mirror of
https://github.com/logos-blockchain/logos-blockchain-pocs.git
synced 2026-01-05 14:43:08 +00:00
added input generator and fixed things
This commit is contained in:
thomaslavaur
parent
abf538d8c2
commit
8ca15737d3
341
circom_circuits/Blend/generate_inputs_for_poq.py
Normal file
341
circom_circuits/Blend/generate_inputs_for_poq.py
Normal file
@ -0,0 +1,341 @@
|
||||
|
||||
|
||||
|
||||
from sage.all import *
|
||||
|
||||
p = 21888242871839275222246405745257275088548364400416034343698204186575808495617
|
||||
F = FiniteField(p)
|
||||
|
||||
def poseidon2_hash(data):
|
||||
return PoseidonSponge(data,2,1)[0]
|
||||
|
||||
|
||||
|
||||
def Poseidon2_sponge_hash_rate_1(data, n):
|
||||
return PoseidonSponge(data,3,2,n,1)
|
||||
|
||||
def Poseidon2_sponge_hash_rate_2(data, n):
|
||||
return PoseidonSponge(data,3,1,n,1)
|
||||
|
||||
|
||||
def SBox(inp):
|
||||
return inp**5
|
||||
|
||||
def InternalRound(inp, i):
|
||||
round_consts = [ 0x15ce7e5ae220e8623a40b3a3b22d441eff0c9be1ae1d32f1b777af84eea7e38c
|
||||
, 0x1bf60ac8bfff0f631983c93e218ca0d4a4059c254b4299b1d9984a07edccfaf0
|
||||
, 0x0fab0c9387cb2bec9dc11b2951088b9e1e1d2978542fc131f74a8f8fdac95b40
|
||||
, 0x07d085a48750738019784663bccd460656dc62c1b18964a0d27a5bd0c27ee453
|
||||
, 0x10d57b1fad99da9d3fe16cf7f5dae05be844f67b2e7db3472a2e96e167578bc4
|
||||
, 0x0c36c40f7bd1934b7d5525031467aa39aeaea461996a70eda5a2a704e1733bb0
|
||||
, 0x0e4b65a0f3e1f9d3166a2145063c999bd08a4679676d765f4d11f97ed5c080ae
|
||||
, 0x1ce5561061120d5c7ea09da2528c4c041b9ad0f05d655f38b10d79878b69f29d
|
||||
, 0x2d323f651c3da8f0e0754391a10fa111b25dfa00471edf5493c44dfc3f28add6
|
||||
, 0x05a0741ee5bdc3e099fd6bdad9a0865bc9ceecd13ea4e702e536dd370b8f1953
|
||||
, 0x176a2ec4746fc0e0eca9e5e11d6facaee05524a92e5785c8b8161780a4435136
|
||||
, 0x0691faf0f42a9ed97629b1ae0dc7f1b019c06dd852cb6efe57f7eeb1aa865aef
|
||||
, 0x0e46cf138dad09d61b9a7cab95a23b5c8cb276874f3715598bacb55d5ad271de
|
||||
, 0x0f18c3d95bac1ac424160d240cdffc2c44f7b6315ba65ed3ff2eff5b3e48b4f2
|
||||
, 0x2eea6af14b592ec45a4119ac1e6e6f0312ecd090a096e340d472283e543ddff7
|
||||
, 0x06b0d7a8f4ce97d049ae994139f5f71dca4899d4f1cd3dd83a32a89a58c0a8e6
|
||||
, 0x019df0b9828eed5892dd55c1ad6408196f6293d600ef4491703a1b37e119ba8e
|
||||
, 0x08ca5e3c93817cdb1c2b2a12d02c779d74c1bb12b6668f3ab3ddd7837f3a4a00
|
||||
, 0x28382d747e3fd6cb2e0d8e8edd79c5313eed307a3517c11046245b1476e4f701
|
||||
, 0x0ca89aecd5675b77c8271765da98cfcb6875b3053d4742c9ff502861bd16ad28
|
||||
, 0x19046bc0b03ca90802ec83f212001e7ffd7f9224cfffae523451deb52eab3787
|
||||
, 0x036fd7dfa1c05110b3428e6abcc43e1de9abba915320c4a600f843bfb676ca51
|
||||
, 0x08f0a7abcb1a2f6595a9b7380c5028e3999db4fe5cb21892e5bb5cb11a7757ba
|
||||
, 0x0b614acc1ce3fbe9048f8385e4ee24c3843deea186bacea3c904c9f6340ad8cb
|
||||
, 0x00b2d98c5d988f9b41f2c98e017fc954a6ae423b2261575941f8eac8835d985c
