fleupold
commented
5 years ago Assuming refTokenPriceToTarget = 1 and refTokenPriceToTarget = 2 the division will evaluate to (p+1)/2 (p being the prime modulo of the finite field).
This number will be an integer, since p is prime and therefore p+1 is even and therefore dividable by 2. Also a/b = c <==> c*b = a will hold, since (p+1)/2 *2 = p+1 = 1 (mod p)
When the quotient is multiplied with 1E18, it will result in 5E17, which is our representation of .5.
However, let's say the original order offered 3 WEI of token A, we can only fulfil it to 2/3 (2 WEI_A --> 1 WEI_B) since otherwise we would be burning 1 WEI_A or creating 1 WEI_B out of nowhere. This means that our fairness criteria:
If an order σ ∈ Oi→j with a limit price p has a positive trading volume, then every order in Oi→j with a lower limit price should be completely fulfilled
is probably not going to hold unless we change "completely" to something "as close as the price division allows".
I will try creating a test case for our ring-trade example code.
We could also try implementing Euclidean division on a finite field (so that 1/2 == 0), but I'm not sure that is desirable as it can lead to burning tokens. I'm also not sure if Euclidean division can be implemented efficiently in ZoKrates.
josojo
https://github.com/fleupold/dex-zksnarks/blob/ae40d689e6bc0c6d73b5eafa793e5a7e3486bd4a/ringtrade_example.code#L13