void HashDifficultyEnforcer_Gadget::generateWitness() {
// Take the packed representation and unpack to bits.
hashValueUnpacker_->generateWitness();
// In a real setting we would add an assertion that the value will indeed satisfy the
// difficulty constraint, and notify the user with an error otherwise. As this is a tutorial,
// we'll let invalid values pass through so that we can see how isSatisfied() returns false.
}
void NAND_Gadget::generateWitness() {
// First we can assert that all input values are indeed boolean. The purpose of this assertion
// is simply to print a clear error message, it is not security critical.
// Notice the method val() which returns a reference to the current assignment for a variable
for (const auto& input : inputs_) {
GADGETLIB_ASSERT(val(input) == 0 || val(input) == 1, "NAND input is not boolean");
}
// we will invoke the AND gate witness generator, this will set andResult_ correctly
andGadget_->generateWitness();
// and now we set the value of output_
val(output_) = 1 - val(andResult_);
// notice the use of 'val()' to tell the protoboard to assign this new value to the
// variable 'output_'. The variable itself is only a formal variable and never changes.
}
// And now for a test which will exemplify the usage:
TEST(Examples, NAND_Gadget) {
// initialize the field
initPublicParamsFromDefaultPp();
// create a protoboard for a system of rank 1 constraints over a prime field.
ProtoboardPtr pb = Protoboard::create(R1P);
// create 5 variables inputs[0]...iputs[4]. The string "inputs" is used for debug messages
FlagVariableArray inputs(5, "inputs");
FlagVariable output("output");
GadgetPtr nandGadget = NAND_Gadget::create(pb, inputs, output);
// now we can generate a constraint system (or circuit)
nandGadget->generateConstraints();
// if we try to evaluate the circuit now, an exception will be thrown, because we will
// be attempting to evaluate unasigned variables.
EXPECT_ANY_THROW(pb->isSatisfied());
// so lets assign the input variables for NAND and try again after creating the witness
for (const auto& input : inputs) {
pb->val(input) = 1;
}
nandGadget->generateWitness();
EXPECT_TRUE(pb->isSatisfied());
EXPECT_TRUE(pb->val(output) == 0);
// now lets try to ruin something and see what happens
pb->val(inputs[2]) = 0;
EXPECT_FALSE(pb->isSatisfied());
// now let try to cheat. If we hadn't enforced booleanity, this would have worked!
pb->val(inputs[1]) = 2;
EXPECT_FALSE(pb->isSatisfied());
// now lets reset inputs[1] to a valid value
pb->val(inputs[1]) = 1;
// before, we set both the inputs and the output. Notice the output is still set to '0'
EXPECT_TRUE(pb->val(output) == 0);
// Now we will let the gadget compute the result using generateWitness() and see what happens
nandGadget->generateWitness();
EXPECT_TRUE(pb->val(output) == 1);
EXPECT_TRUE(pb->isSatisfied());
}