therealyingtong
ae25310385
chip::mul_fixed.rs: Implement fixed-base scalar mul instruction.
...
Fixed-base scalar mul makes use of the add_incomplete and add
instructions internally. The full-width and short signed share
some common logic, which is captured in chip::mul_fixed.rs.
The signed short variant introduces additional logic to handle
the scalar's sign. This is done in the submodule mul_fixed::short.
2021-07-07 23:10:59 +08:00
therealyingtong
a263774abf
chip::witness_scalar_fixed.rs: Implement witness_scalar_fixed instruction.
...
A scalar used in fixed-base scalar mul needs to be decomposed into
windows to use with the fixed-base window table. Both full-width
and short signed scalars share some logic (captured in the function
decompose_scalar_fixed()).
A short signed scalar introduces additional logic: its magnitude is
decomposed, and its sign is separately witnessed. This is handled
in the submodule witness_scalar_fixed::short.
2021-07-07 23:10:59 +08:00
therealyingtong
cc9dd20536
chip::mul.rs: Implement variable-base scalar mul instruction.
...
This uses the complete addition instruction internally. The module
is split up into mul::incomplete.rs and mul::complete.rs, where
mul::incomplete handles the incomplete additions used in the
starting rounds of the variable-base scalar mul algorithm, and
mul::complete handles the complete additions in the final rounds.
Incomplete additions are broken into "hi" and "lo" halves and
processed on the same rows across different columns. This is an
optimization to make full use of the advice columns in this
instruction.
2021-07-07 23:10:59 +08:00
therealyingtong
64a2b02d42
ecc::chip.rs: Witness scalar for variable-base scalar mul
2021-07-07 23:10:59 +08:00
therealyingtong
0f60a81485
ecc::chip.rs: Add EccScalarFixed, EccScalarFixedShort structs
2021-07-07 23:10:59 +08:00
therealyingtong
091592e110
[book] Document canonicity check for fixed-base scalar mul when base field element is used as the scalar.
2021-07-07 17:10:18 +08:00
therealyingtong
32f9622c23
[book] Document lookup range check and its use in overflow check.
2021-07-03 19:30:27 +08:00
ying tong
6479598b27
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-03 18:37:35 +08:00
therealyingtong
2b4d9fda49
[book] Correct q_mul = 3 case.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 22:44:01 +08:00
therealyingtong
1a531cf619
[book] Correct hi and lo ranges in constraint table
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 21:41:31 +08:00
therealyingtong
802334892d
[book] Constrain first and last rows in incomplete addition secton of variable-base scalar mul.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 17:28:33 +08:00
therealyingtong
902dbbb700
[book] Fix window table sum expression in fixed-base scalar mul.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 16:43:29 +08:00
Kris Nuttycombe
64c5b25d1c
Rename OrchardIncrementalTreeDigest to MerkleCrhOrchardOutput
2021-07-01 12:09:24 -06:00
Kris Nuttycombe
fd94759fab
Implements the updated, total definition of MerkleCRH^Orchard
...
See https://github.com/zcash/zips/pull/530
2021-07-01 12:09:24 -06:00
therealyingtong
68acc33cae
[book] Document overflow check for variable-base scalar mul.
2021-07-02 00:18:27 +08:00
str4d
d5f3256785
Merge branch 'main' into book-ecc-gadget
2021-07-01 13:47:30 +01:00
str4d
6c34956c18
book: Remove superfluous checkmarks
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 13:46:48 +01:00
str4d
21b77d6ec5
Merge pull request #138 from nuttycom/public_orchard_domain
...
Make note encryption OrchardDomain type public.
2021-06-30 19:56:12 +01:00
Kris Nuttycombe
ab2622f59c
Make note encryption OrchardDomain type public.
2021-06-30 12:47:37 -06:00
Kris Nuttycombe
541898d22b
Merge pull request #137 from nuttycom/orchard_domain_for_action
...
Add for_action method for constructing an OrchardDomain
2021-06-30 12:07:22 -06:00
Kris Nuttycombe
234eed9cbb
Update src/note_encryption.rs
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-30 11:58:28 -06:00
Kris Nuttycombe
1e95360a74
Add for_action method for constructing an OrchardDomain
2021-06-30 11:21:07 -06:00
str4d
bb159a2ccf
Merge pull request #98 from zcash/merkle-chip
...
