Merge pull request #173 from gregdhill/bvk-to-cv_sum

rename bvk to cv_sum
2019-11-27 20:42:54 +00:00 · 2019-11-27 20:42:54 +00:00 · 7820548ea3
parent 141821d3c1 7eb4a6d1d9
commit 7820548ea3
2 changed files with 20 additions and 18 deletions
--- a/zcash_proofs/src/sapling/prover.rs
+++ b/zcash_proofs/src/sapling/prover.rs
@ -22,7 +22,8 @@ use crate::circuit::sapling::{Output, Spend};
 /// A context object for creating the Sapling components of a Zcash transaction.
 pub struct SaplingProvingContext {
    bsk: Fs,
-    bvk: edwards::Point<Bls12, Unknown>,
+    // (sum of the Spend value commitments) - (sum of the Output value commitments)
+    cv_sum: edwards::Point<Bls12, Unknown>,
 }

 impl SaplingProvingContext {
@ -30,7 +31,7 @@ impl SaplingProvingContext {
    pub fn new() -> Self {
        SaplingProvingContext {
            bsk: Fs::zero(),
-            bvk: edwards::Point::zero(),
+            cv_sum: edwards::Point::zero(),
        }
    }

@ -169,10 +170,10 @@ impl SaplingProvingContext {
        // Accumulate the value commitment in the context
        {
            let mut tmp = value_commitment.clone();
-            tmp = tmp.add(&self.bvk, params);
+            tmp = tmp.add(&self.cv_sum, params);

            // Update the context
-            self.bvk = tmp;
+            self.cv_sum = tmp;
        }

        Ok((proof, value_commitment, rk))
@ -234,10 +235,10 @@ impl SaplingProvingContext {
        {
            let mut tmp = value_commitment.clone();
            tmp = tmp.negate(); // Outputs subtract from the total.
-            tmp = tmp.add(&self.bvk, params);
+            tmp = tmp.add(&self.cv_sum, params);

            // Update the context
-            self.bvk = tmp;
+            self.cv_sum = tmp;
        }

        (proof, value_commitment)
@ -261,7 +262,7 @@ impl SaplingProvingContext {
        let bvk = PublicKey::from_private(&bsk, FixedGenerators::ValueCommitmentRandomness, params);

        // In order to check internal consistency, let's use the accumulated value
-        // commitments (as the verifier would) and apply valuebalance to compare
+        // commitments (as the verifier would) and apply value_balance to compare
        // against our derived bvk.
        {
            // Compute value balance
@ -270,9 +271,9 @@ impl SaplingProvingContext {
                None => return Err(()),
            };

-            // Subtract value_balance from current bvk to get final bvk
+            // Subtract value_balance from cv_sum to get final bvk
            value_balance = value_balance.negate();
-            let mut tmp = self.bvk.clone();
+            let mut tmp = self.cv_sum.clone();
            tmp = tmp.add(&value_balance, params);

            // The result should be the same, unless the provided valueBalance is wrong.
--- a/zcash_proofs/src/sapling/verifier.rs
+++ b/zcash_proofs/src/sapling/verifier.rs
@ -18,14 +18,15 @@ fn is_small_order<Order>(p: &edwards::Point<Bls12, Order>, params: &JubjubBls12)

 /// A context object for verifying the Sapling components of a Zcash transaction.
 pub struct SaplingVerificationContext {
-    bvk: edwards::Point<Bls12, Unknown>,
+    // (sum of the Spend value commitments) - (sum of the Output value commitments)
+    cv_sum: edwards::Point<Bls12, Unknown>,
 }

 impl SaplingVerificationContext {
    /// Construct a new context to be used with a single transaction.
    pub fn new() -> Self {
        SaplingVerificationContext {
-            bvk: edwards::Point::zero(),
+            cv_sum: edwards::Point::zero(),
        }
    }

@ -54,10 +55,10 @@ impl SaplingVerificationContext {
        // Accumulate the value commitment in the context
        {
            let mut tmp = cv.clone();
-            tmp = tmp.add(&self.bvk, params);
+            tmp = tmp.add(&self.cv_sum, params);

            // Update the context
-            self.bvk = tmp;
+            self.cv_sum = tmp;
        }

        // Grab the nullifier as a sequence of bytes
@ -137,10 +138,10 @@ impl SaplingVerificationContext {
        {
            let mut tmp = cv.clone();
            tmp = tmp.negate(); // Outputs subtract from the total.
-            tmp = tmp.add(&self.bvk, params);
+            tmp = tmp.add(&self.cv_sum, params);

            // Update the context
-            self.bvk = tmp;
+            self.cv_sum = tmp;
        }

        // Construct public input for circuit
@ -177,8 +178,8 @@ impl SaplingVerificationContext {
        binding_sig: Signature,
        params: &JubjubBls12,
    ) -> bool {
-        // Obtain current bvk from the context
-        let mut bvk = PublicKey(self.bvk.clone());
+        // Obtain current cv_sum from the context
+        let mut bvk = PublicKey(self.cv_sum.clone());

        // Compute value balance
        let mut value_balance = match compute_value_balance(value_balance, params) {
@ -186,7 +187,7 @@ impl SaplingVerificationContext {
            None => return false,
        };

-        // Subtract value_balance from current bvk to get final bvk
+        // Subtract value_balance from current cv_sum to get final bvk
        value_balance = value_balance.negate();
        bvk.0 = bvk.0.add(&value_balance, params);