zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

circuit: Use `Field::is_zero_vartime`

This commit is contained in:
Jack Grigg 2021-12-01 12:59:37 +00:00
parent 50b4600a1a
commit e99fc92e4b
6 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/circuit/gadget/ecc/chip.rs
View File

@ -8,6 +8,7 @@ use crate::{
};
use arrayvec::ArrayVec;
use ff::Field;
use group::prime::PrimeCurveAffine;
use halo2::{
circuit::{Chip, Layouter},
@ -50,7 +51,7 @@ impl EccPoint {
pub fn point(&self) -> Option<pallas::Affine> {
match (self.x.value(), self.y.value()) {
(Some(x), Some(y)) => {
if x == pallas::Base::zero() && y == pallas::Base::zero() {
if x.is_zero_vartime() && y.is_zero_vartime() {
Some(pallas::Affine::identity())
} else {
Some(pallas::Affine::from_xy(x, y).unwrap())
@ -72,7 +73,7 @@ impl EccPoint {
#[cfg(test)]
fn is_identity(&self) -> Option<bool> {
self.x.value().map(|x| x == pallas::Base::zero())
self.x.value().map(|x| x.is_zero_vartime())
}
}
@ -102,7 +103,7 @@ impl NonIdentityEccPoint {
pub fn point(&self) -> Option<pallas::Affine> {
match (self.x.value(), self.y.value()) {
(Some(x), Some(y)) => {
assert!(x != pallas::Base::zero() && y != pallas::Base::zero());
assert!(!x.is_zero_vartime() && !y.is_zero_vartime());
Some(pallas::Affine::from_xy(x, y).unwrap())
}
_ => None,

6
src/circuit/gadget/ecc/chip/add.rs
View File

@ -300,7 +300,7 @@ impl Config {
// know that x_q != x_p in this branch.
(y_q - y_p) * alpha
} else {
if y_p != pallas::Base::zero() {
if !y_p.is_zero_vartime() {
// 3(x_p)^2
let three_x_p_sq = pallas::Base::from_u64(3) * x_p.square();
// 1 / 2(y_p)
@ -327,10 +327,10 @@ impl Config {
.zip(lambda)
.map(|((((x_p, y_p), x_q), y_q), lambda)| {
{
if x_p == pallas::Base::zero() {
if x_p.is_zero_vartime() {
// 0 + Q = Q
(x_q, y_q)
} else if x_q == pallas::Base::zero() {
} else if x_q.is_zero_vartime() {
// P + 0 = P
(x_p, y_p)
} else if (x_q == x_p) && (y_q == -y_p) {

5
src/circuit/gadget/ecc/chip/add_incomplete.rs
View File

@ -1,6 +1,7 @@
use std::{array, collections::HashSet};
use super::{copy, CellValue, NonIdentityEccPoint, Var};
use ff::Field;
use group::Curve;
use halo2::{
circuit::Region,
@ -96,9 +97,9 @@ impl Config {
.zip(y_q)
.map(|(((x_p, y_p), x_q), y_q)| {
// P is point at infinity
if (x_p == pallas::Base::zero() && y_p == pallas::Base::zero())
if (x_p.is_zero_vartime() && y_p.is_zero_vartime())
// Q is point at infinity
|| (x_q == pallas::Base::zero() && y_q == pallas::Base::zero())
|| (x_q.is_zero_vartime() && y_q.is_zero_vartime())
// x_p = x_q
|| (x_p == x_q)
{

4
src/circuit/gadget/ecc/chip/mul/incomplete.rs
View File

@ -195,9 +195,9 @@ impl<const NUM_BITS: usize> Config<NUM_BITS> {
if let (Some(x_a), Some(y_a), Some(x_p), Some(y_p)) = (x_a, y_a, x_p, y_p) {
// A is point at infinity
if (x_p == pallas::Base::zero() && y_p == pallas::Base::zero())
if (x_p.is_zero_vartime() && y_p.is_zero_vartime())
// Q is point at infinity
|| (x_a == pallas::Base::zero() && y_a == pallas::Base::zero())
|| (x_a.is_zero_vartime() && y_a.is_zero_vartime())
// x_p = x_a
|| (x_p == x_a)
{

2
src/circuit/gadget/ecc/chip/mul/overflow.rs
View File

@ -155,7 +155,7 @@ impl Config {
// Witness η = inv0(z_130), where inv0(x) = 0 if x = 0, 1/x otherwise
{
let eta = zs[130].value().map(|z_130| {
if z_130 == pallas::Base::zero() {
if z_130.is_zero_vartime() {
pallas::Base::zero()
} else {
z_130.invert().unwrap()

2
src/circuit/gadget/sinsemilla/chip/hash_to_point.rs
View File

@ -149,7 +149,7 @@ impl SinsemillaChip {
if let Some(x_a) = x_a.value() {
if let Some(y_a) = y_a.value() {
if x_a == pallas::Base::zero() || y_a == pallas::Base::zero() {
if x_a.is_zero_vartime() || y_a.is_zero_vartime() {
return Err(Error::Synthesis);
}
}