mirror of https://github.com/zcash/halo2.git
gadget::sinsemilla: Move Orchard-specific inputs into src/circuit.
The sinsemilla submodules note_commit and commit_ivk are tailored for input lengths specific to Orchard. They have been moved out of the gadget folder and into the circuit folder. This also involves changing the visibility of some getter functions to be usable outside gadget::sinsemilla.
This commit is contained in:
therealyingtong
parent
3e0449ed35
commit
5f8716d66a
|
|
@ -33,6 +33,7 @@ use crate::{
|
|||
tree::{Anchor, MerkleHashOrchard},
|
||||
value::{NoteValue, ValueCommitTrapdoor, ValueCommitment},
|
||||
};
|
||||
use commit_ivk::CommitIvkConfig;
|
||||
use gadget::{
|
||||
ecc::{
|
||||
chip::{EccChip, EccConfig},
|
||||
|
|
@ -41,21 +42,20 @@ use gadget::{
|
|||
poseidon::{Hash as PoseidonHash, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
|
||||
sinsemilla::{
|
||||
chip::{SinsemillaChip, SinsemillaConfig, SinsemillaHashDomains},
|
||||
commit_ivk::CommitIvkConfig,
|
||||
merkle::{
|
||||
chip::{MerkleChip, MerkleConfig},
|
||||
MerklePath,
|
||||
},
|
||||
note_commit::NoteCommitConfig,
|
||||
},
|
||||
utilities::UtilitiesInstructions,
|
||||
utilities::{lookup_range_check::LookupRangeCheckConfig, UtilitiesInstructions},
|
||||
};
|
||||
use note_commit::NoteCommitConfig;
|
||||
|
||||
use std::convert::TryInto;
|
||||
|
||||
use self::gadget::utilities::lookup_range_check::LookupRangeCheckConfig;
|
||||
|
||||
mod commit_ivk;
|
||||
pub mod gadget;
|
||||
mod note_commit;
|
||||
|
||||
/// Size of the Orchard circuit.
|
||||
const K: u32 = 11;
|
||||
|
|
|
|||
|
|
@ -8,16 +8,15 @@ use pasta_curves::{arithmetic::FieldExt, pallas};
|
|||
use crate::{
|
||||
circuit::gadget::{
|
||||
ecc::{chip::EccChip, X},
|
||||
sinsemilla::{
|
||||
chip::{SinsemillaChip, SinsemillaCommitDomains, SinsemillaConfig},
|
||||
CommitDomain, Message, MessagePiece,
|
||||
},
|
||||
utilities::{bitrange_subset, bool_check},
|
||||
},
|
||||
constants::T_P,
|
||||
};
|
||||
|
||||
use super::{
|
||||
chip::{SinsemillaChip, SinsemillaCommitDomains, SinsemillaConfig},
|
||||
CommitDomain, Message, MessagePiece,
|
||||
};
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
pub struct CommitIvkConfig {
|
||||
q_commit_ivk: Selector,
|
||||
|
|
@ -263,13 +262,13 @@ impl CommitIvkConfig {
|
|||
});
|
||||
|
||||
// Constrain b_0 to be 4 bits.
|
||||
let b_0 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let b_0 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "b_0 is 4 bits"),
|
||||
b_0,
|
||||
4,
|
||||
)?;
|
||||
// Constrain b_2 to be 5 bits.
|
||||
let b_2 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let b_2 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "b_2 is 5 bits"),
|
||||
b_2,
|
||||
5,
|
||||
|
|
@ -307,7 +306,7 @@ impl CommitIvkConfig {
|
|||
.map(|(d_0, d_1)| d_0 + d_1 * pallas::Base::from(1 << 9));
|
||||
|
||||
// Constrain d_0 to be 9 bits.
|
||||
let d_0 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let d_0 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "d_0 is 9 bits"),
|
||||
d_0,
|
||||
9,
|
||||
|
|
@ -406,7 +405,7 @@ impl CommitIvkConfig {
|
|||
let t_p = pallas::Base::from_u128(T_P);
|
||||
a + two_pow_130 - t_p
|
||||
});
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose low 130 bits of (a + 2^130 - t_P)"),
|
||||
a_prime,
|
||||
13,
|
||||
|
|
@ -449,7 +448,7 @@ impl CommitIvkConfig {
|
|||
let t_p = pallas::Base::from_u128(T_P);
|
||||
b_2 + c * two_pow_5 + two_pow_140 - t_p
|
||||
});
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose low 140 bits of (b_2 + c * 2^5 + 2^140 - t_P)"),
|
||||
b2_c_prime,
|
||||
14,
|
||||
|
|
@ -9,10 +9,8 @@ use pasta_curves::arithmetic::CurveAffine;
|
|||
use std::fmt::Debug;
|
||||
|
||||
pub mod chip;
|
||||
pub mod commit_ivk;
|
||||
pub mod merkle;
|
||||
mod message;
|
||||
pub mod note_commit;
|
||||
|
||||
/// The set of circuit instructions required to use the [`Sinsemilla`](https://zcash.github.io/halo2/design/gadgets/sinsemilla.html) gadget.
