adding reciprocal range proof

Author: olegfomenko

circuit.go

@@ -25,6 +25,10 @@ func VerifyCircuit(public *ArithmeticCircuitPublic, V []*bn256.G1, fs FiatShamir
 	fs.AddPoint(proof.CR)
 	fs.AddPoint(proof.CO)
 
+	for i := range V {
+		fs.AddPoint(V[i])
+	}
+
 	// Generates challenges using Fiat-Shamir heuristic
 	ro := fs.GetChallenge()
 	lambda := fs.GetChallenge()
@@ -147,11 +151,19 @@ func VerifyCircuit(public *ArithmeticCircuitPublic, V []*bn256.G1, fs FiatShamir
 
 // ProveCircuit generates zero knowledge proof that witness satisfies BP++ arithmetic circuit.
 // Use empty FiatShamirEngine for call.
-func ProveCircuit(public *ArithmeticCircuitPublic, fs FiatShamirEngine, private *ArithmeticCircuitPrivate) *ArithmeticCircuitProof {
+func ProveCircuit(public *ArithmeticCircuitPublic, V []*bn256.G1, fs FiatShamirEngine, private *ArithmeticCircuitPrivate) *ArithmeticCircuitProof {
 	ro, rl, no, nl, lo, ll, Co, Cl := commitOL(public, private.Wo, private.Wl)
 
 	rr, nr, lr, Cr := commitR(public, private.Wo, private.Wr)
 
+	fs.AddPoint(Cl)
+	fs.AddPoint(Cr)
+	fs.AddPoint(Co)
+
+	for i := range V {
+		fs.AddPoint(V[i])
+	}
+
 	return innerArithmeticCircuitProve(public, fs, private,
 		[][]*big.Int{rl, rr, ro},
 		[][]*big.Int{nl, nr, no},
@@ -186,7 +198,7 @@ func commitOL(public *ArithmeticCircuitPublic, wo, wl []*big.Int) (ro []*big.Int
 	}
 
 	ll = make([]*big.Int, public.Nv) // Nv
-	for j := range lo {
+	for j := range ll {
 		ll[j] = big.NewInt(0)
 
 		if i := public.F(PartitionLL, j); i != nil {
@@ -247,10 +259,6 @@ func innerArithmeticCircuitProve(public *ArithmeticCircuitPublic, fs FiatShamirE
 		CO: Co,
 	}
 
-	fs.AddPoint(Cl)
-	fs.AddPoint(Cr)
-	fs.AddPoint(Co)
-
 	// Generates challenges using Fiat-Shamir heuristic
 	rho := fs.GetChallenge()
 	lambda := fs.GetChallenge()
@@ -260,6 +268,15 @@ func innerArithmeticCircuitProve(public *ArithmeticCircuitPublic, fs FiatShamirE
 	MlnL, MmnL, MlnR, MmnR := calculateMRL(public)
 	MlnO, MmnO, MllL, MmlL, MllR, MmlR, MllO, MmlO := calculateMO(public)
 
+	// Check M matrix calculated ok
+	Wlw := vectorAdd(matrixMulOnVector(lo, MllO), matrixMulOnVector(no, MlnO))
+	Wlw = vectorAdd(Wlw, vectorAdd(matrixMulOnVector(ll, MllL), matrixMulOnVector(nl, MlnL)))
+	Wlw = vectorAdd(Wlw, vectorAdd(matrixMulOnVector(lr, MllR), matrixMulOnVector(nr, MlnR)))
+
+	Wmw := vectorAdd(matrixMulOnVector(lo, MmlO), matrixMulOnVector(no, MmnO))
+	Wmw = vectorAdd(Wmw, vectorAdd(matrixMulOnVector(ll, MmlL), matrixMulOnVector(nl, MmnL)))
+	Wmw = vectorAdd(Wmw, vectorAdd(matrixMulOnVector(lr, MmlR), matrixMulOnVector(nr, MmnR)))
+
 	mu := mul(rho, rho)
 
 	// Calculate lambda vector (nl == nv * k)

circuit_test.go

@@ -116,7 +116,7 @@ func TestArithmeticCircuit(t *testing.T) {
 		V[i] = public.CommitCircuit(private.V[i], private.Sv[i])
 	}
 
