zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Account for change in bellman's API for enforcement to use closures.

This commit is contained in:
Sean Bowe 2018-02-07 16:26:57 -07:00
parent c8cc190781
commit 683aa93b44
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
7 changed files with 172 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@ -16,7 +16,7 @@ features = ["expose-arith"]
rand = "0.3"
blake2 = "0.7"
digest = "0.7"
bellman = "0.0.7"
bellman = "0.0.8"
[features]
default = ["u128-support"]

42
src/circuit/boolean.rs
View File

@ -55,9 +55,9 @@ impl<Var: Copy> AllocatedBit<Var> {
let one = cs.one();
cs.enforce(
|| "boolean constraint",
LinearCombination::zero() + one - var,
LinearCombination::zero() + var,
LinearCombination::zero()
|lc| lc + one - var,
|lc| lc + var,
|lc| lc
);
Ok(AllocatedBit {
@ -107,9 +107,9 @@ impl<Var: Copy> AllocatedBit<Var> {
// (a + a) * b = a + b - c
cs.enforce(
|| "xor constraint",
LinearCombination::zero() + a.variable + a.variable,
LinearCombination::zero() + b.variable,
LinearCombination::zero() + a.variable + b.variable - result_var
|lc| lc + a.variable + a.variable,
|lc| lc + b.variable,
|lc| lc + a.variable + b.variable - result_var
);
Ok(AllocatedBit {
@ -146,9 +146,9 @@ impl<Var: Copy> AllocatedBit<Var> {
// a AND b are both 1.
cs.enforce(
|| "and constraint",
LinearCombination::zero() + a.variable,
LinearCombination::zero() + b.variable,
LinearCombination::zero() + result_var
|lc| lc + a.variable,
|lc| lc + b.variable,
|lc| lc + result_var
);
Ok(AllocatedBit {
@ -185,9 +185,9 @@ impl<Var: Copy> AllocatedBit<Var> {
let one = cs.one();
cs.enforce(
|| "and not constraint",
LinearCombination::zero() + a.variable,
LinearCombination::zero() + one - b.variable,
LinearCombination::zero() + result_var
|lc| lc + a.variable,
|lc| lc + one - b.variable,
|lc| lc + result_var
);
Ok(AllocatedBit {
@ -224,9 +224,9 @@ impl<Var: Copy> AllocatedBit<Var> {
let one = cs.one();
cs.enforce(
|| "nor constraint",
LinearCombination::zero() + one - a.variable,
LinearCombination::zero() + one - b.variable,
LinearCombination::zero() + result_var
|lc| lc + one - a.variable,
|lc| lc + one - b.variable,
|lc| lc + result_var
);
Ok(AllocatedBit {
@ -401,9 +401,9 @@ impl<Var: Copy> Boolean<Var> {
Boolean::Is(ref res) => {
cs.enforce(
|| "enforce nand",
LinearCombination::zero(),
LinearCombination::zero(),
LinearCombination::zero() + res.get_variable()
|lc| lc,
|lc| lc,
|lc| lc + res.get_variable()
);
Ok(())
@ -412,9 +412,9 @@ impl<Var: Copy> Boolean<Var> {
let one = cs.one();
cs.enforce(
|| "enforce nand",
LinearCombination::zero(),
LinearCombination::zero(),
LinearCombination::zero() + one - res.get_variable()
|lc| lc,
|lc| lc,
|lc| lc + one - res.get_variable()
);
Ok(())