|
||||
/// This trait is bounded on two constant parameters: `K`, the number of bits
|
||||
|
|
@ -140,7 +138,7 @@ where
|
|||
/// Constructs a message from a vector of [`MessagePiece`]s.
|
||||
///
|
||||
/// [`MessagePiece`]: SinsemillaInstructions::MessagePiece
|
||||
fn from_pieces(
|
||||
pub fn from_pieces(
|
||||
chip: SinsemillaChip,
|
||||
pieces: Vec<MessagePiece<C, SinsemillaChip, K, MAX_WORDS>>,
|
||||
) -> Self {
|
||||
|
|
@ -169,7 +167,8 @@ impl<C: CurveAffine, SinsemillaChip, const K: usize, const MAX_WORDS: usize>
|
|||
where
|
||||
SinsemillaChip: SinsemillaInstructions<C, K, MAX_WORDS> + Clone + Debug + Eq,
|
||||
{
|
||||
fn inner(&self) -> SinsemillaChip::MessagePiece {
|
||||
/// Returns the inner MessagePiece contained in this gadget.
|
||||
pub fn inner(&self) -> SinsemillaChip::MessagePiece {
|
||||
self.inner.clone()
|
||||
}
|
||||
}
|
||||
|
|
@ -211,7 +210,8 @@ where
|
|||
Self::from_field_elem(chip, layouter, piece_value, num_words)
|
||||
}
|
||||
|
||||
fn from_field_elem(
|
||||
/// Constructs a MessagePiece from a field element.
|
||||
pub fn from_field_elem(
|
||||
chip: SinsemillaChip,
|
||||
layouter: impl Layouter<C::Base>,
|
||||
field_elem: Option<C::Base>,
|
||||
|
|
|
|||
|
|
@ -73,6 +73,11 @@ impl SinsemillaConfig {
|
|||
pub(super) fn advices(&self) -> [Column<Advice>; 5] {
|
||||
[self.x_a, self.x_p, self.bits, self.lambda_1, self.lambda_2]
|
||||
}
|
||||
|
||||
/// Returns the lookup range check config used in this config.
|
||||
pub fn lookup_config(&self) -> LookupRangeCheckConfig<pallas::Base, { sinsemilla::K }> {
|
||||
self.lookup_config
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Eq, PartialEq, Clone, Debug)]
|
||||
|
|
|
|||
|
|
@ -209,11 +209,10 @@ impl MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K },
|
|||
.value()
|
||||
.map(|value| bitrange_subset(value, 250..L_ORCHARD_BASE));
|
||||
|
||||
config.sinsemilla_config.lookup_config.witness_short_check(
|
||||
layouter.namespace(|| "Constrain b_1 to 5 bits"),
|
||||
b_1,
|
||||
5,
|
||||
)?
|
||||
config
|
||||
.sinsemilla_config
|
||||
.lookup_config()
|
||||
.witness_short_check(layouter.namespace(|| "Constrain b_1 to 5 bits"), b_1, 5)?
|
||||
};
|
||||
|
||||
// b_2 = (bits 0..=4 of `right`)
|
||||
|
|
@ -221,11 +220,10 @@ impl MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K },
|
|||
let b_2 = {
|
||||
let b_2 = right.value().map(|value| bitrange_subset(value, 0..5));
|
||||
|
||||
config.sinsemilla_config.lookup_config.witness_short_check(
|
||||
layouter.namespace(|| "Constrain b_2 to 5 bits"),
|
||||
b_2,
|
||||
5,
|
||||
)?
|
||||
config
|
||||
.sinsemilla_config
|
||||
.lookup_config()
|
||||
.witness_short_check(layouter.namespace(|| "Constrain b_2 to 5 bits"), b_2, 5)?
|
||||
};
|
||||
|
||||
let b = {
|
||||
|
|
|
|||
|
|
@ -11,16 +11,15 @@ use crate::{
|
|||
chip::{EccChip, NonIdentityEccPoint},
|
||||
Point,
|
||||
},
|
||||
sinsemilla::{
|
||||
chip::{SinsemillaChip, SinsemillaCommitDomains, SinsemillaConfig},
|
||||
CommitDomain, Message, MessagePiece,
|
||||
},
|
||||
utilities::{bitrange_subset, bool_check},
|
||||
},
|
||||
constants::T_P,
|
||||
};
|
||||
|
||||
use super::{
|
||||
chip::{SinsemillaChip, SinsemillaCommitDomains, SinsemillaConfig},
|
||||
CommitDomain, Message, MessagePiece,
|
||||
};
|
||||
|
||||
/// The values of the running sum at the start and end of the range being used for a
|
||||
/// canonicity check.
