hush
/
hush3
9
0
Fork 11
Code Issues 143 Pull Requests 2 Projects Releases 16 Wiki Activity
Hush Full Node software. We were censored from Github, this is where all development happens now. https://hush.is
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8771 Commits
30 Branches
82 Tags
217 MiB
Tree: e5f7c49d55
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e5f7c49d55'
${ noResults }
hush3/src/zcash/circuit/note.tcc

190 lines
5.5 KiB
Raw Normal View History

zkSNARK: Enforce spend-authority of input notes.
8 years ago
template<typename FieldT>
class note_gadget : public gadget<FieldT> {
public:
pb_variable_array<FieldT> value;
std::shared_ptr<digest_variable<FieldT>> r;
note_gadget(protoboard<FieldT> &pb) : gadget<FieldT>(pb) {
value.allocate(pb, 64);
r.reset(new digest_variable<FieldT>(pb, 256, ""));
}
void generate_r1cs_constraints() {
for (size_t i = 0; i < 64; i++) {
generate_boolean_r1cs_constraint<FieldT>(
this->pb,
value[i],
"boolean_value"
);
}
r->generate_r1cs_constraints();
}
void generate_r1cs_witness(const Note& note) {
r->bits.fill_with_bits(this->pb, uint256_to_bool_vector(note.r));
value.fill_with_bits(this->pb, uint64_to_bool_vector(note.value));
}
};
template<typename FieldT>
class input_note_gadget : public note_gadget<FieldT> {
zkSNARK: Authenticate h_sig with a_sk
8 years ago
private:
zkSNARK: Enforce spend-authority of input notes.
8 years ago
std::shared_ptr<digest_variable<FieldT>> a_pk;
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
std::shared_ptr<digest_variable<FieldT>> rho;
zkSNARK: Enforce spend-authority of input notes.
8 years ago
std::shared_ptr<PRF_addr_a_pk_gadget<FieldT>> spend_authority;
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
std::shared_ptr<PRF_nf_gadget<FieldT>> expose_nullifiers;
zkSNARK: Authenticate h_sig with a_sk
8 years ago
public:
std::shared_ptr<digest_variable<FieldT>> a_sk;
zkSNARK: Enforce spend-authority of input notes.
8 years ago
input_note_gadget(
protoboard<FieldT>& pb,
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
pb_variable<FieldT>& ZERO,
std::shared_ptr<digest_variable<FieldT>> nullifier
zkSNARK: Enforce spend-authority of input notes.
8 years ago
) : note_gadget<FieldT>(pb) {
a_sk.reset(new digest_variable<FieldT>(pb, 252, ""));
a_pk.reset(new digest_variable<FieldT>(pb, 256, ""));
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
rho.reset(new digest_variable<FieldT>(pb, 256, ""));
zkSNARK: Enforce spend-authority of input notes.
8 years ago
spend_authority.reset(new PRF_addr_a_pk_gadget<FieldT>(
pb,
ZERO,
a_sk->bits,
a_pk
));
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
expose_nullifiers.reset(new PRF_nf_gadget<FieldT>(
pb,
ZERO,
a_sk->bits,
rho->bits,
nullifier
));
zkSNARK: Enforce spend-authority of input notes.
8 years ago
}
void generate_r1cs_constraints() {
note_gadget<FieldT>::generate_r1cs_constraints();
a_sk->generate_r1cs_constraints();
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
rho->generate_r1cs_constraints();
zkSNARK: Enforce spend-authority of input notes.
8 years ago
// TODO: This constraint may not be necessary if SHA256
// already boolean constrains its outputs.
a_pk->generate_r1cs_constraints();
spend_authority->generate_r1cs_constraints();
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
expose_nullifiers->generate_r1cs_constraints();
zkSNARK: Enforce spend-authority of input notes.
8 years ago
}
void generate_r1cs_witness(const SpendingKey& key, const Note& note) {
note_gadget<FieldT>::generate_r1cs_witness(note);
// Witness a_sk for the input
a_sk->bits.fill_with_bits(
this->pb,
trailing252(uint256_to_bool_vector(key))
);
// Witness a_pk for a_sk with PRF_addr
spend_authority->generate_r1cs_witness();
// [SANITY CHECK] Witness a_pk with note information
a_pk->bits.fill_with_bits(
this->pb,
uint256_to_bool_vector(note.a_pk)
);
zkSNARK: Enforce disclosure of input note nullifiers
8 years ago
// Witness rho for the input note
rho->bits.fill_with_bits(
this->pb,
uint256_to_bool_vector(note.rho)
);
// Witness the nullifier for the input note
expose_nullifiers->generate_r1cs_witness();
zkSNARK: Enforce spend-authority of input notes.
8 years ago
}
};
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
template<typename FieldT>
class output_note_gadget : public note_gadget<FieldT> {
private:
std::shared_ptr<digest_variable<FieldT>> rho;
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
std::shared_ptr<digest_variable<FieldT>> a_pk;
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
std::shared_ptr<PRF_rho_gadget<FieldT>> prevent_faerie_gold;
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
std::shared_ptr<note_commitment_gadget<FieldT>> commit_to_outputs;
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
public:
output_note_gadget(
protoboard<FieldT>& pb,
pb_variable<FieldT>& ZERO,
pb_variable_array<FieldT>& phi,
pb_variable_array<FieldT>& h_sig,
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
bool nonce,
std::shared_ptr<digest_variable<FieldT>> commitment
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
) : note_gadget<FieldT>(pb) {
rho.reset(new digest_variable<FieldT>(pb, 256, ""));
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
a_pk.reset(new digest_variable<FieldT>(pb, 256, ""));
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
// Do not allow the caller to choose the same "rho"
// for any two valid notes in a given view of the
// blockchain. See protocol specification for more
// details.
prevent_faerie_gold.reset(new PRF_rho_gadget<FieldT>(
pb,
ZERO,
phi,
h_sig,
nonce,
rho
));
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
// Commit to the output notes publicly without
// disclosing them.
commit_to_outputs.reset(new note_commitment_gadget<FieldT>(
pb,
ZERO,
a_pk->bits,
this->value,
rho->bits,
this->r->bits,
commitment
));
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
}
void generate_r1cs_constraints() {
note_gadget<FieldT>::generate_r1cs_constraints();
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
a_pk->generate_r1cs_constraints();
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
// TODO: This constraint may not be necessary if SHA256
// already boolean constrains its outputs.
rho->generate_r1cs_constraints();
prevent_faerie_gold->generate_r1cs_constraints();
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
commit_to_outputs->generate_r1cs_constraints();
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
}
void generate_r1cs_witness(const Note& note) {
note_gadget<FieldT>::generate_r1cs_witness(note);
prevent_faerie_gold->generate_r1cs_witness();
// [SANITY CHECK] Witness rho ourselves with the
// note information.
rho->bits.fill_with_bits(
this->pb,
uint256_to_bool_vector(note.rho)
);
zkSNARK: Enforce disclosure of commitments to output notes.
8 years ago
a_pk->bits.fill_with_bits(
this->pb,
uint256_to_bool_vector(note.a_pk)
);
commit_to_outputs->generate_r1cs_witness();
zkSNARK: Enforce that new output notes have unique `rho` to prevent faerie gold attack.
8 years ago
}
};