From 01f2a4037a3c3209068109db24b7245c29bba16a Mon Sep 17 00:00:00 2001 From: Song Xuyang Date: Thu, 23 Nov 2023 18:47:46 +0800 Subject: [PATCH] rename rho to nonce, NullifierKeyContainer to NullifierPublicKey --- taiga_halo2/benches/action_proof.rs | 26 ++-- taiga_halo2/benches/vp_proof.rs | 26 ++-- .../cascaded_partial_transactions.rs | 8 +- .../partial_fulfillment_token_swap.rs | 6 +- taiga_halo2/examples/tx_examples/token.rs | 4 +- .../tx_examples/token_swap_with_intent.rs | 28 ++-- .../tx_examples/token_swap_without_intent.rs | 14 +- taiga_halo2/src/action.rs | 8 +- taiga_halo2/src/circuit/integrity.rs | 64 ++++---- .../src/circuit/resource_commitment.rs | 8 +- taiga_halo2/src/circuit/vp_circuit.rs | 20 ++- .../src/circuit/vp_examples/cascade_intent.rs | 4 +- .../circuit/vp_examples/or_relation_intent.rs | 36 ++--- .../partial_fulfillment_intent/label.rs | 18 +-- .../partial_fulfillment_intent/swap.rs | 23 ++- .../src/circuit/vp_examples/receiver_vp.rs | 25 ++-- taiga_halo2/src/circuit/vp_examples/token.rs | 8 +- taiga_halo2/src/nullifier.rs | 70 +++++---- taiga_halo2/src/resource.rs | 138 +++++++++--------- taiga_halo2/src/shielded_ptx.rs | 16 +- taiga_halo2/src/taiga_api.rs | 18 +-- taiga_halo2/src/utils.rs | 6 +- 22 files changed, 281 insertions(+), 293 deletions(-) diff --git a/taiga_halo2/benches/action_proof.rs b/taiga_halo2/benches/action_proof.rs index 6f6ad45c..10ca9c0a 100644 --- a/taiga_halo2/benches/action_proof.rs +++ b/taiga_halo2/benches/action_proof.rs @@ -14,7 +14,7 @@ use taiga_halo2::{ TAIGA_COMMITMENT_TREE_DEPTH, }, merkle_tree::MerklePath, - nullifier::{Nullifier, NullifierKeyContainer}, + nullifier::{Nullifier, NullifierPublicKey}, resource::{RandomSeed, Resource, ResourceKind}, }; @@ -22,8 +22,8 @@ fn bench_action_proof(name: &str, c: &mut Criterion) { let mut rng = OsRng; let action_info = { let input_resource = { - let rho = Nullifier::from(pallas::Base::random(&mut rng)); - let nk = NullifierKeyContainer::from_key(pallas::Base::random(&mut rng)); + let nonce = Nullifier::from(pallas::Base::random(&mut rng)); + let nk = NullifierPublicKey::from_key(pallas::Base::random(&mut rng)); let kind = { let logic = pallas::Base::random(&mut rng); let label = pallas::Base::random(&mut rng); @@ -36,16 +36,16 @@ fn bench_action_proof(name: &str, c: &mut Criterion) { kind, value, quantity, - nk_container: nk, + npk: nk, is_merkle_checked: true, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), - rho, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), + nonce, } }; let mut output_resource = { - let rho = input_resource.get_nf().unwrap(); - let nk_com = NullifierKeyContainer::from_commitment(pallas::Base::random(&mut rng)); + let nonce = input_resource.get_nf().unwrap(); + let npk = NullifierPublicKey::from_pk(pallas::Base::random(&mut rng)); let kind = { let logic = pallas::Base::random(&mut rng); let label = pallas::Base::random(&mut rng); @@ -58,11 +58,11 @@ fn bench_action_proof(name: &str, c: &mut Criterion) { kind, value, quantity, - nk_container: nk_com, + npk: npk, is_merkle_checked: true, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), - rho, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), + nonce, } }; let input_merkle_path = MerklePath::random(&mut rng, TAIGA_COMMITMENT_TREE_DEPTH); diff --git a/taiga_halo2/benches/vp_proof.rs b/taiga_halo2/benches/vp_proof.rs index bc4439a8..0323f7c2 100644 --- a/taiga_halo2/benches/vp_proof.rs +++ b/taiga_halo2/benches/vp_proof.rs @@ -8,7 +8,7 @@ use rand::Rng; use taiga_halo2::{ circuit::{vp_circuit::ValidityPredicateCircuit, vp_examples::TrivialValidityPredicateCircuit}, constant::{NUM_RESOURCE, SETUP_PARAMS_MAP, VP_CIRCUIT_PARAMS_SIZE}, - nullifier::{Nullifier, NullifierKeyContainer}, + nullifier::{Nullifier, NullifierPublicKey}, proof::Proof, resource::{RandomSeed, Resource, ResourceKind}, }; @@ -18,8 +18,8 @@ fn bench_vp_proof(name: &str, c: &mut Criterion) { let vp_circuit = { let input_resources = [(); NUM_RESOURCE].map(|_| { - let rho = Nullifier::from(pallas::Base::random(&mut rng)); - let nk = NullifierKeyContainer::from_key(pallas::Base::random(&mut rng)); + let nonce = Nullifier::from(pallas::Base::random(&mut rng)); + let nk = NullifierPublicKey::from_key(pallas::Base::random(&mut rng)); let kind = { let logic = pallas::Base::random(&mut rng); let label = pallas::Base::random(&mut rng); @@ -32,18 +32,18 @@ fn bench_vp_proof(name: &str, c: &mut Criterion) { kind, value, quantity, - nk_container: nk, + npk: nk, is_merkle_checked: true, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), - rho, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), + nonce, } }); let output_resources = input_resources .iter() .map(|input| { - let rho = input.get_nf().unwrap(); - let nk_com = NullifierKeyContainer::from_commitment(pallas::Base::random(&mut rng)); + let nonce = input.get_nf().unwrap(); + let npk = NullifierPublicKey::from_pk(pallas::Base::random(&mut rng)); let kind = { let logic = pallas::Base::random(&mut rng); let label = pallas::Base::random(&mut rng); @@ -56,11 +56,11 @@ fn bench_vp_proof(name: &str, c: &mut Criterion) { kind, value, quantity, - nk_container: nk_com, + npk, is_merkle_checked: true, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), - rho, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), + nonce, } }) .collect::>(); diff --git a/taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs b/taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs index e8be03b3..37140218 100644 --- a/taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs +++ b/taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs @@ -24,14 +24,14 @@ pub fn create_transaction(mut rng: R) -> Transaction { let alice_nk = pallas::Base::random(&mut rng); let bob_auth = TokenAuthorization::random(&mut rng); - let bob_nk_com = pallas::Base::random(&mut rng); + let bob_npk = pallas::Base::random(&mut rng); let input_token_1 = Token::new("btc".to_string(), 1u64); let input_resource_1 = input_token_1.create_random_input_token_resource(&mut rng, alice_nk, &alice_auth); let output_token_1 = Token::new("btc".to_string(), 1u64); let mut output_resource_1 = - output_token_1.create_random_output_token_resource(bob_nk_com, &bob_auth); + output_token_1.create_random_output_token_resource(bob_npk, &bob_auth); let input_token_2 = Token::new("eth".to_string(), 2u64); let input_resource_2 = input_token_2.create_random_input_token_resource(&mut rng, alice_nk, &alice_auth); @@ -43,10 +43,10 @@ pub fn create_transaction(mut rng: R) -> Transaction { create_intent_resource(&mut rng, input_resource_3.commitment().inner(), alice_nk); let output_token_2 = Token::new("eth".to_string(), 2u64); let mut output_resource_2 = - output_token_2.create_random_output_token_resource(bob_nk_com, &bob_auth); + output_token_2.create_random_output_token_resource(bob_npk, &bob_auth); let output_token_3 = Token::new("xan".to_string(), 3u64); let mut output_resource_3 = - output_token_3.create_random_output_token_resource(bob_nk_com, &bob_auth); + output_token_3.create_random_output_token_resource(bob_npk, &bob_auth); let merkle_path = MerklePath::random(&mut rng, TAIGA_COMMITMENT_TREE_DEPTH); diff --git a/taiga_halo2/examples/tx_examples/partial_fulfillment_token_swap.rs b/taiga_halo2/examples/tx_examples/partial_fulfillment_token_swap.rs index 118969d5..ec913e9a 100644 --- a/taiga_halo2/examples/tx_examples/partial_fulfillment_token_swap.rs +++ b/taiga_halo2/examples/tx_examples/partial_fulfillment_token_swap.rs @@ -17,7 +17,7 @@ use taiga_halo2::{ }, constant::TAIGA_COMMITMENT_TREE_DEPTH, merkle_tree::{Anchor, MerklePath}, - nullifier::NullifierKeyContainer, + nullifier::NullifierPublicKey, resource::{Resource, ResourceValidityPredicates}, shielded_ptx::ShieldedPartialTransaction, transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle}, @@ -223,7 +223,7 @@ pub fn create_token_swap_transaction(mut rng: R) -> Tran // Bob creates the partial transaction with 1 DOLPHIN input and 5 BTC output let bob_auth_sk = pallas::Scalar::random(&mut rng); let bob_auth_pk = generator * bob_auth_sk; - let bob_nk = NullifierKeyContainer::random_key(&mut rng); + let bob_nk = NullifierPublicKey::random_key(&mut rng); let offer = Token::new("eth".to_string(), 5); let returned = Token::new("btc".to_string(), 1); @@ -234,7 +234,7 @@ pub fn create_token_swap_transaction(mut rng: R) -> Tran bob_nk.get_nk().unwrap(), returned, bob_auth_pk, - bob_nk.get_commitment(), + bob_nk.get_pk(), ); // Solver/Bob creates the partial transaction to consume the intent resource diff --git a/taiga_halo2/examples/tx_examples/token.rs b/taiga_halo2/examples/tx_examples/token.rs index 6caebe2a..9d9aec9a 100644 --- a/taiga_halo2/examples/tx_examples/token.rs +++ b/taiga_halo2/examples/tx_examples/token.rs @@ -23,7 +23,7 @@ pub fn create_token_swap_ptx( input_nk: pallas::Base, output_token: Token, output_auth_pk: pallas::Point, - output_nk_com: pallas::Base, + output_npk: pallas::Base, ) -> ShieldedPartialTransaction { let input_auth = TokenAuthorization::from_sk_vk(&input_auth_sk, &COMPRESSED_TOKEN_AUTH_VK); @@ -34,7 +34,7 @@ pub fn create_token_swap_ptx( // output resource let output_auth = TokenAuthorization::new(output_auth_pk, *COMPRESSED_TOKEN_AUTH_VK); let mut output_resource = - output_token.create_random_output_token_resource(output_nk_com, &output_auth); + output_token.create_random_output_token_resource(output_npk, &output_auth); // padding the zero resources let padding_input_resource = Resource::random_padding_resource(&mut rng); diff --git a/taiga_halo2/examples/tx_examples/token_swap_with_intent.rs b/taiga_halo2/examples/tx_examples/token_swap_with_intent.rs index b535c415..48d2509c 100644 --- a/taiga_halo2/examples/tx_examples/token_swap_with_intent.rs +++ b/taiga_halo2/examples/tx_examples/token_swap_with_intent.rs @@ -17,7 +17,7 @@ use taiga_halo2::{ }, constant::TAIGA_COMMITMENT_TREE_DEPTH, merkle_tree::{Anchor, MerklePath}, - nullifier::NullifierKeyContainer, + nullifier::NullifierPublicKey, resource::{Resource, ResourceValidityPredicates}, shielded_ptx::ShieldedPartialTransaction, transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle}, @@ -43,12 +43,12 @@ pub fn create_token_intent_ptx( input_token.create_random_input_token_resource(&mut rng, input_nk, &input_auth); // output intent resource - let input_resource_nk_com = input_resource.get_nk_commitment(); + let input_resource_npk = input_resource.get_npk(); let mut intent_resource = create_intent_resource( &mut rng, &token_1, &token_2, - input_resource_nk_com, + input_resource_npk, input_resource.value, input_nk, ); @@ -102,7 +102,7 @@ pub fn create_token_intent_ptx( output_resources, token_1, token_2, - receiver_nk_com: input_resource_nk_com, + receiver_npk: input_resource_npk, receiver_value: input_resource.value, }; @@ -133,7 +133,7 @@ pub fn create_token_intent_ptx( let ptx = ShieldedPartialTransaction::build(actions, input_vps, output_vps, vec![], &mut rng) .unwrap(); - (ptx, input_nk, input_resource_nk_com, input_resource.value) + (ptx, input_nk, input_resource_npk, input_resource.value) } #[allow(clippy::too_many_arguments)] @@ -142,7 +142,7 @@ pub fn consume_token_intent_ptx( token_1: Token, token_2: Token, input_nk: pallas::Base, - receiver_nk_com: pallas::Base, + receiver_npk: pallas::Base, receiver_value: pallas::Base, output_token: Token, output_auth_pk: pallas::Point, @@ -152,7 +152,7 @@ pub fn consume_token_intent_ptx( &mut rng, &token_1, &token_2, - receiver_nk_com, + receiver_npk, receiver_value, input_nk, ); @@ -160,9 +160,9 @@ pub fn consume_token_intent_ptx( // output resource let input_resource_nf = intent_resource.get_nf().unwrap(); let output_auth = TokenAuthorization::new(output_auth_pk, *COMPRESSED_TOKEN_AUTH_VK); - let output_nk_com = NullifierKeyContainer::from_key(input_nk).get_commitment(); + let output_npk = NullifierPublicKey::from_key(input_nk).get_pk(); let mut output_resource = - output_token.create_random_output_token_resource(output_nk_com, &output_auth); + output_token.create_random_output_token_resource(output_npk, &output_auth); // padding the zero resources let padding_input_resource = Resource::random_padding_resource(&mut rng); @@ -205,7 +205,7 @@ pub fn consume_token_intent_ptx( output_resources, token_1, token_2, - receiver_nk_com, + receiver_npk, receiver_value, }; @@ -254,7 +254,7 @@ pub fn create_token_swap_intent_transaction(mut rng: R) let token_1 = Token::new("dolphin".to_string(), 1u64); let token_2 = Token::new("monkey".to_string(), 2u64); let btc_token = Token::new("btc".to_string(), 5u64); - let (alice_ptx, intent_nk, receiver_nk_com, receiver_value) = create_token_intent_ptx( + let (alice_ptx, intent_nk, receiver_npk, receiver_value) = create_token_intent_ptx( &mut rng, token_1.clone(), token_2.clone(), @@ -266,7 +266,7 @@ pub fn create_token_swap_intent_transaction(mut rng: R) // Bob creates the partial transaction with 1 DOLPHIN input and 5 BTC output let bob_auth_sk = pallas::Scalar::random(&mut rng); let bob_auth_pk = generator * bob_auth_sk; - let bob_nk = NullifierKeyContainer::random_key(&mut rng); + let bob_nk = NullifierPublicKey::random_key(&mut rng); let bob_ptx = create_token_swap_ptx( &mut rng, @@ -275,7 +275,7 @@ pub fn create_token_swap_intent_transaction(mut rng: R) bob_nk.get_nk().unwrap(), btc_token, bob_auth_pk, - bob_nk.get_commitment(), + bob_nk.get_pk(), ); // Solver/Bob creates the partial transaction to consume the intent resource @@ -285,7 +285,7 @@ pub fn create_token_swap_intent_transaction(mut rng: R) token_1.clone(), token_2, intent_nk, - receiver_nk_com, + receiver_npk, receiver_value, token_1, alice_auth_pk, diff --git a/taiga_halo2/examples/tx_examples/token_swap_without_intent.rs b/taiga_halo2/examples/tx_examples/token_swap_without_intent.rs index e78f3843..82f663a8 100644 --- a/taiga_halo2/examples/tx_examples/token_swap_without_intent.rs +++ b/taiga_halo2/examples/tx_examples/token_swap_without_intent.rs @@ -10,7 +10,7 @@ use pasta_curves::{group::Curve, pallas}; use rand::{CryptoRng, RngCore}; use taiga_halo2::{ circuit::vp_examples::token::Token, - nullifier::NullifierKeyContainer, + nullifier::NullifierPublicKey, transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle}, }; @@ -24,7 +24,7 @@ pub fn create_token_swap_transaction(mut rng: R) -> Tran // Alice creates the partial transaction let alice_auth_sk = pallas::Scalar::random(&mut rng); let alice_auth_pk = generator * alice_auth_sk; - let alice_nk = NullifierKeyContainer::random_key(&mut rng); + let alice_nk = NullifierPublicKey::random_key(&mut rng); let alice_ptx = create_token_swap_ptx( &mut rng, @@ -33,13 +33,13 @@ pub fn create_token_swap_transaction(mut rng: R) -> Tran alice_nk.get_nk().unwrap(), eth_token.clone(), alice_auth_pk, - alice_nk.get_commitment(), + alice_nk.get_pk(), ); // Bob creates the partial transaction let bob_auth_sk = pallas::Scalar::random(&mut rng); let bob_auth_pk = generator * bob_auth_sk; - let bob_nk = NullifierKeyContainer::random_key(&mut rng); + let bob_nk = NullifierPublicKey::random_key(&mut rng); let bob_ptx = create_token_swap_ptx( &mut rng, @@ -48,13 +48,13 @@ pub fn create_token_swap_transaction(mut rng: R) -> Tran bob_nk.get_nk().unwrap(), xan_token.clone(), bob_auth_pk, - bob_nk.get_commitment(), + bob_nk.get_pk(), ); // Carol creates the partial transaction let carol_auth_sk = pallas::Scalar::random(&mut rng); let carol_auth_pk = generator * carol_auth_sk; - let carol_nk = NullifierKeyContainer::random_key(&mut rng); + let carol_nk = NullifierPublicKey::random_key(&mut rng); let carol_ptx = create_token_swap_ptx( &mut rng, @@ -63,7 +63,7 @@ pub fn create_token_swap_transaction(mut rng: R) -> Tran carol_nk.get_nk().unwrap(), btc_token, carol_auth_pk, - carol_nk.get_commitment(), + carol_nk.get_pk(), ); // Solver creates the final transaction diff --git a/taiga_halo2/src/action.rs b/taiga_halo2/src/action.rs index b96c7695..fad44225 100644 --- a/taiga_halo2/src/action.rs +++ b/taiga_halo2/src/action.rs @@ -120,7 +120,7 @@ impl BorshDeserialize for ActionPublicInputs { impl ActionInfo { // The dummy input resource must provide a valid custom_anchor, but a random merkle path // The normal input resource only needs to provide a valid merkle path. The anchor will be calculated from the resource and path. - // The rho of output_resource will be reset to the nullifier of input_resource + // The nonce of output_resource will be set to the nullifier of input_resource pub fn new( input_resource: Resource, input_merkle_path: MerklePath, @@ -133,7 +133,7 @@ impl ActionInfo { None => input_resource.calculate_root(&input_merkle_path), }; - output_resource.set_rho(&input_resource, &mut rng); + output_resource.set_nonce(&input_resource, &mut rng); Self { input_resource, @@ -180,8 +180,8 @@ impl ActionInfo { pub fn build(&self) -> (ActionPublicInputs, ActionCircuit) { let nf = self.get_input_resource_nullifer(); assert_eq!( - nf, self.output_resource.rho, - "The nf of input resource should be equal to the rho of output resource" + nf, self.output_resource.nonce, + "The nf of input resource should be equal to the nonce of output resource" ); let cm = self.get_output_resource_cm(); diff --git a/taiga_halo2/src/circuit/integrity.rs b/taiga_halo2/src/circuit/integrity.rs index 72eb5219..570cf247 100644 --- a/taiga_halo2/src/circuit/integrity.rs +++ b/taiga_halo2/src/circuit/integrity.rs @@ -26,11 +26,11 @@ pub fn nullifier_circuit( mut layouter: impl Layouter, poseidon_config: PoseidonConfig, nk: AssignedCell, - rho: AssignedCell, + nonce: AssignedCell, psi: AssignedCell, cm: AssignedCell, ) -> Result, Error> { - let poseidon_message = [nk, rho, psi, cm]; + let poseidon_message = [nk, nonce, psi, cm]; poseidon_hash_gadget( poseidon_config, layouter.namespace(|| "derive nullifier"), @@ -62,10 +62,10 @@ pub fn check_input_resource( pallas::Base::zero(), )?; - // nk_com = Com_r(nk, zero) - let nk_com = poseidon_hash_gadget( + // npk = Com_r(nk, zero) + let npk = poseidon_hash_gadget( resource_commit_chip.get_poseidon_config(), - layouter.namespace(|| "nk_com encoding"), + layouter.namespace(|| "npk encoding"), [nk_var.clone(), zero_constant], )?; @@ -97,11 +97,11 @@ pub fn check_input_resource( input_resource.quantity, )?; - // Witness rho - let rho = assign_free_advice( - layouter.namespace(|| "witness rho"), + // Witness nonce + let nonce = assign_free_advice( + layouter.namespace(|| "witness nonce"), advices[0], - Value::known(input_resource.rho.inner()), + Value::known(input_resource.nonce.inner()), )?; // Witness psi @@ -133,8 +133,8 @@ pub fn check_input_resource( logic.clone(), label.clone(), value.clone(), - nk_com.clone(), - rho.clone(), + npk.clone(), + nonce.clone(), psi.clone(), quantity.clone(), is_merkle_checked.clone(), @@ -146,7 +146,7 @@ pub fn check_input_resource( layouter.namespace(|| "Generate nullifier"), resource_commit_chip.get_poseidon_config(), nk_var, - rho.clone(), + nonce.clone(), psi.clone(), cm.clone(), )?; @@ -160,8 +160,8 @@ pub fn check_input_resource( label, is_merkle_checked, value, - rho, - nk_com, + nonce, + npk, psi, rcm, }; @@ -183,11 +183,11 @@ pub fn check_output_resource( old_nf: AssignedCell, cm_row_idx: usize, ) -> Result { - // Witness nk_com - let nk_com = assign_free_advice( - layouter.namespace(|| "witness nk_com"), + // Witness npk + let npk = assign_free_advice( + layouter.namespace(|| "witness npk"), advices[0], - Value::known(output_resource.get_nk_commitment()), + Value::known(output_resource.get_npk()), )?; // Witness value @@ -247,7 +247,7 @@ pub fn check_output_resource( logic.clone(), label.clone(), value.clone(), - nk_com.clone(), + npk.clone(), old_nf.clone(), psi.clone(), quantity.clone(), @@ -264,8 +264,8 @@ pub fn check_output_resource( quantity, is_merkle_checked, value, - rho: old_nf, - nk_com, + nonce: old_nf, + npk, psi, rcm, }; @@ -418,7 +418,7 @@ fn quantity_range_check( #[test] fn test_halo2_nullifier_circuit() { use crate::circuit::gadgets::assign_free_advice; - use crate::nullifier::{Nullifier, NullifierKeyContainer}; + use crate::nullifier::{Nullifier, NullifierPublicKey}; use crate::resource::ResourceCommitment; use halo2_gadgets::poseidon::{ primitives as poseidon, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig, @@ -433,8 +433,8 @@ fn test_halo2_nullifier_circuit() { #[derive(Default)] struct MyCircuit { - nk: NullifierKeyContainer, - rho: pallas::Base, + nk: NullifierPublicKey, + nonce: pallas::Base, psi: pallas::Base, cm: ResourceCommitment, } @@ -503,11 +503,11 @@ fn test_halo2_nullifier_circuit() { Value::known(self.nk.get_nk().unwrap()), )?; - // Witness rho - let rho = assign_free_advice( - layouter.namespace(|| "witness rho"), + // Witness nonce + let nonce = assign_free_advice( + layouter.namespace(|| "witness nonce"), advices[0], - Value::known(self.rho), + Value::known(self.nonce), )?; // Witness psi @@ -528,13 +528,13 @@ fn test_halo2_nullifier_circuit() { layouter.namespace(|| "nullifier"), poseidon_config, nk, - rho, + nonce, psi, cm, )?; let expect_nf = { - let nf = Nullifier::derive(&self.nk, &self.rho, &self.psi, &self.cm) + let nf = Nullifier::derive(&self.nk, &self.nonce, &self.psi, &self.cm) .unwrap() .inner(); assign_free_advice( @@ -553,8 +553,8 @@ fn test_halo2_nullifier_circuit() { let mut rng = OsRng; let circuit = MyCircuit { - nk: NullifierKeyContainer::random_key(&mut rng), - rho: pallas::Base::random(&mut rng), + nk: NullifierPublicKey::random_key(&mut rng), + nonce: pallas::Base::random(&mut rng), psi: pallas::Base::random(&mut rng), cm: ResourceCommitment::default(), }; diff --git a/taiga_halo2/src/circuit/resource_commitment.rs b/taiga_halo2/src/circuit/resource_commitment.rs index c83eacda..439a7251 100644 --- a/taiga_halo2/src/circuit/resource_commitment.rs +++ b/taiga_halo2/src/circuit/resource_commitment.rs @@ -146,8 +146,8 @@ pub fn resource_commit( app_vp: AssignedCell, label: AssignedCell, value: AssignedCell, - nk_com: AssignedCell, - rho: AssignedCell, + npk: AssignedCell, + nonce: AssignedCell, psi: AssignedCell, quantity: AssignedCell, is_merkle_checked: AssignedCell, @@ -164,8 +164,8 @@ pub fn resource_commit( app_vp, label, value, - nk_com, - rho, + npk, + nonce, psi, compose_is_merkle_checked_and_quantity, rcm, diff --git a/taiga_halo2/src/circuit/vp_circuit.rs b/taiga_halo2/src/circuit/vp_circuit.rs index 642b7f5f..566e2019 100644 --- a/taiga_halo2/src/circuit/vp_circuit.rs +++ b/taiga_halo2/src/circuit/vp_circuit.rs @@ -481,7 +481,7 @@ pub trait ValidityPredicateCircuit: Circuit + ValidityPredicateVer let old_nf = assign_free_advice( layouter.namespace(|| "old nf"), config.advices[0], - Value::known(output_resources[i].rho.inner()), + Value::known(output_resources[i].nonce.inner()), )?; output_resource_variables.push(check_output_resource( layouter.namespace(|| "check output resource"), @@ -573,8 +573,8 @@ pub struct ResourceVariables { pub quantity: AssignedCell, pub is_merkle_checked: AssignedCell, pub value: AssignedCell, - pub rho: AssignedCell, - pub nk_com: AssignedCell, + pub nonce: AssignedCell, + pub npk: AssignedCell, pub psi: AssignedCell, pub rcm: AssignedCell, } @@ -694,19 +694,17 @@ impl BasicValidityPredicateVariables { ) } - pub fn get_rho_searchable_pairs(&self) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] { + pub fn get_nonce_searchable_pairs(&self) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] { self.get_variable_searchable_pairs( - |variables| variables.resource_variables.rho.clone(), - |variables| variables.resource_variables.rho.clone(), + |variables| variables.resource_variables.nonce.clone(), + |variables| variables.resource_variables.nonce.clone(), ) } - pub fn get_nk_com_searchable_pairs( - &self, - ) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] { + pub fn get_npk_searchable_pairs(&self) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] { self.get_variable_searchable_pairs( - |variables| variables.resource_variables.nk_com.clone(), - |variables| variables.resource_variables.nk_com.clone(), + |variables| variables.resource_variables.npk.clone(), + |variables| variables.resource_variables.npk.clone(), ) } diff --git a/taiga_halo2/src/circuit/vp_examples/cascade_intent.rs b/taiga_halo2/src/circuit/vp_examples/cascade_intent.rs index c17583e6..4b90d84e 100644 --- a/taiga_halo2/src/circuit/vp_examples/cascade_intent.rs +++ b/taiga_halo2/src/circuit/vp_examples/cascade_intent.rs @@ -155,14 +155,14 @@ pub fn create_intent_resource( ) -> Resource { let label = CascadeIntentValidityPredicateCircuit::encode_label(cascade_resource_cm); let rseed = RandomSeed::random(&mut rng); - let rho = Nullifier::random(&mut rng); + let nonce = Nullifier::random(&mut rng); Resource::new_input_resource( *COMPRESSED_CASCADE_INTENT_VK, label, pallas::Base::zero(), 1u64, nk, - rho, + nonce, false, rseed, ) diff --git a/taiga_halo2/src/circuit/vp_examples/or_relation_intent.rs b/taiga_halo2/src/circuit/vp_examples/or_relation_intent.rs index e40655a5..ec4ada54 100644 --- a/taiga_halo2/src/circuit/vp_examples/or_relation_intent.rs +++ b/taiga_halo2/src/circuit/vp_examples/or_relation_intent.rs @@ -49,7 +49,7 @@ pub struct OrRelationIntentValidityPredicateCircuit { pub output_resources: [Resource; NUM_RESOURCE], pub token_1: Token, pub token_2: Token, - pub receiver_nk_com: pallas::Base, + pub receiver_npk: pallas::Base, pub receiver_value: pallas::Base, } @@ -57,7 +57,7 @@ impl OrRelationIntentValidityPredicateCircuit { pub fn encode_label( token_1: &Token, token_2: &Token, - receiver_nk_com: pallas::Base, + receiver_npk: pallas::Base, receiver_value: pallas::Base, ) -> pallas::Base { let token_property_1 = token_1.encode_name(); @@ -70,7 +70,7 @@ impl OrRelationIntentValidityPredicateCircuit { token_property_2, token_quantity_2, TOKEN_VK.get_compressed(), - receiver_nk_com, + receiver_npk, receiver_value, ]) } @@ -123,10 +123,10 @@ impl ValidityPredicateCircuit for OrRelationIntentValidityPredicateCircuit { Value::known(self.token_2.encode_quantity()), )?; - let receiver_nk_com = assign_free_advice( - layouter.namespace(|| "witness receiver nk_com"), + let receiver_npk = assign_free_advice( + layouter.namespace(|| "witness receiver npk"), config.advices[0], - Value::known(self.receiver_nk_com), + Value::known(self.receiver_npk), )?; let receiver_value = assign_free_advice( @@ -145,7 +145,7 @@ impl ValidityPredicateCircuit for OrRelationIntentValidityPredicateCircuit { token_property_2.clone(), token_quantity_2.clone(), token_vp_vk.clone(), - receiver_nk_com.clone(), + receiver_npk.clone(), receiver_value.clone(), ], )?; @@ -180,16 +180,16 @@ impl ValidityPredicateCircuit for OrRelationIntentValidityPredicateCircuit { }, )?; - // check nk_com + // check npk layouter.assign_region( - || "conditional equal: check nk_com", + || "conditional equal: check npk", |mut region| { config.conditional_equal_config.assign_region( &is_input_resource, - &receiver_nk_com, + &receiver_npk, &basic_variables.output_resource_variables[0] .resource_variables - .nk_com, + .npk, 0, &mut region, ) @@ -280,25 +280,25 @@ pub fn create_intent_resource( mut rng: R, token_1: &Token, token_2: &Token, - receiver_nk_com: pallas::Base, + receiver_npk: pallas::Base, receiver_value: pallas::Base, nk: pallas::Base, ) -> Resource { let label = OrRelationIntentValidityPredicateCircuit::encode_label( token_1, token_2, - receiver_nk_com, + receiver_npk, receiver_value, ); let rseed = RandomSeed::random(&mut rng); - let rho = Nullifier::random(&mut rng); + let nonce = Nullifier::random(&mut rng); Resource::new_input_resource( *COMPRESSED_OR_RELATION_INTENT_VK, label, pallas::Base::zero(), 1u64, nk, - rho, + nonce, false, rseed, ) @@ -324,12 +324,12 @@ fn test_halo2_or_relation_intent_vp_circuit() { output_resources[0].quantity = token_1.quantity(); let nk = pallas::Base::random(&mut rng); - let nk_com = output_resources[0].get_nk_commitment(); + let npk = output_resources[0].get_npk(); let intent_resource = create_intent_resource( &mut rng, &token_1, &token_2, - nk_com, + npk, output_resources[0].value, nk, ); @@ -341,7 +341,7 @@ fn test_halo2_or_relation_intent_vp_circuit() { output_resources, token_1, token_2, - receiver_nk_com: nk_com, + receiver_npk: npk, receiver_value: output_resources[0].value, } }; diff --git a/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/label.rs b/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/label.rs index 9b0d29e4..785c4330 100644 --- a/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/label.rs +++ b/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/label.rs @@ -21,7 +21,7 @@ pub struct PartialFulfillmentIntentLabel { pub sold_token_quantity: AssignedCell, pub bought_token: AssignedCell, pub bought_token_quantity: AssignedCell, - pub receiver_nk_com: AssignedCell, + pub receiver_npk: AssignedCell, pub receiver_value: AssignedCell, } @@ -41,7 +41,7 @@ impl PartialFulfillmentIntentLabel { self.bought_token.clone(), self.bought_token_quantity.clone(), self.token_vp_vk.clone(), - self.receiver_nk_com.clone(), + self.receiver_npk.clone(), self.receiver_value.clone(), ], ) @@ -85,16 +85,16 @@ impl PartialFulfillmentIntentLabel { }, )?; - // check nk_com + // check npk layouter.assign_region( - || "conditional equal: check bought token nk_com", + || "conditional equal: check bought token npk", |mut region| { config.assign_region( is_input_resource, - &self.receiver_nk_com, + &self.receiver_npk, &basic_variables.output_resource_variables[0] .resource_variables - .nk_com, + .npk, 0, &mut region, ) @@ -237,14 +237,14 @@ impl PartialFulfillmentIntentLabel { )?; layouter.assign_region( - || "conditional equal: check returned token nk_com", + || "conditional equal: check returned token npk", |mut region| { config.assign_region( &is_partial_fulfillment, - &self.receiver_nk_com, + &self.receiver_npk, &basic_variables.output_resource_variables[1] .resource_variables - .nk_com, + .npk, 0, &mut region, ) diff --git a/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/swap.rs b/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/swap.rs index 13c17c3a..36f46bb5 100644 --- a/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/swap.rs +++ b/taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/swap.rs @@ -55,10 +55,8 @@ impl Swap { let ratio = self.buy.quantity() / self.sell.quantity; assert_eq!(offer.quantity() % ratio, 0); - let offer_resource = offer.create_random_output_token_resource( - self.sell.resource().nk_container.get_commitment(), - &self.auth, - ); + let offer_resource = offer + .create_random_output_token_resource(self.sell.resource().npk.get_pk(), &self.auth); let input_padding_resource = Resource::random_padding_resource(&mut rng); @@ -70,10 +68,7 @@ impl Swap { returned_quantity, ); *returned_token - .create_random_output_token_resource( - self.sell.resource().nk_container.get_commitment(), - &self.auth, - ) + .create_random_output_token_resource(self.sell.resource().npk.get_pk(), &self.auth) .resource() } else { Resource::random_padding_resource(&mut rng) @@ -93,7 +88,7 @@ impl Swap { self.buy.encode_quantity(), // Assuming the sold_token and bought_token have the same TOKEN_VK TOKEN_VK.get_compressed(), - self.sell.resource().get_nk_commitment(), + self.sell.resource().get_npk(), self.sell.resource().value, ]) } @@ -106,7 +101,7 @@ impl Swap { self.encode_label(), pallas::Base::zero(), 1u64, - self.sell.resource().nk_container.get_nk().unwrap(), + self.sell.resource().npk.get_nk().unwrap(), self.sell.resource().get_nf().unwrap(), false, rseed, @@ -149,10 +144,10 @@ impl Swap { Value::known(self.buy.encode_quantity()), )?; - let receiver_nk_com = assign_free_advice( - layouter.namespace(|| "witness receiver nk_com"), + let receiver_npk = assign_free_advice( + layouter.namespace(|| "witness receiver npk"), column, - Value::known(self.sell.resource().get_nk_commitment()), + Value::known(self.sell.resource().get_npk()), )?; let receiver_value = assign_free_advice( @@ -167,7 +162,7 @@ impl Swap { sold_token_quantity, bought_token, bought_token_quantity, - receiver_nk_com, + receiver_npk, receiver_value, }) } diff --git a/taiga_halo2/src/circuit/vp_examples/receiver_vp.rs b/taiga_halo2/src/circuit/vp_examples/receiver_vp.rs index 9f7f7152..433e6d74 100644 --- a/taiga_halo2/src/circuit/vp_examples/receiver_vp.rs +++ b/taiga_halo2/src/circuit/vp_examples/receiver_vp.rs @@ -158,18 +158,18 @@ impl ValidityPredicateCircuit for ReceiverValidityPredicateCircuit { &basic_variables.get_quantity_searchable_pairs(), )?; - let rho = get_owned_resource_variable( + let nonce = get_owned_resource_variable( config.get_owned_resource_variable_config, - layouter.namespace(|| "get owned resource rho"), + layouter.namespace(|| "get owned resource nonce"), &owned_resource_id, - &basic_variables.get_rho_searchable_pairs(), + &basic_variables.get_nonce_searchable_pairs(), )?; - let nk_com = get_owned_resource_variable( + let npk = get_owned_resource_variable( config.get_owned_resource_variable_config, - layouter.namespace(|| "get owned resource nk_com"), + layouter.namespace(|| "get owned resource npk"), &owned_resource_id, - &basic_variables.get_nk_com_searchable_pairs(), + &basic_variables.get_npk_searchable_pairs(), )?; let psi = get_owned_resource_variable( @@ -186,7 +186,7 @@ impl ValidityPredicateCircuit for ReceiverValidityPredicateCircuit { &basic_variables.get_rcm_searchable_pairs(), )?; - let mut message = vec![logic, label, value, quantity, rho, nk_com, psi, rcm]; + let mut message = vec![logic, label, value, quantity, nonce, npk, psi, rcm]; let add_chip = AddChip::::construct(config.add_config.clone(), ()); @@ -247,8 +247,8 @@ impl ValidityPredicateCircuit for ReceiverValidityPredicateCircuit { target_resource.kind.label, target_resource.value, pallas::Base::from(target_resource.quantity), - target_resource.rho.inner(), - target_resource.get_nk_commitment(), + target_resource.nonce.inner(), + target_resource.get_npk(), target_resource.psi, target_resource.rcm, ]; @@ -330,11 +330,8 @@ fn test_halo2_receiver_vp_circuit() { de_cipher[3], pallas::Base::from(circuit.output_resources[0].quantity) ); - assert_eq!(de_cipher[4], circuit.output_resources[0].rho.inner()); - assert_eq!( - de_cipher[5], - circuit.output_resources[0].get_nk_commitment() - ); + assert_eq!(de_cipher[4], circuit.output_resources[0].nonce.inner()); + assert_eq!(de_cipher[5], circuit.output_resources[0].get_npk()); assert_eq!(de_cipher[6], circuit.output_resources[0].get_psi()); assert_eq!(de_cipher[7], circuit.output_resources[0].get_rcm()); } diff --git a/taiga_halo2/src/circuit/vp_examples/token.rs b/taiga_halo2/src/circuit/vp_examples/token.rs index 63d83958..628c76df 100644 --- a/taiga_halo2/src/circuit/vp_examples/token.rs +++ b/taiga_halo2/src/circuit/vp_examples/token.rs @@ -101,14 +101,14 @@ impl Token { let label = self.encode_name(); let value = auth.to_value(); let rseed = RandomSeed::random(&mut rng); - let rho = Nullifier::random(&mut rng); + let nonce = Nullifier::random(&mut rng); let resource = Resource::new_input_resource( *COMPRESSED_TOKEN_VK, label, value, self.quantity(), nk, - rho, + nonce, true, rseed, ); @@ -121,7 +121,7 @@ impl Token { pub fn create_random_output_token_resource( &self, - nk_com: pallas::Base, + npk: pallas::Base, auth: &TokenAuthorization, ) -> TokenResource { let label = self.encode_name(); @@ -131,7 +131,7 @@ impl Token { label, value, self.quantity(), - nk_com, + npk, true, ); diff --git a/taiga_halo2/src/nullifier.rs b/taiga_halo2/src/nullifier.rs index 1d4e5e65..380fe0fe 100644 --- a/taiga_halo2/src/nullifier.rs +++ b/taiga_halo2/src/nullifier.rs @@ -24,28 +24,28 @@ use borsh::{BorshDeserialize, BorshSerialize}; #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))] pub struct Nullifier(pallas::Base); -/// The NullifierKeyContainer contains the nullifier_key or the nullifier_key commitment +/// The NullifierPublicKey contains the nullifier_key or the nullifier_public_key #[derive(Copy, Debug, Clone, PartialEq, Eq)] #[cfg_attr(feature = "nif", derive(NifTaggedEnum))] #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))] -pub enum NullifierKeyContainer { - // The NullifierKeyContainer::Commitment is the commitment of NullifierKeyContainer::Key `nk_com = Commitment(nk, 0)` - Commitment(pallas::Base), +pub enum NullifierPublicKey { + // The NullifierPublicKey::PublicKey is the commitment of NullifierPublicKey::Key `npk = Commitment(nk, 0)` + PublicKey(pallas::Base), Key(pallas::Base), } impl Nullifier { - // nf = poseidon_hash(nk || \rho || \psi || resource_cm), in which resource_cm is a field element + // nf = poseidon_hash(nk || nonce || \psi || resource_cm), in which resource_cm is a field element pub fn derive( - nk: &NullifierKeyContainer, - rho: &pallas::Base, + nk: &NullifierPublicKey, + nonce: &pallas::Base, psi: &pallas::Base, cm: &ResourceCommitment, ) -> Option { match nk { - NullifierKeyContainer::Commitment(_) => None, - NullifierKeyContainer::Key(key) => { - let nf = Nullifier(poseidon_hash_n([*key, *rho, *psi, cm.inner()])); + NullifierPublicKey::PublicKey(_) => None, + NullifierPublicKey::Key(key) => { + let nf = Nullifier(poseidon_hash_n([*key, *nonce, *psi, cm.inner()])); Some(nf) } } @@ -106,37 +106,37 @@ impl Hash for Nullifier { } } -impl NullifierKeyContainer { +impl NullifierPublicKey { pub fn random_key(mut rng: R) -> Self { - NullifierKeyContainer::Key(pallas::Base::random(&mut rng)) + NullifierPublicKey::Key(pallas::Base::random(&mut rng)) } - pub fn random_commitment(mut rng: R) -> Self { - NullifierKeyContainer::Commitment(pallas::Base::random(&mut rng)) + pub fn random_pk(mut rng: R) -> Self { + NullifierPublicKey::PublicKey(pallas::Base::random(&mut rng)) } - /// Creates an NullifierKeyContainer::Key. + /// Creates an NullifierPublicKey::Key. pub fn from_key(key: pallas::Base) -> Self { - NullifierKeyContainer::Key(key) + NullifierPublicKey::Key(key) } - /// Creates a NullifierKeyContainer::Commitment. - pub fn from_commitment(cm: pallas::Base) -> Self { - NullifierKeyContainer::Commitment(cm) + /// Creates a NullifierPublicKey::PublicKey. + pub fn from_pk(cm: pallas::Base) -> Self { + NullifierPublicKey::PublicKey(cm) } pub fn get_nk(&self) -> Option { match self { - NullifierKeyContainer::Key(key) => Some(*key), + NullifierPublicKey::Key(key) => Some(*key), _ => None, } } - pub fn get_commitment(&self) -> pallas::Base { + pub fn get_pk(&self) -> pallas::Base { match self { - NullifierKeyContainer::Commitment(v) => *v, - NullifierKeyContainer::Key(key) => { - // Commitment(nk, zero), use poseidon hash as Commitment. + NullifierPublicKey::PublicKey(v) => *v, + NullifierPublicKey::Key(key) => { + // PublicKey(nk, zero), use poseidon hash as Commitment. prf_nf(*key, pallas::Base::zero()) } } @@ -144,18 +144,16 @@ impl NullifierKeyContainer { pub fn to_commitment(&self) -> Self { match self { - NullifierKeyContainer::Commitment(_) => *self, - NullifierKeyContainer::Key(_) => { - NullifierKeyContainer::Commitment(self.get_commitment()) - } + NullifierPublicKey::PublicKey(_) => *self, + NullifierPublicKey::Key(_) => NullifierPublicKey::PublicKey(self.get_pk()), } } } -impl Default for NullifierKeyContainer { - fn default() -> NullifierKeyContainer { +impl Default for NullifierPublicKey { + fn default() -> NullifierPublicKey { let key = pallas::Base::default(); - NullifierKeyContainer::from_key(key) + NullifierPublicKey::from_key(key) } } @@ -165,17 +163,17 @@ pub mod tests { use pasta_curves::pallas; use rand::RngCore; - use super::{Nullifier, NullifierKeyContainer}; + use super::{Nullifier, NullifierPublicKey}; pub fn random_nullifier(mut rng: R) -> Nullifier { Nullifier::from(pallas::Base::random(&mut rng)) } - pub fn random_nullifier_key(mut rng: R) -> NullifierKeyContainer { - NullifierKeyContainer::from_key(pallas::Base::random(&mut rng)) + pub fn random_nullifier_key(mut rng: R) -> NullifierPublicKey { + NullifierPublicKey::from_key(pallas::Base::random(&mut rng)) } - pub fn random_nullifier_key_commitment(mut rng: R) -> NullifierKeyContainer { - NullifierKeyContainer::from_commitment(pallas::Base::random(&mut rng)) + pub fn random_nullifier_key_commitment(mut rng: R) -> NullifierPublicKey { + NullifierPublicKey::from_pk(pallas::Base::random(&mut rng)) } } diff --git a/taiga_halo2/src/resource.rs b/taiga_halo2/src/resource.rs index d8534e77..3ed74a28 100644 --- a/taiga_halo2/src/resource.rs +++ b/taiga_halo2/src/resource.rs @@ -8,7 +8,7 @@ use crate::{ PRF_EXPAND_PUBLIC_INPUT_PADDING, PRF_EXPAND_RCM, PRF_EXPAND_VCM_R, }, merkle_tree::{Anchor, MerklePath, Node}, - nullifier::{Nullifier, NullifierKeyContainer}, + nullifier::{Nullifier, NullifierPublicKey}, shielded_ptx::ResourceVPVerifyingInfoSet, utils::{poseidon_hash_n, poseidon_to_curve}, }; @@ -96,10 +96,10 @@ pub struct Resource { pub value: pallas::Base, /// the quantity of the resource. pub quantity: u64, - /// NullifierKeyContainer contains the nullifier_key or the nullifier_key commitment. - pub nk_container: NullifierKeyContainer, - /// old nullifier. Nonce which is a deterministically computed, unique nonce - pub rho: Nullifier, + /// npk is a nullifier public key. Corresponds to the nullifier [secret] key used to derive the resource nullifier + pub npk: NullifierPublicKey, + /// nonce guarantees the uniqueness of the resource computable fields + pub nonce: Nullifier, /// psi is to derive the nullifier pub psi: pallas::Base, /// rcm is the trapdoor of the resource commitment @@ -140,7 +140,7 @@ impl Resource { value: pallas::Base, quantity: u64, nk: pallas::Base, - rho: Nullifier, + nonce: Nullifier, is_merkle_checked: bool, rseed: RandomSeed, ) -> Self { @@ -149,22 +149,22 @@ impl Resource { kind, value, quantity, - nk_container: NullifierKeyContainer::Key(nk), + npk: NullifierPublicKey::Key(nk), is_merkle_checked, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), - rho, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), + nonce, } } - // The rho, psi, and rcm are not specified until the action is constructed. + // The nonce, psi, and rcm are not specified until the action is constructed. #[allow(clippy::too_many_arguments)] pub fn new_output_resource( logic: pallas::Base, label: pallas::Base, value: pallas::Base, quantity: u64, - nk_com: pallas::Base, + npk: pallas::Base, is_merkle_checked: bool, ) -> Self { let kind = ResourceKind::new(logic, label); @@ -172,11 +172,11 @@ impl Resource { kind, value, quantity, - nk_container: NullifierKeyContainer::Commitment(nk_com), + npk: NullifierPublicKey::PublicKey(npk), is_merkle_checked, psi: pallas::Base::default(), rcm: pallas::Base::default(), - rho: Nullifier::default(), + nonce: Nullifier::default(), } } @@ -186,8 +186,8 @@ impl Resource { label: pallas::Base, value: pallas::Base, quantity: u64, - nk_container: NullifierKeyContainer, - rho: Nullifier, + npk: NullifierPublicKey, + nonce: Nullifier, is_merkle_checked: bool, psi: pallas::Base, rcm: pallas::Base, @@ -197,11 +197,11 @@ impl Resource { kind, value, quantity, - nk_container, + npk, is_merkle_checked, psi, rcm, - rho, + nonce, } } @@ -210,22 +210,22 @@ impl Resource { let label = pallas::Base::random(&mut rng); let kind = ResourceKind::new(logic, label); let value = pallas::Base::random(&mut rng); - let rho = Nullifier::from(pallas::Base::random(&mut rng)); - let nk = NullifierKeyContainer::from_key(pallas::Base::random(&mut rng)); + let nonce = Nullifier::from(pallas::Base::random(&mut rng)); + let nk = NullifierPublicKey::from_key(pallas::Base::random(&mut rng)); let rseed = RandomSeed::random(&mut rng); Resource { kind, value, quantity: 0, - nk_container: nk, - rho, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), + npk: nk, + nonce, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), is_merkle_checked: false, } } - // resource_commitment = poseidon_hash(logic || label || value || nk_commitment || rho || psi || is_merkle_checked || quantity || rcm) + // resource_commitment = poseidon_hash(logic || label || value || npk || nonce || psi || is_merkle_checked || quantity || rcm) pub fn commitment(&self) -> ResourceCommitment { let compose_is_merkle_checked_quantity = if self.is_merkle_checked { pallas::Base::from_u128(1 << 64).square() + pallas::Base::from(self.quantity) @@ -236,8 +236,8 @@ impl Resource { self.get_logic(), self.get_label(), self.value, - self.get_nk_commitment(), - self.rho.inner(), + self.get_npk(), + self.nonce.inner(), self.psi, compose_is_merkle_checked_quantity, self.rcm, @@ -247,19 +247,19 @@ impl Resource { pub fn get_nf(&self) -> Option { Nullifier::derive( - &self.nk_container, - &self.rho.inner(), + &self.npk, + &self.nonce.inner(), &self.psi, &self.commitment(), ) } pub fn get_nk(&self) -> Option { - self.nk_container.get_nk() + self.npk.get_nk() } - pub fn get_nk_commitment(&self) -> pallas::Base { - self.nk_container.get_commitment() + pub fn get_npk(&self) -> pallas::Base { + self.npk.get_pk() } pub fn get_kind(&self) -> pallas::Point { @@ -287,12 +287,12 @@ impl Resource { path.root(cm_node) } - pub fn set_rho(&mut self, input_resource: &Resource, mut rng: R) { + pub fn set_nonce(&mut self, input_resource: &Resource, mut rng: R) { let rseed = RandomSeed::random(&mut rng); - self.rho = input_resource.get_nf().unwrap(); - self.psi = rseed.get_psi(&self.rho); - self.rcm = rseed.get_rcm(&self.rho); + self.nonce = input_resource.get_nf().unwrap(); + self.psi = rseed.get_psi(&self.nonce); + self.rcm = rseed.get_rcm(&self.nonce); } } @@ -308,19 +308,19 @@ impl BorshSerialize for Resource { writer.write_all(&self.value.to_repr())?; // Write resource quantity writer.write_u64::(self.quantity)?; - // Write nk_container - match self.nk_container { - NullifierKeyContainer::Commitment(nk) => { + // Write npk + match self.npk { + NullifierPublicKey::PublicKey(nk) => { writer.write_u8(1)?; writer.write_all(&nk.to_repr()) } - NullifierKeyContainer::Key(nk) => { + NullifierPublicKey::Key(nk) => { writer.write_u8(2)?; writer.write_all(&nk.to_repr()) } }?; - // Write rho - writer.write_all(&self.rho.to_bytes())?; + // Write nonce + writer.write_all(&self.nonce.to_bytes())?; // Write psi writer.write_all(&self.psi.to_repr())?; // Write rcm @@ -354,24 +354,24 @@ impl BorshDeserialize for Resource { .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "value not in field"))?; // Read resource quantity let quantity = reader.read_u64::()?; - // Read nk_container - let mut nk_container_type = [0u8; 1]; - reader.read_exact(&mut nk_container_type)?; - let nk_container_type = nk_container_type[0]; - let mut nk_container_bytes = [0u8; 32]; - reader.read_exact(&mut nk_container_bytes)?; - let nk = Option::from(pallas::Base::from_repr(nk_container_bytes)) + // Read npk + let mut npk_type = [0u8; 1]; + reader.read_exact(&mut npk_type)?; + let npk_type = npk_type[0]; + let mut npk_bytes = [0u8; 32]; + reader.read_exact(&mut npk_bytes)?; + let nk = Option::from(pallas::Base::from_repr(npk_bytes)) .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nk not in field"))?; - let nk_container = if nk_container_type == 0x01 { - NullifierKeyContainer::from_commitment(nk) + let npk = if npk_type == 0x01 { + NullifierPublicKey::from_pk(nk) } else { - NullifierKeyContainer::from_key(nk) + NullifierPublicKey::from_key(nk) }; - // Read rho - let mut rho_bytes = [0u8; 32]; - reader.read_exact(&mut rho_bytes)?; - let rho = Option::from(Nullifier::from_bytes(rho_bytes)) - .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "rho not in field"))?; + // Read nonce + let mut nonce_bytes = [0u8; 32]; + reader.read_exact(&mut nonce_bytes)?; + let nonce = Option::from(Nullifier::from_bytes(nonce_bytes)) + .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nonce not in field"))?; // Read psi let mut psi_bytes = [0u8; 32]; reader.read_exact(&mut psi_bytes)?; @@ -393,8 +393,8 @@ impl BorshDeserialize for Resource { label, value, quantity, - nk_container, - rho, + npk, + nonce, is_merkle_checked, psi, rcm, @@ -434,26 +434,26 @@ impl RandomSeed { Self(rseed) } - pub fn get_psi(&self, rho: &Nullifier) -> pallas::Base { + pub fn get_psi(&self, nonce: &Nullifier) -> pallas::Base { let mut h = Blake2bParams::new() .hash_length(64) .personal(PRF_EXPAND_PERSONALIZATION) .to_state(); h.update(&[PRF_EXPAND_PSI]); h.update(&self.0); - h.update(&rho.to_bytes()); + h.update(&nonce.to_bytes()); let psi_bytes = *h.finalize().as_array(); pallas::Base::from_uniform_bytes(&psi_bytes) } - pub fn get_rcm(&self, rho: &Nullifier) -> pallas::Base { + pub fn get_rcm(&self, nonce: &Nullifier) -> pallas::Base { let mut h = Blake2bParams::new() .hash_length(64) .personal(PRF_EXPAND_PERSONALIZATION) .to_state(); h.update(&[PRF_EXPAND_RCM]); h.update(&self.0); - h.update(&rho.to_bytes()); + h.update(&nonce.to_bytes()); let rcm_bytes = *h.finalize().as_array(); pallas::Base::from_uniform_bytes(&rcm_bytes) } @@ -572,17 +572,17 @@ pub mod tests { } pub fn random_resource(mut rng: R) -> Resource { - let rho = random_nullifier(&mut rng); + let nonce = random_nullifier(&mut rng); let rseed = RandomSeed::random(&mut rng); Resource { kind: random_kind(&mut rng), value: pallas::Base::random(&mut rng), quantity: rng.gen(), - nk_container: random_nullifier_key(&mut rng), + npk: random_nullifier_key(&mut rng), is_merkle_checked: true, - psi: rseed.get_psi(&rho), - rcm: rseed.get_rcm(&rho), - rho, + psi: rseed.get_psi(&nonce), + rcm: rseed.get_rcm(&nonce), + nonce, } } @@ -606,7 +606,7 @@ pub mod tests { let mut output_resource = input_resource; { - output_resource.nk_container = random_nullifier_key_commitment(&mut rng); + output_resource.npk = random_nullifier_key_commitment(&mut rng); // BorshSerialize let borsh = borsh::to_vec(&output_resource).unwrap(); // BorshDeserialize diff --git a/taiga_halo2/src/shielded_ptx.rs b/taiga_halo2/src/shielded_ptx.rs index 7382f3ed..301f0f2e 100644 --- a/taiga_halo2/src/shielded_ptx.rs +++ b/taiga_halo2/src/shielded_ptx.rs @@ -516,7 +516,7 @@ pub mod testing { // The encoding method is flexible and defined in the application vp. // Use poseidon hash to encode the two dynamic VPs here let value = poseidon_hash(app_dynamic_vp_vk[0], app_dynamic_vp_vk[1]); - let rho = Nullifier::from(pallas::Base::random(&mut rng)); + let nonce = Nullifier::from(pallas::Base::random(&mut rng)); let quantity = 5000u64; let nk = pallas::Base::random(&mut rng); let rseed = RandomSeed::random(&mut rng); @@ -527,7 +527,7 @@ pub mod testing { value, quantity, nk, - rho, + nonce, is_merkle_checked, rseed, ) @@ -538,14 +538,14 @@ pub mod testing { // If the dynamic VP is not used, set value pallas::Base::zero() by default. let value = pallas::Base::zero(); let quantity = 5000u64; - let nk_com = pallas::Base::random(&mut rng); + let npk = pallas::Base::random(&mut rng); let is_merkle_checked = true; Resource::new_output_resource( compressed_trivial_vp_vk, label, value, quantity, - nk_com, + npk, is_merkle_checked, ) }; @@ -564,7 +564,7 @@ pub mod testing { let input_resource_2 = { let label = pallas::Base::one(); let value = pallas::Base::zero(); - let rho = Nullifier::from(pallas::Base::random(&mut rng)); + let nonce = Nullifier::from(pallas::Base::random(&mut rng)); let quantity = 10u64; let nk = pallas::Base::random(&mut rng); let rseed = RandomSeed::random(&mut rng); @@ -575,7 +575,7 @@ pub mod testing { value, quantity, nk, - rho, + nonce, is_merkle_checked, rseed, ) @@ -584,14 +584,14 @@ pub mod testing { let label = pallas::Base::one(); let value = pallas::Base::zero(); let quantity = 10u64; - let nk_com = pallas::Base::random(&mut rng); + let npk = pallas::Base::random(&mut rng); let is_merkle_checked = true; Resource::new_output_resource( compressed_trivial_vp_vk, label, value, quantity, - nk_com, + npk, is_merkle_checked, ) }; diff --git a/taiga_halo2/src/taiga_api.rs b/taiga_halo2/src/taiga_api.rs index aafd4483..87db342b 100644 --- a/taiga_halo2/src/taiga_api.rs +++ b/taiga_halo2/src/taiga_api.rs @@ -22,7 +22,7 @@ use borsh::{BorshDeserialize, BorshSerialize}; /// label specifies the fungibility domain for the resource /// value is the fungible data of the resource /// nk is the nullifier key -/// rho is the old nullifier +/// nonce guarantees the uniqueness of the resource computable fields /// is_merkle_checked is true for normal resources, false for intent(ephemeral) resources /// /// In practice, input resources are fetched and decrypted from blockchain storage. @@ -36,7 +36,7 @@ pub fn create_input_resource( is_merkle_checked: bool, ) -> Resource { let rng = OsRng; - let rho = Nullifier::random(rng); + let nonce = Nullifier::random(rng); let rseed = RandomSeed::random(rng); Resource::new_input_resource( logic, @@ -44,7 +44,7 @@ pub fn create_input_resource( value, quantity, nk, - rho, + nonce, is_merkle_checked, rseed, ) @@ -57,10 +57,10 @@ pub fn create_output_resource( value: pallas::Base, quantity: u64, // The owner of output resource has the nullifer key and exposes the nullifier_key commitment to output creator. - nk_com: pallas::Base, + npk: pallas::Base, is_merkle_checked: bool, ) -> Resource { - Resource::new_output_resource(logic, label, value, quantity, nk_com, is_merkle_checked) + Resource::new_output_resource(logic, label, value, quantity, npk, is_merkle_checked) } /// Resource borsh serialization @@ -74,9 +74,9 @@ pub fn create_output_resource( /// | label | pallas::Base | 32 | /// | value | pallas::Base | 32 | /// | quantity | u64 | 8 | -/// | nk_container type | u8 | 1 | -/// | nk_com/nk | pallas::Base | 32 | -/// | rho | pallas::Base | 32 | +/// | npk type | u8 | 1 | +/// | npk/nk | pallas::Base | 32 | +/// | nonce | pallas::Base | 32 | /// | psi | pallas::Base | 32 | /// | rcm | pallas::Base | 32 | /// | is_merkle_checked | u8 | 1 | @@ -242,7 +242,7 @@ pub mod tests { { let mut output_resource = input_resource; - output_resource.nk_container = random_nullifier_key_commitment(&mut rng); + output_resource.npk = random_nullifier_key_commitment(&mut rng); let bytes = resource_serialize(&output_resource).unwrap(); let de_output_resource = resource_deserialize(bytes).unwrap(); assert_eq!(output_resource, de_output_resource); diff --git a/taiga_halo2/src/utils.rs b/taiga_halo2/src/utils.rs index 206aeed7..bfdcb44f 100644 --- a/taiga_halo2/src/utils.rs +++ b/taiga_halo2/src/utils.rs @@ -28,13 +28,13 @@ pub(crate) fn extract_p(point: &pallas::Point) -> pallas::Base { .unwrap_or_else(pallas::Base::zero) } -/// $PRF^\mathsf{nfOrchard}(nk, \rho) := Poseidon(nk, \rho)$ +/// $PRF^\mathsf{nfOrchard}(nk, nonce) := Poseidon(nk, nonce)$ /// /// Defined in [Zcash Protocol Spec ยง 5.4.2: Pseudo Random Functions][concreteprfs]. /// /// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs -pub(crate) fn prf_nf(nk: pallas::Base, rho: pallas::Base) -> pallas::Base { - poseidon_hash(nk, rho) +pub(crate) fn prf_nf(nk: pallas::Base, nonce: pallas::Base) -> pallas::Base { + poseidon_hash(nk, nonce) } pub fn poseidon_hash(left: pallas::Base, right: pallas::Base) -> pallas::Base {