UNPKG

@silvana-one/mina-utils

Version:

Silvana Mina Utils

docs.silvana.one

SilvanaOne/silvana-lib

150 lines (130 loc) 5.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
import { Field, UInt32 } from "o1js"; import { getR, Fr } from "./constants.js"; import { rScalarPowProvable } from "./exp.js"; /// Commitment types and functions /* // Example ZkProgram for commitment update export const CommitmentProgram = ZkProgram({ name: "CommitmentUpdate", publicOutput: Fr.Canonical.provable, methods: { updateCommitment: { privateInputs: [ Fr.Canonical.provable, // oldTableCommitment Fr.AlmostReduced.provable, // oldStructDigest Fr.AlmostReduced.provable, // newStructDigest UInt32, // index ], async method( oldTableCommitment: AlmostReducedElement, oldStructDigest: AlmostReducedElement, newStructDigest: AlmostReducedElement, index: UInt32 ) { // Use the provable version of update function const newCommitment = update( oldTableCommitment, oldStructDigest, newStructDigest, index ); return { publicOutput: newCommitment }; }, }, commitFromScratch: { privateInputs: [ Provable.Array(Fr.Canonical.provable, 2), // struct1 [field0, field1] Provable.Array(Fr.Canonical.provable, 2), // struct2 [field0, field1] ], async method(struct1: CanonicalElement[], struct2: CanonicalElement[]) { // Digest each struct const c0 = digestStruct(struct1); const c1 = digestStruct(struct2); // Commit the table of digests const commitment = commit([c0, c1]); return { publicOutput: commitment }; }, }, }, }); */ // Use the proper types from the foreign field system export type CanonicalElement = InstanceType<typeof Fr.Canonical>; export type AlmostReducedElement = InstanceType<typeof Fr.AlmostReduced>; // Create R constant for ZkProgram use (needs to be available at module level for provable code) export const R: CanonicalElement = getR(); // ----- constants taken from Move code (big‑endian hex) ----- export const S: CanonicalElement = Fr.from(0x1582695da6689f26db7bb3eb32907ecd0ac3af032aefad31a069352705f0d459n); const P: Field = Field( 20359658106300430391853594957854653514501797417378649347544016260949017072120n ); const P2 = P.mul(P); // ----- helpers ----- export function scalar(n: bigint): CanonicalElement { return Fr.from(n); } export function blsCommitment(element: CanonicalElement): Field { return element.value[0] .add(element.value[1].mul(P)) .add(element.value[1].mul(P2)); } // inner: digest one struct export function digestStruct(fields: CanonicalElement[]): CanonicalElement { let d: AlmostReducedElement = Fr.from(0n).assertAlmostReduced(); for (const f of fields) { const prod = d.mul(S); // returns Unreduced d = prod.add(f).assertAlmostReduced(); // reduce for next iteration } return d.assertCanonical(); } // outer: commit whole table (vector of digests) export function commit(table: CanonicalElement[]): CanonicalElement { let acc: AlmostReducedElement = Fr.from(0n).assertAlmostReduced(); const r = getR(); // Get R once, not in every iteration // Iterate in reverse order so that table[i] gets coefficient R^i for (let i = table.length - 1; i >= 0; i--) { const prod = acc.mul(r); // returns Unreduced acc = prod.add(table[i]).assertAlmostReduced(); // reduce for next iteration } return acc.assertCanonical(); } // constant‑time single‑field update using struct digest recalculation (non-provable version) // export function update( // oldTableCommitment: AlmostReducedElement, // oldStructDigest: AlmostReducedElement, // newStructDigest: AlmostReducedElement, // index: number // ): AlmostReducedElement { // // The table commitment formula in commit() now produces: // // table[0]*R^0 + table[1]*R^1 + table[2]*R^2 + ... + table[i]*R^i // // So position i has coefficient R^i // // Position i has coefficient R^i - use optimized lookup table exponentiation // const rPowI = rScalarPow(index).assertCanonical(); // // Calculate the change: new_commitment = old_commitment + (new_struct - old_struct) * R^i // const structDelta = newStructDigest // .sub(oldStructDigest) // .assertAlmostReduced(); // const tableDelta = structDelta.mul(rPowI).assertAlmostReduced(); // return oldTableCommitment.add(tableDelta).assertAlmostReduced(); // } // constant‑time single‑field update using struct digest recalculation (provable version) export function update( oldTableCommitment: CanonicalElement, oldStructDigest: AlmostReducedElement, newStructDigest: AlmostReducedElement, index: UInt32 ): CanonicalElement { // The table commitment formula in commit() now produces: // table[0]*R^0 + table[1]*R^1 + table[2]*R^2 + ... + table[i]*R^i // So position i has coefficient R^i // Position i has coefficient R^i - use provable lookup table exponentiation const rPowI = rScalarPowProvable(index).assertCanonical(); // Calculate the change: new_commitment = old_commitment + (new_struct - old_struct) * R^i const structDelta = newStructDigest .sub(oldStructDigest) .assertAlmostReduced(); const tableDelta = structDelta.mul(rPowI).assertAlmostReduced(); return oldTableCommitment.add(tableDelta).assertCanonical(); }