From 024188b63826a2ed615e2835a44eae8e3f3a7e43 Mon Sep 17 00:00:00 2001 From: Jordi Baylina Date: Thu, 5 Sep 2019 17:10:20 +0200 Subject: [PATCH] Support mutiply by point 0 in scalarmulany --- circuits/escalarmulany.circom | 16 ++++++++++------ circuits/escalarmulfix.circom | 2 +- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/circuits/escalarmulany.circom b/circuits/escalarmulany.circom index 50c0c7e..3f6aec4 100644 --- a/circuits/escalarmulany.circom +++ b/circuits/escalarmulany.circom @@ -19,6 +19,7 @@ include "montgomery.circom"; include "babyjub.circom"; +include "comparators.circom"; template Multiplexor2() { signal input sel; @@ -138,6 +139,8 @@ template EscalarMulAny(n) { component doublers[nsegments-1]; component m2e[nsegments-1]; component adders[nsegments-1]; + component zeropoint = IsZero(); + zeropoint.in <== p[0]; var s; var i; @@ -154,8 +157,9 @@ template EscalarMulAny(n) { } if (s==0) { - p[0] ==> segments[s].p[0]; - p[1] ==> segments[s].p[1]; + // force G8 point if input point is zero + segments[s].p[0] <== p[0] + (5299619240641551281634865583518297030282874472190772894086521144482721001553 - p[0])*zeropoint.out; + segments[s].p[1] <== p[1] + (16950150798460657717958625567821834550301663161624707787222815936182638968203 - p[1])*zeropoint.out; } else { doublers[s-1] = MontgomeryDouble(); m2e[s-1] = Montgomery2Edwards(); @@ -183,10 +187,10 @@ template EscalarMulAny(n) { } if (nsegments == 1) { - segments[0].out[0] ==> out[0]; - segments[0].out[1] ==> out[1]; + segments[0].out[0]*(1-zeropoint.out) ==> out[0]; + segments[0].out[1]+(1-segments[0].out[1])*zeropoint.out ==> out[1]; } else { - adders[nsegments-2].xout ==> out[0]; - adders[nsegments-2].yout ==> out[1]; + adders[nsegments-2].xout*(1-zeropoint.out) ==> out[0]; + adders[nsegments-2].yout+(1-adders[nsegments-2].yout)*zeropoint.out ==> out[1]; } } diff --git a/circuits/escalarmulfix.circom b/circuits/escalarmulfix.circom index e8262c0..8e3e031 100644 --- a/circuits/escalarmulfix.circom +++ b/circuits/escalarmulfix.circom @@ -246,7 +246,7 @@ template EscalarMulFix(n, BASE) { var s; var i; var nseg; - var nWindows + var nWindows; for (s=0; s