arnaucube/ark-r1cs-std
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-r1cs-std.git synced 2026-01-09 23:41:33 +01:00
Code Issues Projects Releases Wiki Activity

Fix SW to_affine (#9)

Browse Source 
Adds constraints to check that the conversion to affine coordinates happened correctly.
This commit is contained in:
Pratyush Mishra
2020-11-10 10:46:44 -08:00
committed by GitHub
parent e5ec2e66d3
commit ceec513f62
1 changed files with 12 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/groups/curves/short_weierstrass/mod.rs
View File

@@ -149,40 +149,25 @@ where
/// Convert this point into affine form. /// Convert this point into affine form.
#[tracing::instrument(target = "r1cs")] #[tracing::instrument(target = "r1cs")]
pub fn to_affine(&self) -> Result<AffineVar<P, F>, SynthesisError> { pub fn to_affine(&self) -> Result<AffineVar<P, F>, SynthesisError> {
let cs = self.cs(); if self.is_constant() {
let mode = if self.is_constant() {
let point = self.value()?.into_affine(); let point = self.value()?.into_affine();
let x = F::new_constant(ConstraintSystemRef::None, point.x)?; let x = F::new_constant(ConstraintSystemRef::None, point.x)?;
let y = F::new_constant(ConstraintSystemRef::None, point.y)?; let y = F::new_constant(ConstraintSystemRef::None, point.y)?;
let infinity = Boolean::constant(point.infinity); let infinity = Boolean::constant(point.infinity);
return Ok(AffineVar::new(x, y, infinity)); Ok(AffineVar::new(x, y, infinity))
} else { } else {
AllocationMode::Witness let infinity = self.is_zero()?;
}; let zero_x = F::zero();
let zero_y = F::one();
let infinity = self.is_zero()?; let non_zero_x = &self.x * &self.z;
let zero_x = F::zero(); let non_zero_y = &self.y * &self.z;
let zero_y = F::one();
let non_zero_x = F::new_variable( let x = infinity.select(&zero_x, &non_zero_x)?;
ark_relations::ns!(cs, "non-zero x"), let y = infinity.select(&zero_y, &non_zero_y)?;
|| {
let z_inv = self.z.value()?.inverse().unwrap_or(P::BaseField::zero()); Ok(AffineVar::new(x, y, infinity))
Ok(self.x.value()? * &z_inv) }
},
mode,
)?;
let non_zero_y = F::new_variable(
ark_relations::ns!(cs, "non-zero y"),
|| {
let z_inv = self.z.value()?.inverse().unwrap_or(P::BaseField::zero());
Ok(self.y.value()? * &z_inv)
},
mode,
)?;
let x = infinity.select(&zero_x, &non_zero_x)?;
let y = infinity.select(&zero_y, &non_zero_y)?;
Ok(AffineVar::new(x, y, infinity))
} }
/// Allocates a new variable without performing an on-curve check, which is /// Allocates a new variable without performing an on-curve check, which is