476980efcd
Merge pull request #633 from zcash/fixed-cur
...
Only allow fixed queries at `Rotation::cur`
2023-01-10 12:44:47 -07:00
4b804a141a
Make SHA-256 gadget a nightly feature
...
This was effectively the meaning of the prior `unstable` feature flag.
2023-01-03 19:12:39 +00:00
41c87eac0f
Restrict query_fixed to current Rotation.
...
query_fixed no longer takes a Rotation argument and can only be
used to query the current rotation.
2022-12-09 16:47:19 +08:00
cb819e47e9
Migrate to `ff` revision without `FieldExt`
2022-11-30 19:35:26 +00:00
23f63a8f50
Fix nightly clippy complaints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-11-30 15:13:55 +00:00
c387aa7204
Fix additional beta clippy complaints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-11-30 15:13:55 +00:00
b3f7db16f8
Fix beta clippy complaints.
2022-11-30 14:57:15 +00:00
49b2324f0a
Replace unnecessary dependencies on `FieldExt` trait
2022-11-30 03:41:19 +00:00
63e6bd882c
poseidon: Refactor MDS generation into a helper method
2022-11-30 03:39:16 +00:00
54f653a569
halo2_gadgets: Rename `dev-graph` feature flag to `test-dev-graph`
...
This feature flag is not part of the public API, but only for
conditionally rendering sub-circuit graphs. Renaming it stops the
feature from being enabled in the workspace when we only want to enable
the `dev-graph` feature flag of `halo2_proofs`, which _is_ part of its
public API.
2022-09-12 18:07:18 +00:00
66242e0076
halo2_gadgets: Remove dead code
...
For the dead code we want to retain, we now allow it explicitly, so we
can remove the blanket lint override.
2022-09-09 17:57:37 +00:00
73282ba6b8
halo2_gadgets: Be explicit about `*EccPoint` construction without checks
...
These are all cases inside the ECC chip, where we are inherently
producing valid coordinate pairs as a result of the constraints being
implemented, but it is useful to be explicit about the contract being
asserted at each point we construct `EccPoint` or `NonIdentityEccPoint`.
2022-09-09 17:56:00 +00:00
f0861db20b
halo2_gadgets: Silence clippy lints
...
They are in code generated by macros from the `uint` crate, that we
can't do anything about from here.
2022-06-23 17:37:19 +00:00
5ed3d2501f
halo2_gadgets: Replace `Option<V>` with `Value<V>`
2022-06-08 23:31:25 +00:00
515f97769f
halo2_gadgets: Enable more inversions to be batched during synthesis
2022-06-08 00:50:16 +00:00
5f1fb166d1
halo2_gadgets: Reduce allocations during var-mul synthesis
2022-06-08 00:50:16 +00:00
c1007d8c23
halo2_gadgets: Add protocol rule links for the chip constraints
...
Part of zcash/zcash#3957 .
2022-05-25 22:41:04 +00:00
34b2e77a57
Merge pull request #467 from zcash/sha256-tweaks
...
SHA-256 chip tweaks
2022-05-25 12:51:16 +08:00
91e1106a1e
halo2_gadgets: Address review comments
2022-05-10 21:35:52 +00:00
4b802a7d07
halo2_gadgets: Documentation fixes
2022-05-10 20:31:35 +00:00
a94a2bc552
halo2_gadgets: Various small code cleanups
...
Also documents a superfluous constraint, for removal in some future
breaking change.
2022-05-10 20:26:30 +00:00
ff01e4a1f9
halo2_gadgets: Refactor `ScalarFixed::windows_usize`
...
It no longer relies on the `SqrtRatio::get_lower_32` method, which is
specific to that trait and not intended for external usage.
2022-05-10 20:26:30 +00:00
692fee099d
halo2_gadgets: Clean up `ecc::chip::mul_fixed::Config` logic
...
- We were redundantly storing the `x_p` and `y_p` columns.
- `Config::add_incomplete` was redundantly copying.
Co-authored-by: therealyingtong <yingtong@z.cash>
2022-05-10 20:04:30 +00:00
85b0b7c065
halo2_gadgets: Refactor `ecc::chip::mul_fixed::Config` word assignment logic
...
Co-authored-by: therealyingtong <yingtong@z.cash>
2022-05-10 20:04:30 +00:00
18edad5df6
halo2_gadgets: Use separate field names for var-mul incomplete selectors
...
The previous tuple was confusing because tuple indices are zero-indexed,
while the selector names are one-indexed.
2022-05-10 20:04:30 +00:00
56fc8960c6
halo2_gadgets: Extract a common `DoubleAndAdd` helper struct
...
Both variable-base scalar mul and Sinsemilla use double-and-add with
incomplete addition on a single row, but they do so in slightly
different ways. Some of these are intentional (needing to look up the
y-coordinate vs constrain it), while others are accidental (different
concrete signs in otherwise-identical constraints that make their ASTs
incompatible).
