Align delegation circuit with ZIP spec (dom, value=1, remove is_real)#8
Closed
czarcas7ic wants to merge 1 commit into
Closed
Align delegation circuit with ZIP spec (dom, value=1, remove is_real)#8czarcas7ic wants to merge 1 commit into
czarcas7ic wants to merge 1 commit into
Conversation
This was referenced Mar 23, 2026
czarcas7ic
commented
Mar 23, 2026
| //! - **Condition 12** (×5): Private nullifier derivation. | ||
| //! - **Condition 13** (×5): IMT non-membership. | ||
| //! - **Condition 14** (×5): Governance nullifier publication. | ||
| //! - **Condition 15** (×5): Padded-note zero-value enforcement. |
Collaborator
Author
There was a problem hiding this comment.
Condition 15 is subsumed by condition 10's new gating: v * (root - anchor) = 0. Any note with v > 0 must pass the Merkle check, so a prover can't inflate weight with a fake padded note. Notes with v = 0 contribute nothing to ballot scaling. This matches Orchard's standard dummy note mechanism.
czarcas7ic
commented
Mar 23, 2026
| /// Gov null offsets indexed by note slot. | ||
| const GOV_NULL_OFFSETS: [usize; 5] = [GOV_NULL_1, GOV_NULL_2, GOV_NULL_3, GOV_NULL_4, GOV_NULL_5]; | ||
| /// Public input offset for the nullifier domain. | ||
| const DOM: usize = 13; |
Collaborator
Author
There was a problem hiding this comment.
0: nf_signed
1: rk_x
2: rk_y
3: cmx_new
4: van_comm
5: vote_round_id
6: nc_root
7: nf_imt_root
8–12: gov_null_1..5
13: dom ← appended at the end
czarcas7ic
commented
Mar 23, 2026
Comment on lines
+532
to
533
| // nf_imt_root. Not gated — dummy notes check too. | ||
| ("imt_root = nf_imt_root", imt_root - nf_imt_root), |
Collaborator
Author
There was a problem hiding this comment.
Important, we don't skip imt check, same as before
Three changes to align with zcash/zips#1199: 1. Governance nullifier → alternate nullifier with explicit dom public input (14th instance field). dom = Poseidon("governance authorization", vote_round_id) derived out-of-circuit. In-circuit: Poseidon(nk, dom, real_nf) with ConstantLength<3>. 2. Dummy signed note value 0 → 1 to match PCZT construction. 3. Replace is_note_real with v * (root - anchor) = 0 (Orchard standard dummy note mechanism). Remove condition 15.
czarcas7ic
force-pushed
the
adam/zip-spec-delegation-alignment
branch
from
f91cc75 to
beba9ef
Compare
Contributor
this would have been a rough review ... :D |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three changes to align with zcash/zips#1199 review:
dompublic input (14th instance field).dom = Poseidon("governance authorization", vote_round_id)derived out-of-circuit. In-circuit:Poseidon(nk, dom, real_nf)withConstantLength<3>.0 → 1to match PCZT construction (ZIP §Dummy Signed Note).is_note_realwithv * (root - anchor) = 0— Orchard's standard dummy note mechanism (ZIP §Note Padding). Removes condition 15.Merge order
This PR has no dependencies. Merge first (librustvoting and vote-sdk PRs depend on these changes)