From e9f9a73ab798aa04833648e7236d9443eed331d2 Mon Sep 17 00:00:00 2001
From: Sean Bowe <ewillbefull@gmail.com>
Date: Fri, 15 Jul 2016 10:45:09 -0600
Subject: [PATCH 1/3] Update libsnark to our fork.

---
 depends/packages/libsnark.mk                  | 14 +++------
 depends/patches/libsnark/1_fix_Wl_flag.patch  | 19 ------------
 .../libsnark/2_include_iota_header.patch      | 31 -------------------
 3 files changed, 4 insertions(+), 60 deletions(-)
 delete mode 100644 depends/patches/libsnark/1_fix_Wl_flag.patch
 delete mode 100644 depends/patches/libsnark/2_include_iota_header.patch

diff --git a/depends/packages/libsnark.mk b/depends/packages/libsnark.mk
index 992750348..f2c4b33dc 100644
--- a/depends/packages/libsnark.mk
+++ b/depends/packages/libsnark.mk
@@ -1,18 +1,12 @@
 package=libsnark
 $(package)_version=0.1
-$(package)_download_path=https://github.com/scipr-lab/$(package)/archive/
+$(package)_download_path=https://github.com/zcash/$(package)/archive/
 $(package)_file_name=$(package)-$($(package)_git_commit).tar.gz
 $(package)_download_file=$($(package)_git_commit).tar.gz
-$(package)_sha256_hash=b5ec84a836d0d305407d5f39c8176bae2bb448abe802a8d11ba0f88f17e6d358
-$(package)_git_commit=69f312f149cc4bd8def8e2fed26a7941ff41251d
+$(package)_sha256_hash=43b0c921e8a1d556e70cf5c63c921db54f151842eb3cada029e3b92095e7b6f9
+$(package)_git_commit=a7031481fd8d2360337321401fe8e24f0359317a
 
-$(package)_dependencies=libgmp
-$(package)_patches=1_fix_Wl_flag.patch 2_include_iota_header.patch
-
-define $(package)_preprocess_cmds
-    patch -p1 < $($(package)_patch_dir)/1_fix_Wl_flag.patch && \
-    patch -p1 < $($(package)_patch_dir)/2_include_iota_header.patch
-endef
+$(package)_dependencies=libgmp libsodium
 
 define $(package)_build_cmds
   CXXFLAGS="-fPIC -DBINARY_OUTPUT -DNO_PT_COMPRESSION=1" $(MAKE) lib DEPINST=$(host_prefix) CURVE=ALT_BN128 MULTICORE=1 NO_PROCPS=1 NO_GTEST=1 NO_DOCS=1 STATIC=1 NO_SUPERCOP=1 FEATUREFLAGS=-DMONTGOMERY_OUTPUT
diff --git a/depends/patches/libsnark/1_fix_Wl_flag.patch b/depends/patches/libsnark/1_fix_Wl_flag.patch
deleted file mode 100644
index bf2432036..000000000
--- a/depends/patches/libsnark/1_fix_Wl_flag.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit 728c1ace30f2338b86331f0b83559409198e1f74
-Author: Taylor Hornby <havoc@defuse.ca>
-Date:   Wed Sep 9 16:46:48 2015 -0600
-
-    g++-4.9 requires commas to include the argument to ``rpath`` as a linker flag.
-
-diff --git a/Makefile b/Makefile
-index 5f59388..68e91bb 100644
---- a/Makefile
-+++ b/Makefile
-@@ -18,7 +18,7 @@ DEPSRC = depsrc
- DEPINST = depinst
- 
- CXXFLAGS += -I$(DEPINST)/include -Isrc
--LDFLAGS += -L$(DEPINST)/lib -Wl,-rpath $(DEPINST)/lib
-+LDFLAGS += -L$(DEPINST)/lib -Wl,-rpath,$(DEPINST)/lib
- LDLIBS += -lgmpxx -lgmp -lboost_program_options
- # OpenSSL and its dependencies (needed explicitly for static builds):
- LDLIBS += -lcrypto -ldl -lz
diff --git a/depends/patches/libsnark/2_include_iota_header.patch b/depends/patches/libsnark/2_include_iota_header.patch
deleted file mode 100644
index d989695eb..000000000
--- a/depends/patches/libsnark/2_include_iota_header.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-commit c437365ec98ec77754287594d2d3748901d0d176
-Author: Taylor Hornby <taylor@defuse.ca>
-Date:   Wed May 18 10:49:58 2016 -0600
-
-    Include header required for std::iota.
-
-diff --git a/src/common/data_structures/integer_permutation.cpp b/src/common/data_structures/integer_permutation.cpp
-index f9f9327..378ea7e 100644
---- a/src/common/data_structures/integer_permutation.cpp
-+++ b/src/common/data_structures/integer_permutation.cpp
-@@ -15,6 +15,7 @@
- 
- #include <algorithm>
- #include <cassert>
-+#include <numeric>
- #include <unordered_set>
- 
- namespace libsnark {
-diff --git a/src/common/data_structures/sparse_vector.tcc b/src/common/data_structures/sparse_vector.tcc
-index 26429a5..cfc5d75 100644
---- a/src/common/data_structures/sparse_vector.tcc
-+++ b/src/common/data_structures/sparse_vector.tcc
-@@ -16,6 +16,8 @@
- 
- #include "algebra/scalar_multiplication/multiexp.hpp"
- 
-+#include <numeric>
-+
- namespace libsnark {
- 
- template<typename T>

