zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

src/circuit.rs: Use NonIdentityPoint for all witnessed points. 

The witnessed points are cm_old, g_d_old, pk_d_old, ak.

g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
therealyingtong 2021-09-27 10:51:57 +02:00 committed by Sean Bowe
parent cdcfcbc0c2
commit a5a6e78d42
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/circuit.rs
View File

@ -38,7 +38,7 @@ use crate::{
use gadget::{ use gadget::{
ecc::{ ecc::{
chip::{EccChip, EccConfig}, chip::{EccChip, EccConfig},
FixedPoint, FixedPointBaseField, FixedPointShort, Point, FixedPoint, FixedPointBaseField, FixedPointShort, NonIdentityPoint,
}, },
poseidon::{ poseidon::{
Hash as PoseidonHash, Pow5T3Chip as PoseidonChip, Pow5T3Config as PoseidonConfig, Hash as PoseidonHash, Pow5T3Chip as PoseidonChip, Pow5T3Config as PoseidonConfig,
@ -349,14 +349,14 @@ impl plonk::Circuit<pallas::Base> for Circuit {
)?; )?;
// Witness cm_old // Witness cm_old
let cm_old = Point::new( let cm_old = NonIdentityPoint::new(
ecc_chip.clone(), ecc_chip.clone(),
layouter.namespace(|| "cm_old"), layouter.namespace(|| "cm_old"),
self.cm_old.as_ref().map(|cm| cm.inner().to_affine()), self.cm_old.as_ref().map(|cm| cm.inner().to_affine()),
)?; )?;
// Witness g_d_old // Witness g_d_old
let g_d_old = Point::new( let g_d_old = NonIdentityPoint::new(
ecc_chip.clone(), ecc_chip.clone(),
layouter.namespace(|| "gd_old"), layouter.namespace(|| "gd_old"),
self.g_d_old.as_ref().map(|gd| gd.to_affine()), self.g_d_old.as_ref().map(|gd| gd.to_affine()),
@ -364,7 +364,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
// Witness ak. // Witness ak.
let ak: Option<pallas::Point> = self.ak.as_ref().map(|ak| ak.into()); let ak: Option<pallas::Point> = self.ak.as_ref().map(|ak| ak.into());
let ak = Point::new( let ak = NonIdentityPoint::new(
ecc_chip.clone(), ecc_chip.clone(),
layouter.namespace(|| "ak"), layouter.namespace(|| "ak"),
ak.map(|ak| ak.to_affine()), ak.map(|ak| ak.to_affine()),
@ -621,7 +621,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
g_d_old.mul(layouter.namespace(|| "[ivk] g_d_old"), ivk.inner())?; g_d_old.mul(layouter.namespace(|| "[ivk] g_d_old"), ivk.inner())?;
// Constrain derived pk_d_old to equal witnessed pk_d_old // Constrain derived pk_d_old to equal witnessed pk_d_old
let pk_d_old = Point::new( let pk_d_old = NonIdentityPoint::new(
ecc_chip.clone(), ecc_chip.clone(),
layouter.namespace(|| "witness pk_d_old"), layouter.namespace(|| "witness pk_d_old"),
self.pk_d_old.map(|pk_d_old| pk_d_old.inner().to_affine()), self.pk_d_old.map(|pk_d_old| pk_d_old.inner().to_affine()),
@ -666,7 +666,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let g_d_new = self let g_d_new = self
.g_d_new_star .g_d_new_star
.map(|bytes| pallas::Affine::from_bytes(&bytes).unwrap()); .map(|bytes| pallas::Affine::from_bytes(&bytes).unwrap());
Point::new( NonIdentityPoint::new(
ecc_chip.clone(), ecc_chip.clone(),
layouter.namespace(|| "witness g_d_new_star"), layouter.namespace(|| "witness g_d_new_star"),
g_d_new, g_d_new,
@ -678,7 +678,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let pk_d_new = self let pk_d_new = self
.pk_d_new_star .pk_d_new_star
.map(|bytes| pallas::Affine::from_bytes(&bytes).unwrap()); .map(|bytes| pallas::Affine::from_bytes(&bytes).unwrap());
Point::new( NonIdentityPoint::new(
ecc_chip, ecc_chip,
layouter.namespace(|| "witness pk_d_new"), layouter.namespace(|| "witness pk_d_new"),
pk_d_new, pk_d_new,