From e99fc92e4b97d752f40244d705eaa4d81c7902f4 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 1 Dec 2021 12:59:37 +0000 Subject: [PATCH] circuit: Use `Field::is_zero_vartime` --- src/circuit/gadget/ecc/chip.rs | 7 ++++--- src/circuit/gadget/ecc/chip/add.rs | 6 +++--- src/circuit/gadget/ecc/chip/add_incomplete.rs | 5 +++-- src/circuit/gadget/ecc/chip/mul/incomplete.rs | 4 ++-- src/circuit/gadget/ecc/chip/mul/overflow.rs | 2 +- src/circuit/gadget/sinsemilla/chip/hash_to_point.rs | 2 +- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/circuit/gadget/ecc/chip.rs b/src/circuit/gadget/ecc/chip.rs index e299f0c9..e354ca66 100644 --- a/src/circuit/gadget/ecc/chip.rs +++ b/src/circuit/gadget/ecc/chip.rs @@ -8,6 +8,7 @@ use crate::{ }; use arrayvec::ArrayVec; +use ff::Field; use group::prime::PrimeCurveAffine; use halo2::{ circuit::{Chip, Layouter}, @@ -50,7 +51,7 @@ impl EccPoint { pub fn point(&self) -> Option { match (self.x.value(), self.y.value()) { (Some(x), Some(y)) => { - if x == pallas::Base::zero() && y == pallas::Base::zero() { + if x.is_zero_vartime() && y.is_zero_vartime() { Some(pallas::Affine::identity()) } else { Some(pallas::Affine::from_xy(x, y).unwrap()) @@ -72,7 +73,7 @@ impl EccPoint { #[cfg(test)] fn is_identity(&self) -> Option { - self.x.value().map(|x| x == pallas::Base::zero()) + self.x.value().map(|x| x.is_zero_vartime()) } } @@ -102,7 +103,7 @@ impl NonIdentityEccPoint { pub fn point(&self) -> Option { match (self.x.value(), self.y.value()) { (Some(x), Some(y)) => { - assert!(x != pallas::Base::zero() && y != pallas::Base::zero()); + assert!(!x.is_zero_vartime() && !y.is_zero_vartime()); Some(pallas::Affine::from_xy(x, y).unwrap()) } _ => None, diff --git a/src/circuit/gadget/ecc/chip/add.rs b/src/circuit/gadget/ecc/chip/add.rs index 9e10d02c..023a678b 100644 --- a/src/circuit/gadget/ecc/chip/add.rs +++ b/src/circuit/gadget/ecc/chip/add.rs @@ -300,7 +300,7 @@ impl Config { // know that x_q != x_p in this branch. (y_q - y_p) * alpha } else { - if y_p != pallas::Base::zero() { + if !y_p.is_zero_vartime() { // 3(x_p)^2 let three_x_p_sq = pallas::Base::from_u64(3) * x_p.square(); // 1 / 2(y_p) @@ -327,10 +327,10 @@ impl Config { .zip(lambda) .map(|((((x_p, y_p), x_q), y_q), lambda)| { { - if x_p == pallas::Base::zero() { + if x_p.is_zero_vartime() { // 0 + Q = Q (x_q, y_q) - } else if x_q == pallas::Base::zero() { + } else if x_q.is_zero_vartime() { // P + 0 = P (x_p, y_p) } else if (x_q == x_p) && (y_q == -y_p) { diff --git a/src/circuit/gadget/ecc/chip/add_incomplete.rs b/src/circuit/gadget/ecc/chip/add_incomplete.rs index 30b74e0d..c1c02828 100644 --- a/src/circuit/gadget/ecc/chip/add_incomplete.rs +++ b/src/circuit/gadget/ecc/chip/add_incomplete.rs @@ -1,6 +1,7 @@ use std::{array, collections::HashSet}; use super::{copy, CellValue, NonIdentityEccPoint, Var}; +use ff::Field; use group::Curve; use halo2::{ circuit::Region, @@ -96,9 +97,9 @@ impl Config { .zip(y_q) .map(|(((x_p, y_p), x_q), y_q)| { // P is point at infinity - if (x_p == pallas::Base::zero() && y_p == pallas::Base::zero()) + if (x_p.is_zero_vartime() && y_p.is_zero_vartime()) // Q is point at infinity - || (x_q == pallas::Base::zero() && y_q == pallas::Base::zero()) + || (x_q.is_zero_vartime() && y_q.is_zero_vartime()) // x_p = x_q || (x_p == x_q) { diff --git a/src/circuit/gadget/ecc/chip/mul/incomplete.rs b/src/circuit/gadget/ecc/chip/mul/incomplete.rs index a17925d0..4ccd817d 100644 --- a/src/circuit/gadget/ecc/chip/mul/incomplete.rs +++ b/src/circuit/gadget/ecc/chip/mul/incomplete.rs @@ -195,9 +195,9 @@ impl Config { if let (Some(x_a), Some(y_a), Some(x_p), Some(y_p)) = (x_a, y_a, x_p, y_p) { // A is point at infinity - if (x_p == pallas::Base::zero() && y_p == pallas::Base::zero()) + if (x_p.is_zero_vartime() && y_p.is_zero_vartime()) // Q is point at infinity - || (x_a == pallas::Base::zero() && y_a == pallas::Base::zero()) + || (x_a.is_zero_vartime() && y_a.is_zero_vartime()) // x_p = x_a || (x_p == x_a) { diff --git a/src/circuit/gadget/ecc/chip/mul/overflow.rs b/src/circuit/gadget/ecc/chip/mul/overflow.rs index f331615b..0f5f480a 100644 --- a/src/circuit/gadget/ecc/chip/mul/overflow.rs +++ b/src/circuit/gadget/ecc/chip/mul/overflow.rs @@ -155,7 +155,7 @@ impl Config { // Witness η = inv0(z_130), where inv0(x) = 0 if x = 0, 1/x otherwise { let eta = zs[130].value().map(|z_130| { - if z_130 == pallas::Base::zero() { + if z_130.is_zero_vartime() { pallas::Base::zero() } else { z_130.invert().unwrap() diff --git a/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs b/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs index 81c7dc3c..60b8f23c 100644 --- a/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs +++ b/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs @@ -149,7 +149,7 @@ impl SinsemillaChip { if let Some(x_a) = x_a.value() { if let Some(y_a) = y_a.value() { - if x_a == pallas::Base::zero() || y_a == pallas::Base::zero() { + if x_a.is_zero_vartime() || y_a.is_zero_vartime() { return Err(Error::Synthesis); } }