Closed
Description
Describe the bug
The current implementation will produce negative public inputs(PIs). This is incredibly confusing and unexpected. The proving algorithm in the Prover::prove functions produces PIs that are the negative of what is expected, and Verifier::verify expects them to be negative as well.
To Reproduce
Run cargo t with this code to reproduce:
use dusk_plonk::prelude::*;
/// Simple circuit proving that `a + b = c`, with `c` as a public input.
#[derive(Default)]
struct Circ {
a: BlsScalar,
b: BlsScalar,
c: BlsScalar,
}
impl Circuit for Circ {
fn circuit<C>(&self, composer: &mut C) -> Result<(), Error>
where
C: Composer,
{
let a = composer.append_witness(self.a);
let b = composer.append_witness(self.b);
let constraint = Constraint::new().a(a).b(b).left(1).right(1).public(-self.c);
composer.append_gate(constraint);
Ok(())
}
}
#[test]
fn big_whoops() {
use rand::prelude::*;
let rng = &mut StdRng::seed_from_u64(0xbeef);
let pp = PublicParameters::setup(1 << 4, rng).unwrap();
let (prover, verifier) =
Compiler::compile(&pp, b"ureeves").expect("The circuit should compile");
// 1 + 2 = 3
let circ = Circ {
a: BlsScalar::from(1),
b: BlsScalar::from(2),
c: BlsScalar::from(3),
};
let (proof, pis) = prover
.prove(rng, &circ)
.expect("The circuit proves successfully");
assert_eq!(pis.len(), 1, "There should be one public input");
// FIXME
assert_eq!(
-pis[0],
BlsScalar::from(3),
"Plonk expects the PIs to be negative"
);
verifier
.verify(&proof, &pis)
.expect("Verifying the circuit should succeed");
}Expected behaviour
I would expect the test to fail on the assert_eq marked with the FIXME comment, but this is not the case.
Additional context
This was discovered during an effort to port of the transfer contract to piecrust.
Activity