IntDivOut

pragma circom 2.1.8;
include "../node_modules/circomlib/circuits/comparators.circom";

// Use the same constraints from IntDiv, but this
// time assign the quotient in `out`. You still need
// to apply the same constraints as IntDiv

template IntDivOut(n) {
    signal input numerator;
    signal input denominator;
    signal output out;

}

component main = IntDivOut(252);

Remember, out is actually an input that the user is expected to provide.

Answer

pragma circom 2.1.8;
include "../node_modules/circomlib/circuits/comparators.circom";

template IntDivOut(n) {
    signal input numerator;
    signal input denominator;
    signal output out;

    // compute division
    signal quotient;    
    quotient <-- numerator \ denominator;
    
    // constraint the result of the division to out
    out <== quotient;
}

component main = IntDivOut(252);

  • we assign and constraint the result of division to out

  • therefore, the circuit checks that the value of our provided out matches the value of the quotient

  • if so, the circuit passes.

  • The crucial thing is that the output signal is part of the witness - which we are expected to provide.

  • out isn't the consequential output of the division computation.

Wrong example (Only computation, no constraint)
template IntDivOut(n) {
    signal input numerator;
    signal input denominator;
    signal output out;

    // compute division
    signal quotient;    
    quotient <-- numerator \ denominator;

    // assign return value to be quotient
    out <-- quotient;
}

component main = IntDivOut(252);

  • here there are no constraints

  • out is assigned the value of division

  • circuit will simply return that value

Circuit does not check that the user provided out value matches that of the quotient.

Returning: Signal output out

  • out is defined as signal output

  • when we talk about returning out; returning a value only applies from circuit to circuit. Not the outside world.

  • The circuit can't return a value outside of a circuit setup, to a solidity contract, for example.

  • Circuits just evaluate to true or false, depending if your pairing clears.

PreviousIntDivNextIntSqrt

Last updated

Was this helpful?