|
||||
, 0x1457f18555b7973ba5b311d57ec5d77e936980b97f5973875f1f7cc765a4fc95
|
||||
, 0x002b453debc1bee525cb751bc10641a6b86f847d696418cf1144950982591bfa
|
||||
, 0x0c2af1abcc6ece77218315d2af445ccbfc6647b7af2510682882cc792c6bb8cf
|
||||
, 0x0e2825d9eb84b59902a1adb49ac0c2c291dee7c45d2e8c30369a4d595039e8ad
|
||||
, 0x297e2e86a8c672d39f3343b8dfce7a6f20f3571bfd5c8a28e3905aa2dcfeca44
|
||||
, 0x00d397281d902e49ec6504ba9186e806db9ad4fc8f86e7277aa7f1467eb6f9de
|
||||
, 0x2fb7c89c372d7e2050e7377ed471000c73544a2b9fd66557f3577c09cac98b4b
|
||||
, 0x16125247be4387a8c3e62490167f0cffdba02eda4f018d0b40639a13bb0cfef9
|
||||
, 0x2291fd9d442f2d9b97ab22f7d4d52c2a82e41f852cf620b144612650a39e26e8
|
||||
, 0x1eec61f16a275ae238540feaeeadfec56d32171b1cc393729d06f37f476fde71
|
||||
, 0x259ce871ba5dacbb48d8aed3d8513eef51558dc0b360f28c1a15dbfc5e7f6ca2
|
||||
, 0x2d3376a14ddbf95587e2f7567ff04fe13a3c7cb17363c8b9c5dd1d9262a210cb
|
||||
, 0x13b843d9f65f4cddd7ce10d9cad9b8b99ac5e9a8c4269288173a91c0f3c3b084
|
||||
, 0x0b52e9b2f1aa9fd204e4a42c481cc76c704783e34114b8e93e026a50fa9764e8
|
||||
, 0x1fd083229276c7f27d3ad941476b394ff37bd44d3a1e9caca1400d9077a2056c
|
||||
, 0x22743c328a6283f3ba7379af22c684c498568fd7ad9fad5151368c913197cbd9
|
||||
, 0x043007aefd9741070d95caaaba0c1b070e4eec8eef8c1e512c8e579c6ed64f76
|
||||
, 0x17ab175144f64bc843074f6b3a0c57c5dd2c954af8723c029ee642539496a7b3
|
||||
, 0x2befcad3d53fba5eeef8cae9668fed5c1e9e596a46e8458e218f7a665fddf4eb
|
||||
, 0x15151c4116d97de74bfa6ca3178f73c8fe8fe612c70c6f85a7a1551942cb71cc
|
||||
, 0x2ac40bf6c3176300a6835d5fc7cc4fd5e5d299fb1baa86487268ec1b9eedfa97
|
||||
, 0x0f151de1f01b4e24ffe04279318f0a68efabb485188f191e37e6915ff6059f6e
|
||||
, 0x2e43dffc34537535182aebac1ad7bf0a5533b88f65f9652f0ad584e2ffc4dd1f
|
||||
, 0x2ebabc2c37ef53d8b13b24a2a2b729d536735f58956125a3876da0664c2442d7
|
||||
, 0x0dc3beceb34e49f5ad7226dd202c5cf879dffcc9a6dd32a300e8f2a4b59edf03
|
||||
, 0x2f1ddeccce83adf68779c53b639871a8f81d4d00aefe1e812efce8ec999d457d
|
||||
, 0x1f63e41280ff5c021715d52b19780298ed8bd3d5eb506316b527e24149d4d4f1
|
||||
, 0x1b8c1252a5888f8cb2672effb5df49c633d3fd7183271488a1c40d0f88e7636e
|
||||
, 0x0f45697130f5498e2940568ef0d5e9e16b1095a6cdbb6411df20a973c605e70b
|
||||
, 0x0780ccc403cdd68983acbd34cda41cacfb2cf911a93076bc25587b4b0aed4929
|
||||
, 0x238d26ca97c691591e929f32199a643550f325f23a85d420080b289d7cecc9d4
|
||||
]
|
||||
|
||||
sb = SBox(inp[0] + round_consts[i])
|
||||
out = [F(0) for i in range(3)]
|
||||
out[0] = 2*sb + inp[1] + inp[2];
|
||||
out[1] = sb + 2*inp[1] + inp[2];
|
||||
out[2] = sb + inp[1] + 3*inp[2];
|
||||
return out
|
||||
|
||||
def ExternalRound(inp, i):
|
||||
out = [F(0) for j in range(3)]
|
||||
round_consts = [ [ F(0x2c4c51fd1bb9567c27e99f5712b49e0574178b41b6f0a476cddc41d242cf2b43)
|
||||
