From b856d7debf3058d45010124d1cc907bf05137c43 Mon Sep 17 00:00:00 2001
From: moana <moana@dusk.network>
Date: Thu, 26 Jan 2023 16:52:47 +0100
Subject: [PATCH] Fix negation of coordinates in `assert_equal_public_point`

This change also required to change the negation of the constant
in `append_equal_constant`.
Tests added as well.

Resolves #728
---
 CHANGELOG.md      |   3 +
 src/composer.rs   |  13 +++--
 tests/composer.rs |   2 +-
 tests/ecc.rs      | 140 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 152 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 485d43750..23cf31e54 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Fix negation of public input values when using `composer.append_public` [#717]
 - Fix `assert_equal_point` method [#721]
+- Fix negation of constant in `append_equal_constant` [#728]
+- Fix negation of public point coordinates in `assert_equal_public_point` [#728]
 
 ## [0.13.1] - 2022-10-26
 
@@ -457,6 +459,7 @@ is necessary since `rkyv/validation` was required as a bound.
 - Proof system module.
 
 <!-- ISSUES -->
+[#728]: https://github.com/dusk-network/plonk/issues/728
 [#725]: https://github.com/dusk-network/plonk/issues/725
 [#721]: https://github.com/dusk-network/plonk/issues/721
 [#717]: https://github.com/dusk-network/plonk/issues/717
diff --git a/src/composer.rs b/src/composer.rs
index 86a6c95fe..d64dad574 100644
--- a/src/composer.rs
+++ b/src/composer.rs
@@ -544,13 +544,13 @@ pub trait Composer: Sized + Index<Witness, Output = BlsScalar> {
         self.assert_equal_constant(
             *point.x(),
             BlsScalar::zero(),
-            Some(-affine.get_x()),
+            Some(affine.get_x()),
         );
 
         self.assert_equal_constant(
             *point.y(),
             BlsScalar::zero(),
-            Some(-affine.get_y()),
+            Some(affine.get_y()),
         );
 
         point
@@ -622,7 +622,10 @@ pub trait Composer: Sized + Index<Witness, Output = BlsScalar> {
         public: Option<BlsScalar>,
     ) {
         let constant = constant.into();
-        let constraint = Constraint::new().left(1).constant(-constant).a(a);
+        let constraint = Constraint::new()
+            .left(-BlsScalar::one())
+            .a(a)
+            .constant(constant);
         let constraint =
             public.map(|p| constraint.public(p)).unwrap_or(constraint);
 
@@ -649,13 +652,13 @@ pub trait Composer: Sized + Index<Witness, Output = BlsScalar> {
         self.assert_equal_constant(
             *point.x(),
             BlsScalar::zero(),
-            Some(-public.get_x()),
+            Some(public.get_x()),
         );
 
         self.assert_equal_constant(
             *point.y(),
             BlsScalar::zero(),
-            Some(-public.get_y()),
+            Some(public.get_y()),
         );
     }
 
diff --git a/tests/composer.rs b/tests/composer.rs
index ef27edec6..25a68da33 100644
--- a/tests/composer.rs
+++ b/tests/composer.rs
@@ -57,7 +57,7 @@ fn circuit_with_all_gates() {
             composer.append_public(self.y);
 
             composer.assert_equal(w_x, r_w);
-            composer.assert_equal_constant(w_x, 0, Some(-self.x));
+            composer.assert_equal_constant(w_x, 0, Some(self.x));
             composer.assert_equal_point(w_z, w_z);
             composer.assert_equal_public_point(w_z, self.z);
 
