Add Private x Public API for SwapClaimProof

crates/bench/benches/swap_claim.rs

@@ -6,54 +6,23 @@ use decaf377::Fq;
 use penumbra_asset::asset;
 use penumbra_dex::{
     swap::SwapPlaintext,
-    swap_claim::{SwapClaimCircuit, SwapClaimProof},
+    swap_claim::{SwapClaimCircuit, SwapClaimProof, SwapClaimProofPrivate, SwapClaimProofPublic},
     BatchSwapOutputData, TradingPair,
 };
 use penumbra_fee::Fee;
-use penumbra_keys::keys::{Bip44Path, NullifierKey, SeedPhrase, SpendKey};
+use penumbra_keys::keys::{Bip44Path, SeedPhrase, SpendKey};
 use penumbra_num::Amount;
-use penumbra_proof_params::SWAPCLAIM_PROOF_PROVING_KEY;
+use penumbra_proof_params::{DummyWitness, SWAPCLAIM_PROOF_PROVING_KEY};
 use penumbra_sct::Nullifier;
 use penumbra_tct as tct;
 
 use criterion::{criterion_group, criterion_main, Criterion};
 use rand_core::OsRng;
 
 #[allow(clippy::too_many_arguments)]
-fn prove(
-    r: Fq,
-    s: Fq,
-    swap_plaintext: SwapPlaintext,
-    state_commitment_proof: tct::Proof,
-    nk: NullifierKey,
-    anchor: tct::Root,
-    nullifier: Nullifier,
-    lambda_1: Amount,
-    lambda_2: Amount,
-    note_blinding_1: Fq,
-    note_blinding_2: Fq,
-    note_commitment_1: tct::StateCommitment,
-    note_commitment_2: tct::StateCommitment,
-    output_data: BatchSwapOutputData,
-) {
-    let _proof = SwapClaimProof::prove(
-        r,
-        s,
-        &SWAPCLAIM_PROOF_PROVING_KEY,
-        swap_plaintext,
-        state_commitment_proof,
-        nk,
-        anchor,
-        nullifier,
-        lambda_1,
-        lambda_2,
-        note_blinding_1,
-        note_blinding_2,
-        note_commitment_1,
-        note_commitment_2,
-        output_data,
-    )
-    .expect("can create proof");
+fn prove(r: Fq, s: Fq, public: SwapClaimProofPublic, private: SwapClaimProofPrivate) {
+    let _proof = SwapClaimProof::prove(r, s, &SWAPCLAIM_PROOF_PROVING_KEY, public, private)
+        .expect("can create proof");
 }
 
 fn swap_claim_proving_time(c: &mut Criterion) {
@@ -80,7 +49,7 @@ fn swap_claim_proving_time(c: &mut Criterion) {
         fee,
         claim_address,
     );
-    let fee = swap_plaintext.clone().claim_fee;
+    let claim_fee = swap_plaintext.clone().claim_fee;
     let mut sct = tct::Tree::new();
     let swap_commitment = swap_plaintext.swap_commitment();
     sct.insert(tct::Witness::Keep, swap_commitment).unwrap();
@@ -111,46 +80,33 @@ fn swap_claim_proving_time(c: &mut Criterion) {
     let note_commitment_1 = output_1_note.commit();
     let note_commitment_2 = output_2_note.commit();
 
-    let r = Fq::rand(&mut OsRng);
-    let s = Fq::rand(&mut OsRng);
-
-    c.bench_function("swap claim proving", |b| {
-        b.iter(|| {
-            prove(
-                r,
-                s,
-                swap_plaintext.clone(),
-                state_commitment_proof.clone(),
-                nk,
-                anchor,
-                nullifier,
-                lambda_1,
-                lambda_2,
-                note_blinding_1,
-                note_blinding_2,
-                note_commitment_1,
-                note_commitment_2,
-                output_data,
-            )
-        })
-    });
-
-    // Also print out the number of constraints.
-    let circuit = SwapClaimCircuit::new(
+    let public = SwapClaimProofPublic {
+        anchor,
+        nullifier,
+        claim_fee,
+        output_data,
+        note_commitment_1,
+        note_commitment_2,
+    };
+    let private = SwapClaimProofPrivate {
         swap_plaintext,
         state_commitment_proof,
         nk,
         lambda_1,
         lambda_2,
         note_blinding_1,
         note_blinding_2,
-        anchor,
-        nullifier,
-        fee,
-        output_data,
-        note_commitment_1,
-        note_commitment_2,
-    );
+    };
+
+    let r = Fq::rand(&mut OsRng);
+    let s = Fq::rand(&mut OsRng);
+
+    c.bench_function("swap claim proving", |b| {
+        b.iter(|| prove(r, s, public.clone(), private.clone()))
+    });
+
+    // Also print out the number of constraints.
+    let circuit = SwapClaimCircuit::with_dummy_witness();
 
     let cs = ConstraintSystem::new_ref();
     cs.set_optimization_goal(OptimizationGoal::Constraints);

crates/bin/pcli/tests/proof.rs

@@ -6,6 +6,7 @@ use decaf377::{Fq, Fr};
 use decaf377_rdsa::{SigningKey, SpendAuth, VerificationKey};
 use penumbra_asset::{asset, Balance, Value};
 use penumbra_dex::swap::proof::{SwapProofPrivate, SwapProofPublic};
+use penumbra_dex::swap_claim::{SwapClaimProofPrivate, SwapClaimProofPublic};
 use penumbra_dex::{
     swap::proof::SwapProof, swap::SwapPlaintext, swap_claim::proof::SwapClaimProof,
     BatchSwapOutputData, TradingPair,
@@ -256,7 +257,7 @@ fn swap_claim_parameters_vs_current_swap_claim_circuit() {
         fee,
         claim_address,
     );
-    let fee = swap_plaintext.clone().claim_fee;
+    let claim_fee = swap_plaintext.clone().claim_fee;
     let mut sct = tct::Tree::new();
     let swap_commitment = swap_plaintext.swap_commitment();
     sct.insert(tct::Witness::Keep, swap_commitment).unwrap();
@@ -287,37 +288,31 @@ fn swap_claim_parameters_vs_current_swap_claim_circuit() {
     let note_commitment_1 = output_1_note.commit();
     let note_commitment_2 = output_2_note.commit();
 
