Files
dusk_plonk
commitment_scheme
kzg10
errors.rskey.rsmod.rssrs.rs
mod.rs
constraint_system
ecc
gates.rsmod.rs
arithmetic.rsboolean.rscomposer.rscs_errors.rslogic.rsmod.rsrange.rsvariable.rs
fft
domain.rsevaluations.rsfft_errors.rsmod.rspolynomial.rs
permutation
constants.rsmod.rspermutation.rs
proof_system
widget
arithmetic
mod.rsproverkey.rsverifierkey.rs
ecc
mod.rsproverkey.rsverifierkey.rs
logic
mod.rsproverkey.rsverifierkey.rs
permutation
mod.rsproverkey.rsverifierkey.rs
range
mod.rsproverkey.rsverifierkey.rs
mod.rs
linearisation_poly.rsmod.rspreprocess.rsproof.rsproof_system_errors.rsprover.rsquotient_poly.rsverifier.rs
bit_iterator.rslib.rsprelude.rstranscript.rsutil.rs
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

use super::Point;
use crate::constraint_system::StandardComposer;
use crate::constraint_system::Variable;
use dusk_bls12_381::Scalar;

#[derive(Debug, Clone, Copy)]
/// Contains all of the components needed to verify that a bit scalar multiplication was computed correctly
pub(crate) struct WnafRound {
    /// This is the accumulated x coordinate point that we wish to add (so far.. depends on where you are in the scalar mul)
    /// it is linked to the wnaf entry, so must not be revealed
    pub acc_x: Variable,
    /// This is the accumulated y coordinate
    pub acc_y: Variable,

    /// This is the wnaf accumulated entry
    /// For all intents and purposes, you can think of this as the secret bit
    pub accumulated_bit: Variable,

    /// This is the multiplication of x_\alpha * y_\alpha
    /// we need this as a distinct wire, so that the degree of the polynomial does not go over 4
    pub xy_alpha: Variable,
    /// This is the possible x co-ordinate of the wnaf point we are going to add
    /// Actual x-co-ordinate = b_i * x_\beta
    pub x_beta: Scalar,
    /// This is the possible y co-ordinate of the wnaf point we are going to add
    /// Actual y coordinate = (b_i)^2 [y_\beta -1] + 1
    pub y_beta: Scalar,
    /// This is the multiplication of x_\beta * y_\beta
    pub xy_beta: Scalar,
}

impl StandardComposer {
    /// Fixed group addition of a jubjub point
    pub(crate) fn new_fixed_group_add(&mut self, wnaf_round: WnafRound) {
        self.w_l.push(wnaf_round.acc_x);
        self.w_r.push(wnaf_round.acc_y);
        self.w_o.push(wnaf_round.xy_alpha);
        self.w_4.push(wnaf_round.accumulated_bit);

        self.q_l.push(wnaf_round.x_beta);
        self.q_r.push(wnaf_round.y_beta);

        self.q_c.push(wnaf_round.xy_beta);
        self.q_o.push(Scalar::zero());
        self.q_ecc.push(Scalar::one());

        self.q_m.push(Scalar::zero());
        self.q_4.push(Scalar::zero());
        self.q_arith.push(Scalar::zero());
        self.q_range.push(Scalar::zero());
        self.q_logic.push(Scalar::zero());

        self.public_inputs.push(Scalar::zero());

        self.perm.add_variables_to_map(
            wnaf_round.acc_x,
            wnaf_round.acc_y,
            wnaf_round.xy_alpha,
            wnaf_round.accumulated_bit,
            self.n,
        );

        self.n += 1;
    }

    /// Asserts that a point in the circuit is equal to a known public point
    pub fn assert_equal_public_point(
        &mut self,
        point: Point,
        public_point: dusk_jubjub::AffinePoint,
    ) {
        self.constrain_to_constant(point.x, Scalar::zero(), -public_point.get_x());
        self.constrain_to_constant(point.y, Scalar::zero(), -public_point.get_y());
    }
    /// Asserts that a point in the circuit is equal to another point in the circuit
    pub fn assert_equal_point(&mut self, point_a: Point, point_b: Point) {
        self.assert_equal(point_a.x, point_b.x);
        self.assert_equal(point_a.y, point_b.y);
    }
}