zecfoundation
/
bellman
mirror of https://github.com/ZcashFoundation/bellman.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

group: Add mixed-addition scalar multiplication bounds to CurveAffine 

Replaces the explicit CurveAffine::mul trait method.
This commit is contained in:
Jack Grigg 2020-05-15 17:49:45 +12:00
parent 9c291bfb72
commit 32c85391dc
5 changed files with 13 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/groth16/generator.rs
View File

@ -463,12 +463,12 @@ where
let g2 = g2.into_affine();
let vk = VerifyingKey::<E> {
alpha_g1: g1.mul(alpha).into_affine(),
beta_g1: g1.mul(beta).into_affine(),
beta_g2: g2.mul(beta).into_affine(),
gamma_g2: g2.mul(gamma).into_affine(),
delta_g1: g1.mul(delta).into_affine(),
delta_g2: g2.mul(delta).into_affine(),
alpha_g1: (g1 * &alpha).into_affine(),
beta_g1: (g1 * &beta).into_affine(),
beta_g2: (g2 * &beta).into_affine(),
gamma_g2: (g2 * &gamma).into_affine(),
delta_g1: (g1 * &delta).into_affine(),
delta_g2: (g2 * &delta).into_affine(),
ic,
};

10
src/groth16/prover.rs
View File

@ -301,18 +301,18 @@ where
return Err(SynthesisError::UnexpectedIdentity);
}
let mut g_a = vk.delta_g1.mul(r);
let mut g_a = vk.delta_g1 * &r;
AddAssign::<&E::G1Affine>::add_assign(&mut g_a, &vk.alpha_g1);
let mut g_b = vk.delta_g2.mul(s);
let mut g_b = vk.delta_g2 * &s;
AddAssign::<&E::G2Affine>::add_assign(&mut g_b, &vk.beta_g2);
let mut g_c;
{
let mut rs = r;
rs.mul_assign(&s);
g_c = vk.delta_g1.mul(rs);
AddAssign::<&E::G1>::add_assign(&mut g_c, &vk.alpha_g1.mul(s));
AddAssign::<&E::G1>::add_assign(&mut g_c, &vk.beta_g1.mul(r));
g_c = vk.delta_g1 * &rs;
AddAssign::<&E::G1>::add_assign(&mut g_c, &(vk.alpha_g1 * &s));
AddAssign::<&E::G1>::add_assign(&mut g_c, &(vk.beta_g1 * &r));
}
let mut a_answer = a_inputs.wait()?;
AddAssign::<&E::G1>::add_assign(&mut a_answer, &a_aux.wait()?);

9
src/groth16/tests/dummy_engine.rs
View File

@ -475,15 +475,6 @@ impl CurveAffine for Fr {
Choice::from(if <Fr as Field>::is_zero(self) { 1 } else { 0 })
}
fn mul<S: Into<<Self::Scalar as PrimeField>::Repr>>(&self, other: S) -> Self::Projective {
let mut res = *self;
let tmp = Fr::from_repr(other.into()).unwrap();
MulAssign::mul_assign(&mut res, &tmp);
res
}
fn into_projective(&self) -> Self::Projective {
*self
}

3
src/groth16/verifier.rs
View File

@ -1,4 +1,3 @@
use ff::PrimeField;
use group::{CurveAffine, CurveProjective};
use pairing::{Engine, PairingCurveAffine};
use std::ops::{AddAssign, Neg};
@ -31,7 +30,7 @@ pub fn verify_proof<'a, E: Engine>(
let mut acc = pvk.ic[0].into_projective();
for (i, b) in public_inputs.iter().zip(pvk.ic.iter().skip(1)) {
AddAssign::<&E::G1>::add_assign(&mut acc, &b.mul(i.to_repr()));
AddAssign::<&E::G1>::add_assign(&mut acc, &(*b * i));
}
// The original verification equation is:

2
src/multiexp.rs
View File

@ -308,7 +308,7 @@ fn test_with_bls12() {
let mut acc = G::identity();
for (base, exp) in bases.iter().zip(exponents.iter()) {
AddAssign::<&G>::add_assign(&mut acc, &base.mul(exp.to_repr()));
AddAssign::<&G>::add_assign(&mut acc, &(*base * *exp));
}
acc