, F(0x1c5f8d18acb9c61ec6fcbfcda5356f1b3fdee7dc22c99a5b73a2750e5b054104)
|
||||
, F(0x2d3c1988b4541e4c045595b8d574e98a7c2820314a82e67a4e380f1c4541ba90 )
|
||||
]
|
||||
, [ F(0x052547dc9e6d936cab6680372f1734c39f490d0cb970e2077c82f7e4172943d3)
|
||||
, F(0x29d967f4002adcbb5a6037d644d36db91f591b088f69d9b4257694f5f9456bc2)
|
||||
, F(0x0350084b8305b91c426c25aeeecafc83fc5feec44b9636cb3b17d2121ec5b88a)
|
||||
]
|
||||
, [ F(0x1815d1e52a8196127530cc1e79f07a0ccd815fb5d94d070631f89f6c724d4cbe)
|
||||
, F(0x17b5ba882530af5d70466e2b434b0ccb15b7a8c0138d64455281e7724a066272)
|
||||
, F(0x1c859b60226b443767b73cd1b08823620de310bc49ea48662626014cea449aee)
|
||||
]
|
||||
, [ F(0x1b26e7f0ac7dd8b64c2f7a1904c958bb48d2635478a90d926f5ff2364effab37)
|
||||
, F(0x2da7f36850e6c377bdcdd380efd9e7c419555d3062b0997952dfbe5c54b1a22e)
|
||||
, F(0x17803c56450e74bc6c7ff97275390c017f682db11f3f4ca6e1f714efdfb9bd66)
|
||||
]
|
||||
, [ F(0x25672a14b5d085e31a30a7e1d5675ebfab034fb04dc2ec5e544887523f98dede)
|
||||
, F(0x0cf702434b891e1b2f1d71883506d68cdb1be36fa125674a3019647b3a98accd)
|
||||
, F(0x1837e75235ff5d112a5eddf7a4939448748339e7b5f2de683cf0c0ae98bdfbb3)
|
||||
]
|
||||
, [ F(0x1cd8a14cff3a61f04197a083c6485581a7d836941f6832704837a24b2d15613a)
|
||||
, F(0x266f6d85be0cef2ece525ba6a54b647ff789785069882772e6cac8131eecc1e4)
|
||||
, F(0x0538fde2183c3f5833ecd9e07edf30fe977d28dd6f246d7960889d9928b506b3)
|
||||
]
|
||||
, [ F(0x07a0693ff41476abb4664f3442596aa8399fdccf245d65882fce9a37c268aa04)
|
||||
, F(0x11eb49b07d33de2bd60ea68e7f652beda15644ed7855ee5a45763b576d216e8e)
|
||||
, F(0x08f8887da6ce51a8c06041f64e22697895f34bacb8c0a39ec12bf597f7c67cfc)
|
||||
]
|
||||
, [ F(0x2a912ec610191eb7662f86a52cc64c0122bd5ba762e1db8da79b5949fdd38092)
|
||||
, F(0x2031d7fd91b80857aa1fef64e23cfad9a9ba8fe8c8d09de92b1edb592a44c290)
|
||||
, F(0x0f81ebce43c47711751fa64d6c007221016d485641c28c507d04fd3dc7fba1d2)
|
||||
]
|
||||
]
|
||||
|
||||
sb = [F(0) for j in range(3)]
|
||||
for j in range(3):
|
||||
sb[j] = SBox(F(inp[j] + round_consts[i][j]))
|
||||
out = [F(0) for j in range(3)]
|
||||
out[0] = 2*sb[0] + sb[1] + sb[2]
|
||||
out[1] = sb[0] + 2*sb[1] + sb[2]
|
||||
out[2] = sb[0]+ sb[1] + 2*sb[2]
|
||||
return out
|
||||
|
||||
def LinearLayer(inp):
|
||||
out = [F(0) for i in range(3)]
|
||||
out[0] = 2*inp[0] + inp[1] + inp[2]
|
||||
out[1] = inp[0] + 2*inp[1] + inp[2]
|
||||
out[2] = inp[0] + inp[1] + 2*inp[2]
|
||||
return out
|
||||
|
||||
def Permutation(inp):
|
||||
out = [F(0) for i in range(3)]
|
||||
|
||||
state = LinearLayer(inp)
|
||||
|
||||
for k in range(4):
|
||||
state = ExternalRound(state, k)
|
||||
for k in range(56):
|
||||
state = InternalRound(state, k)
|
||||
for k in range(4):
|
||||
state = ExternalRound(state, k+4)
|
||||
return state
|
||||
|
||||
def Compression(inp):
|
||||
return Permutation([inp[0],inp[1],F(0)])
|
||||
