Aggregator Fix (#348)

Co-authored-by: lazovicff <[email protected]>
privacy-scaling-explorations · Sep 5, 2023 · 9048c3c · 9048c3c
1 parent c826552
commit 9048c3c
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 14 deletions.
diff --git a/eigentrust-zk/src/ecc/generic/mod.rs b/eigentrust-zk/src/ecc/generic/mod.rs
@@ -129,6 +129,11 @@ where
 	) -> AssignedEcPoint<C, N, NUM_LIMBS, NUM_BITS, P> {
 		Self { x, y }
 	}
+
+	/// Checks if given point is at the infinity or not
+	pub fn is_infinity(&self) -> bool {
+		self.x.integer == Integer::zero() && self.y.integer == Integer::zero()
+	}
 }
 
 /// Chipset structure for the EccAdd.
@@ -1468,7 +1473,6 @@ mod test {
 			);
 
 			let ecc_table_select = EccTableSelectConfig::new(main);
-
 			let ecc_mul = EccMulConfig::new(
 				ecc_ladder.clone(),
 				ecc_add.clone(),

diff --git a/eigentrust-zk/src/ecc/generic/native.rs b/eigentrust-zk/src/ecc/generic/native.rs
@@ -50,6 +50,16 @@ where
 		Self { x, y, _ec: PhantomData }
 	}
 
+	/// Create a new object with x = 0 and y = 0
+	pub fn zero() -> Self {
+		Self::new(Integer::zero(), Integer::zero())
+	}
+
+	/// Checks if given point is at the infinity or not
+	pub fn is_infinity(&self) -> bool {
+		self == &EcPoint::zero()
+	}
+
 	/// Selection function for the table
 	fn select(bit: bool, table: [Self; 2]) -> Self {
 		if bit {
@@ -165,7 +175,6 @@ where
 	/// Scalar multiplication for given point with using ladder
 	pub fn mul_scalar(&self, scalar: Integer<C::ScalarExt, N, NUM_LIMBS, NUM_BITS, P>) -> Self {
 		let (aux_init, aux_fin) = Self::aux(1);
-
 		let exp = self.clone();
 		// Converts given input to its bit by Scalar Field's bit size
 		let mut bits = Vec::new();

diff --git a/eigentrust-zk/src/ecc/same_curve/mod.rs b/eigentrust-zk/src/ecc/same_curve/mod.rs
@@ -9,7 +9,7 @@ use super::{
 use crate::{
 	gadgets::{
 		bits2num::Bits2NumChip,
-		main::{IsEqualChipset, SelectChipset},
+		main::{AndChipset, SelectChipset},
 	},
 	integer::{
 		native::Integer, AssignedInteger, IntegerAddChip, IntegerAssigner, IntegerDivChip,
@@ -123,6 +123,11 @@ where
 	) -> AssignedEcPoint<C, NUM_LIMBS, NUM_BITS, P> {
 		Self { x, y }
 	}
+
+	/// Checks if given point is at the infinity or not
+	pub fn is_infinity(&self) -> bool {
+		self.x.integer == Integer::zero() && self.y.integer == Integer::zero()
+	}
 }
 
 /// Chipset structure for the EccAdd.
@@ -424,6 +429,7 @@ where
 	}
 }
 
+#[derive(Debug)]
 struct EccEqualChipset<C: CurveAffine, const NUM_LIMBS: usize, const NUM_BITS: usize, P>
 where
 	P: RnsParams<C::Base, C::Scalar, NUM_LIMBS, NUM_BITS>,
@@ -467,10 +473,12 @@ where
 		self, common: &CommonConfig, config: &Self::Config, mut layouter: impl Layouter<C::Scalar>,
 	) -> Result<Self::Output, Error> {
 		let x_eq = IntegerEqualChipset::new(self.p.x, self.q.x);
-		let is_x_eq = x_eq.synthesize(common, &config.int_eq, layouter.namespace(|| "x_eq"))?;
 		let y_eq = IntegerEqualChipset::new(self.p.y, self.q.y);
+
+		let is_x_eq = x_eq.synthesize(common, &config.int_eq, layouter.namespace(|| "x_eq"))?;
 		let is_y_eq = y_eq.synthesize(common, &config.int_eq, layouter.namespace(|| "y_eq"))?;
-		let point_eq = IsEqualChipset::new(is_x_eq, is_y_eq);
+
+		let point_eq = AndChipset::new(is_x_eq, is_y_eq);
 		let is_point_eq =
 			point_eq.synthesize(common, &config.main, layouter.namespace(|| "point_eq"))?;
 
