therealyingtong
52f53f3425
Remove IsIdentity trait from public EccInstructions.
...
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
c80ccba801
Witness cm_old using Point::new().
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
b0de6afd7c
Reintroduce Point::new() API and constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
Jack Grigg
751277cdb2
Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound
...
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
2021-09-28 13:13:25 -06:00
Jack Grigg
97c27e3d5a
Use complete addition in SinsemillaCommit
...
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
2021-09-28 13:13:25 -06:00
therealyingtong
8c8a12a8df
Minor fixes.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-28 13:13:25 -06:00
therealyingtong
fa560d3aee
Replace is_identity() instruction with IsIdentity trait.
2021-09-28 13:13:25 -06:00
therealyingtong
4a13ab4f6b
Docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
Daira Hopwood
6b6b515232
`hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>`
...
because any exceptional case is treated as an error, and therefore the identity cannot be returned.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
8ad3003e27
Remove Point::new() API and introduce is_identity() instruction.
...
Also remove the q_point selector and gate from the circuit.
2021-09-28 13:13:25 -06:00
therealyingtong
ec27989b9b
Clippy and formatting fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
a5a6e78d42
src/circuit.rs: Use NonIdentityPoint for all witnessed points.
...
The witnessed points are cm_old, g_d_old, pk_d_old, ak.
g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
cdcfcbc0c2
gadget::sinsemilla: Propagate changes to the Sinsemilla gadget.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
258fe5796b
ecc::chip: Propagate changes to sub-chips.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
df26a6c674
chip::witness_point.rs: Constraints for non-identity point.
...
The point_non_id() method returns an error if the given point is
the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
88eb762cf2
ecc::chip.rs: Introduce NonIdentityEccPoint struct.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
f5ed26790a
gadget::ecc: Introduce NonIdentityPoint associated type and gadget.
...
The add_incomplete() and mul() APIs have been removed from the
Point gadget, since we cannot perform incomplete addition or
variable-base scalar multiplication on the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
str4d
05f3226314
Merge pull request #206 from defuse/comment-fixes
...
Correct a couple comments
2021-09-29 08:13:08 +13:00
str4d
ff7343fe1a
Merge pull request #207 from zcash/circuit_description_test
...
Add test against hardcoded pinned verification key
2021-09-29 08:11:57 +13:00
Sean Bowe
f9aa765787
Add test against hardcoded pinned verification key
2021-09-28 12:54:13 -06:00
str4d
3850b9ccd5
Merge pull request #371 from zcash/release-0.1.0-beta.1
...
halo2 0.1.0-beta.1
2021-09-28 16:42:51 +13:00
Taylor Hornby
63a1c9d08e
Correct a couple comments
2021-09-27 20:52:16 -06:00
Jack Grigg
ca0f04dcb9
Add [BETA] to the crate description
...
Just so people see it when searching crates.io for halo2.
2021-09-24 17:08:46 +01:00
Jack Grigg
2c2349b576
Change crate license-file property to point at COPYING
2021-09-24 17:03:29 +01:00
Jack Grigg
7ca1933156
halo2 0.1.0-beta.1
...
This is the beta version of `halo2` used on testnet in zcashd v4.5.0.
2021-09-24 17:00:13 +01:00
str4d
8779ce8f1a
Merge pull request #204 from zcash/license-update
...
Add license exceptions for ECC and ZF projects
2021-09-23 09:10:36 +12:00
Jack Grigg
70e02d66e6
Update README
2021-09-22 21:43:08 +01:00
Jack Grigg
dca0d9a7f3
Update COPYING with latest license text
2021-09-22 21:42:19 +01:00
Jack Grigg
a11f9052ae
Require pasta_curves 0.2.1 and bump halo2 revision
...
- pasta_curves 0.2.1 is the first version that was relicensed as
MIT OR Apache-2.0.
- The halo2 revision includes the new license text.
2021-09-22 21:41:01 +01:00
str4d
a7cd600eb6
Merge pull request #370 from zcash/license-update
...
Add license exceptions for ECC and ZF projects
2021-09-23 08:38:27 +12:00
Jack Grigg
83f0d6abea
Update README
2021-09-22 20:11:13 +01:00
Jack Grigg
69b169057d
Update COPYING with latest license text
2021-09-22 20:06:50 +01:00
Jack Grigg
78f0e21563
Require pasta_curves 0.2.1
...
This is the first version that was relicensed as MIT OR Apache-2.0.
2021-09-22 19:59:04 +01:00
ebfull
6d53a2adf8
Merge pull request #368 from zcash/protocol-formalization
...
Add formal protocol description and preliminaries
2021-09-20 09:42:12 -06:00
Sean Bowe
424af080ba
Add formal protocol description and preliminaries.
2021-09-20 09:30:02 -06:00
str4d
f8280c98a3
Merge pull request #192 from zcash/merkle-path-cleanup
...
Tidy Merkle path logic.
2021-09-17 08:22:08 +12:00
therealyingtong
1f2132a8c0
Use correct MERKLE_DEPTH_ORCHARD in proptests.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-16 21:37:59 +02:00
therealyingtong
d47c157ae0
Replace arb_tree proptest with incrementalmerkletree impl.
2021-09-16 20:50:27 +02:00
therealyingtong
2c551db32b
Use gen_const_array_with_default where possible.
2021-09-16 18:20:51 +02:00
therealyingtong
291400ec33
Rename MerkleCrhOrchardOutput -> MerkleHashOrchard.
2021-09-16 15:38:01 +02:00
therealyingtong
e9dc2f747f
Move hash_with_l() logic into MerkleCrhOrchardOutput::combine().
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-16 15:37:22 +02:00
therealyingtong
58de805a13
sinsemilla::merkle.rs: Use tree::MerklePath::root in tests.
2021-09-16 15:36:24 +02:00
therealyingtong
f75f890a64
Update tree::MerklePath::root to be total.
2021-09-16 15:36:24 +02:00
Kris Nuttycombe
78e22f6325
Merge pull request #200 from zcash/memuse-0.2
...
memuse 0.2
2021-09-14 16:14:18 -06:00
Jack Grigg
414eef3ce5
memuse 0.2
2021-09-14 20:40:15 +01:00
Kris Nuttycombe
4488288ac0
Merge pull request #198 from zcash/merkle-path-test-vectors
...
Add Merkle path test vectors
2021-09-14 07:22:28 -06:00
str4d
56ded159ca
Merge pull request #199 from zcash/book-commit-ivk-fix
...
book: Update rotations for Commit^ivk region
2021-09-14 11:34:43 +01:00
Jack Grigg
1a05398c30
book: Update rotations for Commit^ivk region
...
Matches the change made in zcash/orchard#169 .
2021-09-14 02:09:14 +01:00
str4d
3dd2a1872a
Merge pull request #169 from zcash/circuit-constraint-refinements
...
Circuit constraint refinements to reduce proof size
2021-09-14 02:05:41 +01:00
str4d
9705ebf353
Merge pull request #182 from zcash/book-notecommit-optimisations
...
[book] Document NoteCommit region optimisations
2021-09-14 02:00:49 +01:00