|
||||
def PoseidonSponge(data, capacity, output_len):
|
||||
rate = 3 - capacity;
|
||||
output = [F(0) for i in range(output_len)]
|
||||
assert( capacity > 0 )
|
||||
assert( rate > 0 )
|
||||
assert( capacity < 3 )
|
||||
assert( rate < 3 )
|
||||
|
||||
# round up to rate the input + 1 field element ("10*" padding)
|
||||
nblocks = ((len(data) + 1) + (rate-1)) // rate;
|
||||
nout = (output_len + (rate-1)) // rate;
|
||||
padded_len = nblocks * rate;
|
||||
|
||||
padded = []
|
||||
for i in range(len(data)):
|
||||
padded.append(F(data[i]))
|
||||
padded.append(F(1))
|
||||
for i in range(len(data)+1,padded_len):
|
||||
padded.append(F(0))
|
||||
|
||||
civ = F(2**64 + 256*3 + rate)
|
||||
|
||||
state = [F(0),F(0),F(civ)]
|
||||
sorbed = [F(0) for j in range(rate)]
|
||||
|
||||
for m in range(nblocks):
|
||||
for i in range(rate):
|
||||
a = state[i]
|
||||
b = padded[m*rate+i]
|
||||
sorbed[i] = a + b
|
||||
state = Permutation(sorbed[0:rate] + state[rate:3])
|
||||
|
||||
q = min(rate, output_len)
|
||||
for i in range(q):
|
||||
output[i] = state[i]
|
||||
out_ptr = rate
|
||||
|
||||
for n in range(1,nout):
|
||||
state[nblocks+n] = Permutation(state[nblocks+n-1])
|
||||
q = min(rate, output_len-out_ptr)
|
||||
for i in range(q):
|
||||
output[out_ptr+i] = state[nblocks+n][i]
|
||||
out_ptr += rate
|
||||
|
||||
return output
|
||||
|
||||
# ———————————————————————
|
||||
# Main
|
||||
# ———————————————————————
|
||||
if len(sys.argv) != 5:
|
||||
print("Usage: python3 generate_inputs_for_poq.py <session> <Qc> <Ql> <core (0) or leader (1)>")
|
||||
sys.exit(1)
|
||||
|
||||
session = int(sys.argv[1])
|
||||
Qc = int(sys.argv[2])
|
||||
Ql = int(sys.argv[3])
|
||||
core_or_leader = int(sys.argv[4])
|
||||
if not core_or_leader in [0,1]:
|
||||
print("core or leader must be 0 or 1")
|
||||
sys.exit(1)
|
||||
|
||||
# 1) Core‐node registry Merkle‐proof
|
||||
# pick a random core_sk and derive its public key
|
||||
core_sk = F(randrange(0,p,1))
|
||||
pk_core = poseidon2_hash([ F(71828171600713765359243601848789410494517675262904677980449468236927732106), core_sk ])
|
||||
core_selectors = randrange(0,2**20,1)
|
||||
core_selectors = format(int(core_selectors),'020b')
|
||||
core_nodes = [F(randrange(0,p,1)) for i in range(20)]
|
||||
core_root = pk_core
|
||||
for i in range(20):
|
||||
if int(core_selectors[19-i]) == 0:
|
||||
core_root = poseidon2_hash([core_root,core_nodes[i]])
|
||||
else:
|
||||
core_root = poseidon2_hash([core_nodes[i],core_root])
|
||||
|
||||
#pk_root, core_path, core_selectors = merkle_root_and_path(pk_core, 20)
|
||||
|
||||
# 2) PoL inputs (broadened from your pol script)
|
||||
epoch_nonce = F(randrange(0, p,1))
|
||||
slot_number = F(randrange(0, 2**32,1))
|
||||
total_stake = F(5000)
|
||||
# compute t0,t1 via Taylor approx as before
|
