Pass our constraint system to libsnark, so that it doesn't need to (de)serialize it in the proving key.

2016-07-15 10:45:59 -06:00 · 2016-07-15 10:45:59 -06:00 · bf76024eb7
parent 1fad6b87e5
commit bf76024eb7
1 changed files with 28 additions and 25 deletions
--- a/src/zcash/JoinSplit.cpp
+++ b/src/zcash/JoinSplit.cpp
@ -231,37 +231,40 @@ public:
            out_macs[i] = PRF_pk(inputs[i].key, i, h_sig);
        }
-        std::vector<FieldT> primary_input;
+        protoboard<FieldT> pb;
        std::vector<FieldT> aux_input;
        {
-            protoboard<FieldT> pb;
+            joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
-            {
+            g.generate_r1cs_constraints();
-                joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
+            g.generate_r1cs_witness(
-                g.generate_r1cs_constraints();
+                phi,
-                g.generate_r1cs_witness(
+                rt,
-                    phi,
+                h_sig,
-                    rt,
+                inputs,
-                    h_sig,
+                out_notes,
-                    inputs,
+                vpub_old,
-                    out_notes,
+                vpub_new
-                    vpub_old,
+            );
                    vpub_new
                );
            }
            if (!pb.is_satisfied()) {
                throw std::invalid_argument("Constraint system not satisfied by inputs");
            }
            primary_input = pb.primary_input();
            aux_input = pb.auxiliary_input();
        }
        if (!pb.is_satisfied()) {
            throw std::invalid_argument("Constraint system not satisfied by inputs");
        }
        // TODO: These are copies, which is not strictly necessary.
        std::vector<FieldT> primary_input = pb.primary_input();
        std::vector<FieldT> aux_input = pb.auxiliary_input();
        // Swap A and B if it's beneficial (less arithmetic in G2)
        // In our circuit, we already know that it's beneficial
        // to swap, but it takes so little time to perform this
        // estimate that it doesn't matter if we check every time.
        pb.constraint_system.swap_AB_if_beneficial();
        auto proof = r1cs_ppzksnark_prover<ppzksnark_ppT>(
            *pk,
            primary_input,
-            aux_input
+            aux_input,
            pb.constraint_system
        );
        std::stringstream ss;