|
||||
type CanonicityBounds = (
|
||||
|
|
@ -562,14 +561,14 @@ impl NoteCommitConfig {
|
|||
let b_3 = pkd_x.map(|pkd_x| bitrange_subset(pkd_x, 0..4));
|
||||
|
||||
// Constrain b_0 to be 4 bits
|
||||
let b_0 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let b_0 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "b_0 is 4 bits"),
|
||||
b_0,
|
||||
4,
|
||||
)?;
|
||||
|
||||
// Constrain b_3 to be 4 bits
|
||||
let b_3 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let b_3 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "b_3 is 4 bits"),
|
||||
b_3,
|
||||
4,
|
||||
|
|
@ -607,7 +606,7 @@ impl NoteCommitConfig {
|
|||
let d_3 = value_val.map(|value| bitrange_subset(value, 8..58));
|
||||
|
||||
// Constrain d_2 to be 8 bits
|
||||
let d_2 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let d_2 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "d_2 is 8 bits"),
|
||||
d_2,
|
||||
8,
|
||||
|
|
@ -638,14 +637,14 @@ impl NoteCommitConfig {
|
|||
let e_1 = rho_val.map(|rho| bitrange_subset(rho, 0..4));
|
||||
|
||||
// Constrain e_0 to be 6 bits.
|
||||
let e_0 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let e_0 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "e_0 is 6 bits"),
|
||||
e_0,
|
||||
6,
|
||||
)?;
|
||||
|
||||
// Constrain e_1 to be 4 bits.
|
||||
let e_1 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let e_1 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "e_1 is 4 bits"),
|
||||
e_1,
|
||||
4,
|
||||
|
|
@ -674,7 +673,7 @@ impl NoteCommitConfig {
|
|||
let g_2 = psi_val.map(|psi| bitrange_subset(psi, 9..249));
|
||||
|
||||
// Constrain g_1 to be 9 bits.
|
||||
let g_1 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let g_1 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "g_1 is 9 bits"),
|
||||
g_1,
|
||||
9,
|
||||
|
|
@ -700,7 +699,7 @@ impl NoteCommitConfig {
|
|||
let h_1 = psi_val.map(|psi| bitrange_subset(psi, 254..255));
|
||||
|
||||
// Constrain h_0 to be 5 bits.
|
||||
let h_0 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let h_0 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "h_0 is 5 bits"),
|
||||
h_0,
|
||||
5,
|
||||
|
|
@ -844,7 +843,7 @@ impl NoteCommitConfig {
|
|||
let t_p = pallas::Base::from_u128(T_P);
|
||||
a + two_pow_130 - t_p
|
||||
});
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose low 130 bits of (a + 2^130 - t_P)"),
|
||||
a_prime,
|
||||
13,
|
||||
|
|
@ -883,7 +882,7 @@ impl NoteCommitConfig {
|
|||
b_3 + (two_pow_4 * c) + two_pow_140 - t_p
|
||||
});
|
||||
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose low 140 bits of (b_3 + 2^4 c + 2^140 - t_P)"),
|
||||
b3_c_prime,
|
||||
14,
|
||||
|
|
@ -922,7 +921,7 @@ impl NoteCommitConfig {
|
|||
// Decompose the low 140 bits of e1_f_prime = e_1 + 2^4 f + 2^140 - t_P,
|
||||
// and output the running sum at the end of it.
|
||||
// If e1_f_prime < 2^140, the running sum will be 0.
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose low 140 bits of (e_1 + 2^4 f + 2^140 - t_P)"),
|
||||
e1_f_prime,
|
||||
14,
|
||||
|
|
@ -959,7 +958,7 @@ impl NoteCommitConfig {
|
|||
g_1 + (two_pow_9 * g_2) + two_pow_130 - t_p
|
||||
});
|
||||
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose low 130 bits of (g_1 + (2^9)g_2 + 2^130 - t_P)"),
|
||||
g1_g2_prime,
|
||||
13,
|
||||
|
|
@ -992,14 +991,14 @@ impl NoteCommitConfig {
|
|||
};
|
||||
|
||||
// Range-constrain k_0 to be 9 bits.
|
||||
let k_0 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let k_0 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "Constrain k_0 to be 9 bits"),
|
||||
k_0,
|
||||
9,
|
||||
)?;
|
||||
|
||||
// Range-constrain k_2 to be 4 bits.
|
||||
let k_2 = self.sinsemilla_config.lookup_config.witness_short_check(
|
||||
let k_2 = self.sinsemilla_config.lookup_config().witness_short_check(
|
||||
layouter.namespace(|| "Constrain k_2 to be 4 bits"),
|
||||
k_2,
|
||||
4,
|
||||
|
|
@ -1012,7 +1011,7 @@ impl NoteCommitConfig {
|
|||
let two_pow_10 = pallas::Base::from(1 << 10);
|
||||
lsb + two * k_0 + two_pow_10 * k_1
|
||||
});
|
||||
let zs = self.sinsemilla_config.lookup_config.witness_check(
|
||||
let zs = self.sinsemilla_config.lookup_config().witness_check(
|
||||
layouter.namespace(|| "Decompose j = LSB + (2)k_0 + (2^10)k_1"),
|
||||
j,
|
||||
25,
|
||||
Loading…
Reference in New Issue