sync with RM: rseed, psi and rcm derivation

taiga_halo2/benches/compliance_proof.rs

@@ -15,7 +15,7 @@ use taiga_halo2::{
     },
     merkle_tree::MerklePath,
     nullifier::{Nullifier, NullifierKeyContainer},
-    resource::{RandomSeed, Resource, ResourceKind},
+    resource::{Resource, ResourceKind},
 };
 
 fn bench_compliance_proof(name: &str, c: &mut Criterion) {
@@ -31,16 +31,15 @@ fn bench_compliance_proof(name: &str, c: &mut Criterion) {
             };
             let value = pallas::Base::random(&mut rng);
             let quantity: u64 = rng.gen();
-            let rseed = RandomSeed::random(&mut rng);
+            let rseed = pallas::Base::random(&mut rng);
             Resource {
                 kind,
                 value,
                 quantity,
                 nk_container: nk,
                 is_ephemeral: false,
-                psi: rseed.get_psi(&nonce),
-                rcm: rseed.get_rcm(&nonce),
                 nonce,
+                rseed,
             }
         };
         let mut output_resource = {
@@ -53,16 +52,15 @@ fn bench_compliance_proof(name: &str, c: &mut Criterion) {
             };
             let value = pallas::Base::random(&mut rng);
             let quantity: u64 = rng.gen();
-            let rseed = RandomSeed::random(&mut rng);
+            let rseed = pallas::Base::random(&mut rng);
             Resource {
                 kind,
                 value,
                 quantity,
                 nk_container: npk,
                 is_ephemeral: false,
-                psi: rseed.get_psi(&nonce),
-                rcm: rseed.get_rcm(&nonce),
                 nonce,
+                rseed,
             }
         };
         let input_merkle_path = MerklePath::random(&mut rng, TAIGA_COMMITMENT_TREE_DEPTH);

taiga_halo2/benches/vp_proof.rs

@@ -10,7 +10,7 @@ use taiga_halo2::{
     constant::{NUM_RESOURCE, SETUP_PARAMS_MAP, VP_CIRCUIT_PARAMS_SIZE},
     nullifier::{Nullifier, NullifierKeyContainer},
     proof::Proof,
-    resource::{RandomSeed, Resource, ResourceKind},
+    resource::{Resource, ResourceKind},
 };
 
 fn bench_vp_proof(name: &str, c: &mut Criterion) {
@@ -27,16 +27,15 @@ fn bench_vp_proof(name: &str, c: &mut Criterion) {
             };
             let value = pallas::Base::random(&mut rng);
             let quantity: u64 = rng.gen();
-            let rseed = RandomSeed::random(&mut rng);
+            let rseed = pallas::Base::random(&mut rng);
             Resource {
                 kind,
                 value,
                 quantity,
                 nk_container: nk,
                 is_ephemeral: false,
-                psi: rseed.get_psi(&nonce),
-                rcm: rseed.get_rcm(&nonce),
                 nonce,
+                rseed,
             }
         });
         let output_resources = input_resources
@@ -51,16 +50,15 @@ fn bench_vp_proof(name: &str, c: &mut Criterion) {
                 };
                 let value = pallas::Base::random(&mut rng);
                 let quantity: u64 = rng.gen();
-                let rseed = RandomSeed::random(&mut rng);
+                let rseed = pallas::Base::random(&mut rng);
                 Resource {
                     kind,
                     value,
                     quantity,
                     nk_container: npk,
                     is_ephemeral: false,
-                    psi: rseed.get_psi(&nonce),
-                    rcm: rseed.get_rcm(&nonce),
                     nonce,
+                    rseed,
                 }
             })
             .collect::<Vec<_>>();

taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs

@@ -31,7 +31,7 @@ pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
         input_token_1.create_random_input_token_resource(&mut rng, alice_nk, &alice_auth);
     let output_token_1 = Token::new("btc".to_string(), 1u64);
     let mut output_resource_1 =
-        output_token_1.create_random_output_token_resource(bob_npk, &bob_auth);
+        output_token_1.create_random_output_token_resource(&mut rng, bob_npk, &bob_auth);
     let input_token_2 = Token::new("eth".to_string(), 2u64);
     let input_resource_2 =
         input_token_2.create_random_input_token_resource(&mut rng, alice_nk, &alice_auth);
@@ -43,10 +43,10 @@ pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
         create_intent_resource(&mut rng, input_resource_3.commitment().inner(), alice_nk);
     let output_token_2 = Token::new("eth".to_string(), 2u64);
     let mut output_resource_2 =
-        output_token_2.create_random_output_token_resource(bob_npk, &bob_auth);
+        output_token_2.create_random_output_token_resource(&mut rng, bob_npk, &bob_auth);
     let output_token_3 = Token::new("xan".to_string(), 3u64);
     let mut output_resource_3 =
-        output_token_3.create_random_output_token_resource(bob_npk, &bob_auth);
+        output_token_3.create_random_output_token_resource(&mut rng, bob_npk, &bob_auth);
 
     let merkle_path = MerklePath::random(&mut rng, TAIGA_COMMITMENT_TREE_DEPTH);
 

taiga_halo2/examples/tx_examples/token.rs

@@ -34,7 +34,7 @@ pub fn create_token_swap_ptx<R: RngCore>(
     // output resource
     let output_auth = TokenAuthorization::new(output_auth_pk, *COMPRESSED_TOKEN_AUTH_VK);
     let mut output_resource =
-        output_token.create_random_output_token_resource(output_npk, &output_auth);
+        output_token.create_random_output_token_resource(&mut rng, output_npk, &output_auth);
 
     // padding the zero resources
     let padding_input_resource = Resource::random_padding_resource(&mut rng);

taiga_halo2/examples/tx_examples/token_swap_with_intent.rs

@@ -163,7 +163,7 @@ pub fn consume_token_intent_ptx<R: RngCore>(
     let output_auth = TokenAuthorization::new(output_auth_pk, *COMPRESSED_TOKEN_AUTH_VK);
     let output_npk = NullifierKeyContainer::from_key(input_nk).get_npk();
     let mut output_resource =
-        output_token.create_random_output_token_resource(output_npk, &output_auth);
+        output_token.create_random_output_token_resource(&mut rng, output_npk, &output_auth);
 
     // padding the zero resources
     let padding_input_resource = Resource::random_padding_resource(&mut rng);

taiga_halo2/src/circuit/integrity.rs

@@ -104,6 +104,15 @@ pub fn check_input_resource(
         Value::known(input_resource.nonce.inner()),
     )?;
 
+    // Witness rseed
+    let rseed = assign_free_advice(
+        layouter.namespace(|| "witness rseed"),
+        advices[0],
+        Value::known(input_resource.rseed),
+    )?;
+
+    // We don't need the constraints on psi and rcm derivation for input resource.
+    // If the psi and rcm are not correct, the existence checking would fail.
     // Witness psi
     let psi = assign_free_advice(
         layouter.namespace(|| "witness psi_input"),
@@ -162,8 +171,7 @@ pub fn check_input_resource(
         value,
         nonce,
         npk,
-        psi,
-        rcm,
+        rseed,
     };
 
     Ok(InputResourceVariables {
@@ -218,6 +226,14 @@ pub fn check_output_resource(
         output_resource.quantity,
     )?;
 
+    // Witness rseed
+    let rseed = assign_free_advice(
+        layouter.namespace(|| "witness rseed"),
+        advices[0],
+        Value::known(output_resource.rseed),
+    )?;
+
+    // TODO: constrain on psi and rcm derivation
     // Witness rcm
     let rcm = assign_free_advice(
         layouter.namespace(|| "witness rcm"),
@@ -266,8 +282,7 @@ pub fn check_output_resource(
         value,
         nonce: old_nf,
         npk,
-        psi,
-        rcm,
+        rseed,
     };
 
     Ok(OutputResourceVariables {

taiga_halo2/src/circuit/vp_circuit.rs

@@ -575,8 +575,7 @@ pub struct ResourceVariables {
     pub value: AssignedCell<pallas::Base, pallas::Base>,
     pub nonce: AssignedCell<pallas::Base, pallas::Base>,
     pub npk: AssignedCell<pallas::Base, pallas::Base>,
-    pub psi: AssignedCell<pallas::Base, pallas::Base>,
-    pub rcm: AssignedCell<pallas::Base, pallas::Base>,
+    pub rseed: AssignedCell<pallas::Base, pallas::Base>,
 }
 
