Auto merge of #1104 - ebfull:libsnark-updates, r=ebfull

Update libsnark We have now forked libsnark's current master and applied the following patches: * [`9216072`: Remove code that we don't use.](9216072c3b) (unblocks #69) * [`dcb78b2`: Modify makefile to stop compiling things we removed.](dcb78b24d9) * [`a6b0ad0`: Use libsodium's PRNG](a6b0ad0c80) (closes #780) * [`4036716`: Don't (de)serialize the constraint system in the proving key.](403671675a) (closes #491) * [`a703148`: Taylor's compilation patch](a7031481fd) (@defuse can you submit this to upstream?) This PR adopts those changes, and makes the requisite changes to Zcash to support them. I have decided to not bring libsnark in tree for the time being, though it should be incredibly easy to do later if we're *absolutely* sure we should.
2016-07-18 18:04:56 +00:00
parent f30580744f bf76024eb7
commit e613014526
5 changed files with 37 additions and 85 deletions
--- a/src/zcash/GenerateParams.cpp
+++ b/src/zcash/GenerateParams.cpp
@@ -1,9 +1,14 @@
 #include "zcash/JoinSplit.hpp"

 #include <iostream>
+#include "sodium.h"

 int main(int argc, char **argv)
 {
+    if (sodium_init() == -1) {
+        return 1;
+    }
+
    if(argc != 3) {
        std::cerr << "Usage: " << argv[0] << " provingKeyFileName verificationKeyFileName" << std::endl;
        return 1;
--- a/src/zcash/JoinSplit.cpp
+++ b/src/zcash/JoinSplit.cpp
@@ -231,37 +231,40 @@ public:
            out_macs[i] = PRF_pk(inputs[i].key, i, h_sig);
        }

-        std::vector<FieldT> primary_input;
-        std::vector<FieldT> aux_input;
-
+        protoboard<FieldT> pb;
        {
-            protoboard<FieldT> pb;
-            {
-                joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
-                g.generate_r1cs_constraints();
-                g.generate_r1cs_witness(
-                    phi,
-                    rt,
-                    h_sig,
-                    inputs,
-                    out_notes,
-                    vpub_old,
-                    vpub_new
-                );
-            }
-
-            if (!pb.is_satisfied()) {
-                throw std::invalid_argument("Constraint system not satisfied by inputs");
-            }
-
-            primary_input = pb.primary_input();
-            aux_input = pb.auxiliary_input();
+            joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
+            g.generate_r1cs_constraints();
+            g.generate_r1cs_witness(
+                phi,
+                rt,
+                h_sig,
+                inputs,
+                out_notes,
+                vpub_old,
+                vpub_new
+            );
        }

+        if (!pb.is_satisfied()) {
+            throw std::invalid_argument("Constraint system not satisfied by inputs");
+        }
+
+        // TODO: These are copies, which is not strictly necessary.
+        std::vector<FieldT> primary_input = pb.primary_input();
+        std::vector<FieldT> aux_input = pb.auxiliary_input();
+
+        // Swap A and B if it's beneficial (less arithmetic in G2)
+        // In our circuit, we already know that it's beneficial
+        // to swap, but it takes so little time to perform this
+        // estimate that it doesn't matter if we check every time.
+        pb.constraint_system.swap_AB_if_beneficial();
+
        auto proof = r1cs_ppzksnark_prover<ppzksnark_ppT>(
            *pk,
            primary_input,
-            aux_input
+            aux_input,
+            pb.constraint_system
        );

        std::stringstream ss;