diff --git a/src/zcash/JoinSplit.cpp b/src/zcash/JoinSplit.cpp index 22ec0d17c..2b1d48d61 100644 --- a/src/zcash/JoinSplit.cpp +++ b/src/zcash/JoinSplit.cpp @@ -231,37 +231,40 @@ public: out_macs[i] = PRF_pk(inputs[i].key, i, h_sig); } - std::vector primary_input; - std::vector aux_input; - + protoboard pb; { - protoboard pb; - { - joinsplit_gadget g(pb); - g.generate_r1cs_constraints(); - g.generate_r1cs_witness( - phi, - rt, - h_sig, - inputs, - out_notes, - vpub_old, - vpub_new - ); - } - - if (!pb.is_satisfied()) { - throw std::invalid_argument("Constraint system not satisfied by inputs"); - } - - primary_input = pb.primary_input(); - aux_input = pb.auxiliary_input(); + joinsplit_gadget g(pb); + g.generate_r1cs_constraints(); + g.generate_r1cs_witness( + phi, + rt, + h_sig, + inputs, + out_notes, + vpub_old, + vpub_new + ); } + if (!pb.is_satisfied()) { + throw std::invalid_argument("Constraint system not satisfied by inputs"); + } + + // TODO: These are copies, which is not strictly necessary. + std::vector primary_input = pb.primary_input(); + std::vector aux_input = pb.auxiliary_input(); + + // Swap A and B if it's beneficial (less arithmetic in G2) + // In our circuit, we already know that it's beneficial + // to swap, but it takes so little time to perform this + // estimate that it doesn't matter if we check every time. + pb.constraint_system.swap_AB_if_beneficial(); + auto proof = r1cs_ppzksnark_prover( *pk, primary_input, - aux_input + aux_input, + pb.constraint_system ); std::stringstream ss;