mirror of https://github.com/zcash/halo2.git
Add range check for short scalar
This commit is contained in:
parent
db60fd2262
commit
74c797165f
|
@ -1,9 +1,10 @@
|
||||||
//! Gadgets for elliptic curve operations.
|
//! Gadgets for elliptic curve operations.
|
||||||
|
|
||||||
|
use ff::Field;
|
||||||
use std::fmt::Debug;
|
use std::fmt::Debug;
|
||||||
|
|
||||||
use halo2::{
|
use halo2::{
|
||||||
arithmetic::CurveAffine,
|
arithmetic::{CurveAffine, FieldExt},
|
||||||
circuit::{Chip, Layouter},
|
circuit::{Chip, Layouter},
|
||||||
plonk::Error,
|
plonk::Error,
|
||||||
};
|
};
|
||||||
|
@ -25,6 +26,8 @@ pub trait EccInstructions<C: CurveAffine>: Chip<C::Base> {
|
||||||
/// Variable representing a full-width element of the elliptic curve's scalar field, to be used for fixed-base scalar mul.
|
/// Variable representing a full-width element of the elliptic curve's scalar field, to be used for fixed-base scalar mul.
|
||||||
type ScalarFixed: Clone + Debug;
|
type ScalarFixed: Clone + Debug;
|
||||||
/// Variable representing a signed short element of the elliptic curve's scalar field, to be used for fixed-base scalar mul.
|
/// Variable representing a signed short element of the elliptic curve's scalar field, to be used for fixed-base scalar mul.
|
||||||
|
///
|
||||||
|
/// A `ScalarFixedShort` must be in the range [-(2^64 - 1), 2^64 - 1].
|
||||||
type ScalarFixedShort: Clone + Debug;
|
type ScalarFixedShort: Clone + Debug;
|
||||||
/// Variable representing an elliptic curve point.
|
/// Variable representing an elliptic curve point.
|
||||||
type Point: Clone + Debug;
|
type Point: Clone + Debug;
|
||||||
|
@ -179,11 +182,29 @@ pub struct ScalarFixedShort<C: CurveAffine, EccChip: EccInstructions<C> + Clone
|
||||||
|
|
||||||
impl<C: CurveAffine, EccChip: EccInstructions<C> + Clone + Debug> ScalarFixedShort<C, EccChip> {
|
impl<C: CurveAffine, EccChip: EccInstructions<C> + Clone + Debug> ScalarFixedShort<C, EccChip> {
|
||||||
/// Constructs a new ScalarFixedShort with the given value.
|
/// Constructs a new ScalarFixedShort with the given value.
|
||||||
|
///
|
||||||
|
/// # Panics
|
||||||
|
///
|
||||||
|
/// The short scalar must be in the range [-(2^64 - 1), (2^64 - 1)].
|
||||||
pub fn new(
|
pub fn new(
|
||||||
chip: EccChip,
|
chip: EccChip,
|
||||||
mut layouter: impl Layouter<C::Base>,
|
mut layouter: impl Layouter<C::Base>,
|
||||||
value: Option<C::Scalar>,
|
value: Option<C::Scalar>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
|
// Check that the scalar is in the range [-(2^64 - 1), (2^64 - 1)]
|
||||||
|
if let Some(value) = value {
|
||||||
|
let mut sign = C::Scalar::one();
|
||||||
|
|
||||||
|
// T = (p-1) / 2
|
||||||
|
let t = (C::Scalar::zero() - C::Scalar::one()) * C::Scalar::TWO_INV;
|
||||||
|
|
||||||
|
if value > t {
|
||||||
|
sign = -sign;
|
||||||
|
}
|
||||||
|
let magnitude = value * sign;
|
||||||
|
assert!(magnitude < C::Scalar::from_u128(1 << 64));
|
||||||
|
}
|
||||||
|
|
||||||
chip.witness_scalar_fixed_short(&mut layouter, value)
|
chip.witness_scalar_fixed_short(&mut layouter, value)
|
||||||
.map(|inner| ScalarFixedShort { chip, inner })
|
.map(|inner| ScalarFixedShort { chip, inner })
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue