Add Witnesses struct

src/builder.rs

@@ -17,7 +17,7 @@ use crate::{
     action::Action,
     address::Address,
     bundle::{derive_bvk, Authorization, Authorized, Bundle, Flags},
-    circuit::{Circuit, Instance, OrchardCircuit, Proof, ProvingKey},
+    circuit::{Circuit, Instance, OrchardCircuit, Proof, ProvingKey, Witnesses},
     keys::{
         FullViewingKey, OutgoingViewingKey, Scope, SpendAuthorizingKey, SpendValidatingKey,
         SpendingKey,
@@ -445,7 +445,12 @@ impl ActionInfo {
                     parts: SigningParts { ak, alpha },
                 },
             ),
-            Circuit::<D>::from_action_context_unchecked(self.spend, note, alpha, self.rcv),
+            Circuit::<D> {
+                witnesses: Witnesses::from_action_context_unchecked(
+                    self.spend, note, alpha, self.rcv,
+                ),
+                phantom: std::marker::PhantomData,
+            },
         )
     }
 }

src/circuit.rs

@@ -105,7 +105,7 @@ pub trait OrchardCircuit: Sized + Default {
 
     /// Wrapper for configure function of plonk::Circuit trait
     fn synthesize(
-        circuit: &Circuit<Self>,
+        circuit: &Witnesses,
         config: Self::Config,
         layouter: impl Layouter<pallas::Base>,
     ) -> Result<(), plonk::Error>;
@@ -128,13 +128,20 @@ impl<C: OrchardCircuit> plonk::Circuit<pallas::Base> for Circuit<C> {
         config: Self::Config,
         layouter: impl Layouter<pallas::Base>,
     ) -> Result<(), plonk::Error> {
-        C::synthesize(self, config, layouter)
+        C::synthesize(&self.witnesses, config, layouter)
     }
 }
 
 /// The Orchard Action circuit.
 #[derive(Clone, Debug, Default)]
 pub struct Circuit<D> {
+    pub(crate) witnesses: Witnesses,
+    pub(crate) phantom: std::marker::PhantomData<D>,
+}
+
+/// The Orchard Action witnesses
+#[derive(Clone, Debug, Default)]
+pub struct Witnesses {
     pub(crate) path: Value<[MerkleHashOrchard; MERKLE_DEPTH_ORCHARD]>,
     pub(crate) pos: Value<u32>,
     pub(crate) g_d_old: Value<NonIdentityPallasPoint>,
@@ -157,10 +164,9 @@ pub struct Circuit<D> {
     pub(crate) rcv: Value<ValueCommitTrapdoor>,
     pub(crate) asset: Value<AssetBase>,
     pub(crate) split_flag: Value<bool>,
-    phantom: std::marker::PhantomData<D>,
 }
 
-impl<D> Circuit<D> {
+impl Witnesses {
     /// This constructor is public to enable creation of custom builders.
     /// If you are not creating a custom builder, use [`Builder`] to compose
     /// and authorize a transaction.
@@ -181,7 +187,7 @@ impl<D> Circuit<D> {
         output_note: Note,
         alpha: pallas::Scalar,
         rcv: ValueCommitTrapdoor,
-    ) -> Option<Circuit<D>> {
+    ) -> Option<Self> {
         (Rho::from_nf_old(spend.note.nullifier(&spend.fvk)) == output_note.rho())
             .then(|| Self::from_action_context_unchecked(spend, output_note, alpha, rcv))
     }
@@ -191,7 +197,7 @@ impl<D> Circuit<D> {
         output_note: Note,
         alpha: pallas::Scalar,
         rcv: ValueCommitTrapdoor,
-    ) -> Circuit<D> {
+    ) -> Self {
         let sender_address = spend.note.recipient();
         let rho_old = spend.note.rho();
         let psi_old = spend.note.rseed().psi(&rho_old);
@@ -204,7 +210,7 @@ impl<D> Circuit<D> {
         let psi_new = output_note.rseed().psi(&rho_new);
         let rcm_new = output_note.rseed().rcm(&rho_new);
 
-        Circuit {
+        Witnesses {
             path: Value::known(spend.merkle_path.auth_path()),
             pos: Value::known(spend.merkle_path.position()),
             g_d_old: Value::known(sender_address.g_d()),
@@ -227,7 +233,6 @@ impl<D> Circuit<D> {
             rcv: Value::known(rcv),
             asset: Value::known(spend.note.asset()),
             split_flag: Value::known(spend.split_flag),
-            phantom: std::marker::PhantomData,
         }
     }
 }

src/circuit/circuit_vanilla.rs

@@ -28,7 +28,7 @@ use crate::{
     circuit::derive_nullifier::gadgets::derive_nullifier,
     circuit::note_commit::gadgets::note_commit,
     circuit::value_commit_orchard::gadgets::value_commit_orchard,
-    circuit::Config,
+    circuit::{Config, Witnesses},
     constants::{OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains},
     orchard_flavor::OrchardVanilla,
 };
@@ -37,8 +37,8 @@ use super::{
     commit_ivk::CommitIvkChip,
     gadget::{add_chip::AddChip, assign_free_advice},
     note_commit::NoteCommitChip,
-    Circuit, OrchardCircuit, ANCHOR, CMX, CV_NET_X, CV_NET_Y, ENABLE_OUTPUT, ENABLE_SPEND, NF_OLD,
-    RK_X, RK_Y,
+    OrchardCircuit, ANCHOR, CMX, CV_NET_X, CV_NET_Y, ENABLE_OUTPUT, ENABLE_SPEND, NF_OLD, RK_X,
+    RK_Y,
 };
 
 impl OrchardCircuit for OrchardVanilla {
@@ -235,7 +235,7 @@ impl OrchardCircuit for OrchardVanilla {
 
