forked from silversixpence-crypto/zk-proof-of-assets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
batch-ecdsa.patch
17 lines (17 loc) · 1.16 KB
/
batch-ecdsa.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
diff --git a/circuits/batch_ecdsa.circom b/circuits/batch_ecdsa.circom
index f575c8a..469f97a 100644
--- a/circuits/batch_ecdsa.circom
+++ b/circuits/batch_ecdsa.circom
@@ -272,9 +272,10 @@ template Secp256k1LinearCombination(n, k, b) {
adders[coord_idx][batch_idx-1] = Secp256k1AddUnequal(n, k);
for (var reg_idx = 0; reg_idx < k; reg_idx++) {
for (var x_or_y = 0; x_or_y < 2; x_or_y++) {
- adders[coord_idx][batch_idx-1].a[x_or_y][reg_idx] <==
- are_points_equal[coord_idx][batch_idx-1].out * (dummy2[x_or_y][reg_idx] - partial[coord_idx][batch_idx-1][x_or_y][reg_idx])
+ var aux1 = dummy2[x_or_y][reg_idx] - partial[coord_idx][batch_idx-1][x_or_y][reg_idx];
+ var aux2 = are_points_equal[coord_idx][batch_idx-1].out * aux1
+ partial[coord_idx][batch_idx-1][x_or_y][reg_idx];
+ adders[coord_idx][batch_idx-1].a[x_or_y][reg_idx] <== aux2;
adders[coord_idx][batch_idx-1].b[x_or_y][reg_idx] <==
multiplexers[batch_idx][coord_idx][x_or_y].out[reg_idx];
}