26 lines
1.2 KiB
Text
26 lines
1.2 KiB
Text
import "ecc/edwardsAdd" as add;
|
|
import "ecc/edwardsScalarMult" as multiply;
|
|
import "utils/pack/bool/nonStrictUnpack256" as unpack256;
|
|
from "ecc/babyjubjubParams" import BabyJubJubParams;
|
|
|
|
// Verifies that the point is not one of the low-order points.
|
|
// If any of the points is multiplied by the cofactor, the resulting point
|
|
// will be infinity.
|
|
// Returns true if the point is not one of the low-order points, false otherwise.
|
|
// Curve parameters are defined with the last argument
|
|
// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
|
|
def main(field[2] pt, BabyJubJubParams context) -> bool {
|
|
field cofactor = context.JUBJUB_C;
|
|
assert(cofactor == 8);
|
|
|
|
// Co-factor currently hard-coded to 8 for efficiency reasons
|
|
// See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391
|
|
// Generic code:
|
|
// bool[256] cofactorExponent = unpack256(cofactor);
|
|
// field[2] ptExp = multiply(cofactorExponent, pt, context);
|
|
field[2] mut ptExp = add(pt, pt, context); // 2*pt
|
|
ptExp = add(ptExp, ptExp, context); // 4*pt
|
|
ptExp = add(ptExp, ptExp, context); // 8*pt
|
|
|
|
return !(ptExp[0] == 0 && ptExp[1] == 1);
|
|
}
|