Browse Source

Fix SW `to_affine` (#9)

Adds constraints to check that the conversion to affine coordinates happened correctly.
master
Pratyush Mishra 4 years ago
committed by GitHub
parent
commit
ceec513f62
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 28 deletions
  1. +13
    -28
      src/groups/curves/short_weierstrass/mod.rs

+ 13
- 28
src/groups/curves/short_weierstrass/mod.rs

@ -149,40 +149,25 @@ where
/// Convert this point into affine form.
#[tracing::instrument(target = "r1cs")]
pub fn to_affine(&self) -> Result<AffineVar<P, F>, SynthesisError> {
let cs = self.cs();
let mode = if self.is_constant() {
if self.is_constant() {
let point = self.value()?.into_affine();
let x = F::new_constant(ConstraintSystemRef::None, point.x)?;
let y = F::new_constant(ConstraintSystemRef::None, point.y)?;
let infinity = Boolean::constant(point.infinity);
return Ok(AffineVar::new(x, y, infinity));
Ok(AffineVar::new(x, y, infinity))
} else {
AllocationMode::Witness
};
let infinity = self.is_zero()?;
let zero_x = F::zero();
let zero_y = F::one();
let non_zero_x = &self.x * &self.z;
let non_zero_y = &self.y * &self.z;
let infinity = self.is_zero()?;
let zero_x = F::zero();
let zero_y = F::one();
let non_zero_x = F::new_variable(
ark_relations::ns!(cs, "non-zero x"),
|| {
let z_inv = self.z.value()?.inverse().unwrap_or(P::BaseField::zero());
Ok(self.x.value()? * &z_inv)
},
mode,
)?;
let non_zero_y = F::new_variable(
ark_relations::ns!(cs, "non-zero y"),
|| {
let z_inv = self.z.value()?.inverse().unwrap_or(P::BaseField::zero());
Ok(self.y.value()? * &z_inv)
},
mode,
)?;
let x = infinity.select(&zero_x, &non_zero_x)?;
let y = infinity.select(&zero_y, &non_zero_y)?;
Ok(AffineVar::new(x, y, infinity))
let x = infinity.select(&zero_x, &non_zero_x)?;
let y = infinity.select(&zero_y, &non_zero_y)?;
Ok(AffineVar::new(x, y, infinity))
}
}
/// Allocates a new variable without performing an on-curve check, which is

Loading…
Cancel
Save