zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
560 Commits 40 Branches 6 Tags 58 MiB
Commit Graph

560 Commits

Author SHA1 Message Date
Jack Grigg bdaf9d06cc clippy: Allow binary operators in IncompletePoint addition 
It's not suspicious, it's constant time! :D
 2021-04-22 12:09:32 +12:00
Jack Grigg 09e70cb6e3 Improve performance of IncompletePoint addition 
We only need to track the occurrence of any edge cases, and we can do so
without expensive inversions at every addition step, by instead
performing the checks on the projective form directly.
 2021-04-22 12:01:59 +12:00
Jack Grigg 3cadb7bb48 Update reddsa dependency 
Earlier in this PR we updated the pasta_crate with a small refactor. The
updated crate also had a separate bugfix to the GroupHash implementation
which caused generators to change. Rust happily pulled in both versions
of pasta_curves, causing the ValueCommit proptests to fail because bsk
was generated with different bases in this crate and reddsa.
 2021-04-22 11:12:34 +12:00
str4d 31d1a67837
Expand documentation of conditions on SpendingKeys 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 23:28:32 +01:00
str4d edffeb870e
Merge pull request #69 from daira/daira-zeros 
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard
 2021-04-21 20:19:35 +01:00
Daira Hopwood 18bc70afa2 [Book] Explain the decision to exclude zero points and scalars for KA.Orchard. fixes #62 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 18:38:25 +01:00
Daira Hopwood f5bab61f81 Update nullifier explanation to include Extract_P. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 18:25:31 +01:00
str4d b88e77dd56
Merge pull request #59 from zcash/valuecommit 
Implement ValueCommit^Orchard
 2021-04-20 20:45:19 +01:00
Jack Grigg c7b9ce0ea9 Fix a clippy lint 
This was leftover after an intermediate refactor that introduced
`hash_to_point_inner`.
 2021-04-20 23:57:59 +12:00
Jack Grigg b1286b4e94 Fix bundle::Action to hold cmx instead of cm 2021-04-20 10:26:58 +12:00
Jack Grigg c08d12cc52 Use incomplete addition in SinsemillaHashToPoint 
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:

