Fixes SNARK constraints

celo-org / celo-bls-snark-rs

Implements SNARK-friendly BLS signatures

https://celo.org

Apache License 2.0

83 stars 24 forks source link

Fixes SNARK constraints #148

Closed kobigurk closed 4 years ago

kobigurk commented 4 years ago

Description

There were a few problems:

Some elements were supposed to be constants and were allocated as new variables.
y_eq_bit was not constrained.
G2 serialization logic was incorrect, fixed here: https://github.com/celo-org/bls-zexe/pull/150, and merged to this branch.

Fixes #147.

We shouldn't merge this until Zexe merges alloc_constant in https://github.com/scipr-lab/zexe/pull/189.

kobigurk commented 4 years ago

@gakonst I added a comment that explains the whole logic. Additionally, given all that we've learnt recently, the logic has been simplified to use half instead of half + 1, as the biggest coordinate can only be p-1, which is 2*half, and therefore 2*half - half = half is still <= half, and so the check still passes.