 // Variables in the input resource
@@ -708,17 +707,10 @@ impl BasicValidityPredicateVariables {
         )
     }
 
-    pub fn get_psi_searchable_pairs(&self) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] {
+    pub fn get_rseed_searchable_pairs(&self) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] {
         self.get_variable_searchable_pairs(
-            |variables| variables.resource_variables.psi.clone(),
-            |variables| variables.resource_variables.psi.clone(),
-        )
-    }
-
-    pub fn get_rcm_searchable_pairs(&self) -> [ResourceSearchableVariablePair; NUM_RESOURCE * 2] {
-        self.get_variable_searchable_pairs(
-            |variables| variables.resource_variables.rcm.clone(),
-            |variables| variables.resource_variables.rcm.clone(),
+            |variables| variables.resource_variables.rseed.clone(),
+            |variables| variables.resource_variables.rseed.clone(),
         )
     }
 }

taiga_halo2/src/circuit/vp_examples/cascade_intent.rs

@@ -24,6 +24,7 @@ use crate::{
     vp_commitment::ValidityPredicateCommitment,
     vp_vk::ValidityPredicateVerifyingKey,
 };
+use halo2_proofs::arithmetic::Field;
 use halo2_proofs::{
     circuit::{floor_planner, Layouter, Value},
     plonk::{keygen_pk, keygen_vk, Circuit, ConstraintSystem, Error},
@@ -154,7 +155,7 @@ pub fn create_intent_resource<R: RngCore>(
     nk: pallas::Base,
 ) -> Resource {
     let label = CascadeIntentValidityPredicateCircuit::encode_label(cascade_resource_cm);
-    let rseed = RandomSeed::random(&mut rng);
+    let rseed = pallas::Base::random(&mut rng);
     let nonce = Nullifier::random(&mut rng);
     Resource::new_input_resource(
         *COMPRESSED_CASCADE_INTENT_VK,

taiga_halo2/src/circuit/vp_examples/or_relation_intent.rs

@@ -25,6 +25,7 @@ use crate::{
     vp_commitment::ValidityPredicateCommitment,
     vp_vk::ValidityPredicateVerifyingKey,
 };
+use halo2_proofs::arithmetic::Field;
 use halo2_proofs::{
     circuit::{floor_planner, Layouter, Value},
     plonk::{keygen_pk, keygen_vk, Circuit, ConstraintSystem, Error},
@@ -290,7 +291,7 @@ pub fn create_intent_resource<R: RngCore>(
         receiver_npk,
         receiver_value,
     );
-    let rseed = RandomSeed::random(&mut rng);
+    let rseed = pallas::Base::random(&mut rng);
     let nonce = Nullifier::random(&mut rng);
     Resource::new_input_resource(
         *COMPRESSED_OR_RELATION_INTENT_VK,

taiga_halo2/src/circuit/vp_examples/partial_fulfillment_intent/swap.rs

@@ -5,7 +5,7 @@ use crate::{
         vp_examples::token::{Token, TokenAuthorization, TokenResource, TOKEN_VK},
     },
     constant::NUM_RESOURCE,
-    resource::{RandomSeed, Resource},
+    resource::Resource,
     utils::poseidon_hash_n,
 };
 use halo2_proofs::arithmetic::Field;
@@ -56,6 +56,7 @@ impl Swap {
         assert_eq!(offer.quantity() % ratio, 0);
 
         let offer_resource = offer.create_random_output_token_resource(
+            &mut rng,
             self.sell.resource().nk_container.get_npk(),
             &self.auth,
         );
@@ -71,6 +72,7 @@ impl Swap {
             );
             *returned_token
                 .create_random_output_token_resource(
+                    &mut rng,
                     self.sell.resource().nk_container.get_npk(),
                     &self.auth,
                 )
@@ -99,7 +101,7 @@ impl Swap {
     }
 
     pub fn create_intent_resource<R: RngCore>(&self, mut rng: R) -> Resource {
-        let rseed = RandomSeed::random(&mut rng);
+        let rseed = pallas::Base::random(&mut rng);
 
