Jack Grigg
6bcfecd039
Add poseidon::Spec::Rate associated type
...
This removes the need for specifying the rate at runtime, and removes
the remaining heap allocations from Duplex::absorb and Duplex::squeeze.
2021-03-18 16:38:28 +13:00
Jack Grigg
6548666e37
Add poseidon::Spec::State associated type
...
We reuse this type for the per-round round constants, and rows of the
MDS, to provide some type-level same-length guarantees. Once we can use
const generics, these will all be replaced by [F; Spec::ARITY].
2021-03-18 16:38:26 +13:00
Jack Grigg
5c8e9beea7
Simplify poseidon::Spec and remove poseidon::Generic
...
Poseidon specifications are now all concrete, and only generation of
constants at runtime requires an instance of the specification.
2021-03-18 16:38:23 +13:00
Jack Grigg
266705166f
Poseidon duplex sponge and hash function
2021-03-18 16:38:21 +13:00
Jack Grigg
9a2c1b0217
Make poseidon::Generic specific to SboxType::Pow
...
We don't currently require SboxType::Inv, so let's simplify for now.
2021-03-18 16:38:17 +13:00
Jack Grigg
8408f4690c
Rename poseidon::PoseidonSpec trait to poseidon::Spec
2021-03-18 16:38:14 +13:00
Jack Grigg
3fb5bf8344
Modify constant generation to match reference implementation
2021-03-18 16:38:07 +13:00
Jack Grigg
e1719c42bc
Add test vectors from the reference implementation
...
These are generated using v1.1 of the reference implementation.
2021-03-18 16:38:06 +13:00
Jack Grigg
84907c50e1
Poseidon specification and constants
2021-03-18 16:37:36 +13:00
Jack Grigg
3911fb3202
Use Pallas directly from pasta_curves crate
2021-03-18 15:06:16 +13:00
Jack Grigg
0f081c74e9
Bump halo2 dependency to include pasta_curves extraction
2021-03-18 15:04:07 +13:00
str4d
e737b50a25
Merge pull request #40 from zcash/key-components
...
Orchard key components
2021-03-18 13:44:33 +13:00
str4d
05e86a4d98
Reuse the hasher inside diversify_hash
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-03-18 13:39:04 +13:00
str4d
51fd94df72
Fix section numbers after spec changes
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-03-18 13:38:11 +13:00
Jack Grigg
861eec1765
Document sinsemilla::Pad
2021-03-18 08:30:22 +13:00
Jack Grigg
42ea809b64
Update protocol spec references
2021-03-18 08:30:22 +13:00
Jack Grigg
e0417268ad
Make address generation infallible again
...
DiversifyHash is altered to replace the identity with another fixed
point that is known to not be the identity.
2021-03-18 08:30:22 +13:00
Jack Grigg
8e55b46dbf
Deduplicate default address generation
2021-03-16 10:01:50 +13:00
Jack Grigg
3c8befa0f3
Remove TODO from extract_p
...
The protocol spec now returns \mathbb{P}_x instead of a bit sequence,
matching what we do here.
2021-03-16 09:36:59 +13:00
Jack Grigg
46bf89c122
Update ivk derivation to match latest protocol spec draft
2021-03-16 09:33:07 +13:00
Jack Grigg
e0b40cb3cb
FullViewingKey::address_at(impl Into<DiversifierIndex>)
...
This is a more usable API, which we can use when we have the full
viewing key and can obtain the DiversifierKey.
2021-03-16 09:20:45 +13:00
Jack Grigg
e98f324d7d
Ensure diversify_hash does not return the identity
...
This makes diversified address generation fallible (though with
negligible probability). We expose this to users, so they can decide how
to handle it (either just unwrapping, or incrementing the diversifier
index).
We alter spending key construction to reject spending keys that would
not result in a default address (with diversifier index 0).
2021-03-16 09:03:44 +13:00
Jack Grigg
f7cad7762a
Add clarifying note about nomenclature
...
There's no point in documenting everything as being an Orchard whizzbang.
We are in the `orchard` crate, so the context should be obvious. This
also fits with the standard Rust naming guideline of not duplicating
module names in type name prefixes (`foo::bar::BarThing`).