The new `DoubleAndAdd` helper struct extracts the logic that is common
to both implementations, specifically the helper definitions of `x_r`
and `Y_A`. In a future breaking change, we can refactor both gadgets to
share more of this logic, so we are defining the incomplete addition
logic in fewer places.
2022-05-10 20:04:30 +00:00
144d082528
halo2_gadgets: Refactor complete addition constraints
...
We also fix several typos in the constraint analysis on the complete
addition book page, and adjust the constraints table for readability.
2022-05-10 00:20:00 +00:00
342ebdd15e
halo2_gadgets: Fix return type of `ecc::chip::FixedPoint::u`
...
This trait method was previously preventing the trait to working with
fields that encode to more than 256 bits.
2022-05-10 00:20:00 +00:00
3486703bd2
halo2_gadgets: Refactor fixed-base scalar mul gadget APIs
...
The new `EccInstructions` instructions, and the corresponding changes to
existing instructions, enable chips to choose when to witness or constrain
the scalars, and simplify scalar reuse (though reuse is not implemented
for `EccChip` yet).
`FixedPoint::mul` and `FixedPointShort::mul` now has the same API style
as `NonIdentityPoint::mul`.
2022-05-09 15:48:55 +00:00
6145b1417c
halo2_gadgets: Move `primitives::*` to `*::primitives`
2022-05-09 05:43:34 +00:00
96d4a31d39
halo2_gadgets: Batch inversions in `SinsemillaChip::hash_to_point`
...
This saves around 3.7% in proving time for a 2-action Orchard bundle on
a Ryzen 9 5950X.
2022-05-08 03:28:34 +00:00
03697e2a7d
book: Rewrite Sinsemilla gadget page
...
The book now has enough detail for it to be obvious why there are
factors of 2 present in several equations.
2022-05-08 02:38:01 +00:00
dc2ec0308d
halo2_gadgets: Deduplicate some Sinsemilla chip expressions
2022-05-08 02:38:01 +00:00
6444ccc16f
halo2_gadgets: Tidy up and document MerkleCRH implementation
2022-05-08 02:38:01 +00:00
3bed5725e5
Use `MessagePiece::from_subpieces` in `MerkleChip::hash_layer`
...
Several structs now impl `PartialEq, Eq` due to requirements of the
`MessagePiece::from_subpieces` impl.
2022-05-08 02:20:42 +00:00
0d978f0fc4
halo2_gadgets: Generalise `MerklePath` beyond two `MerkleChip`s
2022-05-07 23:03:30 +00:00
3c6ffb66cf
Address comments from code review.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2022-05-06 23:28:20 +08:00
5fd0834503
Introduce ScalarVar::new and ScalarVar::from_base gadget APIs.
2022-05-05 21:33:43 +02:00
1c877f3caf
ecc::chip: Introduce ScalarVar enum.
2022-05-05 21:14:21 +02:00
6f2fc57b3c
Rename FixedPoint::ScalarKind -> FixedPoint::FixedScalarKind.
2022-05-05 21:14:21 +02:00
5ebfe91eee
Introduce ecc::BaseFitsInScalarInstructions trait.
2022-05-05 21:14:20 +02:00
cbf3d6a7f6
EccInstructions: introduce witness_scalar_var() instruction.
2022-05-05 21:14:20 +02:00
6d83db719e
EccInstructions::mul: take Self::ScalarVar instead of Chip::Var.
2022-05-05 21:14:20 +02:00
b2e2b9b081
Merge pull request #568 from zcash/circuit-review
...
Changes from Orchard circuit review
2022-05-05 16:03:31 +01:00
3800de5918
Rename `RangeConstrained::subset_of` to `bitrange_of`
2022-05-04 23:52:15 +00:00
e04c8bfb4b
Migrate to `ff 0.12`
2022-05-04 23:36:18 +00:00
97864d714e
halo2_gadgets: Add `MessagePiece::from_subpieces`
...
We introduce a new `RangeConstrained` newtype wrapper for tracking the
number of bits to which some type has been constrained.
2022-05-02 16:04:02 +00:00
7d15fa3db5
sha256: Simplify single-constraint gates
...
`Option<T>` implements `IntoIterator<Item = T>`, so we don't need to
wrap it in an explicit iterator.
2022-04-27 20:12:03 +00:00
f2d1f1d56a
sha256: Add `InitialRound` and `MainRoundIdx` structs
...
This enables the runtime `assert!(matches!(..))` on `RoundIdx` to be
replaced by type system checks.
2022-04-27 20:12:03 +00:00
f4675997bc
Fix some clippy lints
2022-04-27 12:58:16 +00:00
ebfull
Jack Grigg
therealyingtong
Daira Hopwood
Kris Nuttycombe