||||
R = RealField(500)
|
||||
t0 = F(int((((- ln(R(0.95))) * R(p))) / R(total_stake) ))
|
||||
t1 = F(int((((- ln(R(0.95))**2) * R(p))) / R(total_stake)**2 ))
|
||||
|
||||
|
||||
value = F(50)
|
||||
threshold = (t0 + t1 * value) * value
|
||||
starting_slot = randrange(max(0,slot_number-2**25+1),slot_number,1)
|
||||
|
||||
slot_secret = F(randrange(0,p,1))
|
||||
slot_secret_indexes = format(int(slot_number - starting_slot),'025b')
|
||||
|
||||
tx_hash = F(randrange(0,p,1))
|
||||
output_number = F(randrange(0,50,1))
|
||||
|
||||
|
||||
slot_secret_path = [F(randrange(0,p,1)) for i in range(25)]
|
||||
secret_root = slot_secret
|
||||
for i in range(25):
|
||||
if int(slot_secret_indexes[24-i]) == 0:
|
||||
secret_root = poseidon2_hash([secret_root,slot_secret_path[i]])
|
||||
else:
|
||||
secret_root = poseidon2_hash([slot_secret_path[i],secret_root])
|
||||
sk = poseidon2_hash([F(368578955381705904513968556094561791019140317213076864424136877504260737058),starting_slot,secret_root])
|
||||
pk = poseidon2_hash([F(71828171600713765359243601848789410494517675262904677980449468236927732106),sk])
|
||||
|
||||
note_id = poseidon2_hash([F(103012852986292465873069134523609422197952925946768565674230228608985708879),tx_hash,output_number,value,pk])
|
||||
ticket = poseidon2_hash([F(328840406439552832830196247813274442341678919395186087927998764150429312516),F(epoch_nonce),F(slot_number),note_id,sk])
|
||||
while(ticket > threshold):
|
||||
output_number += 1
|
||||
note_id = poseidon2_hash([F(103012852986292465873069134523609422197952925946768565674230228608985708879),tx_hash,output_number,value,pk])
|
||||
ticket = poseidon2_hash([F(328840406439552832830196247813274442341678919395186087927998764150429312516),F(epoch_nonce),F(slot_number),note_id,sk])
|
||||
|
||||
aged_nodes = [F(randrange(0,p,1)) for i in range(32)]
|
||||
aged_selectors = randrange(0,2**32,1)
|
||||
aged_selectors = format(aged_selectors,'032b')
|
||||
aged_root = note_id
|
||||
for i in range(32):
|
||||
if int(aged_selectors[31-i]) == 0:
|
||||
aged_root = poseidon2_hash([aged_root,aged_nodes[i]])
|
||||
else:
|
||||
aged_root = poseidon2_hash([aged_nodes[i],aged_root])
|
||||
|
||||
unspent_nodes = [F(randrange(0,p,1)) for i in range(32)]
|
||||
unspent_selectors = randrange(0,2**32,1)
|
||||
unspent_selectors = format(unspent_selectors,'032b')
|
||||
|
||||
latest_root = note_id
|
||||
for i in range(32):
|
||||
if int(unspent_selectors[31-i]) == 0:
|
||||
latest_root = poseidon2_hash([latest_root,unspent_nodes[i]])
|
||||
else:
|
||||
latest_root = poseidon2_hash([unspent_nodes[i],latest_root])
|
||||
|
||||
# 3) Choose branch & index
|
||||
index = randrange(0, Ql if core_or_leader else Qc,1)
|
||||
|
||||
# 4) One‐time key
|
||||
K = F(randrange(0,p,1))
|
||||
|
||||
# 5) Assemble JSON
|
||||
inp = {
