Recognize non-const ProveDlog and ProveDHTuple (#375)

* #373 #374: recognize non-const ProveDlog and ProveDHTuple; * code cleanup;
ergoplatform · Jan 25, 2019 · 696f9f1 · 696f9f1
1 parent f4b4462
commit 696f9f1
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 25 deletions.
diff --git a/src/main/scala/sigmastate/eval/CompiletimeCosting.scala b/src/main/scala/sigmastate/eval/CompiletimeCosting.scala
@@ -26,9 +26,6 @@ trait CompiletimeCosting extends RuntimeCosting { IR: Evaluation =>
       case Ident(n, _) =>
         env.getOrElse(n, !!!(s"Variable $n not found in environment $env"))
 
-      case _: DLogProtocol.ProveDlog | _: ProveDHTuple =>
-        eval(SigmaPropConstant(node.asSigmaBoolean))
-
       // Rule: allOf(arr) --> AND(arr)
       case Terms.Apply(AllSym, Seq(arr: Value[SCollection[SBoolean.type]]@unchecked)) =>
         eval(mkAND(arr))
@@ -63,12 +60,11 @@ trait CompiletimeCosting extends RuntimeCosting { IR: Evaluation =>
         eval(mkBoolToSigmaProp(bool))
 
       case Terms.Apply(ProveDHTupleSym, Seq(g, h, u, v)) =>
-        eval(SigmaPropConstant(
-          mkProveDiffieHellmanTuple(
-            g.asGroupElement,
-            h.asGroupElement,
-            u.asGroupElement,
-            v.asGroupElement)))
+        eval(mkProveDiffieHellmanTuple(
+          g.asGroupElement,
+          h.asGroupElement,
+          u.asGroupElement,
+          v.asGroupElement))
 
       case Terms.Apply(TreeModificationsSym, Seq(tree: Value[SAvlTree.type]@unchecked, operations: Value[SByteArray]@unchecked, proof: Value[SByteArray]@unchecked)) =>
         eval(mkTreeModifications(tree, operations, proof))

diff --git a/src/main/scala/sigmastate/eval/RuntimeCosting.scala b/src/main/scala/sigmastate/eval/RuntimeCosting.scala
@@ -875,18 +875,8 @@ trait RuntimeCosting extends SigmaLibrary with DataCosting with Slicing { IR: Ev
         env.getOrElse(id, !!!(s"TaggedVariable $id not found in environment $env"))
 
       case c @ Constant(v, tpe) => v match {
-        case p: DLogProtocol.ProveDlog =>
-          val ge = asRep[Costed[WECPoint]](eval(p.value))
-          val resV: Rep[SigmaProp] = RProveDlogEvidence(ge.value)
-          RCCostedPrim(resV, ge.cost + costOfProveDlog, CryptoConstants.groupSize.toLong)
-        case p @ ProveDHTuple(gv, hv, uv, vv) =>
-          val gvC = asRep[Costed[WECPoint]](eval(gv))
-          val hvC = asRep[Costed[WECPoint]](eval(hv))
-          val uvC = asRep[Costed[WECPoint]](eval(uv))
-          val vvC = asRep[Costed[WECPoint]](eval(vv))
-          val resV: Rep[SigmaProp] = RProveDHTEvidence(gvC.value, hvC.value, uvC.value, vvC.value)
-          val cost = gvC.cost + hvC.cost + uvC.cost + vvC.cost + costOfDHTuple
-          RCCostedPrim(resV, cost, CryptoConstants.groupSize.toLong * 4)
+        case p: DLogProtocol.ProveDlog => eval(p)
+        case p: ProveDHTuple => eval(p)
         case bi: BigInteger =>
           assert(tpe == SBigInt)
           val resV = liftConst(bi)
@@ -926,6 +916,20 @@ trait RuntimeCosting extends SigmaLibrary with DataCosting with Slicing { IR: Ev
           withDefaultSize(resV, costOf(c))
       }
 
