improve docs

2025-09-24 04:40:05 +00:00 · 2019-03-18 14:17:54 +01:00 · 2019-03-18 14:17:54 +01:00 · b983a57fe4
commit b983a57fe4
parent 133919b77e
4 changed files with 51 additions and 23 deletions
--- a/zokrates_stdlib/stdlib/ecc/babyjubjubParams.code
+++ b/zokrates_stdlib/stdlib/ecc/babyjubjubParams.code
@ -1,22 +1,22 @@
 // Parameters are based on: https://github.com/HarryR/ethsnarks/tree/master/src/jubjub
-// Note: paramters will be update soon to be more compatible with zCash's implementation
+// Note: parameters will be update soon to be more compatible with zCash's implementation
 def main() -> (field[10]):

-// 	Order of the curve E
- 	field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328	
-    field JUBJUBC = 8		// Cofactor
-	field JUBJUBA = 168700	// Coefficient A
-	field JUBJUBD = 168696	// Coefficient D
-	field MONTA = 168698	// int(2*(JUBJUB_A+JUBJUB_D)/(JUBJUB_A-JUBJUB_D))
-	field MONTB = 1		// int(4/(JUBJUB_A-JUBJUB_D))
-	
-//	Point at infinity
-	field[2] infinity = [0, 1]
+// Order of the curve E
+    field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328    
+    field JUBJUBC = 8   // Cofactor
+    field JUBJUBA = 168700    // Coefficient A
+    field JUBJUBD = 168696    // Coefficient D
+    field MONTA = 168698    // int(2*(JUBJUB_A+JUBJUB_D)/(JUBJUB_A-JUBJUB_D))
+    field MONTB = 1    // int(4/(JUBJUB_A-JUBJUB_D))
+    
+// Point at infinity
+    field[2] infinity = [0, 1]

-//	Generator
-	field Gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935
-	field Gv = 20819045374670962167435360035096875258406992893633759881276124905556507972311
+//  Generator
+    field Gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935
+    field Gv = 20819045374670962167435360035096875258406992893633759881276124905556507972311

-//  Index
-//              0       1         2            3         4  5      6       7        8      10
-	return [JUBJUBA, JUBJUBD, infinity[0], infinity[1], Gu, Gv, JUBJUBE, JUBJUBC, MONTA, MONTB] 
+// Index
+//         0       1         2            3         4   5      6       7        8      10
+return [JUBJUBA, JUBJUBD, infinity[0], infinity[1], Gu, Gv, JUBJUBE, JUBJUBC, MONTA, MONTB]
--- a/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.code
+++ b/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.code
@ -4,7 +4,7 @@ import "utils/pack/unpack256.code" as unpack256
 // Verifies that the point is not one of the low-order points.
 // If any of the points is multiplied by the cofactor, the resulting point
 // will be infinity. 
-// Returns ture if the point is not one of the low-order points.
+// Returns true if the point is not one of the low-order points, false otherwise.
 // Curve parameters are defined with the last argument
 // https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
 def main(field[2] pt, field[10] context) -> (field):
--- a/zokrates_stdlib/stdlib/ecc/proofOfOwnership.code
+++ b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.code
@ -1,9 +1,21 @@
 import "ecc/edwardsAdd.code" as add
 import "ecc/edwardsScalarMult.code" as multiply
 import "utils/pack/unpack256.code" as unpack256
-// Gadget to proof ownership of a private key for a given public key 
-// Returns true for a valid public and private key pair, false otherwise 
-// Curve parameters are defined with the last argument
+
+/// Verifies correctness of a given public/private keypair.
+///
+///    Checks if the following equation holds for the provided keypair:
+///    pk = sk*G
+///    where G is the chosen base point of the subgroup
+///    and * is denotes scalar multiplication
+///
+/// Arguments:
+///    pk: Curve point. Public key.
+///    sk: Field element. Private key.
+///    context: Curve parameters (including generator G) used to create keypair.
+///
+/// Returns:
+///     Return true for pk/sk being a valid keypair, false otherwise.
 def main(field[2] pk, field sk, field[10] context) -> (field):

    field[2] G = [context[4], context[5]]
--- a/zokrates_stdlib/stdlib/signatures/verifyEddsa.code
+++ b/zokrates_stdlib/stdlib/signatures/verifyEddsa.code
@ -5,8 +5,24 @@ import "utils/pack/unpack256.code" as unpack256
 import "ecc/edwardsOnCurve.code" as onCurve
 import "ecc/edwardsOrderCheck.code" as orderCheck

-// Return true for a valid EdDSA Signature, false otherwise
-// Curve parameters are defined with the last argument
+/// Verifies the correctness of EdDSA Signature.
+///
+/// Checks the correctness of a given EdDSA Signature (R,S) for the provided
+/// public key(A) and message (M0 and M1).
+/// For more information see:
+/// https://en.wikipedia.org/wiki/EdDSA
+/// https://eprint.iacr.org/2015/677.pdf
+///
+/// Arguments:
+///    R: Curve point. Hidden version of the per-message nonce.
+///    S: Field element. Signature to be verified.
+///    A: Curve point. Public part of the key used to create S.
+///    M0: 256bit array. First 256bits of the message used to create S  .
+///    M1: 256bit array. Trailing 256bits of the message used to create S  .
+///    context: Curve parameters used to create S.
+///
+/// Returns:
+///     Return true for S being a valid EdDSA Signature, false otherwise.
 def main(private field[2] R, private field S, field[2] A, field[256] M0, field[256] M1, field[10] context) -> (field):

    field[2] G = [context[4], context[5]]