The PedersenHash Bridge was returning 0s as a result instead of correct values. The reason was that we currently assume the witness to be INPUT1 ... INPUTN OUTPUT1 ... OUTPUTN AUX1 .. AUXN. The Pedersen Gadget as provided by ethsnarks doesn't have this guarantee (I believe outputs are the last values in the witness). Moreover our bridge was padding the input with 0s to be divisable by 3 (requirement by the Pedersen Gadget), which lead to having 0 in the position we expected the result.
This diff
1) Improves the e2e test to catch such issues going forward
2) Introduces output variables at the right location inside the bridge and copies the gadget outputs into them (2 added constraints)
3) Moves the padding logic (divisable by 3) into the pepper snark, as the amount of input variables needs to be know ahead of time and cannot easily be changed from inside the bridge.
The PedersenHash Bridge was returning 0s as a result instead of correct values. The reason was that we currently assume the witness to be
INPUT1 ... INPUTN OUTPUT1 ... OUTPUTN AUX1 .. AUXN. The Pedersen Gadget as provided by ethsnarks doesn't have this guarantee (I believe outputs are the last values in the witness). Moreover our bridge was padding the input with 0s to be divisable by 3 (requirement by the Pedersen Gadget), which lead to having 0 in the position we expected the result.This diff 1) Improves the e2e test to catch such issues going forward 2) Introduces output variables at the right location inside the bridge and copies the gadget outputs into them (2 added constraints) 3) Moves the padding logic (divisable by 3) into the pepper snark, as the amount of input variables needs to be know ahead of time and cannot easily be changed from inside the bridge.