From 8b48a5ca716c9376e187eacc85a005a0c9a3f006 Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Tue, 9 Jan 2024 13:14:01 -0500 Subject: [PATCH] refactor: remove new impls for remaining circuits Followup from #3571 --- .../governance/src/delegator_vote/proof.rs | 111 +++++------------- .../shielded-pool/src/nullifier_derivation.rs | 54 +++------ .../shielded-pool/src/spend/proof.rs | 103 +++++----------- 3 files changed, 77 insertions(+), 191 deletions(-) diff --git a/crates/core/component/governance/src/delegator_vote/proof.rs b/crates/core/component/governance/src/delegator_vote/proof.rs index 9a5319b2e0..6cfad88762 100644 --- a/crates/core/component/governance/src/delegator_vote/proof.rs +++ b/crates/core/component/governance/src/delegator_vote/proof.rs @@ -127,7 +127,7 @@ fn check_circuit_satisfaction( use ark_relations::r1cs::{self, ConstraintSystem}; let cs = ConstraintSystem::new_ref(); - let circuit = DelegatorVoteCircuit::new(public, private); + let circuit = DelegatorVoteCircuit { public, private }; cs.set_optimization_goal(r1cs::OptimizationGoal::Constraints); circuit .generate_constraints(cs.clone()) @@ -142,97 +142,44 @@ fn check_circuit_satisfaction( /// Groth16 proof for delegator voting. #[derive(Clone, Debug)] pub struct DelegatorVoteCircuit { - /// Inclusion proof for the note commitment. - state_commitment_proof: tct::Proof, - /// The note being spent. - note: Note, - /// The blinding factor used for generating the value commitment. - v_blinding: Fr, - /// The randomizer used for generating the randomized spend auth key. - spend_auth_randomizer: Fr, - /// The spend authorization key. - ak: VerificationKey, - /// The nullifier deriving key. - nk: NullifierKey, - - /// the merkle root of the state commitment tree. - anchor: tct::Root, - /// value commitment of the note to be spent. - balance_commitment: balance::Commitment, - /// nullifier of the note to be spent. - nullifier: Nullifier, - /// the randomized verification spend key. - rk: VerificationKey, - /// the start position of the proposal being voted on. - start_position: tct::Position, -} - -impl DelegatorVoteCircuit { - fn new( - DelegatorVoteProofPublic { - anchor, - balance_commitment, - nullifier, - rk, - start_position, - }: DelegatorVoteProofPublic, - DelegatorVoteProofPrivate { - state_commitment_proof, - note, - v_blinding, - spend_auth_randomizer, - ak, - nk, - }: DelegatorVoteProofPrivate, - ) -> Self { - Self { - state_commitment_proof, - note, - v_blinding, - spend_auth_randomizer, - ak, - nk, - anchor, - balance_commitment, - nullifier, - rk, - start_position, - } - } + public: DelegatorVoteProofPublic, + private: DelegatorVoteProofPrivate, } impl ConstraintSynthesizer for DelegatorVoteCircuit { fn generate_constraints(self, cs: ConstraintSystemRef) -> ark_relations::r1cs::Result<()> { // Witnesses - let note_var = note::NoteVar::new_witness(cs.clone(), || Ok(self.note.clone()))?; + let note_var = note::NoteVar::new_witness(cs.clone(), || Ok(self.private.note.clone()))?; let claimed_note_commitment = StateCommitmentVar::new_witness(cs.clone(), || { - Ok(self.state_commitment_proof.commitment()) + Ok(self.private.state_commitment_proof.commitment()) })?; let delegator_position_var = tct::r1cs::PositionVar::new_witness(cs.clone(), || { - Ok(self.state_commitment_proof.position()) + Ok(self.private.state_commitment_proof.position()) })?; let delegator_position_bits = delegator_position_var.to_bits_le()?; let merkle_path_var = tct::r1cs::MerkleAuthPathVar::new_witness(cs.clone(), || { - Ok(self.state_commitment_proof) + Ok(self.private.state_commitment_proof) })?; - let v_blinding_arr: [u8; 32] = self.v_blinding.to_bytes(); + let v_blinding_arr: [u8; 32] = self.private.v_blinding.to_bytes(); let v_blinding_vars = UInt8::new_witness_vec(cs.clone(), &v_blinding_arr)?; - let