|
||||
"session": str(session),
|
||||
"Qc": str(Qc),
|
||||
"Ql": str(Ql),
|
||||
"pk_root": str(core_root),
|
||||
"aged_root": str(aged_root),
|
||||
"latest_root": str(latest_root),
|
||||
"K": str(K),
|
||||
"selector": str(core_or_leader),
|
||||
"index": str(index),
|
||||
"core_sk": str(core_sk),
|
||||
"core_path": [str(x) for x in core_nodes],
|
||||
"core_selectors": [str(x) for x in core_selectors],
|
||||
"slot": str(slot_number),
|
||||
"epoch_nonce": str(epoch_nonce),
|
||||
"t0": str(t0),
|
||||
"t1": str(t1),
|
||||
"slot_secret": str(slot_secret),
|
||||
"slot_secret_path": [str(x) for x in slot_secret_path],
|
||||
"aged_nodes": [str(x) for x in aged_nodes],
|
||||
"aged_selectors": [str(x) for x in aged_selectors],
|
||||
"transaction_hash": str(tx_hash),
|
||||
"output_number": str(output_number),
|
||||
"latest_nodes": [str(x) for x in unspent_nodes],
|
||||
"latest_selectors": [str(x) for x in unspent_selectors],
|
||||
"starting_slot": str(starting_slot),
|
||||
"secrets_root": str(secret_root),
|
||||
"value": str(value)
|
||||
}
|
||||
|
||||
if core_or_leader == 0:
|
||||
inp["latest_root"] = randrange(0,p,1)
|
||||
else:
|
||||
inp["pk_root"] = randrange(0,p,1)
|
||||
|
||||
import json
|
||||
|
||||
with open("input.json","w") as f:
|
||||
json.dump(inp, f, indent=2)
|
||||
|
||||
print("Wrote input_poq.json")
|
||||
@ -5,7 +5,6 @@ include "../hash_bn/poseidon2_hash.circom";
|
||||
include "../misc/constants.circom"; // defines NOMOS_KDF, SELECTION_RANDOMNESS, PROOF_NULLIFIER
|
||||
include "../misc/comparator.circom";
|
||||
include "../circomlib/circuits/bitify.circom";
|
||||
include "../ledger/notes.circom"; // defines proof_of_membership
|
||||
include "../Mantle/pol.circom"; // defines proof_of_leadership
|
||||
|
||||
/**
|
||||
@ -25,6 +24,9 @@ template ProofOfQuota(nLevelsPK, nLevelsPol, bitsQuota) {
|
||||
signal input latest_root; // PoL: latest notes root
|
||||
signal input K; // Blend: one-time signature public key
|
||||
|
||||
signal dummy;
|
||||
dummy <== K * K;
|
||||
|
||||
signal output nullifier; //key_nullifier
|
||||
|
||||
// Private Inputs
|
||||
@ -51,6 +53,10 @@ template ProofOfQuota(nLevelsPK, nLevelsPol, bitsQuota) {
|
||||
signal input latest_nodes[32];
|
||||
signal input latest_selectors[32];
|
||||
|
||||
signal input starting_slot;
|
||||
signal input secrets_root;
|
||||
signal input value;
|
||||
|
||||
|
||||
|
||||
// Constraints
|
||||
@ -58,7 +64,7 @@ template ProofOfQuota(nLevelsPK, nLevelsPol, bitsQuota) {
|
||||
|
||||
// derive pk_core = Poseidon(NOMOS_KDF || core_sk)
|
||||
component kdf = Poseidon2_hash(2);
|
||||
component dstKdf = NOMOS_KDF();
|
||||
component dstKdf = NOMOS_KDF_V1();
|
||||
kdf.inp[0] <== dstKdf.out;
|
||||
kdf.inp[1] <== core_sk;
|
||||
signal pk_core;
|
||||
