From bf76024eb7ba0376ca07af7bc76320f1f1f4740c Mon Sep 17 00:00:00 2001 From: Sean Bowe Date: Fri, 15 Jul 2016 10:45:59 -0600 Subject: [PATCH] Pass our constraint system to libsnark, so that it doesn't need to (de)serialize it in the proving key. --- src/zcash/JoinSplit.cpp | 53 ++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/src/zcash/JoinSplit.cpp b/src/zcash/JoinSplit.cpp index 22ec0d17c..2b1d48d61 100644 --- a/src/zcash/JoinSplit.cpp +++ b/src/zcash/JoinSplit.cpp @@ -231,37 +231,40 @@ public: out_macs[i] = PRF_pk(inputs[i].key, i, h_sig); } - std::vector primary_input; - std::vector aux_input; - + protoboard pb; { - protoboard pb; - { - joinsplit_gadget g(pb); - g.generate_r1cs_constraints(); - g.generate_r1cs_witness( - phi, - rt, - h_sig, - inputs, - out_notes, - vpub_old, - vpub_new - ); - } - - if (!pb.is_satisfied()) { - throw std::invalid_argument("Constraint system not satisfied by inputs"); - } - - primary_input = pb.primary_input(); - aux_input = pb.auxiliary_input(); + joinsplit_gadget g(pb); + g.generate_r1cs_constraints(); + g.generate_r1cs_witness( + phi, + rt, + h_sig, + inputs, + out_notes, + vpub_old, + vpub_new + ); } + if (!pb.is_satisfied()) { + throw std::invalid_argument("Constraint system not satisfied by inputs"); + } + + // TODO: These are copies, which is not strictly necessary. + std::vector primary_input = pb.primary_input(); + std::vector aux_input = pb.auxiliary_input(); + + // Swap A and B if it's beneficial (less arithmetic in G2) + // In our circuit, we already know that it's beneficial + // to swap, but it takes so little time to perform this + // estimate that it doesn't matter if we check every time. + pb.constraint_system.swap_AB_if_beneficial(); + auto proof = r1cs_ppzksnark_prover( *pk, primary_input, - aux_input + aux_input, + pb.constraint_system ); std::stringstream ss;