- When we generate keys or notes, if we encounter ⊥ we discard and
  re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
  from bytes), we check for and reject ⊥.
 2021-04-20 10:05:56 +12:00
Jack Grigg 907ff46078 Simulate incomplete addition 
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
 2021-04-20 10:04:44 +12:00
therealyingtong 96d60b3f13 Move addition sections into ecc.rs 2021-04-17 12:53:10 +08:00
Steven Smith 07accbc9ab Changing TGPPL references to BOSL 2021-04-16 09:24:18 -07:00
Jack Grigg badaf23f25 Implement ValueCommit^Orchard 2021-04-15 17:08:06 +12:00
ying tong cd809c57dc
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-04-09 16:53:35 +08:00
ying tong 137066e056
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-09 16:51:14 +08:00
str4d 4b05c20a2d
Merge pull request #53 from daira/daira-unifiedaddrs 
Orchard book: minimal description of unified addresses
 2021-03-31 11:03:27 +13:00
ebfull 58a6aa3849
Merge pull request #56 from zcash/more-poseidon-const-generics 
Use const generics for poseidon::ConstantLength
 2021-03-30 09:53:05 -06:00
Jack Grigg 4c34a61c57 Use const generics for poseidon::ConstantLength 2021-03-30 14:13:15 +13:00
str4d 92cfa372e0
Merge pull request #44 from zcash/note-structure 
Note structure
 2021-03-30 14:01:56 +13:00
Jack Grigg 0f8c5b7dd3 Document TODO for SinsemillaShortCommit usage 
https://github.com/zcash/orchard/issues/55
 2021-03-30 13:55:29 +13:00
Jack Grigg 3b14cfc133 Fix link to NU5 protocol spec draft 2021-03-30 13:54:23 +13:00
Jack Grigg 5646ada113 Make nk the first argument to Nullifier::derive 
This more closely matches DeriveNullifier in the spec.
 2021-03-30 13:52:20 +13:00
therealyingtong c074990bb9 [book] Document ECC gadget in circuit 2021-03-29 14:01:05 +08:00
Daira Hopwood 0191fa0a47 Orchard book: minimal description of unified addresses. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-27 17:08:39 +00:00
str4d d61b9b939c
Merge pull request #52 from zcash/poseidon-const-generics 
Refactor Poseidon primitive to use const generics
 2021-03-26 15:25:33 +13:00
Jack Grigg 061ad0656b Refactor Poseidon primitive to use const generics 2021-03-26 09:07:38 +13:00
Jack Grigg c756657bd2 Set MSRV to 1.51.0 
Yay const generics!
 2021-03-26 08:13:25 +13:00
Jack Grigg 0f6eb9ca6c Nullifier derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 1a37ca492d Extract spec::mod_r_p helper from spec::commit_ivk 2021-03-26 07:51:05 +13:00
Jack Grigg 680c917ce6 Note commitment derivation 2021-03-26 07:51:05 +13:00
str4d ee2bfa7f43
Merge pull request #41 from zcash/poseidon-primitive 
Poseidon primitive
 2021-03-26 07:36:45 +13:00
str4d df5e0d92f3
Merge pull request #46 from zcash/sinsemilla-api 
Generalise Sinsemilla API
 2021-03-24 17:37:36 +13:00
therealyingtong a2c1bfb52a Remove unnecessary clone() 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:30:03 +08:00
therealyingtong 9c75839e62 Minor changes 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:25:28 +08:00
therealyingtong 7a210fabf3 Store HashDomain in CommitDomain 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:11:13 +08:00
therealyingtong 18fba2a62e Add getters for Q() and R() 2021-03-24 12:10:37 +08:00
therealyingtong 873e1b7d7e Call hash_to_curve() only when constructing new domain 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:10:37 +08:00
ying tong 946b50ebfe Add documentation 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-03-24 12:09:11 +08:00
therealyingtong a3134e34c5 Introduce HashDomain and CommitDomain traits 
Co-authored-by: Jack Grigg <thestr4d@gmail.com>
 2021-03-24 12:09:11 +08:00
therealyingtong ee969a64a8 Add Sinsemilla constants 2021-03-24 12:09:11 +08:00
str4d 7c8098ad43
Merge pull request #50 from zcash/key-derivation-benchmark 
Add small key derivation benchmarks
 2021-03-24 17:05:36 +13:00
Jack Grigg b8f02c3b32 Temporarily allow dead code 
This will make the lints more useful while we are implementing the
Orchard protocol.
 2021-03-20 18:31:22 +13:00
Jack Grigg f18ffa63d5 Add small key derivation benchmarks 2021-03-20 18:19:51 +13:00
str4d e0a2141888
Merge pull request #48 from zcash/pasta-curves 
Use the pasta_curves crate directly
 2021-03-19 08:35:00 +13:00
Jack Grigg 1ceb60379f poseidon: Clarify that R_F must be even 2021-03-18 16:47:06 +13:00
Jack Grigg 4c3e20535d poseidon: s/arity/width 
To match the paper more closely (arity specifically refers to Merkle
tree instantiations).
 2021-03-18 16:47:04 +13:00
Jack Grigg 2beb6c3e82 Invert the Poseidon test vectors for Orchard 
We now hard-code the Poseidon round constants and MDS for the Poseidon
specification used for Orchard nullifiers, as produced by the reference
implementation, and test that our constant generation can recreate them.
 2021-03-18 16:47:01 +13:00
Jack Grigg 872471af17 Fix Poseidon instance definition 
For Orchard, we want a Poseidon instance with a width of 3 field
elements and an output of one field element. The Poseidon instances
defined in the Poseidon paper have their output size equal to their
capacity size; with a capacity of 1 and pallas::Base as the field,
Poseidon-128 has the corresponding security level.

We do deviate from the paper's instance by adding a single partial
round, which makes the circuit easier to implement in Halo 2.
 2021-03-18 16:39:09 +13:00