2021-03-09 10:39:02 +13:00
Jack Grigg
2462bb219b
Use [u8; 64] as the output of prf_expand to match the spec
2021-03-09 10:33:56 +13:00
Jack Grigg
cef44f5f53
Fix intra-crate doc links
2021-03-09 09:27:34 +13:00
Jack Grigg
bf5fb7a668
Add missing spec links to key docs
2021-03-09 09:22:38 +13:00
Jack Grigg
307787ec17
Use spec name for SpendValidatingKey
2021-03-09 09:20:09 +13:00
Jack Grigg
26701c33af
Fix commit_ivk specification
...
Commit^ivk takes ak as a point, and commits to its entire serialization
(not just the x coordinate).
2021-03-09 08:28:53 +13:00
str4d
cfaa61ab14
Remove unnecessary conversions for DiversifierIndex
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-03-09 07:40:01 +13:00
Jack Grigg
57c64922f6
Add internal CommitIvkRandomness type
2021-03-09 07:38:15 +13:00
Jack Grigg
9455158190
Use protocol spec URL anchors as link handles
2021-03-06 01:18:58 +00:00
Jack Grigg
71542f7ec2
Add internal DiversifiedTransmissionKey type
2021-03-06 01:03:53 +00:00
str4d
a61be5d58b
Fix typo in documentation
...
Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
2021-03-06 13:58:48 +13:00
Jack Grigg
5772c71a89
Add doctest example to orchard::Address that exercises key derivation
2021-03-06 00:57:30 +00:00
Jack Grigg
27501702d5
Use orchard::redpallas types in orchard::keys implementation
2021-03-06 00:03:26 +00:00
Jack Grigg
eaa7158751
Use reddsa to instantiate orchard::redpallas
2021-03-05 23:46:20 +00:00
Jack Grigg
ceac39d74e
Implement ZIP 32 diversifier derivation
2021-03-05 23:36:38 +00:00
Jack Grigg
f0779792bc
Orchard key components
2021-03-05 23:28:16 +00:00
str4d
35da17944a
Merge pull request #21 from zcash/sinsemilla
...
Implement Sinsemilla primitives
2021-03-06 09:16:08 +13:00
Jack Grigg
d7f8584d20
Fix clippy lint
2021-03-05 20:09:51 +00:00
Jack Grigg
be758de3bb
Fix protocol spec references after PDF rename
2021-03-05 20:00:45 +00:00
str4d
a24c3b1dbc
Merge pull request #27 from zcash/parametric-bundle
...
Make Bundle a parametric type over an Authorization trait
2021-03-05 11:43:30 +13:00
Jack Grigg
9882373e85
Make Bundle a parametric type over an Authorization trait
...
This enables us to construct Bundles at various stages of
authorization:
- `Bundle<Unauthorized>`: A bundle with all effecting data but no
proofs or signatures.
- `Bundle<Authorized>`: A bundle with all proofs and signatures,
suitable for inclusion in a block.
- `Bundle<Partial>`: Example of some in-progress bundle authorization,
for example during a FROST threshold multisignature protocol.
Also adds the bundle flags field from ZIP 225.
2021-03-03 17:39:53 +00:00
Jack Grigg
22658c3bc4
sinsemilla: Use lebs2ip_K to match protocol spec naming
2021-03-02 01:21:07 +00:00
Jack Grigg
a26e1c7879
sinsemilla: Remove the ExactSizeIterator bound
2021-03-01 23:34:02 +00:00
str4d
788dd0dc20
Merge pull request #18 from zcash/book-update-commitment-tree-section
...
book: Update commitment tree section with the design decision
2021-02-28 13:26:57 +13:00
Jack Grigg
a03ee8797d
Implement Sinsemilla primitives
2021-02-27 17:10:28 +08:00
str4d
4040aba96a
Merge pull request #22 from zcash/ecc-gadget
...
Add ECC gadgets and instructions
2021-02-26 07:30:42 +13:00
Jack Grigg
bbf2dc271e
Add ECC gadgets and instructions
...
Migrated from the halo2 crate; we may re-upstream them later (or move
gadgets into their own crate) once we've stabilised them.
2021-02-25 18:11:46 +00:00
str4d
67f0911480
Merge pull request #20 from zcash/api-changes
...
Minor API changes
2021-02-25 11:02:22 +13:00