@ -100,36 +106,35 @@ template ProofOfQuota(nLevelsPK, nLevelsPol, bitsQuota) {
|
||||
win.secrets_root <== secrets_root;
|
||||
win.value <== value;
|
||||
|
||||
signal is_leader = win.out; // 1 if PoL passed
|
||||
|
||||
// Enforce the selected role is correct
|
||||
selector * (is_leader - coreReg.out) + coreReg.out === 1;
|
||||
selector * (win.out - coreReg.out) + coreReg.out === 1;
|
||||
|
||||
|
||||
|
||||
|
||||
// Quota check: index < Qc if core, index < Ql if leader
|
||||
component cmp = SafeLessThan(bitsQuota);
|
||||
cmp.a <== index;
|
||||
cmp.b <== selector * (Ql - Qc) + Qc;
|
||||
cmp.in[0] <== index;
|
||||
cmp.in[1] <== selector * (Ql - Qc) + Qc;
|
||||
cmp.out === 1;
|
||||
|
||||
// Derive selection_randomness
|
||||
component randomness = Poseidon2_hash(4);
|
||||
component dstSel = SELECTION_RANDOMNESS();
|
||||
component dstSel = SELECTION_RANDOMNESS_V1();
|
||||
randomness.inp[0] <== dstSel.out;
|
||||
// choose core_sk or pol.secret_key:
|
||||
randomness.inp[1] <== selector * (pol.secret_key - core_sk ) + core_sk;
|
||||
randomness.inp[1] <== selector * (win.secret_key - core_sk ) + core_sk;
|
||||
randomness.inp[2] <== index;
|
||||
randomness.inp[3] <== session;
|
||||
|
||||
// Derive proof_nullifier
|
||||
component nf = Poseidon2_hash(2);
|
||||
component dstNF = PROOF_NULLIFIER();
|
||||
component dstNF = PROOF_NULLIFIER_V1();
|
||||
nf.inp[0] <== dstNF.out;
|
||||
nf.inp[1] <== randomness.out;
|
||||
nullifier <== nf.out;
|
||||
}
|
||||
|
||||
// Instantiate with chosen depths: 32 for core PK tree, 25 for PoL slot tree
|
||||
// Instantiate with chosen depths: 20 for core PK tree, 25 for PoL slot tree
|
||||
component main { public [ session, Qc, Ql, pk_root, aged_root, latest_root, K ] }
|
||||
= ProofOfQuota(32, 25, 6);
|
||||
= ProofOfQuota(20, 25, 6);
|
||||
@ -228,7 +228,7 @@ threshold = (t0 + t1 * value) * value
|
||||
starting_slot = randrange(max(0,slot_number-2**25+1),slot_number,1)
|
||||
|
||||
slot_secret = F(randrange(0,p,1))
|
||||
slot_secret_indexes = format(slot_number - starting_slot,'025b')
|
||||
slot_secret_indexes = format(int(slot_number - starting_slot),'025b')
|
||||
|
||||
tx_hash = F(randrange(0,p,1))
|
||||
output_number = F(randrange(0,50,1))
|
||||
@ -241,15 +241,15 @@ for i in range(25):
|
||||
secret_root = poseidon2_hash([secret_root,slot_secret_path[i]])
|
||||
else:
|
||||
secret_root = poseidon2_hash([slot_secret_path[i],secret_root])
|
||||
sk = poseidon2_hash([F(276343751363038477542478482371189478971716773803854432417240653890758913502),starting_slot,secret_root])
|
||||
pk = poseidon2_hash([F(143901698298659326513095781108609933285310777469806395711179835432556098250),sk])
|
||||
sk = poseidon2_hash([F(368578955381705904513968556094561791019140317213076864424136877504260737058),starting_slot,secret_root])
|
||||
