From 8a7ffdbc210e243ee12aca78cbe6ee2dfde7b1f8 Mon Sep 17 00:00:00 2001 From: forkfury Date: Thu, 13 Nov 2025 20:12:09 +0100 Subject: [PATCH] fix: improve AssertIsCrumb readability and add constant check Add constant value check at the start of AssertIsCrumb to avoid unnecessary constraint generation for compile-time constants. Use separate variable x instead of overwriting input parameter for better code clarity. Add mathematical comment explaining the polynomial constraint derivation, matching the SCS implementation style. --- frontend/cs/r1cs/api_assertions.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/frontend/cs/r1cs/api_assertions.go b/frontend/cs/r1cs/api_assertions.go index 60d66e9a7..f96cde534 100644 --- a/frontend/cs/r1cs/api_assertions.go +++ b/frontend/cs/r1cs/api_assertions.go @@ -78,9 +78,20 @@ func (builder *builder[E]) AssertIsBoolean(i1 frontend.Variable) { } func (builder *builder[E]) AssertIsCrumb(i1 frontend.Variable) { - i1 = builder.MulAcc(builder.Mul(-3, i1), i1, i1) - i1 = builder.MulAcc(builder.Mul(2, i1), i1, i1) - builder.AssertIsEqual(i1, 0) + const errorMsg = "AssertIsCrumb: input is not a crumb" + if c, ok := builder.constantValue(i1); ok { + cv := builder.cs.ToBigInt(c) + if cv.IsUint64() && cv.Uint64() < 4 { + return + } + panic(errorMsg) + } + + // i1 (i1-1) (i1-2) (i1-3) = (i1² - 3i1) (i1² - 3i1 + 2) + // take X := i1² - 3i1 and we get X (X+2) = 0 + x := builder.MulAcc(builder.Mul(-3, i1), i1, i1) + x = builder.MulAcc(builder.Mul(2, x), x, x) + builder.AssertIsEqual(x, 0) } // AssertIsLessOrEqual adds assertion in constraint builder (v ⩽ bound)