diff --git a/tests/ecc.rs b/tests/ecc.rs
index b8f4429e7..bf2a00ef7 100644
--- a/tests/ecc.rs
+++ b/tests/ecc.rs
@@ -430,3 +430,143 @@ fn assert_equal_point_works() {
             .expect_err("prover should fail because the y-coordinates of the points are not equal");
     }
 }
+
+#[test]
+fn assert_equal_public_point_works() {
+    let rng = &mut StdRng::seed_from_u64(8349u64);
+
+    let n = 1 << 4;
+    let label = b"demo";
+    let pp = PublicParameters::setup(n, rng).expect("failed to create pp");
+
+    pub struct DummyCircuit {
+        point: JubJubAffine,
+        public: JubJubAffine,
+    }
+
+    impl DummyCircuit {
+        pub fn new(point: JubJubAffine, public: JubJubAffine) -> Self {
+            Self { point, public }
+        }
+    }
+
+    impl Default for DummyCircuit {
+        fn default() -> Self {
+            Self {
+                point: dusk_jubjub::GENERATOR,
+                public: dusk_jubjub::GENERATOR,
+            }
+        }
+    }
+
+    impl Circuit for DummyCircuit {
+        fn circuit<C>(&self, composer: &mut C) -> Result<(), Error>
+        where
+            C: Composer,
+        {
+            let w_point = composer.append_point(self.point);
+            composer.assert_equal_public_point(w_point, self.public);
+
+            Ok(())
+        }
+    }
+
+    let (prover, verifier) = Compiler::compile::<DummyCircuit>(&pp, label)
+        .expect("failed to compile circuit");
+
+    /*
+    // Test default works:
+    // GENERATOR = GENERATOR
+    {
+        let (proof, public_inputs) = prover
+            .prove(rng, &Default::default())
+            .expect("prover shouldn't fail");
+
+        assert_eq!(
+            public_inputs,
+            vec![
+                dusk_jubjub::GENERATOR.get_x(),
+                dusk_jubjub::GENERATOR.get_y()
+            ],
+            "Public input should be the coordinates of the jubjub generator point"
+        );
+
+        verifier
+            .verify(&proof, &public_inputs)
+            .expect("Default circuit verification should pass");
+    }
+    */
+
+    // Test sanity:
+    // 42 * GENERATOR = 42 * GENERATOR
+    {
+        let scalar = JubJubScalar::from(42u64);
+        let point = dusk_jubjub::GENERATOR_EXTENDED * &scalar;
+        let public = dusk_jubjub::GENERATOR_EXTENDED * &scalar;
+        let circuit = DummyCircuit::new(point.into(), public.into());
+
+        let (proof, public_inputs) =
+            prover.prove(rng, &circuit).expect("prover shouldn't fail");
+
+        let public_affine: JubJubAffine = public.into();
+        assert_eq!(
+            vec![public_affine.get_x(), public_affine.get_y()],
+            public_inputs,
+            "Public input should be the coordinates of the jubjub generator
+        point multiplied by 42"
+        );
+
+        verifier
+            .verify(&proof, &public_inputs)
+            .expect("Circuit verification with equal points should pass");
+    }
+
+    // Test:
+    // GENERATOR != 42 * GENERATOR
+    {
+        let scalar = JubJubScalar::from(42u64);
+        let point = dusk_jubjub::GENERATOR;
+        let public = dusk_jubjub::GENERATOR_EXTENDED * &scalar;
+        let circuit = DummyCircuit::new(point, public.into());
+
+        prover
+            .prove(rng, &circuit)
+            .expect_err("prover should fail because the points are not equal");
+    }
+
+    // Test:
+    // assertion of points with different x-coordinates fails
+    {
+        let point = JubJubAffine::from_raw_unchecked(
+            BlsScalar::one(),
+            BlsScalar::one(),
+        );
+        let public = JubJubAffine::from_raw_unchecked(
+            BlsScalar::zero(),
+            BlsScalar::one(),
+        );
+        let circuit = DummyCircuit::new(point, public);
+
+        prover
+            .prove(rng, &circuit)
+            .expect_err("prover should fail because the x-coordinates of the points are not equal");
+    }
+
+    // Test:
+    // assertion of points with different y-coordinates fails
+    {
+        let point = JubJubAffine::from_raw_unchecked(
+            BlsScalar::one(),
+            BlsScalar::one(),
+        );
+        let public = JubJubAffine::from_raw_unchecked(
+            BlsScalar::one(),
+            BlsScalar::zero(),
+        );
+        let circuit = DummyCircuit::new(point, public);
+
+        prover
+            .prove(rng, &circuit)
+            .expect_err("prover should fail because the y-coordinates of the points are not equal");
+    }
+}