Merge pull request #107 from LayerXcom/feature/unhelped_perm_arg

Implement grand product arguments

README.md

@@ -2,13 +2,13 @@
 [![Build Status](https://travis-ci.com/LayerXcom/zero-chain.svg?branch=master)](https://travis-ci.com/LayerXcom/zero-chain)
 [![Gitter](https://badges.gitter.im/LayerXcom/Zerochain.svg)](https://gitter.im/LayerXcom/Zerochain?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
-Zerochain is a privacy-preserving blockchain on substrate. 
+Zerochain is a privacy-preserving blockchain on substrate.
 It is designed to get efficient zero-knowledge proving, reduce the on-chain storage cost and bring the flexibility for developing applications.
 
 ## Status
 **WARNING: Zerochain is alpha quality software, improvements and fixes are made frequently, and documentation for technical details doesn't yet exist.**
 
-For now, only supported for the "confidential payment PoC".
+For now, only supported for the "confidential payment PoC" inspired by [Zether](https://crypto.stanford.edu/~buenz/papers/zether.pdf) paper.
 
 - Balance for each account is encrypted
 <div align="center">
@@ -95,6 +95,12 @@ You can send the transaction from firefox browser.
 ### Documentations
 - [Announcing Zerochain: Applying zk-SNARKs to Substrate](https://medium.com/layerx/announcing-zerochain-5b08e158355d)
 
+### References
+- [Substrate](https://github.com/paritytech/substrate)
+- [Zcash Protocol Specification](https://github.com/zcash/zips/blob/master/protocol/protocol.pdf)
+- [Zether](https://crypto.stanford.edu/~buenz/papers/zether.pdf): Towards Privacy in a Smart Contract World
+- [Sonic](https://eprint.iacr.org/2019/099.pdf): Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings
+
 ## Contributing
 - Feel free to submit your own issues and PRs
 - For further discussions and questions talk to us on [Gitter](https://gitter.im/LayerXcom/Zerochain)

core/pairing/src/lib.rs

@@ -25,7 +25,7 @@ extern crate alloc;
 
 #[cfg(not(feature = "std"))]
 mod std {
-	pub use core::*; 
+	pub use core::*;
 	pub use alloc::vec;
 	pub use alloc::string;
 	pub use alloc::boxed;
@@ -140,7 +140,7 @@ pub trait CurveProjective:
     + Copy
     + Clone
     + Send
-    + Sync    
+    + Sync
     + rand::Rand
     + 'static
 {
@@ -242,8 +242,8 @@ pub trait CurveAffine:
 
     /// Converts this element into its compressed encoding, so long as it's not
     /// the point at infinity.
-    fn into_compressed(&self) -> Self::Compressed {        
-        <Self::Compressed as EncodedPoint>::from_affine(*self)        
+    fn into_compressed(&self) -> Self::Compressed {
+        <Self::Compressed as EncodedPoint>::from_affine(*self)
     }
 
     /// Converts this element into its uncompressed encoding, so long as it's not
@@ -341,7 +341,7 @@ pub trait Field:
         }
 
         res
-    } 
+    }
 }
 
 /// This trait represents an element of a field that has a square root operation described for it.
@@ -365,7 +365,7 @@ pub trait PrimeFieldRepr:
     + Ord
     + Send
     + Sync
-    + Default    
+    + Default
     + 'static
     + rand::Rand
     + AsRef<[u64]>
@@ -409,7 +409,7 @@ pub trait PrimeFieldRepr:
     fn write_be<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
         use byteorder::BigEndian;
 
-        let mut buf = [0u8; 8];    
+        let mut buf = [0u8; 8];
         for digit in self.as_ref().iter().rev() {
             BigEndian::write_u64(&mut buf, *digit);
             writer.write(&buf)?;
@@ -452,7 +452,7 @@ pub trait PrimeFieldRepr:
         for digit in self.as_mut().iter_mut() {
 			reader.read(&mut buf)?;
 			*digit = LittleEndian::read_u64(&buf);
-        }	        
+        }
 
         Ok(())
     }

core/sonic/src/cs/lc.rs

@@ -28,6 +28,18 @@ impl<E: Engine> LinearCombination<E> {
     }
 }
 
+impl<E: Engine> Add<LinearCombination<E>> for LinearCombination<E> {
+    type Output = LinearCombination<E>;
+
+    fn add(mut self, lc: LinearCombination<E>) -> LinearCombination<E> {
+        for (var, coeff) in lc.as_ref() {
+            self.0.push((*var, *coeff));
+        }
+
+        self
+    }
+}
+
 /// Operetor overloading for linear combination
 /// `LinearCombination` + `(Coeff, Variable)` = `LinearCombination`
 impl<E: Engine> Add<(Coeff<E>, Variable)> for LinearCombination<E> {

core/sonic/src/cs/mod.rs

@@ -8,6 +8,7 @@ use std::marker::PhantomData;
 use bellman::SynthesisError;
 
 pub mod lc;
+pub mod permutation;
 pub use lc::{Variable, Coeff, LinearCombination};
 
 pub trait Circuit<E: Engine> {
@@ -32,10 +33,10 @@ pub trait ConstraintSystem<E: Engine>: Sized {
     fn alloc_input<F>(&mut self, value: F) -> Result<Variable, SynthesisError>
         where F: FnOnce() -> Result<E::Fr, SynthesisError>;
 
-
+    /// Constrain a linear combination to zero.
     fn enforce_zero(&mut self, lc: LinearCombination<E>);
 
-
+    /// Constrain each varible to multiplication gate.
     fn multiply<F>(&mut self, values: F) -> Result<(Variable, Variable, Variable), SynthesisError>
         where F: FnOnce() -> Result<(E::Fr, E::Fr, E::Fr), SynthesisError>;
 
@@ -91,6 +92,7 @@ impl SynthesisDriver for Basic {
         }
 
         impl<E: Engine, B: Backend<E>> ConstraintSystem<E> for Synthesizer<E, B> {
+            // Variable starts from index 1
             const ONE: Variable = Variable::A(1);
 
             fn alloc<F>(&mut self, value: F) -> Result<Variable, SynthesisError>