.77 KB
/
circuit1.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package main
import (
"math/big"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/std/hash/mimc"
"github.com/consensys/gnark/std/math/cmp"
"github.com/consensys/gnark/backend/groth16"
"github.com/consensys/gnark/backend/witness"
"github.com/consensys/gnark/constraint"
"github.com/consensys/gnark/frontend/cs/r1cs"
)
type Circuit1 struct {
// public parameters
X1 frontend.Variable `gnark:",public"`
X2 frontend.Variable `gnark:",public"`
X3 frontend.Variable `gnark:",public"`
// secret parameters
W1 frontend.Variable
W2 frontend.Variable
W3 frontend.Variable
W4 frontend.Variable
W5 frontend.Variable
W6 frontend.Variable
W7 frontend.Variable
W8 frontend.Variable
W9 frontend.Variable
W10 frontend.Variable
W11 frontend.Variable
W12 frontend.Variable
W13 frontend.Variable
W14 frontend.Variable
W15 frontend.Variable
W16 frontend.Variable
}
func (c *Circuit1) Define(api frontend.API) error {
// hash function
hfunc, _ := mimc.NewMiMC(api)
// Compute the old reciever SCM
hfunc.Reset()
hfunc.Write(c.W3, c.W4, c.W8, c.W9, c.W5, c.W1, c.W12, c.W2)
receiverSCMOld := hfunc.Sum()
// Ensure that the blinded SCM was computed correctly
hfunc.Reset()
hfunc.Write(receiverSCMOld, c.W16)
api.AssertIsEqual(c.W15, hfunc.Sum())
// Ensure the transaction committment was computed correctly
hfunc.Reset()
hfunc.Write(c.W11, c.W10, c.W15, c.W7, c.W6)
api.AssertIsEqual(c.X3, hfunc.Sum())
// Ensure the new receiver SCM was computed correctly
hfunc.Reset()
hfunc.Write(c.W3, api.Add(c.W4, c.W10), receiverSCMOld, c.W7, c.W5, c.W1, c.W13, c.W2)
api.AssertIsEqual(c.X1, hfunc.Sum())
// Prove that the dependency committment was computed correctly
hfunc.Reset()
hfunc.Write(c.W14, receiverSCMOld, c.W7)
api.AssertIsEqual(c.X2, hfunc.Sum())
// Prove that the new balance is lower than the holding limit
api.AssertIsLessOrEqual(api.Add(c.W4, c.W10), c.W2)
// Prove epoch difference is low enough
sign := cmp.IsLessOrEqual(api, c.W6, c.W5)
sub := api.Select(sign, api.Sub(c.W5, c.W6), api.Sub(c.W6, c.W5))
api.AssertIsLessOrEqual(sub, big.NewInt(50))
return nil
}
func ComputeProofC1(field, outer *big.Int, assignment *Circuit1, bn254 bool) (constraint.ConstraintSystem, groth16.VerifyingKey, witness.Witness, groth16.Proof) {
innerCcs, err := frontend.Compile(field, r1cs.NewBuilder, &Circuit1{})
if err != nil {
panic(err)
}
innerPK, innerVK, err := groth16.Setup(innerCcs)
if err != nil {
panic(err)
}
innerWitness, err := frontend.NewWitness(assignment, field)
if err != nil {
panic(err)
}
innerProof, err := groth16.Prove(innerCcs, innerPK, innerWitness)
if err != nil {
panic(err)
}
innerPubWitness, err := innerWitness.Public()
if err != nil {
panic(err)
}
return innerCcs, innerVK, innerPubWitness, innerProof
}