From 1fad6b87e5076974168349cf2e28472922ec592c Mon Sep 17 00:00:00 2001
From: Sean Bowe <ewillbefull@gmail.com>
Date: Fri, 15 Jul 2016 10:45:22 -0600
Subject: [PATCH 2/3] Initialize libsodium in this routine, which is now
 necessary because libsnark uses its PRNG.

---
 src/zcash/GenerateParams.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/zcash/GenerateParams.cpp b/src/zcash/GenerateParams.cpp
index 10ffbd092..8433345bb 100644
--- a/src/zcash/GenerateParams.cpp
+++ b/src/zcash/GenerateParams.cpp
@@ -1,9 +1,14 @@
 #include "zcash/JoinSplit.hpp"
 
 #include <iostream>
+#include "sodium.h"
 
 int main(int argc, char **argv)
 {
+    if (sodium_init() == -1) {
+        return 1;
+    }
+
     if(argc != 3) {
         std::cerr << "Usage: " << argv[0] << " provingKeyFileName verificationKeyFileName" << std::endl;
         return 1;

From bf76024eb7ba0376ca07af7bc76320f1f1f4740c Mon Sep 17 00:00:00 2001
From: Sean Bowe <ewillbefull@gmail.com>
Date: Fri, 15 Jul 2016 10:45:59 -0600
Subject: [PATCH 3/3] Pass our constraint system to libsnark, so that it
 doesn't need to (de)serialize it in the proving key.

---
 src/zcash/JoinSplit.cpp | 53 ++++++++++++++++++++++-------------------
 1 file changed, 28 insertions(+), 25 deletions(-)

diff --git a/src/zcash/JoinSplit.cpp b/src/zcash/JoinSplit.cpp
index 22ec0d17c..2b1d48d61 100644
--- a/src/zcash/JoinSplit.cpp
+++ b/src/zcash/JoinSplit.cpp
@@ -231,37 +231,40 @@ public:
             out_macs[i] = PRF_pk(inputs[i].key, i, h_sig);
         }
 
-        std::vector<FieldT> primary_input;
-        std::vector<FieldT> aux_input;
-
+        protoboard<FieldT> pb;
         {
-            protoboard<FieldT> pb;
-            {
-                joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
-                g.generate_r1cs_constraints();
-                g.generate_r1cs_witness(
-                    phi,
-                    rt,
-                    h_sig,
-                    inputs,
-                    out_notes,
-                    vpub_old,
-                    vpub_new
-                );
-            }
-
-            if (!pb.is_satisfied()) {
-                throw std::invalid_argument("Constraint system not satisfied by inputs");
-            }
-
-            primary_input = pb.primary_input();
-            aux_input = pb.auxiliary_input();
+            joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
+            g.generate_r1cs_constraints();
+            g.generate_r1cs_witness(
+                phi,
+                rt,
+                h_sig,
+                inputs,
+                out_notes,
+                vpub_old,
+                vpub_new
+            );
         }
 
+        if (!pb.is_satisfied()) {
+            throw std::invalid_argument("Constraint system not satisfied by inputs");
+        }
+
+        // TODO: These are copies, which is not strictly necessary.
+        std::vector<FieldT> primary_input = pb.primary_input();
+        std::vector<FieldT> aux_input = pb.auxiliary_input();
+
+        // Swap A and B if it's beneficial (less arithmetic in G2)
+        // In our circuit, we already know that it's beneficial
+        // to swap, but it takes so little time to perform this
+        // estimate that it doesn't matter if we check every time.
+        pb.constraint_system.swap_AB_if_beneficial();
+
         auto proof = r1cs_ppzksnark_prover<ppzksnark_ppT>(
             *pk,
             primary_input,
-            aux_input
+            aux_input,
+            pb.constraint_system
         );
 
         std::stringstream ss;