Allow for variable-time Kronecker delta

AaronFeickert · Mar 26, 2024 · 67f5df7 · 67f5df7
1 parent 609c92a
commit 67f5df7
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/src/proof.rs b/src/proof.rs
@@ -229,7 +229,7 @@ impl Proof {
  let sigma = (0..params.get_m())
  .map(|j| {
  (0..params.get_n())
- .map(|i| delta(l_decomposed[j as usize], i))
+ .map(|i| delta(l_decomposed[j as usize], i, timing))
  .collect::<Vec<Scalar>>()
  })
  .collect::<Vec<Vec<Scalar>>>();

diff --git a/src/util.rs b/src/util.rs
@@ -19,11 +19,22 @@ pub(crate) enum OperationTiming {
  Variable,
 }
 
-/// Constant-time Kronecker delta function with scalar output.
-pub(crate) fn delta(x: u32, y: u32) -> Scalar {
- let mut result = Scalar::ZERO;
- result.conditional_assign(&Scalar::ONE, x.ct_eq(&y));
- result
+/// Kronecker delta function with scalar output, possibly in constant time.
+pub(crate) fn delta(x: u32, y: u32, timing: OperationTiming) -> Scalar {
+ match timing {
+ OperationTiming::Constant => {
+ let mut result = Scalar::ZERO;
+ result.conditional_assign(&Scalar::ONE, x.ct_eq(&y));
+ result
+ },
+ OperationTiming::Variable => {
+ if x == y {
+ Scalar::ONE
+ } else {
+ Scalar::ZERO
+ }
+ },
+ }
 }
 
 /// A null random number generator that exists only for deterministic transcript-based weight generation.