circuits: Remove RecipientParameters struct

circuits/CHANGELOG.md

@@ -10,10 +10,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Add Recipient gadget [#197]
-- Add `RecipientParameter::new` constructor [#201]
 
 ### Changed
 
+- Rename `recipient` module to `sender_enc` [#214]
+- Rename `blinding_factor` to `value_blinder` [#214]
+- Add `sender_enc` field to `TxOutputNote` [#214]
+- Add `note_pk` field to `TxOutputNote` [#214]
+- Add `sender_pk`, `signatures`, `output_npk` and `sender_blinder` fields to `TxCircuit` [#214]
 - Remove `ViewKey` from `TxOutputNote::new()` parameters [#191]
 - Make `rng` the first param in `TxInputNote::new` [#189]
 - Rename `crossover` to `deposit` [#190]
@@ -23,7 +27,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
-- Remove `RecipientParameters`
+- Remove `WitnessTxOutputNote` struct [#214]
+- Remove `RecipientParameters` struct [#214]
 - Remove `elgamal::encrypt` and `elgamal::decrypt`
 
 ## [0.1.0] - 2024-05-22
@@ -42,6 +47,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Update `poseidon-merkle` to v0.6 [#179]
 
 <!-- ISSUES -->
+[#214]: https://github.com/dusk-network/phoenix/issues/214
 [#201]: https://github.com/dusk-network/phoenix/issues/201
 [#197]: https://github.com/dusk-network/phoenix/issues/197
 [#188]: https://github.com/dusk-network/phoenix/issues/188

circuits/src/lib.rs

@@ -11,7 +11,7 @@
 #![no_std]
 
 mod encryption;
-mod recipient;
+mod sender_enc;
 
 /// Transaction structs, and circuit
 pub mod transaction;

circuits/src/sender_enc.rs

@@ -0,0 +1,115 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// Copyright (c) DUSK NETWORK. All rights reserved.
+
+#![allow(non_snake_case)]
+
+use dusk_jubjub::JubJubAffine;
+use dusk_plonk::prelude::*;
+use jubjub_schnorr::{gadgets, Signature as SchnorrSignature};
+use phoenix_core::{PublicKey, OUTPUT_NOTES};
+
+use crate::elgamal;
+
+/// Gadget to prove a valid origin for a given transaction.
+pub(crate) fn gadget(
+    composer: &mut Composer,
+    sender_pk: PublicKey,
+    signatures: (SchnorrSignature, SchnorrSignature),
+    output_npk: [JubJubAffine; OUTPUT_NOTES],
+    sender_blinder: [(JubJubScalar, JubJubScalar); OUTPUT_NOTES],
+    // [enc_A, enc_B] for note 0
+    sender_enc_out0: [(JubJubAffine, JubJubAffine); 2],
+    // [enc_A, enc_B] for note 1
+    sender_enc_out1: [(JubJubAffine, JubJubAffine); 2],
+    payload_hash: Witness,
+) -> Result<(), Error> {
+    // VERIFY A SIGNATURE FOR EACH KEY 'A' AND 'B'
+    let sender_pk_A = composer.append_point(sender_pk.A());
+    let sender_pk_B = composer.append_point(sender_pk.B());
+
+    let sig_A_u = composer.append_witness(*signatures.0.u());
+    let sig_A_R = composer.append_point(signatures.0.R());
+
+    let sig_B_u = composer.append_witness(*signatures.1.u());
+    let sig_B_R = composer.append_point(signatures.1.R());
+
+    gadgets::verify_signature(
+        composer,
+        sig_A_u,
+        sig_A_R,
+        sender_pk_A,
+        payload_hash,
+    )?;
+    gadgets::verify_signature(
+        composer,
+        sig_B_u,
+        sig_B_R,
+        sender_pk_B,
+        payload_hash,
+    )?;
+
+    // ENCRYPT EACH KEY 'A' and 'B' USING EACH OUTPUT 'NPK'
+    let note_pk_0 = composer.append_public_point(output_npk[0]);
+    let note_pk_1 = composer.append_public_point(output_npk[1]);
+
+    let blinder_A_0 = composer.append_witness(sender_blinder[0].0);
+    let blinder_B_0 = composer.append_witness(sender_blinder[0].1);
+
+    let blinder_A_1 = composer.append_witness(sender_blinder[1].0);
+    let blinder_B_1 = composer.append_witness(sender_blinder[1].1);
+
+    // assert that the sender encryption of the first note is correct
+    // appends the values of sender_enc_out0 as public input
+    assert_sender_enc(
+        composer,
+        sender_pk_A,
+        sender_pk_B,
+        note_pk_0,
+        (blinder_A_0, blinder_B_0),
+        sender_enc_out0,
+    )?;
+
+    // assert that the sender encryption of the second note is correct
+    // appends the values of sender_enc_out1 as public input
+    assert_sender_enc(
+        composer,
+        sender_pk_A,
+        sender_pk_B,
+        note_pk_1,
+        (blinder_A_1, blinder_B_1),
+        sender_enc_out1,
+    )?;
+
+    Ok(())
+}
+
+fn assert_sender_enc(
+    composer: &mut Composer,
+    sender_pk_A: WitnessPoint,
+    sender_pk_B: WitnessPoint,
+    note_pk: WitnessPoint,
+    blinder: (Witness, Witness),
+    sender_enc: [(JubJubAffine, JubJubAffine); 2],
+) -> Result<(), Error> {
+    let blinder_A = blinder.0;
+    let (enc_A_c1, enc_A_c2) =
+        elgamal::encrypt_gadget(composer, note_pk, sender_pk_A, blinder_A)?;
+
+    let blinder_B = blinder.1;
+    let (enc_B_c1, enc_B_c2) =
+        elgamal::encrypt_gadget(composer, note_pk, sender_pk_B, blinder_B)?;
+
+    let sender_enc_A = sender_enc[0];
+    let sender_enc_B = sender_enc[1];
+
+    composer.assert_equal_public_point(enc_A_c1, sender_enc_A.0);
+    composer.assert_equal_public_point(enc_A_c2, sender_enc_A.1);
+
+    composer.assert_equal_public_point(enc_B_c1, sender_enc_B.0);
+    composer.assert_equal_public_point(enc_B_c2, sender_enc_B.1);
+
+    Ok(())
+}