@@ -1285,7 +1293,6 @@ mod test {
 			);
 
 			let ecc_table_select = EccTableSelectConfig::new(main);
-
 			let ecc_mul = EccMulConfig::new(
 				ecc_ladder.clone(),
 				ecc_add.clone(),

diff --git a/eigentrust-zk/src/ecc/same_curve/native.rs b/eigentrust-zk/src/ecc/same_curve/native.rs
@@ -56,9 +56,14 @@ where
 		Self { x, y, _ec: PhantomData }
 	}
 
-	/// Create a new object with x = 0 and y = 1
+	/// Create a new object with x = 0 and y = 0
 	pub fn zero() -> Self {
-		Self::new(Integer::zero(), Integer::one())
+		Self::new(Integer::zero(), Integer::zero())
+	}
+
+	/// Checks if given point is at the infinity or not
+	pub fn is_infinity(&self) -> bool {
+		self == &EcPoint::zero()
 	}
 
 	/// Create a new object with x = 1 and y = 1

diff --git a/eigentrust-zk/src/ecdsa/mod.rs b/eigentrust-zk/src/ecdsa/mod.rs
@@ -700,7 +700,7 @@ mod test {
 				integer_add_selector, integer_sub_selector, integer_mul_selector,
 				integer_div_selector,
 			);
-			let ecc_table_select = EccTableSelectConfig::new(main.clone());
+			let ecc_table_select = EccTableSelectConfig::new(main);
 			let ecc_mul_scalar = EccMulConfig::new(
 				ecc_ladder.clone(),
 				ecc_add.clone(),

diff --git a/eigentrust-zk/src/verifier/aggregator/mod.rs b/eigentrust-zk/src/verifier/aggregator/mod.rs
@@ -432,16 +432,15 @@ mod test {
 		) -> Result<(), Error> {
 			let aggregator_chipset =
 				AggregatorChipset::new(self.svk, self.snarks.clone(), self.as_proof.clone());
-			let _accumulator_limbs = aggregator_chipset.synthesize(
+			let accumulator_limbs = aggregator_chipset.synthesize(
 				&config.common,
 				&config.aggregator,
 				layouter.namespace(|| "aggregator chipset"),
 			)?;
 
-			// TODO: Uncomment when the bug is fixed
-			// for (row, inst) in accumulator_limbs.enumerate() {
-			// 	layouter.constrain_instance(inst.cell(), config.common.instance, row)?;
-			// }
+			for (row, inst) in accumulator_limbs.iter().enumerate() {
+				layouter.constrain_instance(inst.cell(), config.common.instance, row)?;
+			}
 			Ok(())
 		}
 	}

diff --git a/eigentrust-zk/src/verifier/loader/mod.rs b/eigentrust-zk/src/verifier/loader/mod.rs
@@ -737,6 +737,7 @@ where
 		let point = pairs
 			.iter()
 			.cloned()
+			.filter(|(_, base)| !base.inner.is_infinity())
 			.map(|(scalar, base)| {
 				let config = base.loader.clone();
 				let aux = base.loader.aux.clone();

diff --git a/eigentrust-zk/src/verifier/loader/native.rs b/eigentrust-zk/src/verifier/loader/native.rs
@@ -416,6 +416,7 @@ where
 		let point = pairs
 			.iter()
 			.cloned()
+			.filter(|(_, base)| !base.inner.is_infinity())
 			.map(|(scalar, base)| {
 				let new = scalar.clone();
 				base.inner.mul_scalar(new.inner)