67
src/circuit/lookup.rs
View File

@ -3,8 +3,7 @@ use super::*;
use super::num::AllocatedNum;
use super::boolean::Boolean;
use bellman::{
ConstraintSystem,
LinearCombination
ConstraintSystem
};
// Synthesize the constants for each base pattern.
@ -89,30 +88,30 @@ pub fn lookup3_xy<E: Engine, CS, Var: Copy>(
cs.enforce(
|| "x-coordinate lookup",
LinearCombination::<Var, E>::zero() + (x_coeffs[0b001], one)
+ &bits[1].lc::<E>(one, x_coeffs[0b011])
+ &bits[2].lc::<E>(one, x_coeffs[0b101])
+ &precomp.lc::<E>(one, x_coeffs[0b111]),
LinearCombination::<Var, E>::zero() + &bits[0].lc::<E>(one, E::Fr::one()),
LinearCombination::<Var, E>::zero() + res_x.get_variable()
- (x_coeffs[0b000], one)
- &bits[1].lc::<E>(one, x_coeffs[0b010])
- &bits[2].lc::<E>(one, x_coeffs[0b100])
- &precomp.lc::<E>(one, x_coeffs[0b110]),
|lc| lc + (x_coeffs[0b001], one)
+ &bits[1].lc::<E>(one, x_coeffs[0b011])
+ &bits[2].lc::<E>(one, x_coeffs[0b101])
+ &precomp.lc::<E>(one, x_coeffs[0b111]),
|lc| lc + &bits[0].lc::<E>(one, E::Fr::one()),
|lc| lc + res_x.get_variable()
- (x_coeffs[0b000], one)
- &bits[1].lc::<E>(one, x_coeffs[0b010])
- &bits[2].lc::<E>(one, x_coeffs[0b100])
- &precomp.lc::<E>(one, x_coeffs[0b110]),
);
cs.enforce(
|| "y-coordinate lookup",
LinearCombination::<Var, E>::zero() + (y_coeffs[0b001], one)
+ &bits[1].lc::<E>(one, y_coeffs[0b011])
+ &bits[2].lc::<E>(one, y_coeffs[0b101])
+ &precomp.lc::<E>(one, y_coeffs[0b111]),
LinearCombination::<Var, E>::zero() + &bits[0].lc::<E>(one, E::Fr::one()),
LinearCombination::<Var, E>::zero() + res_y.get_variable()
- (y_coeffs[0b000], one)
- &bits[1].lc::<E>(one, y_coeffs[0b010])
- &bits[2].lc::<E>(one, y_coeffs[0b100])
- &precomp.lc::<E>(one, y_coeffs[0b110]),
|lc| lc + (y_coeffs[0b001], one)
+ &bits[1].lc::<E>(one, y_coeffs[0b011])
+ &bits[2].lc::<E>(one, y_coeffs[0b101])
+ &precomp.lc::<E>(one, y_coeffs[0b111]),
|lc| lc + &bits[0].lc::<E>(one, E::Fr::one()),
|lc| lc + res_y.get_variable()
- (y_coeffs[0b000], one)
- &bits[1].lc::<E>(one, y_coeffs[0b010])
- &bits[2].lc::<E>(one, y_coeffs[0b100])
- &precomp.lc::<E>(one, y_coeffs[0b110]),
);
Ok((res_x, res_y))
@ -172,22 +171,22 @@ pub fn lookup3_xy_with_conditional_negation<E: Engine, CS, Var: Copy>(
cs.enforce(
|| "x-coordinate lookup",
LinearCombination::<Var, E>::zero() + (x_coeffs[0b01], one)
+ &bits[1].lc::<E>(one, x_coeffs[0b11]),
LinearCombination::<Var, E>::zero() + &bits[0].lc::<E>(one, E::Fr::one()),
LinearCombination::<Var, E>::zero() + res_x.get_variable()
- (x_coeffs[0b00], one)
- &bits[1].lc::<E>(one, x_coeffs[0b10])
|lc| lc + (x_coeffs[0b01], one)
+ &bits[1].lc::<E>(one, x_coeffs[0b11]),
|lc| lc + &bits[0].lc::<E>(one, E::Fr::one()),
|lc| lc + res_x.get_variable()
- (x_coeffs[0b00], one)
- &bits[1].lc::<E>(one, x_coeffs[0b10])
);
cs.enforce(
|| "y-coordinate lookup",
LinearCombination::<Var, E>::zero() + (y_coeffs[0b01], one)
+ &bits[1].lc::<E>(one, y_coeffs[0b11]),
LinearCombination::<Var, E>::zero() + &bits[0].lc::<E>(one, E::Fr::one()),
LinearCombination::<Var, E>::zero() + res_y.get_variable()
- (y_coeffs[0b00], one)
- &bits[1].lc::<E>(one, y_coeffs[0b10])
|lc| lc + (y_coeffs[0b01], one)
+ &bits[1].lc::<E>(one, y_coeffs[0b11]),
|lc| lc + &bits[0].lc::<E>(one, E::Fr::one()),
|lc| lc + res_y.get_variable()
- (y_coeffs[0b00], one)
- &bits[1].lc::<E>(one, y_coeffs[0b10])
);
let final_y = res_y.conditionally_negate(&mut cs, &bits[2])?;

