daira
commented
5 years ago I recommend implementing the power-of-two range proof as a separate gadget, and then implementing this in terms of that one.
Open str4d opened 5 years ago
daira
commented
5 years ago I recommend implementing the power-of-two range proof as a separate gadget, and then implementing this in terms of that one.
The Bitcoin example recursive circuit needs to enforce:
hash <= target(to ensure the block header satisfies the required work)remainder <= target(as part of constraining the integer division2^256 / (target + 1) = work)targetis expanded from the header'snBitsfield, and thus is almost never a power of two, requiring a variable-bound range proof.