     #[allow(non_snake_case)]
     fn synthesize(
-        circuit: &Circuit<Self>,
+        circuit: &Witnesses,
         config: Self::Config,
         mut layouter: impl Layouter<pallas::Base>,
     ) -> Result<(), plonk::Error> {
@@ -620,6 +620,7 @@ mod tests {
     use pasta_curves::pallas;
     use rand::{rngs::OsRng, RngCore};
 
+    use crate::circuit::Witnesses;
     use crate::{
         bundle::Flags,
         circuit::{Circuit, Instance, Proof, ProvingKey, VerifyingKey, K},
@@ -658,29 +659,31 @@ mod tests {
 
         (
             OrchardCircuitVanilla {
-                path: Value::known(path.auth_path()),
-                pos: Value::known(path.position()),
-                g_d_old: Value::known(sender_address.g_d()),
-                pk_d_old: Value::known(*sender_address.pk_d()),
-                v_old: Value::known(spent_note.value()),
-                rho_old: Value::known(spent_note.rho()),
-                psi_old: Value::known(spent_note.rseed().psi(&spent_note.rho())),
-                rcm_old: Value::known(spent_note.rseed().rcm(&spent_note.rho())),
-                cm_old: Value::known(spent_note.commitment()),
-                // For non split note, psi_nf is equal to psi_old
-                psi_nf: Value::known(psi_old),
-                alpha: Value::known(alpha),
-                ak: Value::known(ak),
-                nk: Value::known(nk),
-                rivk: Value::known(rivk),
-                g_d_new: Value::known(output_note.recipient().g_d()),
-                pk_d_new: Value::known(*output_note.recipient().pk_d()),
-                v_new: Value::known(output_note.value()),
-                psi_new: Value::known(output_note.rseed().psi(&output_note.rho())),
-                rcm_new: Value::known(output_note.rseed().rcm(&output_note.rho())),
-                rcv: Value::known(rcv),
-                asset: Value::known(spent_note.asset()),
-                split_flag: Value::known(false),
+                witnesses: Witnesses {
+                    path: Value::known(path.auth_path()),
+                    pos: Value::known(path.position()),
+                    g_d_old: Value::known(sender_address.g_d()),
+                    pk_d_old: Value::known(*sender_address.pk_d()),
+                    v_old: Value::known(spent_note.value()),
+                    rho_old: Value::known(spent_note.rho()),
+                    psi_old: Value::known(spent_note.rseed().psi(&spent_note.rho())),
+                    rcm_old: Value::known(spent_note.rseed().rcm(&spent_note.rho())),
+                    cm_old: Value::known(spent_note.commitment()),
+                    // For non split note, psi_nf is equal to psi_old
+                    psi_nf: Value::known(psi_old),
+                    alpha: Value::known(alpha),
+                    ak: Value::known(ak),
+                    nk: Value::known(nk),
+                    rivk: Value::known(rivk),
+                    g_d_new: Value::known(output_note.recipient().g_d()),
+                    pk_d_new: Value::known(*output_note.recipient().pk_d()),
+                    v_new: Value::known(output_note.value()),
+                    psi_new: Value::known(output_note.rseed().psi(&output_note.rho())),
+                    rcm_new: Value::known(output_note.rseed().rcm(&output_note.rho())),
+                    rcv: Value::known(rcv),
+                    asset: Value::known(spent_note.asset()),
+                    split_flag: Value::known(false),
+                },
                 phantom: std::marker::PhantomData,
             },
             Instance {
@@ -858,28 +861,30 @@ mod tests {
             .unwrap();
 
         let circuit = OrchardCircuitVanilla {
-            path: Value::unknown(),
-            pos: Value::unknown(),
-            g_d_old: Value::unknown(),
-            pk_d_old: Value::unknown(),
-            v_old: Value::unknown(),
-            rho_old: Value::unknown(),
-            psi_old: Value::unknown(),
-            rcm_old: Value::unknown(),
-            cm_old: Value::unknown(),
-            psi_nf: Value::unknown(),
-            alpha: Value::unknown(),
-            ak: Value::unknown(),
-            nk: Value::unknown(),
-            rivk: Value::unknown(),
-            g_d_new: Value::unknown(),
-            pk_d_new: Value::unknown(),
-            v_new: Value::unknown(),
-            psi_new: Value::unknown(),
-            rcm_new: Value::unknown(),
-            rcv: Value::unknown(),
-            asset: Value::unknown(),
-            split_flag: Value::unknown(),
+            witnesses: Witnesses {
+                path: Value::unknown(),
+                pos: Value::unknown(),
+                g_d_old: Value::unknown(),
+                pk_d_old: Value::unknown(),
+                v_old: Value::unknown(),
+                rho_old: Value::unknown(),
+                psi_old: Value::unknown(),
+                rcm_old: Value::unknown(),
+                cm_old: Value::unknown(),
+                psi_nf: Value::unknown(),
+                alpha: Value::unknown(),
+                ak: Value::unknown(),
+                nk: Value::unknown(),
+                rivk: Value::unknown(),
+                g_d_new: Value::unknown(),
+                pk_d_new: Value::unknown(),
+                v_new: Value::unknown(),
+                psi_new: Value::unknown(),
+                rcm_new: Value::unknown(),
+                rcv: Value::unknown(),
+                asset: Value::unknown(),
+                split_flag: Value::unknown(),
+            },
             phantom: std::marker::PhantomData,
         };
         halo2_proofs::dev::CircuitLayout::default()