zk-token-sdk: remove non-constant time assign for fee_proof transcript (#27354)
This commit is contained in:
parent
3b01517da6
commit
804dfe0f1a
|
@ -40,6 +40,9 @@ impl FeeSigmaProof {
|
||||||
/// Creates a fee sigma proof assuming that the committed fee is greater than the maximum fee
|
/// Creates a fee sigma proof assuming that the committed fee is greater than the maximum fee
|
||||||
/// bound.
|
/// bound.
|
||||||
///
|
///
|
||||||
|
/// Note: the proof is generated twice via `create_proof_fee_above_max` and
|
||||||
|
/// `create_proof_fee_below_max` to enforce constant time execution.
|
||||||
|
///
|
||||||
/// * `(fee_amount, fee_commitment, fee_opening)` - The amount, Pedersen commitment, and
|
/// * `(fee_amount, fee_commitment, fee_opening)` - The amount, Pedersen commitment, and
|
||||||
/// opening of the transfer fee
|
/// opening of the transfer fee
|
||||||
/// * `(delta_fee, delta_commitment, delta_opening)` - The amount, Pedersen commitment, and
|
/// * `(delta_fee, delta_commitment, delta_opening)` - The amount, Pedersen commitment, and
|
||||||
|
@ -76,24 +79,29 @@ impl FeeSigmaProof {
|
||||||
|
|
||||||
let below_max = u64::ct_gt(&max_fee, &fee_amount);
|
let below_max = u64::ct_gt(&max_fee, &fee_amount);
|
||||||
|
|
||||||
// conditionally assign transcript; transcript is not conditionally selectable
|
// choose one of `proof_fee_above_max` or `proof_fee_below_max` according to whether the
|
||||||
if bool::from(below_max) {
|
// fee amount surpasses max fee
|
||||||
*transcript = transcript_fee_below_max;
|
let fee_max_proof = FeeMaxProof::conditional_select(
|
||||||
} else {
|
|
||||||
*transcript = transcript_fee_above_max;
|
|
||||||
}
|
|
||||||
|
|
||||||
Self {
|
|
||||||
fee_max_proof: FeeMaxProof::conditional_select(
|
|
||||||
&proof_fee_above_max.fee_max_proof,
|
&proof_fee_above_max.fee_max_proof,
|
||||||
&proof_fee_below_max.fee_max_proof,
|
&proof_fee_below_max.fee_max_proof,
|
||||||
below_max,
|
below_max,
|
||||||
),
|
);
|
||||||
fee_equality_proof: FeeEqualityProof::conditional_select(
|
|
||||||
|
let fee_equality_proof = FeeEqualityProof::conditional_select(
|
||||||
&proof_fee_above_max.fee_equality_proof,
|
&proof_fee_above_max.fee_equality_proof,
|
||||||
&proof_fee_below_max.fee_equality_proof,
|
&proof_fee_below_max.fee_equality_proof,
|
||||||
below_max,
|
below_max,
|
||||||
),
|
);
|
||||||
|
|
||||||
|
transcript.append_point(b"Y_max_proof", &fee_max_proof.Y_max_proof);
|
||||||
|
transcript.append_point(b"Y_delta", &fee_equality_proof.Y_delta);
|
||||||
|
transcript.append_point(b"Y_claimed", &fee_equality_proof.Y_claimed);
|
||||||
|
transcript.challenge_scalar(b"c");
|
||||||
|
transcript.challenge_scalar(b"w");
|
||||||
|
|
||||||
|
Self {
|
||||||
|
fee_max_proof,
|
||||||
|
fee_equality_proof,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue