benediamond
commented
4 years ago It's a good question. By construction, tHat = <gValues, hValues>, where <__, __> means "inner product". Recall that tHat is a public value, whereas gValues and hValues are not published. So you're correct that tHat is never used and line 296 has no effect. The reason is essentially that it's redundant information, and can be recovered from gValues and hValues.
Nonetheless, tHat is indeed the randomness of the Pedersen vector commitment P constructed by the verifier:
https://github.com/benediamond/anonymous-zether/blob/a9342ae6ba4d1f11182c90c9a9dd999607d95142/packages/protocol/contracts/ZetherVerifier.sol#L228-L230
you can also see this on line (68) of the Bulletproofs protocol.
jennilee78
Hi, Thanks for the wonderful work you are doing on this protocol.But i seem to have a curiosity as i am going through the code manually with pen/paper. Below this line, we set up randomness P.randomness = result.tHat; https://github.com/benediamond/anonymous-zether/blob/a9342ae6ba4d1f11182c90c9a9dd999607d95142/packages/anonymous.js/src/prover/zether.js#L293
but the randomness in PedersenVectorCommitment won't be used ( until commitment is done or point in the commitment is read ). https://github.com/benediamond/anonymous-zether/blob/master/packages/anonymous.js/src/prover/innerproduct.js Is the line redundant ? I am very sorry, this could be my mistake. however i am going through the code manually understanding/confirming it with the paper. Please pardon me for my mistakes.
Thanks for all the help.