Merkle hash chip
2021-06-29 23:09:15 +01:00
Jack Grigg
7c38f149ac
rustfmt
2021-06-29 22:46:07 +01:00
str4d
cbded2b821
Optimize transpose_option_array
2021-06-29 22:43:50 +01:00
str4d
8dfcd7d49b
Remove unused lookup_config in MerkleConfig
2021-06-29 22:41:01 +01:00
str4d
9f1bd64fe9
Merge pull request #133 from zcash/patch-sinsemilla
...
Introduce `LookupRangeCheckConfig`s for each Sinsemilla advice column
2021-06-29 10:43:30 +01:00
str4d
3ecd0a122c
Merge pull request #132 from zcash/patch-lookup-range-check
...
Add short range check to `lookup_range_check` util
2021-06-29 10:38:14 +01:00
therealyingtong
3806a9d6f0
Further cleanups and docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 12:08:31 +08:00
therealyingtong
d68eb6583d
Docfixes, variable renames, cleanups
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 12:08:31 +08:00
therealyingtong
32e564a963
Constrain b_1 + 2^5 b_2 = z1_b in decomposition gate.
2021-06-29 12:08:31 +08:00
therealyingtong
db45c81ea6
sinsemilla::merkle.rs: Add test for MerkleChip.
2021-06-29 12:08:31 +08:00
therealyingtong
f30de79fc6
sinsemilla::merkle.rs: Implement MerkleInstructions for MerkleChip.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-29 12:08:31 +08:00
therealyingtong
569eb4baa6
sinsemilla::merkle.rs: Configure MerkleChip
...
MerkleChip::configure() takes a SinsemillaConfig as input.
2021-06-29 12:08:31 +08:00
therealyingtong
6976e2baeb
sinsemilla::merkle.rs: Derive SinsemillaInstructions, CondSwapInstructions for MerkleChip
2021-06-29 12:08:31 +08:00
therealyingtong
68878d88b1
sinsemilla::merkle.rs: Add MerkleChip
2021-06-29 12:08:31 +08:00
therealyingtong
d090da0159
sinsemilla::merkle.rs: Add MerkleInstructions.
...
This has three const generic parameters: PATH_LENGTH, K, MAX_WORDS.
PATH_LENGTH is the length of the Merkle path being hashed. K and
MAX_WORDS parameterize the internal Sinsemilla instance used in
hashing the path.
2021-06-29 12:08:31 +08:00
therealyingtong
1ac3541505
Add spec::i2lebsp and constants::MERKLE_DEPTH_ORCHARD
2021-06-29 12:07:49 +08:00
therealyingtong
12cef17559
Cleanups and minor refactors.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-29 12:02:54 +08:00
ying tong
209e6a1132
Docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-29 09:51:02 +08:00
str4d
51f1c9197d
Merge pull request #129 from zcash/nonempty-0.7
...
nonempty 0.7
2021-06-28 22:30:27 +01:00
Jack Grigg
3badd42d15
nonempty 0.7
...
We can now correctly measure the heap-allocated memory used by a bundle.
2021-06-28 20:57:49 +01:00
str4d
1f861423c2
Merge pull request #122 from nuttycom/incremental_merkle_tree
...
Add Orchard incremental merkle tree digests.
2021-06-28 19:12:13 +01:00
Jack Grigg
9bf066ef8b
rustfmt
2021-06-28 18:48:58 +01:00
str4d
93ab753b8c
Apply string fixes from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:47:02 +01:00
Kris Nuttycombe
ffafb6308c
Fix clippy complaints.
2021-06-28 10:56:25 -06:00
Kris Nuttycombe
0d078c8a90
Rustfmt
2021-06-28 10:01:13 -06:00
Kris Nuttycombe
cc708a6b4a
Update to released incrementalmerkletree version.
2021-06-28 09:43:18 -06:00
therealyingtong
9b47bd0db4
sinsemilla::tests: Use separate constants columns for chips.
...
To be replaced by the public inputs API.
2021-06-25 15:07:27 +08:00
therealyingtong
2ec30943b3
Configure each Sinsemilla advice column for use with a K-bit lookup.
...
Inputs to Sinsemilla often need to be decomposed and range-constrained.
2021-06-25 15:07:27 +08:00