zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mul_fixed: Constrain interpolated window mul to be on curve. 

Co-authored-by: Jack Grigg <jack@electriccoin.co>
This commit is contained in:
therealyingtong 2021-07-03 16:26:37 +08:00
parent 67caed52eb
commit 2536555299
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/circuit/gadget/ecc/chip/mul_fixed.rs
View File

@ -151,7 +151,7 @@ impl<const NUM_WINDOWS: usize> Config<NUM_WINDOWS> {
meta: &mut VirtualCells<'_, pallas::Base>,
toggle: Expression<pallas::Base>,
window: Expression<pallas::Base>,
) -> Vec<Expression<pallas::Base>> {
) -> Vec<(&'static str, Expression<pallas::Base>)> {
let y_p = meta.query_advice(self.y_p, Rotation::cur());
let x_p = meta.query_advice(self.x_p, Rotation::cur());
let z = meta.query_fixed(self.fixed_z, Rotation::cur());
@ -173,11 +173,18 @@ impl<const NUM_WINDOWS: usize> Config<NUM_WINDOWS> {
);
// Check interpolation of x-coordinate
let x_check = interpolated_x - x_p;
let x_check = interpolated_x - x_p.clone();
// Check that `y + z = u^2`, where `z` is fixed and `u`, `y` are witnessed
let y_check = u.clone() * u - y_p - z;
let y_check = u.square() - y_p.clone() - z;
// Check that (x, y) is on the curve
let on_curve =
y_p.square() - x_p.clone().square() * x_p - Expression::Constant(pallas::Affine::b());
vec![toggle.clone() * x_check, toggle * y_check]
vec![
("check x", toggle.clone() * x_check),
("check y", toggle.clone() * y_check),
("on-curve", toggle * on_curve),
]
}
#[allow(clippy::type_complexity)]