145
src/circuit/mont.rs
View File

@ -5,8 +5,7 @@ use pairing::{
use bellman::{
SynthesisError,
ConstraintSystem,
LinearCombination
ConstraintSystem
};
use super::{
@ -122,9 +121,9 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
let one = cs.one();
cs.enforce(
|| "x' computation",
LinearCombination::<Var, E>::zero() + self.x.get_variable(),
condition.lc(one, E::Fr::one()),
LinearCombination::<Var, E>::zero() + x_prime.get_variable()
|lc| lc + self.x.get_variable(),
|_| condition.lc(one, E::Fr::one()),
|lc| lc + x_prime.get_variable()
);
// Compute y' = self.y if condition, and 1 otherwise
@ -141,9 +140,9 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
// if condition is 1, y' must be y
cs.enforce(
|| "y' computation",
LinearCombination::<Var, E>::zero() + self.y.get_variable(),
condition.lc(one, E::Fr::one()),
LinearCombination::<Var, E>::zero() + y_prime.get_variable()
|lc| lc + self.y.get_variable(),
|_| condition.lc(one, E::Fr::one()),
|lc| lc + y_prime.get_variable()
- &condition.not().lc(one, E::Fr::one())
);
@ -225,11 +224,11 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
let one = cs.one();
cs.enforce(
|| "on curve check",
LinearCombination::zero() - x2.get_variable()
+ y2.get_variable(),
LinearCombination::zero() + one,
LinearCombination::zero() + one
+ (*params.edwards_d(), x2y2.get_variable())
|lc| lc - x2.get_variable()
+ y2.get_variable(),
|lc| lc + one,
|lc| lc + one
+ (*params.edwards_d(), x2y2.get_variable())
);
Ok(EdwardsPoint {
@ -272,11 +271,11 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
cs.enforce(
|| "U computation",
LinearCombination::<Var, E>::zero() + self.x.get_variable()
+ self.y.get_variable(),
LinearCombination::<Var, E>::zero() + other.x.get_variable()
+ other.y.get_variable(),
LinearCombination::<Var, E>::zero() + u.get_variable()
|lc| lc + self.x.get_variable()
+ self.y.get_variable(),
|lc| lc + other.x.get_variable()
+ other.y.get_variable(),
|lc| lc + u.get_variable()
);
// Compute A = y2 * x1
@ -296,9 +295,9 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
cs.enforce(
|| "C computation",
LinearCombination::<Var, E>::zero() + (*params.edwards_d(), a.get_variable()),
LinearCombination::<Var, E>::zero() + b.get_variable(),
LinearCombination::<Var, E>::zero() + c.get_variable()
|lc| lc + (*params.edwards_d(), a.get_variable()),
|lc| lc + b.get_variable(),
|lc| lc + c.get_variable()
);
// Compute x3 = (A + B) / (1 + C)
@ -324,10 +323,10 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
let one = cs.one();
cs.enforce(
|| "x3 computation",
LinearCombination::<Var, E>::zero() + one + c.get_variable(),
LinearCombination::<Var, E>::zero() + x3.get_variable(),
LinearCombination::<Var, E>::zero() + a.get_variable()
+ b.get_variable()
|lc| lc + one + c.get_variable(),
|lc| lc + x3.get_variable(),
|lc| lc + a.get_variable()
+ b.get_variable()
);
// Compute y3 = (U - A - B) / (1 - C)
@ -353,11 +352,11 @@ impl<E: JubjubEngine, Var: Copy> EdwardsPoint<E, Var> {
cs.enforce(
|| "y3 computation",
LinearCombination::<Var, E>::zero() + one - c.get_variable(),
LinearCombination::<Var, E>::zero() + y3.get_variable(),
LinearCombination::<Var, E>::zero() + u.get_variable()
- a.get_variable()
- b.get_variable()
|lc| lc + one - c.get_variable(),
|lc| lc + y3.get_variable(),
|lc| lc + u.get_variable()
- a.get_variable()
- b.get_variable()
);
Ok(EdwardsPoint {
@ -402,9 +401,9 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
cs.enforce(
|| "u computation",
LinearCombination::<Var, E>::zero() + self.y.get_variable(),
LinearCombination::<Var, E>::zero() + u.get_variable(),
LinearCombination::<Var, E>::zero() + (*params.scale(), self.x.get_variable())
|lc| lc + self.y.get_variable(),
|lc| lc + u.get_variable(),
|lc| lc + (*params.scale(), self.x.get_variable())
);
// Compute v = (x - 1) / (x + 1)