         Resource::new_input_resource(
             *COMPRESSED_PARTIAL_FULFILLMENT_INTENT_VK,

taiga_halo2/src/circuit/vp_examples/receiver_vp.rs

@@ -172,21 +172,30 @@ impl ValidityPredicateCircuit for ReceiverValidityPredicateCircuit {
             &basic_variables.get_npk_searchable_pairs(),
         )?;
 
-        let psi = get_owned_resource_variable(
+        let is_ephemeral = get_owned_resource_variable(
             config.get_owned_resource_variable_config,
-            layouter.namespace(|| "get owned resource psi"),
+            layouter.namespace(|| "get owned resource is_ephemeral"),
             &owned_resource_id,
-            &basic_variables.get_psi_searchable_pairs(),
+            &basic_variables.get_is_ephemeral_searchable_pairs(),
         )?;
 
-        let rcm = get_owned_resource_variable(
+        let rseed = get_owned_resource_variable(
             config.get_owned_resource_variable_config,
-            layouter.namespace(|| "get owned resource psi"),
+            layouter.namespace(|| "get owned resource rseed"),
             &owned_resource_id,
-            &basic_variables.get_rcm_searchable_pairs(),
+            &basic_variables.get_rseed_searchable_pairs(),
         )?;
 
-        let mut message = vec![logic, label, value, quantity, nonce, npk, psi, rcm];
+        let mut message = vec![
+            logic,
+            label,
+            value,
+            quantity,
+            nonce,
+            npk,
+            is_ephemeral,
+            rseed,
+        ];
 
         let add_chip = AddChip::<pallas::Base>::construct(config.add_config.clone(), ());
 
@@ -249,8 +258,8 @@ impl ValidityPredicateCircuit for ReceiverValidityPredicateCircuit {
             pallas::Base::from(target_resource.quantity),
             target_resource.nonce.inner(),
             target_resource.get_npk(),
-            target_resource.psi,
-            target_resource.rcm,
+            pallas::Base::from(target_resource.is_ephemeral as u64),
+            target_resource.rseed,
         ];
         let plaintext = ResourcePlaintext::padding(&message);
         let key = SecretKey::from_dh_exchange(&self.rcv_pk, &mod_r_p(self.sk));
@@ -332,6 +341,9 @@ fn test_halo2_receiver_vp_circuit() {
     );
     assert_eq!(de_cipher[4], circuit.output_resources[0].nonce.inner());
     assert_eq!(de_cipher[5], circuit.output_resources[0].get_npk());
-    assert_eq!(de_cipher[6], circuit.output_resources[0].get_psi());
-    assert_eq!(de_cipher[7], circuit.output_resources[0].get_rcm());
+    assert_eq!(
+        de_cipher[6],
+        pallas::Base::from(circuit.output_resources[0].is_ephemeral)
+    );
+    assert_eq!(de_cipher[7], circuit.output_resources[0].rseed);
 }

taiga_halo2/src/circuit/vp_examples/token.rs

@@ -100,7 +100,7 @@ impl Token {
     ) -> TokenResource {
         let label = self.encode_name();
         let value = auth.to_value();
-        let rseed = RandomSeed::random(&mut rng);
+        let rseed = pallas::Base::random(&mut rng);
         let nonce = Nullifier::random(&mut rng);
         let resource = Resource::new_input_resource(
             *COMPRESSED_TOKEN_VK,
@@ -119,20 +119,23 @@ impl Token {
         }
     }
 
-    pub fn create_random_output_token_resource(
+    pub fn create_random_output_token_resource<R: RngCore>(
         &self,
+        mut rng: R,
         npk: pallas::Base,
         auth: &TokenAuthorization,
     ) -> TokenResource {
         let label = self.encode_name();
         let value = auth.to_value();
+        let rseed = pallas::Base::random(&mut rng);
         let resource = Resource::new_output_resource(
             *COMPRESSED_TOKEN_VK,
             label,
             value,
             self.quantity(),
             npk,
             false,
+            rseed,
         );
 
         TokenResource {

taiga_halo2/src/compliance.rs

@@ -138,7 +138,7 @@ impl ComplianceInfo {
             None => input_resource.calculate_root(&input_merkle_path),
         };
 
-        output_resource.set_nonce(&input_resource, &mut rng);
+        output_resource.set_nonce(&input_resource);
 
         Self {
             input_resource,