halo2

Commit Graph

Author	SHA1	Message	Date
therealyingtong	2d0afe9357	constants.rs: Introduce L_ORCHARD_MERKLE constant Also test that L_ORCHARD_BASE, L_ORCHARD_SCALAR, L_ORCHARD_MERKLE are consistent with the Pallas curve. Co-authored-by: Jack Grigg <jack@electriccoin.co>	2021-06-10 10:33:06 +08:00
therealyingtong	b33248bdb0	src::tree.rs: Implement MerklePath.root() method. Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>	2021-06-08 22:31:24 +08:00
str4d	243f862617	Fix clippy lints Co-authored-by: Daira Hopwood <daira@jacaranda.org>	2021-06-05 13:18:14 +01:00
therealyingtong	9f27049c84	Add constants::load.rs This makes it easier to load constants into the ECC chip.	2021-06-05 13:18:24 +08:00
therealyingtong	1d46a2d3e7	Add SpendAuthG fixed base. Used in spend authority randomization where rk = ak + [alpha]SpendAuthG.	2021-06-05 13:16:56 +08:00
therealyingtong	0636a6f2ec	Update window table formula. Previously, the window table M for fixed-base scalar multiplication computed M[w][k] = [(k+1)(2^3)^w]B for each window w, where k is a 3-bit chunk in the scalar decomposition in the range [0..8). However, in the case k_0 = 7, k_1= 0, the window table entries would evaluate to: M[0][k_0] = [(7+1)(2^3)^0]B = [8]B, M[1][k_1] = [(0+1)(2^3)^1]B = [8]B, which means the first addition would require complete addition. To avoid this, we alter the formula to M[w][k] = [(k+2)(2^3)^w]B. We make a corresponding change to the formula for the last window W. Previously, we had: M[W][k] = [k * (2^3)^W - \sum((2^3)^j)]B, for j in [0..W-1). Now, we have: M[W][k] = [k * (2^3)^W - \sum(2^(3j+1))]B, for j in [0..W-1).	2021-06-02 22:51:37 +08:00
therealyingtong	077f809df7	Cleanups from code review Co-authored-by: Jack Grigg <jack@electriccoin.co>	2021-05-13 10:48:10 +08:00
therealyingtong	e82a76da2a	Remove unused OrchardFixedBases trait	2021-05-06 12:52:52 +08:00
therealyingtong	b5de8e6c27	Only store Z_SHORT and U_SHORT for value_commit_v Co-authored-by: Daira Hopwood <daira@jacaranda.org>	2021-05-04 05:05:32 +08:00
therealyingtong	11d90692e1	Fix bugs in value_commit_v, value_commit_r generators Co-authored-by: Daira Hopwood <daira@jacaranda.org>	2021-05-04 02:04:56 +08:00
therealyingtong	119d721ecd	Use ArrayVec Co-authored-by: Daira Hopwood <daira@jacaranda.org>	2021-05-03 23:58:41 +08:00
ying tong	1ee5392163	Documentation fixes Co-authored-by: Daira Hopwood <daira@jacaranda.org>	2021-05-03 22:28:22 +08:00
therealyingtong	de75c9538b	Update constants after hash_to_field fix (zcash/pasta_curves@a119467 )	2021-04-28 20:53:14 +08:00
therealyingtong	13d7da3c45	Replace OrchardFixedBases enum with newtypes Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>	2021-04-28 20:53:14 +08:00
therealyingtong	e26b6c6123	Test every row in test_lagrange_coeffs() instead of using random scalar	2021-04-28 20:53:14 +08:00
therealyingtong	ce6e59bdb8	Address review comments	2021-04-28 20:53:14 +08:00
therealyingtong	17b66e1c6a	Remember u-values	2021-04-28 20:53:14 +08:00
therealyingtong	69d4c4c35a	Round up division for NUM_WINDOWS	2021-04-28 20:53:14 +08:00
therealyingtong	70ce1ca53f	Impl PartialOrd and Ord for OrchardFixedBases	2021-04-28 20:53:14 +08:00
therealyingtong	6cc957e998	Add constants for short signed scalar mul	2021-04-28 20:53:14 +08:00
therealyingtong	e4d6af620f	Add l_value to constants	2021-04-28 20:53:14 +08:00
therealyingtong	3381b15cd9	Use fixed-size array for windows in tables Co-authored-by: Jack Grigg <jack@electriccoin.co>	2021-04-28 20:53:14 +08:00
therealyingtong	d915097407	Implement Hash, PartialEq, Eq for OrchardFixedBases	2021-04-28 20:53:14 +08:00
therealyingtong	2c11f3a048	Add Orchard fixed bases and tests	2021-04-28 20:53:14 +08:00
therealyingtong	91fd290ffc	Add SWU hash-to-curve personalizations	2021-04-28 20:53:14 +08:00
Jack Grigg	46bf89c122	Update ivk derivation to match latest protocol spec draft	2021-03-16 09:33:07 +13:00
Jack Grigg	f0779792bc	Orchard key components	2021-03-05 23:28:16 +00:00

27 Commits