@ -429,11 +428,11 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
let one = cs.one();
cs.enforce(
|| "v computation",
LinearCombination::<Var, E>::zero() + self.x.get_variable()
+ one,
LinearCombination::<Var, E>::zero() + v.get_variable(),
LinearCombination::<Var, E>::zero() + self.x.get_variable()
- one,
|lc| lc + self.x.get_variable()
+ one,
|lc| lc + v.get_variable(),
|lc| lc + self.x.get_variable()
- one,
);
Ok(EdwardsPoint {
@ -488,13 +487,13 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
cs.enforce(
|| "evaluate lambda",
LinearCombination::<Var, E>::zero() + other.x.get_variable()
- self.x.get_variable(),
|lc| lc + other.x.get_variable()
- self.x.get_variable(),
LinearCombination::zero() + lambda.get_variable(),
|lc| lc + lambda.get_variable(),
LinearCombination::<Var, E>::zero() + other.y.get_variable()
- self.y.get_variable()
|lc| lc + other.y.get_variable()
- self.y.get_variable()
);
// Compute x'' = lambda^2 - A - x - x'
@ -512,12 +511,12 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
let one = cs.one();
cs.enforce(
|| "evaluate xprime",
LinearCombination::zero() + lambda.get_variable(),
LinearCombination::zero() + lambda.get_variable(),
LinearCombination::<Var, E>::zero() + (*params.montgomery_a(), one)
+ self.x.get_variable()
+ other.x.get_variable()
+ xprime.get_variable()
|lc| lc + lambda.get_variable(),
|lc| lc + lambda.get_variable(),
|lc| lc + (*params.montgomery_a(), one)
+ self.x.get_variable()
+ other.x.get_variable()
+ xprime.get_variable()
);
// Compute y' = -(y + lambda(x' - x))
@ -534,13 +533,13 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
// y' + y = lambda(x - x')
cs.enforce(
|| "evaluate yprime",
LinearCombination::zero() + self.x.get_variable()
- xprime.get_variable(),
|lc| lc + self.x.get_variable()
- xprime.get_variable(),
LinearCombination::zero() + lambda.get_variable(),
|lc| lc + lambda.get_variable(),
LinearCombination::<Var, E>::zero() + yprime.get_variable()
+ self.y.get_variable()
|lc| lc + yprime.get_variable()
+ self.y.get_variable()
);
Ok(MontgomeryPoint {
@ -589,16 +588,16 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
let one = cs.one();
cs.enforce(
|| "evaluate lambda",
LinearCombination::<Var, E>::zero() + self.y.get_variable()
+ self.y.get_variable(),
|lc| lc + self.y.get_variable()
+ self.y.get_variable(),
LinearCombination::zero() + lambda.get_variable(),
|lc| lc + lambda.get_variable(),
LinearCombination::<Var, E>::zero() + xx.get_variable()
+ xx.get_variable()
+ xx.get_variable()
+ (*params.montgomery_2a(), self.x.get_variable())
+ one
|lc| lc + xx.get_variable()
+ xx.get_variable()
+ xx.get_variable()
+ (*params.montgomery_2a(), self.x.get_variable())
+ one
);
// Compute x' = (lambda^2) - A - 2.x
@ -615,12 +614,12 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
// (lambda) * (lambda) = (A + 2.x + x')
cs.enforce(
|| "evaluate xprime",
LinearCombination::zero() + lambda.get_variable(),
LinearCombination::zero() + lambda.get_variable(),
LinearCombination::<Var, E>::zero() + (*params.montgomery_a(), one)
+ self.x.get_variable()
+ self.x.get_variable()
+ xprime.get_variable()
|lc| lc + lambda.get_variable(),
|lc| lc + lambda.get_variable(),
|lc| lc + (*params.montgomery_a(), one)
+ self.x.get_variable()
+ self.x.get_variable()
+ xprime.get_variable()
);
// Compute y' = -(y + lambda(x' - x))
@ -637,13 +636,13 @@ impl<E: JubjubEngine, Var: Copy> MontgomeryPoint<E, Var> {
// y' + y = lambda(x - x')
cs.enforce(
|| "evaluate yprime",
LinearCombination::zero() + self.x.get_variable()
- xprime.get_variable(),
|lc| lc + self.x.get_variable()
- xprime.get_variable(),
LinearCombination::zero() + lambda.get_variable(),
|lc| lc + lambda.get_variable(),
LinearCombination::<Var, E>::zero() + yprime.get_variable()
+ self.y.get_variable()
|lc| lc + yprime.get_variable()
+ self.y.get_variable()
);
Ok(MontgomeryPoint {