-	proof := ProveCircuit(public, NewKeccakFS(), private)
+	proof := ProveCircuit(public, V, NewKeccakFS(), private)
 	spew.Dump(proof)
 
 	if err := VerifyCircuit(public, V, NewKeccakFS(), proof); err != nil {
@@ -209,7 +209,7 @@ func TestArithmeticCircuit2(t *testing.T) {
 		V[i] = public.CommitCircuit(private.V[i], private.Sv[i])
 	}
 
-	proof := ProveCircuit(public, NewKeccakFS(), private)
+	proof := ProveCircuit(public, V, NewKeccakFS(), private)
 	spew.Dump(proof)
 
 	if err := VerifyCircuit(public, V, NewKeccakFS(), proof); err != nil {
@@ -261,7 +261,7 @@ func TestArithmeticCircuitBinaryRangeProof(t *testing.T) {
 	w := append(wl, wr...)
 	w = append(w, wo...) // w = wl||wl||wo
 
-	wv := make([]*big.Int, 0, Nw)
+	wv := make([]*big.Int, 0, Nv*K)
 	for i := range v {
 		wv = append(wv, v[i]...)
 	}
@@ -337,33 +337,14 @@ func TestArithmeticCircuitBinaryRangeProof(t *testing.T) {
 		V[i] = public.CommitCircuit(private.V[i], private.Sv[i])
 	}
 
-	proof := ProveCircuit(public, NewKeccakFS(), private)
+	proof := ProveCircuit(public, V, NewKeccakFS(), private)
 	spew.Dump(proof)
 
 	if err := VerifyCircuit(public, V, NewKeccakFS(), proof); err != nil {
 		panic(err)
 	}
 }
 
-func matrixMulOnVector(a []*big.Int, m [][]*big.Int) []*big.Int {
-	var res []*big.Int
-
-	for i := 0; i < len(m); i++ {
-		res = append(res, vectorMul(a, m[i]))
-	}
-
-	return res
-}
-
-func hadamardMul(a, b []*big.Int) []*big.Int {
-	res := make([]*big.Int, len(a))
-	for i := range res {
-		res[i] = mul(a[i], b[i])
-	}
-
-	return res
-}
-
 func frac(a, b int) *big.Int {
 	return mul(bint(a), inv(bint(b)))
 }

math_matrix.go

@@ -6,6 +6,17 @@ package bulletproofs
 
 import "math/big"
 
+func zeroMatrix(n, m int) [][]*big.Int {
+	res := make([][]*big.Int, n)
+	for i := range res {
+		res[i] = make([]*big.Int, m)
+		for j := range res[i] {
+			res[i][j] = bint(0)
+		}
+	}
+	return res
+}
+
 func diagInv(x *big.Int, n int) [][]*big.Int {
 	var res [][]*big.Int = make([][]*big.Int, n)
 	inv := inv(x)
@@ -42,3 +53,13 @@ func vectorMulOnMatrix(a []*big.Int, m [][]*big.Int) []*big.Int {
 
 	return res
 }
+
+func matrixMulOnVector(a []*big.Int, m [][]*big.Int) []*big.Int {
+	var res []*big.Int
+
+	for i := 0; i < len(m); i++ {
+		res = append(res, vectorMul(a, m[i]))
+	}
+
+	return res
+}

math_vectors.go

@@ -19,6 +19,14 @@ func zeroVector(n int) []*big.Int {
 	return res
 }
 
+func oneVector(n int) []*big.Int {
+	res := make([]*big.Int, n)
+	for i := range res {
+		res[i] = big.NewInt(1)
+	}
+	return res
+}
+
 func vectorAdd(a []*big.Int, b []*big.Int) []*big.Int {
 	for len(a) < len(b) {
 		a = append(a, bint(0))
@@ -157,3 +165,12 @@ func e(v *big.Int, a int) []*big.Int {
 
 	return res
 }
+
+func hadamardMul(a, b []*big.Int) []*big.Int {
+	res := make([]*big.Int, len(a))
+	for i := range res {
+		res[i] = mul(a[i], b[i])
+	}
+
+	return res
+}