spend_auth_randomizer_var = - SpendAuthRandomizerVar::new_witness(cs.clone(), || Ok(self.spend_auth_randomizer))?; + let spend_auth_randomizer_var = SpendAuthRandomizerVar::new_witness(cs.clone(), || { + Ok(self.private.spend_auth_randomizer) + })?; let ak_element_var: AuthorizationKeyVar = - AuthorizationKeyVar::new_witness(cs.clone(), || Ok(self.ak))?; - let nk_var = NullifierKeyVar::new_witness(cs.clone(), || Ok(self.nk))?; + AuthorizationKeyVar::new_witness(cs.clone(), || Ok(self.private.ak))?; + let nk_var = NullifierKeyVar::new_witness(cs.clone(), || Ok(self.private.nk))?; // Public inputs - let anchor_var = FqVar::new_input(cs.clone(), || Ok(Fq::from(self.anchor)))?; + let anchor_var = FqVar::new_input(cs.clone(), || Ok(Fq::from(self.public.anchor)))?; let claimed_balance_commitment_var = - BalanceCommitmentVar::new_input(cs.clone(), || Ok(self.balance_commitment))?; - let claimed_nullifier_var = NullifierVar::new_input(cs.clone(), || Ok(self.nullifier))?; - let rk_var = RandomizedVerificationKey::new_input(cs.clone(), || Ok(self.rk))?; - let start_position = PositionVar::new_input(cs.clone(), || Ok(self.start_position))?; + BalanceCommitmentVar::new_input(cs.clone(), || Ok(self.public.balance_commitment))?; + let claimed_nullifier_var = + NullifierVar::new_input(cs.clone(), || Ok(self.public.nullifier))?; + let rk_var = RandomizedVerificationKey::new_input(cs.clone(), || Ok(self.public.rk))?; + let start_position = PositionVar::new_input(cs.clone(), || Ok(self.public.start_position))?; // Note commitment integrity. let note_commitment_var = note_var.commit()?; @@ -327,19 +274,23 @@ impl DummyWitness for DelegatorVoteCircuit { .expect("able to witness just-inserted note commitment"); let start_position = state_commitment_proof.position(); - Self { + let public = DelegatorVoteProofPublic { + anchor, + balance_commitment: balance::Commitment(decaf377::basepoint()), + nullifier, + rk, + start_position, + }; + let private = DelegatorVoteProofPrivate { state_commitment_proof, note, v_blinding, spend_auth_randomizer, ak, nk, - anchor, - balance_commitment: balance::Commitment(decaf377::basepoint()), - nullifier, - rk, - start_position, - } + }; + + Self { public, private } } } @@ -354,7 +305,7 @@ impl DelegatorVoteProof { public: DelegatorVoteProofPublic, private: DelegatorVoteProofPrivate, ) -> anyhow::Result { - let circuit = DelegatorVoteCircuit::new(public, private); + let circuit = DelegatorVoteCircuit { public, private }; let proof = Groth16::::create_proof_with_reduction( circuit, pk, blinding_r, blinding_s, ) diff --git a/crates/core/component/shielded-pool/src/nullifier_derivation.rs b/crates/core/component/shielded-pool/src/nullifier_derivation.rs index b818b125fe..86b4d4bfd8 100644 --- a/crates/core/component/shielded-pool/src/nullifier_derivation.rs +++ b/crates/core/component/shielded-pool/src/nullifier_derivation.rs @@ -60,7 +60,7 @@ fn check_circuit_satisfaction( use ark_relations::r1cs::{self, ConstraintSystem}; let cs = ConstraintSystem::new_ref(); - let circuit = NullifierDerivationCircuit::new(public, private); + let circuit = NullifierDerivationCircuit { public, private }; cs.set_optimization_goal(r1cs::OptimizationGoal::Constraints); circuit .generate_constraints(cs.clone()) @@ -75,44 +75,22 @@ fn check_circuit_satisfaction( /// Groth16 proof for correct nullifier derivation. #[derive(Clone, Debug)] pub struct NullifierDerivationCircuit { - /// The nullifier deriving key. - nk: NullifierKey, - /// the position of the spent note. - position: tct::Position, - /// A commitment to the spent note. - note_commitment: StateCommitment, - /// nullifier of the spent note. - nullifier: Nullifier, -} - -impl NullifierDerivationCircuit { - fn new( - NullifierDerivationProofPublic { - position, - note_commitment, - nullifier, - }: NullifierDerivationProofPublic, - NullifierDerivationProofPrivate { nk }: NullifierDerivationProofPrivate, - ) -> Self { - Self { - nk, - note_commitment, - nullifier, - position, - } - } + public: NullifierDerivationProofPublic, + private: NullifierDerivationProofPrivate, } impl ConstraintSynthesizer for NullifierDerivationCircuit { fn generate_constraints(self, cs: ConstraintSystemRef) -> ark_relations::r1cs::Result<()> { // Witnesses - let nk_var = NullifierKeyVar::new_witness(cs.clone(), || Ok(self.nk))?; + let nk_var = NullifierKeyVar::new_witness(cs.clone(), || Ok(self.private.nk))?; // Public inputs - let claimed_nullifier_var = NullifierVar::new_input(cs.clone(), || Ok(self.nullifier))?; - let note_commitment_var = - tct::r1cs::StateCommitmentVar::new_input(cs.clone(), || Ok(self.note_commitment))?; - let position_var = tct::r1cs::PositionVar::new_input(cs, || Ok(self.position))?; + let claimed_nullifier_var = + NullifierVar::new_input(cs.clone(), || Ok(self.public.nullifier))?; + let note_commitment_var = tct::r1cs::StateCommitmentVar::new_input(cs.clone(), || { + Ok(self.public.note_commitment) + })?; + let position_var = tct::r1cs::PositionVar::new_input(cs, || Ok(self.public.position))?; // Nullifier integrity. let nullifier_var = NullifierVar::derive(&nk_var, &position_var, ¬e_commitment_var)?; @@ -147,12 +125,14 @@ impl DummyWitness for NullifierDerivationCircuit { .expect("able to witness just-inserted note commitment"); let position = state_commitment_proof.position(); - Self { + let public = NullifierDerivationProofPublic { + position, note_commitment, - nk, nullifier, - position, - } + }; + let private = NullifierDerivationProofPrivate { nk }; + + Self { public, private } } } @@ -166,7 +146,7 @@ impl NullifierDerivationProof { public: NullifierDerivationProofPublic, private: NullifierDerivationProofPrivate, ) -> anyhow::Result { - let circuit = NullifierDerivationCircuit::new(public, private); + let circuit = NullifierDerivationCircuit { public, private }; let proof = Groth16::::prove(pk, circuit, rng) .map_err(|err| anyhow::anyhow!(err))?; let mut proof_bytes = [0u8; GROTH16_PROOF_LENGTH_BYTES]; diff --git a/crates/core/component/shielded-pool/src/spend/proof.rs b/crates/core/component/shielded-pool/src/spend/proof.rs index bd98882ce4..0a05b307c8 100644 --- a/crates/core/component/shielded-pool/src/spend/proof.rs +++ b/crates/core/component/shielded-pool/src/spend/proof.rs @@ -118,7 +118,7 @@ fn check_circuit_satisfaction(public: SpendProofPublic, private: SpendProofPriva use ark_relations::r1cs::{self, ConstraintSystem}; let cs = ConstraintSystem::new_ref(); - let circuit = SpendCircuit::new(public, private); + let circuit = SpendCircuit { public, private }; cs.set_optimization_goal(r1cs::OptimizationGoal::Constraints); circuit .generate_constraints(cs.clone()) @@ -133,92 +133,43 @@ fn check_circuit_satisfaction(public: SpendProofPublic, private: SpendProofPriva /// Groth16 proof for spending existing notes. #[derive(Clone, Debug)] pub struct SpendCircuit { - /// Inclusion proof for the note commitment. - state_commitment_proof: tct::Proof, - /// The note being spent. - note: Note, - /// The blinding factor used for generating the value commitment. - v_blinding: Fr, - /// The randomizer used for generating the randomized spend auth key. - spend_auth_randomizer: Fr, - /// The spend authorization key. - ak: VerificationKey, - /// The nullifier deriving key. - nk: NullifierKey, - - /// the merkle root of the state commitment tree. - anchor: tct::Root, - /// value commitment of the note to be spent. - balance_commitment: balance::Commitment, - /// nullifier of the note to be spent. - nullifier: Nullifier, - /// the randomized verification spend key. - rk: VerificationKey, -} - -impl SpendCircuit { - fn new( - SpendProofPublic { - anchor, - balance_commitment, - nullifier, - rk, - }: SpendProofPublic, - SpendProofPrivate { - state_commitment_proof, - note, - v_blinding, - spend_auth_randomizer, - ak, - nk, - }: SpendProofPrivate, - ) -> Self { - Self { - state_commitment_proof, - note, - v_blinding, - spend_auth_randomizer, - ak, - nk, - anchor, - balance_commitment, - nullifier, - rk, - } - } + public: SpendProofPublic, + private: SpendProofPrivate, } impl ConstraintSynthesizer for SpendCircuit { fn generate_constraints(self, cs: ConstraintSystemRef) -> ark_relations::r1cs::Result<()> { // Witnesses - let note_var = note::NoteVar::new_witness(cs.clone(), || Ok(self.note.clone()))?; + let note_var = note::NoteVar::new_witness(cs.clone(), || Ok(self.private.note.clone()))?; let claimed_note_commitment = StateCommitmentVar::new_witness(cs.clone(), || { - Ok(self.state_commitment_proof.commitment()) + Ok(self.private.state_commitment_proof.commitment()) })?; let position_var = tct::r1cs::PositionVar::new_witness(cs.clone(), || { - Ok(self.state_commitment_proof.position()) + Ok(self.private.state_commitment_proof.position()) })?; let position_bits = position_var.to_bits_le()?; let merkle_path_var = tct::r1cs::MerkleAuthPathVar::new_witness(cs.clone(), || { - Ok(self.state_commitment_proof) + Ok(self.private.state_commitment_proof) })?; - let v_blinding_arr: [u8; 32] = self.v_blinding.to_bytes(); + let v_blinding_arr: [u8; 32] = self.private.v_blinding.to_bytes(); let v_blinding_vars = UInt8::new_witness_vec(cs.clone(), &v_blinding_arr)?; - let spend_auth_randomizer_var = - SpendAuthRandomizerVar::new_witness(cs.clone(), || Ok(self.spend_auth_randomizer))?; + let spend_auth_randomizer_var = SpendAuthRandomizerVar::new_witness(cs.clone(), || { + Ok(self.private.spend_auth_randomizer) + })?; let ak_element_var: AuthorizationKeyVar = - AuthorizationKeyVar::new_witness(cs.clone(), || Ok(self.ak))?; - let nk_var = NullifierKeyVar::new_witness(cs.clone(), || Ok(self.nk))?; + AuthorizationKeyVar::new_witness(cs.clone(), || Ok(self.private.ak))?; + let nk_var = NullifierKeyVar::new_witness(cs.clone(), || Ok(self.private.nk))?; // Public inputs - let anchor_var = FqVar::new_input(cs.clone(), || Ok(Fq::from(self.anchor)))?; + let anchor_var = FqVar::new_input(cs.clone(), || Ok(Fq::from(self.public.anchor)))?; let claimed_balance_commitment_var = - BalanceCommitmentVar::new_input(cs.clone(), || Ok(self.balance_commitment))?; - let claimed_nullifier_var = NullifierVar::new_input(cs.clone(), || Ok(self.nullifier))?; - let rk_var = RandomizedVerificationKey::new_input(cs.clone(), || Ok(self.rk))?; + BalanceCommitmentVar::new_input(cs.clone(), || Ok(self.public.balance_commitment))?; + let claimed_nullifier_var = + NullifierVar::new_input(cs.clone(), || Ok(self.public.nullifier))?; + let rk_var = RandomizedVerificationKey::new_input(cs.clone(), || Ok(self.public.rk))?; // We short circuit to true if value released is 0. That means this is a _dummy_ spend. let is_dummy = note_var.amount().is_eq(&FqVar::zero())?; @@ -299,18 +250,22 @@ impl DummyWitness for SpendCircuit { .witness(note_commitment) .expect("able to witness just-inserted note commitment"); - Self { + let public = SpendProofPublic { + anchor, + balance_commitment: balance::Commitment(decaf377::basepoint()), + nullifier, + rk, + }; + let private = SpendProofPrivate { state_commitment_proof, note, v_blinding, spend_auth_randomizer, ak, nk, - anchor, - balance_commitment: balance::Commitment(decaf377::basepoint()), - nullifier, - rk, - } + }; + + Self { public, private } } } @@ -327,7 +282,7 @@ impl SpendProof { public: SpendProofPublic, private: SpendProofPrivate, ) -> anyhow::Result { - let circuit = SpendCircuit::new(public, private); + let circuit = SpendCircuit { public, private }; let proof = Groth16::::create_proof_with_reduction( circuit, pk, blinding_r, blinding_s, )