48
src/circuit/num.rs
View File

@ -122,9 +122,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
cs.enforce(
|| "unpacking constraint",
LinearCombination::zero(),
LinearCombination::zero(),
lc
|lc| lc,
|lc| lc,
|_| lc
);
Ok(bits.into_iter().map(|b| Boolean::from(b)).collect())
@ -191,9 +191,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
cs.enforce(
|| "packing constraint",
LinearCombination::zero(),
LinearCombination::zero(),
lc
|lc| lc,
|lc| lc,
|_| lc
);
Ok(num)
@ -220,9 +220,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
// Constrain: a * b = ab
cs.enforce(
|| "multiplication constraint",
LinearCombination::zero() + self.variable,
LinearCombination::zero() + other.variable,
LinearCombination::zero() + var
|lc| lc + self.variable,
|lc| lc + other.variable,
|lc| lc + var
);
Ok(AllocatedNum {
@ -251,9 +251,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
// Constrain: a * a = aa
cs.enforce(
|| "squaring constraint",
LinearCombination::zero() + self.variable,
LinearCombination::zero() + self.variable,
LinearCombination::zero() + var
|lc| lc + self.variable,
|lc| lc + self.variable,
|lc| lc + var
);
Ok(AllocatedNum {
@ -284,9 +284,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
let one = cs.one();
cs.enforce(
|| "nonzero assertion constraint",
LinearCombination::zero() + self.variable,
LinearCombination::zero() + inv,
LinearCombination::zero() + one
|lc| lc + self.variable,
|lc| lc + inv,
|lc| lc + one
);
Ok(())
@ -317,9 +317,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
let one = cs.one();
cs.enforce(
|| "first conditional reversal",
LinearCombination::zero() + a.variable - b.variable,
condition.lc(one, E::Fr::one()),
LinearCombination::zero() + a.variable - c.variable
|lc| lc + a.variable - b.variable,
|_| condition.lc(one, E::Fr::one()),
|lc| lc + a.variable - c.variable
);
let d = Self::alloc(
@ -335,9 +335,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
cs.enforce(
|| "second conditional reversal",
LinearCombination::zero() + b.variable - a.variable,
condition.lc(one, E::Fr::one()),
LinearCombination::zero() + b.variable - d.variable
|lc| lc + b.variable - a.variable,
|_| condition.lc(one, E::Fr::one()),
|lc| lc + b.variable - d.variable
);
Ok((c, d))
