str4d
3dbebbe08b
Merge pull request #58 from zcash/proof-placeholder
...
Proving and verifying keys, and placeholder proof logic
2021-04-26 19:11:56 +01:00
str4d
0f6794f291
Merge pull request #70 from zcash/bundle-apis
...
Bundle APIs
2021-04-22 21:23:14 +01:00
Kris Nuttycombe
7d243ae60a
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-22 07:32:20 -06:00
Jack Grigg
4c4400cb63
Proving and verifying keys, and placeholder proof logic
2021-04-23 01:08:43 +12:00
Jack Grigg
f62bbbbb95
Small conversion helpers
2021-04-23 01:08:43 +12:00
Jack Grigg
35f65bb26a
Expose RedPallas rerandomization
2021-04-23 01:06:10 +12:00
str4d
0ccb0101df
Merge pull request #60 from zcash/dummy-notes
...
Dummy note generation
2021-04-22 14:04:50 +01:00
str4d
4db3b54c8b
Generate dummy nullifiers with the same distribution as real ones
...
The x-coordinates of Pallas points are not uniformly distributed base field elements.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-22 13:54:17 +01:00
Jack Grigg
dbfbc66ac7
Add NoteValue::zero as an alias for NoteValue::default
2021-04-23 00:46:39 +12:00
Jack Grigg
77121facb7
Dummy note generation
2021-04-23 00:46:39 +12:00
str4d
632fa8dcf2
Merge pull request #68 from daira/daira-nullifiers
...
[Book] Update nullifier explanation to include Extract_P
2021-04-22 05:50:01 +01:00
Jack Grigg
3c2e32e156
Add some internal doc comments
2021-04-22 16:39:36 +12:00
Jack Grigg
09cca41ffb
Add getters for bundle and action internals
2021-04-22 16:39:36 +12:00
Jack Grigg
f1ad9d08de
Bundle and action constructors
2021-04-22 16:39:26 +12:00
Jack Grigg
01d241df7c
Rename some bundle and action variables to match the protocol spec
2021-04-22 16:38:17 +12:00
Jack Grigg
5dbcbf28fb
Bundle Authorization transformations
2021-04-22 16:37:31 +12:00
str4d
ea278aafcb
Merge pull request #63 from zcash/note-commitment-updates
...
Note commitment updates
2021-04-22 01:23:05 +01:00
Jack Grigg
bdaf9d06cc
clippy: Allow binary operators in IncompletePoint addition
...
It's not suspicious, it's constant time! :D
2021-04-22 12:09:32 +12:00
Jack Grigg
09e70cb6e3
Improve performance of IncompletePoint addition
...
We only need to track the occurrence of any edge cases, and we can do so
without expensive inversions at every addition step, by instead
performing the checks on the projective form directly.
2021-04-22 12:01:59 +12:00
Jack Grigg
3cadb7bb48
Update reddsa dependency
...
Earlier in this PR we updated the pasta_crate with a small refactor. The
updated crate also had a separate bugfix to the GroupHash implementation
which caused generators to change. Rust happily pulled in both versions
of pasta_curves, causing the ValueCommit proptests to fail because bsk
was generated with different bases in this crate and reddsa.
2021-04-22 11:12:34 +12:00
str4d
31d1a67837
Expand documentation of conditions on SpendingKeys
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 23:28:32 +01:00
str4d
edffeb870e
Merge pull request #69 from daira/daira-zeros
...
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard
2021-04-21 20:19:35 +01:00
Daira Hopwood
18bc70afa2
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard. fixes #62
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 18:38:25 +01:00
Daira Hopwood
f5bab61f81
Update nullifier explanation to include Extract_P.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 18:25:31 +01:00
str4d
b88e77dd56
Merge pull request #59 from zcash/valuecommit
...
Implement ValueCommit^Orchard
2021-04-20 20:45:19 +01:00
Jack Grigg
c7b9ce0ea9
Fix a clippy lint
...
This was leftover after an intermediate refactor that introduced
`hash_to_point_inner`.
2021-04-20 23:57:59 +12:00
Jack Grigg
b1286b4e94
Fix bundle::Action to hold cmx instead of cm
2021-04-20 10:26:58 +12:00
Jack Grigg
c08d12cc52
Use incomplete addition in SinsemillaHashToPoint
...
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:
- When we generate keys or notes, if we encounter ⊥ we discard and
re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
from bytes), we check for and reject ⊥.
2021-04-20 10:05:56 +12:00
Jack Grigg
907ff46078
Simulate incomplete addition
...
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
2021-04-20 10:04:44 +12:00
Jack Grigg
badaf23f25
Implement ValueCommit^Orchard
2021-04-15 17:08:06 +12:00
str4d
4b05c20a2d
Merge pull request #53 from daira/daira-unifiedaddrs
...
Orchard book: minimal description of unified addresses
2021-03-31 11:03:27 +13:00
ebfull
58a6aa3849
Merge pull request #56 from zcash/more-poseidon-const-generics
...
Use const generics for poseidon::ConstantLength
2021-03-30 09:53:05 -06:00
Jack Grigg
4c34a61c57
Use const generics for poseidon::ConstantLength
2021-03-30 14:13:15 +13:00
str4d
92cfa372e0
Merge pull request #44 from zcash/note-structure
...
Note structure
2021-03-30 14:01:56 +13:00
Jack Grigg
0f8c5b7dd3
Document TODO for SinsemillaShortCommit usage
...
https://github.com/zcash/orchard/issues/55
2021-03-30 13:55:29 +13:00
Jack Grigg
3b14cfc133
Fix link to NU5 protocol spec draft
2021-03-30 13:54:23 +13:00
Jack Grigg
5646ada113
Make nk the first argument to Nullifier::derive
...
This more closely matches DeriveNullifier in the spec.
2021-03-30 13:52:20 +13:00
Daira Hopwood
0191fa0a47
Orchard book: minimal description of unified addresses.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-27 17:08:39 +00:00
str4d
d61b9b939c
Merge pull request #52 from zcash/poseidon-const-generics
...
Refactor Poseidon primitive to use const generics
2021-03-26 15:25:33 +13:00
Jack Grigg
061ad0656b
Refactor Poseidon primitive to use const generics
2021-03-26 09:07:38 +13:00
Jack Grigg
c756657bd2
Set MSRV to 1.51.0
...
Yay const generics!
2021-03-26 08:13:25 +13:00
Jack Grigg
0f6eb9ca6c
Nullifier derivation
2021-03-26 07:51:05 +13:00
Jack Grigg
1a37ca492d
Extract spec::mod_r_p helper from spec::commit_ivk
2021-03-26 07:51:05 +13:00
Jack Grigg
680c917ce6
Note commitment derivation
2021-03-26 07:51:05 +13:00
str4d
ee2bfa7f43
Merge pull request #41 from zcash/poseidon-primitive
...
Poseidon primitive
2021-03-26 07:36:45 +13:00
str4d
df5e0d92f3
Merge pull request #46 from zcash/sinsemilla-api
...
Generalise Sinsemilla API
2021-03-24 17:37:36 +13:00
therealyingtong
a2c1bfb52a
Remove unnecessary clone()
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:30:03 +08:00
therealyingtong
9c75839e62
Minor changes
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:25:28 +08:00
therealyingtong
7a210fabf3
Store HashDomain in CommitDomain
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:11:13 +08:00
therealyingtong
18fba2a62e
Add getters for Q() and R()
2021-03-24 12:10:37 +08:00