29 lines
1.2 KiB
Text
29 lines
1.2 KiB
Text
import "ecc/edwardsAdd" as add
|
|
import "ecc/edwardsScalarMult" as multiply
|
|
import "utils/pack/nonStrictUnpack256" as unpack256
|
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
|
|
|
// Verifies that the point is not one of the low-order points.
|
|
// If any of the points is multiplied by the cofactor, the resulting point
|
|
// will be infinity.
|
|
// Returns 1 if the point is not one of the low-order points, 0 otherwise.
|
|
// Curve parameters are defined with the last argument
|
|
// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
|
|
def main(field[2] pt, BabyJubJubParams context) -> (field):
|
|
|
|
field cofactor = context.JUBJUBC
|
|
|
|
cofactor == 8
|
|
|
|
// Co-factor currently hard-coded to 8 for efficiency reasons
|
|
// See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391
|
|
// Generic code:
|
|
// bool[256] cofactorExponent = unpack256(cofactor)
|
|
// field[2] ptExp = multiply(cofactorExponent, pt, context)
|
|
field[2] ptExp = add(pt, pt, context) // 2*pt
|
|
ptExp = add(ptExp, ptExp, context) // 4*pt
|
|
ptExp = add(ptExp, ptExp, context) // 8*pt
|
|
|
|
field out = if ptExp[0] == 0 && ptExp[1] == 1 then 0 else 1 fi
|
|
|
|
return out
|