+      case _ @ DLogProtocol.ProveDlog(v) =>
+        val ge = asRep[Costed[WECPoint]](eval(v))
+        val resV: Rep[SigmaProp] = RProveDlogEvidence(ge.value)
+        RCCostedPrim(resV, ge.cost + costOfProveDlog, CryptoConstants.groupSize.toLong)
+
+      case _ @ ProveDHTuple(gv, hv, uv, vv) =>
+        val gvC = asRep[Costed[WECPoint]](eval(gv))
+        val hvC = asRep[Costed[WECPoint]](eval(hv))
+        val uvC = asRep[Costed[WECPoint]](eval(uv))
+        val vvC = asRep[Costed[WECPoint]](eval(vv))
+        val resV: Rep[SigmaProp] = RProveDHTEvidence(gvC.value, hvC.value, uvC.value, vvC.value)
+        val cost = gvC.cost + hvC.cost + uvC.cost + vvC.cost + costOfDHTuple
+        RCCostedPrim(resV, cost, CryptoConstants.groupSize.toLong * 4)
+
       case Height  => ctx.HEIGHT
       case Inputs  => ctx.INPUTS
       case Outputs => ctx.OUTPUTS

diff --git a/src/main/scala/sigmastate/eval/TreeBuilding.scala b/src/main/scala/sigmastate/eval/TreeBuilding.scala
@@ -296,9 +296,20 @@ trait TreeBuilding extends RuntimeCosting { IR: Evaluation =>
       case Def(TrivialSigmaCtor(In(cond))) =>
         mkBoolToSigmaProp(cond.asBoolValue)
       case Def(ProveDlogEvidenceCtor(In(g))) =>
-        SigmaPropConstant(mkProveDlog(g.asGroupElement))
+        g match {
+          case gc: Constant[SGroupElement.type]@unchecked => SigmaPropConstant(mkProveDlog(gc))
+          case _ => mkProveDlog(g.asGroupElement)
+        }
       case Def(ProveDHTEvidenceCtor(In(g), In(h), In(u), In(v))) =>
-        SigmaPropConstant(mkProveDiffieHellmanTuple(g.asGroupElement, h.asGroupElement, u.asGroupElement, v.asGroupElement))
+        (g, h, u, v) match {
+          case (gc: Constant[SGroupElement.type]@unchecked,
+          hc: Constant[SGroupElement.type]@unchecked,
+          uc: Constant[SGroupElement.type]@unchecked,
+          vc: Constant[SGroupElement.type]@unchecked) =>
+            SigmaPropConstant(mkProveDiffieHellmanTuple(gc, hc, uc, vc))
+          case _ =>
+            mkProveDiffieHellmanTuple(g.asGroupElement, h.asGroupElement, u.asGroupElement, v.asGroupElement)
+        }
 
       case SDBM.sigmaProp(_, In(cond)) =>
         mkBoolToSigmaProp(cond.asBoolValue)

diff --git a/src/test/scala/sigmastate/utxo/ErgoLikeInterpreterSpecification.scala b/src/test/scala/sigmastate/utxo/ErgoLikeInterpreterSpecification.scala
@@ -332,8 +332,8 @@ class ErgoLikeInterpreterSpecification extends SigmaTestingCommons {
         |}""".stripMargin).asBoolValue
 
     val propTree = SigmaAnd(
-      ProveDlog(ExtractRegisterAs[SGroupElement.type](Self, regPubkey1).get),
-      ProveDlog(ExtractRegisterAs[SGroupElement.type](Self, regPubkey2).get))
+      ProveDlog(ExtractRegisterAs[SGroupElement.type](Self, regPubkey1).get).asSigmaProp,
+      ProveDlog(ExtractRegisterAs[SGroupElement.type](Self, regPubkey2).get).asSigmaProp)
     prop shouldBe propTree
 
     val newBox1 = ErgoBox(10, pubkey3, 0)
@@ -637,4 +637,15 @@ class ErgoLikeInterpreterSpecification extends SigmaTestingCommons {
     an[RuntimeException] should be thrownBy
       prover.prove(emptyEnv + (ScriptNameProp -> "prove"), prop, ctx, fakeMessage).fold(t => throw t, x => x)
   }
+
+  property("non-const ProveDHT") {
+    import sigmastate.interpreter.CryptoConstants.dlogGroup
+    compileWithCosting(Map("gA" -> dlogGroup.generator),
+      "proveDHTuple(gA, OUTPUTS(0).R4[GroupElement].get, gA, gA)"
+    ).asInstanceOf[BlockValue].result shouldBe a [ProveDHTuple]
+  }
+
+  property("non-const ProveDlog") {
+    compileWithCosting(Map(), "proveDlog(OUTPUTS(0).R4[GroupElement].get)" ) shouldBe a [ProveDlog]
+  }
 }