-    let blinding_r = Fq::rand(&mut rng);
-    let blinding_s = Fq::rand(&mut rng);
-
-    let proof = SwapClaimProof::prove(
-        blinding_r,
-        blinding_s,
-        pk,
+    let public = SwapClaimProofPublic {
+        anchor,
+        nullifier,
+        claim_fee,
+        output_data,
+        note_commitment_1,
+        note_commitment_2,
+    };
+    let private = SwapClaimProofPrivate {
         swap_plaintext,
         state_commitment_proof,
         nk,
-        anchor,
-        nullifier,
         lambda_1,
         lambda_2,
         note_blinding_1,
         note_blinding_2,
-        note_commitment_1,
-        note_commitment_2,
-        output_data,
-    )
-    .expect("can create proof");
+    };
 
-    let proof_result = proof.verify(
-        vk,
-        anchor,
-        nullifier,
-        fee,
-        output_data,
-        note_commitment_1,
-        note_commitment_2,
-    );
+    let blinding_r = Fq::rand(&mut rng);
+    let blinding_s = Fq::rand(&mut rng);
+
+    let proof = SwapClaimProof::prove(blinding_r, blinding_s, pk, public.clone(), private)
+        .expect("can create proof");
+
+    let proof_result = proof.verify(vk, public);
 
     assert!(proof_result.is_ok());
 }

crates/core/component/dex/src/component/action_handler/swap_claim.rs

@@ -12,7 +12,11 @@ use penumbra_proto::StateWriteProto;
 use penumbra_sct::component::{SctManager as _, SourceContext, StateReadExt as _};
 use penumbra_shielded_pool::component::NoteManager;
 
-use crate::{component::StateReadExt, event, swap_claim::SwapClaim};
+use crate::{
+    component::StateReadExt,
+    event,
+    swap_claim::{SwapClaim, SwapClaimProofPublic},
+};
 
 #[async_trait]
 impl ActionHandler for SwapClaim {
@@ -21,12 +25,14 @@ impl ActionHandler for SwapClaim {
         self.proof
             .verify(
                 &SWAPCLAIM_PROOF_VERIFICATION_KEY,
-                context.anchor,
-                self.body.nullifier,
-                self.body.fee.clone(),
-                self.body.output_data,
-                self.body.output_1_commitment,
-                self.body.output_2_commitment,
+                SwapClaimProofPublic {
+                    anchor: context.anchor,
+                    nullifier: self.body.nullifier,
+                    claim_fee: self.body.fee.clone(),
+                    output_data: self.body.output_data,
+                    note_commitment_1: self.body.output_1_commitment,
+                    note_commitment_2: self.body.output_2_commitment,
+                },
             )
             .context("a swap claim proof did not verify")?;
 

crates/core/component/dex/src/swap_claim.rs

@@ -6,5 +6,5 @@ pub mod proof;
 
 pub use action::{Body, SwapClaim};
 pub use plan::SwapClaimPlan;
-pub use proof::{SwapClaimCircuit, SwapClaimProof};
+pub use proof::{SwapClaimCircuit, SwapClaimProof, SwapClaimProofPrivate, SwapClaimProofPublic};
 pub use view::SwapClaimView;

crates/core/component/dex/src/swap_claim/plan.rs

@@ -14,7 +14,11 @@ use tct::Position;
 
 use crate::{swap::SwapPlaintext, BatchSwapOutputData};
 
-use super::{action as swap_claim, proof::SwapClaimProof, SwapClaim};
+use super::{
+    action as swap_claim,
+    proof::{SwapClaimProof, SwapClaimProofPrivate, SwapClaimProofPublic},
+    SwapClaim,
+};
 
 /// A planned [`SwapClaim`](SwapClaim).
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -68,18 +72,23 @@ impl SwapClaimPlan {
             self.proof_blinding_r,
             self.proof_blinding_s,
             &SWAPCLAIM_PROOF_PROVING_KEY,
-            self.swap_plaintext.clone(),
-            state_commitment_proof.clone(),
-            *nk,
-            state_commitment_proof.root(),
-            nullifier,
-            lambda_1,
-            lambda_2,
-            note_blinding_1,
-            note_blinding_2,
-            note_commitment_1,
-            note_commitment_2,
-            self.output_data,
+            SwapClaimProofPublic {
+                anchor: state_commitment_proof.root(),
+                nullifier,
+                claim_fee: self.swap_plaintext.claim_fee.clone(),
+                output_data: self.output_data,
+                note_commitment_1,
+                note_commitment_2,
+            },
+            SwapClaimProofPrivate {
+                swap_plaintext: self.swap_plaintext.clone(),
+                state_commitment_proof: state_commitment_proof.clone(),
+                nk: *nk,
+                lambda_1,
+                lambda_2,
+                note_blinding_1,
+                note_blinding_2,
+            },
         )
         .expect("can generate ZKSwapClaimProof")
     }