Compare test results against Sinsemilla primitives

zcash · Apr 26, 2021 · c75bb83 · c75bb83
1 parent 4a75d1b
commit c75bb83
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 2 deletions.
diff --git a/src/circuit/gadget/sinsemilla.rs b/src/circuit/gadget/sinsemilla.rs
@@ -272,7 +272,9 @@ mod tests {
             merkle_crh.hash_to_point(
                 chip1,
                 layouter.namespace(|| "hash_to_point"),
-                vec![true, true, false, false],
+                vec![
+                    true, true, false, true, true, false, false, false, true, true, false, false,
+                ],
             )?;
 
             let mut chip2 = SinsemillaChip::<C>::construct(
@@ -294,7 +296,10 @@ mod tests {
             commit_ivk.commit(
                 chip2,
                 layouter.namespace(|| "commit"),
-                vec![true, true, false, false],
+                vec![
+                    true, true, false, false, true, false, true, true, false, true, false, true,
+                    true, false,
+                ],
                 r,
             )?;
 

diff --git a/src/circuit/gadget/sinsemilla/chip.rs b/src/circuit/gadget/sinsemilla/chip.rs
@@ -450,6 +450,30 @@ impl<C: CurveAffine> SinsemillaInstructions<C> for SinsemillaChip<C> {
                     || y_a.ok_or(Error::SynthesisError),
                 )?;
 
+                #[cfg(test)]
+                x_a.zip(y_a).map(|(x_a, y_a)| {
+                    let computed_point: C = C::from_xy(x_a, y_a).unwrap();
+                    let expected_point: C = {
+                        let Q = C::from_xy(Q.x.value.unwrap(), Q.y.value.unwrap()).unwrap();
+                        let message: Vec<u32> =
+                            message.0.iter().map(|word| word.value.unwrap()).collect();
+
+                        use crate::primitives::sinsemilla::S_PERSONALIZATION;
+                        use pasta_curves::arithmetic::CurveExt;
+
+                        let hasher_S = C::CurveExt::hash_to_curve(S_PERSONALIZATION);
+                        let S = |chunk: u32| -> C { hasher_S(&chunk.to_le_bytes()).to_affine() };
+
+                        message
+                            .iter()
+                            .fold(C::CurveExt::from(Q), |acc, chunk: &u32| {
+                                (acc + S(*chunk)) + acc
+                            })
+                            .to_affine()
+                    };
+                    assert_eq!(computed_point, expected_point);
+                });
+
                 let y_a = CellValue::new(y_a_cell, y_a);
                 let x_a = CellValue::new(x_a_cell, x_a);