@ -368,9 +368,9 @@ impl<E: Engine, Var: Copy> AllocatedNum<E, Var> {
let one = cs.one();
cs.enforce(
|| "conditional negation",
LinearCombination::zero() + self.variable + self.variable,
condition.lc(one, E::Fr::one()),
LinearCombination::zero() + self.variable - r.variable
|lc| lc + self.variable + self.variable,
|_| condition.lc(one, E::Fr::one()),
|lc| lc + self.variable - r.variable
);
Ok(r)

29
src/circuit/test/mod.rs
View File

@ -168,19 +168,26 @@ impl<E: Engine> ConstraintSystem<E> for TestConstraintSystem<E> {
Ok(var)
}
fn enforce<A, AR>(
fn enforce<A, AR, LA, LB, LC>(
&mut self,
annotation: A,
a: LinearCombination<Self::Variable, E>,
b: LinearCombination<Self::Variable, E>,
c: LinearCombination<Self::Variable, E>
a: LA,
b: LB,
c: LC
)
where A: FnOnce() -> AR, AR: Into<String>
where A: FnOnce() -> AR, AR: Into<String>,
LA: FnOnce(LinearCombination<Self::Variable, E>) -> LinearCombination<Self::Variable, E>,
LB: FnOnce(LinearCombination<Self::Variable, E>) -> LinearCombination<Self::Variable, E>,
LC: FnOnce(LinearCombination<Self::Variable, E>) -> LinearCombination<Self::Variable, E>
{
let path = compute_path(&self.current_namespace, annotation().into());
let index = self.constraints.len();
self.set_named_obj(path.clone(), NamedObject::Constraint(index));
let a = a(LinearCombination::zero());
let b = b(LinearCombination::zero());
let c = c(LinearCombination::zero());
self.constraints.push((a, b, c, path));
}
@ -218,9 +225,9 @@ fn test_cs() {
cs.enforce(
|| "mult",
LinearCombination::zero() + a,
LinearCombination::zero() + b,
LinearCombination::zero() + c
|lc| lc + a,
|lc| lc + b,
|lc| lc + c
);
assert!(cs.is_satisfied());
assert_eq!(cs.num_constraints(), 1);
@ -230,9 +237,9 @@ fn test_cs() {
let one = cs.one();
cs.enforce(
|| "eq",
LinearCombination::zero() + a,
LinearCombination::zero() + one,
LinearCombination::zero() + b
|lc| lc + a,
|lc| lc + one,
|lc| lc + b
);
assert!(!cs.is_satisfied());

6
src/circuit/uint32.rs
View File

@ -281,9 +281,9 @@ impl<Var: Copy> UInt32<Var> {
// Enforce that the linear combination equals zero
cs.enforce(
|| "modular addition",
LinearCombination::zero(),
LinearCombination::zero(),
lc
|lc| lc,
|lc| lc,
|_| lc
);
// Discard carry bits that we don't care about