pk = poseidon2_hash([F(71828171600713765359243601848789410494517675262904677980449468236927732106),sk])
|
||||
|
||||
note_id = poseidon2_hash([F(208937745713764417368342977773177181211005049473820876609645291603759251867),tx_hash,output_number,value,pk])
|
||||
ticket = poseidon2_hash([F(118639355095155533251654648435778961140410152423070311685636296540777655717),F(epoch_nonce),F(slot_number),note_id,sk])
|
||||
note_id = poseidon2_hash([F(103012852986292465873069134523609422197952925946768565674230228608985708879),tx_hash,output_number,value,pk])
|
||||
ticket = poseidon2_hash([F(328840406439552832830196247813274442341678919395186087927998764150429312516),F(epoch_nonce),F(slot_number),note_id,sk])
|
||||
while(ticket > threshold):
|
||||
output_number += 1
|
||||
note_id = poseidon2_hash([F(208937745713764417368342977773177181211005049473820876609645291603759251867),tx_hash,output_number,value,pk])
|
||||
ticket = poseidon2_hash([F(118639355095155533251654648435778961140410152423070311685636296540777655717),F(epoch_nonce),F(slot_number),note_id,sk])
|
||||
note_id = poseidon2_hash([F(103012852986292465873069134523609422197952925946768565674230228608985708879),tx_hash,output_number,value,pk])
|
||||
ticket = poseidon2_hash([F(328840406439552832830196247813274442341678919395186087927998764150429312516),F(epoch_nonce),F(slot_number),note_id,sk])
|
||||
|
||||
aged_nodes = [F(randrange(0,p,1)) for i in range(32)]
|
||||
aged_selectors = randrange(0,2**32,1)
|
||||
|
||||
@ -268,4 +268,4 @@ template proof_of_leadership(secret_depth){
|
||||
}
|
||||
|
||||
|
||||
component main {public [slot,epoch_nonce,t0,t1,aged_root,latest_root,one_time_key]}= proof_of_leadership(25);
|
||||
//component main {public [slot,epoch_nonce,t0,t1,aged_root,latest_root,one_time_key]}= proof_of_leadership(25);
|
||||
@ -36,4 +36,18 @@ template NOMOS_KDF_V1(){
|
||||
template NOMOS_NOTE_ID_V1(){
|
||||
signal output out;
|
||||
out <== 103012852986292465873069134523609422197952925946768565674230228608985708879;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// int.from_bytes(hashlib.blake2b(b"SELECTION_RANDOMNESS_V1", digest_size=32).digest()[:-1], "little") = 163474922864341961381400596433391531839044482664776931971752230771615546343
|
||||
template SELECTION_RANDOMNESS_V1(){
|
||||
signal output out;
|
||||
out <== 163474922864341961381400596433391531839044482664776931971752230771615546343;
|
||||
}
|
||||
|
||||
|
||||
// int.from_bytes(hashlib.blake2b(b"PROOF_NULLIFIER_V1", digest_size=32).digest()[:-1], "little") = 122037697982558563853882923701277343284564598726996395839110393320403237949
|
||||
template PROOF_NULLIFIER_V1(){
|
||||
signal output out;
|
||||
out <== 122037697982558563853882923701277343284564598726996395839110393320403237949;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user