fix: use of doubling formula instead of add(x,x) fixes #114

Consensys · Jun 30, 2021 · 0b5f655 · 0b5f655
1 parent a59e5db
commit 0b5f655
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/std/algebra/twistededwards/point.go b/std/algebra/twistededwards/point.go
@@ -96,8 +96,23 @@ func (p *Point) AddGeneric(cs *frontend.ConstraintSystem, p1, p2 *Point, curve E
 }
 
 // Double doubles a points in SNARK coordinates
+// IMPORTANT: it assumes the twisted Edwards is reduced (a=-1)
 func (p *Point) Double(cs *frontend.ConstraintSystem, p1 *Point, curve EdCurve) *Point {
-	p.AddGeneric(cs, p1, p1, curve)
+
+	u := cs.Mul(p1.X, p1.Y)
+	v := cs.Mul(p1.X, p1.X)
+	w := cs.Mul(p1.Y, p1.Y)
+	z := cs.Mul(v, w) // x**2*y**2
+
+	n1 := cs.Mul(2, u)
+	n2 := cs.Add(v, w)
+	d := cs.Mul(z, curve.D)
+	d1 := cs.Add(1, d)
+	d2 := cs.Sub(1, d)
+
+	p.X = cs.Div(n1, d1)
+	p.Y = cs.Div(n2, d2)
+
 	return p
 }
 

diff --git a/std/algebra/twistededwards/point_test.go b/std/algebra/twistededwards/point_test.go
@@ -81,8 +81,6 @@ func (circuit *add) Define(curveID ecc.ID, cs *frontend.ConstraintSystem) error
 	}
 
 	res := circuit.P.AddFixedPoint(cs, &circuit.P, params.BaseX, params.BaseY, params)
-	cs.Println(res.X)
-	cs.Println(res.Y)
 
 	cs.AssertIsEqual(res.X, circuit.E.X)
 	cs.AssertIsEqual(res.Y, circuit.E.Y)
@@ -301,8 +299,6 @@ func (circuit *neg) Define(curveID ecc.ID, cs *frontend.ConstraintSystem) error
 
 	circuit.P.Neg(cs, &circuit.P)
 	cs.AssertIsEqual(circuit.P.X, circuit.E.X)
-	// cs.Println(circuit.P.X)
-	// cs.Println(circuit.E.X)
 	cs.AssertIsEqual(circuit.P.Y, circuit.E.Y)
 
 	return nil