Added concatenated balance for nonzero constraint process #294
Conversation
prover/src/entry.rs
Outdated
| for (i, balance) in self.balances.iter().rev().enumerate() { | ||
| // Shift bits: 1 for buffer; 19 is highest bit for two power of userbase; 64 is for the maximum range check limit | ||
| concatenated_balance += balance << ((1 + 19 + 64) * i); | ||
| } |
There was a problem hiding this comment.
I think it's better to have 19 as a constant or a generic and also add an assertion that the concatenated balance would not exceed the field bit size.
prover/src/circuits/summa_circuit.rs
Outdated
| let mut balances_expr = meta.query_advice(balances[N_CURRENCIES - 1], Rotation::cur()); | ||
|
|
||
| // Base shift value for 84 bits. | ||
| let base_shift = Fp::from(1 << 63).mul(&Fp::from(1 << 21)); | ||
|
|
||
| let mut current_shift = Expression::Constant(base_shift); | ||
|
|
||
| for i in (0..N_CURRENCIES - 1).rev() { | ||
| let balance = meta.query_advice(balances[i], Rotation::cur()); | ||
| let shifted_balance = balance * current_shift.clone(); | ||
| balances_expr = balances_expr + shifted_balance; | ||
|
|
||
| if i != 0 { | ||
| current_shift = current_shift * Expression::Constant(base_shift); | ||
| } |
There was a problem hiding this comment.
This works because we know exactly that N_CURRENCIES=3, but will break if the prover changes the N_CURRENCIES. I think it's better to add an assertion about the parameter combination (i.e., would there be "overlap" between shifted values for the given N_USERS, N_CURRENCIES and max possible range of a balance) and also calculate the base_shift based on these parameters.
There was a problem hiding this comment.
While adding the assertions you suggested, I noticed that the verification of proof generated with N_CURRENCIES = 2 failed. I still don't have any clue why it doesn't work with two currencies. Therefore, I have simply modified it to allow only 1 or 3 currencies with the assertion.
I believe I can remove contract and fix the backend as I did in PR #297 after merging PR #292.
| )); | ||
| } | ||
|
|
||
| // Define shift bits: 1 for buffer, bits for user base that not exceed 19, and 64 bits for the balances range check |
There was a problem hiding this comment.
Firstly, we can allocate 84 bits for each of the three currencies, totaling 252 bits, which does not exceed the modulus in the field.
The maximum user balance is
We use one bit as a buffer to separate the total sum balance in the concatenated balance, leaving us with 19 bits at the end. That's why the user base shouldn't exceed
I added an additional advice column for the concatenated balance, which combines more than two balances into one with shifted positions. For example, consider the following total balances:
The concatenated balance appears as:
There is an 84-bit shift between each balance.
Additionally, I introduced a constraint for the concatenated balances, formulated as ( D = (A << (84 * 2) ) + (B << 84) + C )