therealyingtong
4f1f32dab0
Add Sinsemilla constants
2021-04-28 20:53:14 +08:00
therealyingtong
91fd290ffc
Add SWU hash-to-curve personalizations
2021-04-28 20:53:14 +08:00
Kris Nuttycombe
575f882b40
Merge pull request #72 from zcash/builder-prep
...
Builder preparations
2021-04-27 07:51:04 -06:00
Jack Grigg
497f7e0b86
Remove bundle::Unauthorized type
...
It is being replaced by context-specific unauthorized or
partially-authorized types. The only general type we need is Authorized
which is used in transactions.
2021-04-27 12:30:16 +12:00
Jack Grigg
316729302d
cargo fmt
2021-04-27 12:28:42 +12:00
Jack Grigg
a60051c8a2
Add from_raw constructors to NoteValue and ValueSum
...
These might be replaced later with APIs that can provide more useful
bounds checks, but we do need some way to construct these types.
2021-04-27 12:27:23 +12:00
Jack Grigg
52d87e257c
Return SpendingKey from Note::dummy
...
We need the spending keys to create valid spendAuth signatures for
Actions containing dummy spent notes.
2021-04-27 12:26:24 +12:00
Jack Grigg
5ec65c5d2a
Add a mutable context to Bundle::{try_}authorize
...
This enables us to work around lifetime restrictions on e.g. the
randomness source at signing time, where it is needed for both
per-Action and Bundle-level signatures.
2021-04-27 12:24:33 +12:00
Steven
5f4a56dc92
Merge pull request #61 from steven-ecc/change-tgppl-to-bosl
...
Adding BOSL and changing TGPPL references to BOSL
2021-04-26 16:42:00 -07:00
Steven
43d1bac11d
Update Cargo.toml
...
Co-authored-by: ebfull <ewillbefull@gmail.com>
2021-04-26 16:41:14 -07:00
Jack Grigg
29b3071c67
Fix doc comments for bundle flags
2021-04-27 09:10:32 +12:00
Kris Nuttycombe
36529629bc
Expose Flags constructor & accessors.
2021-04-27 09:04:03 +12:00
str4d
3dbebbe08b
Merge pull request #58 from zcash/proof-placeholder
...
Proving and verifying keys, and placeholder proof logic
2021-04-26 19:11:56 +01:00
str4d
0f6794f291
Merge pull request #70 from zcash/bundle-apis
...
Bundle APIs
2021-04-22 21:23:14 +01:00
Kris Nuttycombe
7d243ae60a
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-22 07:32:20 -06:00
Jack Grigg
4c4400cb63
Proving and verifying keys, and placeholder proof logic
2021-04-23 01:08:43 +12:00
Jack Grigg
f62bbbbb95
Small conversion helpers
2021-04-23 01:08:43 +12:00
Jack Grigg
35f65bb26a
Expose RedPallas rerandomization
2021-04-23 01:06:10 +12:00
str4d
0ccb0101df
Merge pull request #60 from zcash/dummy-notes
...
Dummy note generation
2021-04-22 14:04:50 +01:00
str4d
4db3b54c8b
Generate dummy nullifiers with the same distribution as real ones
...
The x-coordinates of Pallas points are not uniformly distributed base field elements.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-22 13:54:17 +01:00
Jack Grigg
dbfbc66ac7
Add NoteValue::zero as an alias for NoteValue::default
2021-04-23 00:46:39 +12:00
Jack Grigg
77121facb7
Dummy note generation
2021-04-23 00:46:39 +12:00
str4d
632fa8dcf2
Merge pull request #68 from daira/daira-nullifiers
...
[Book] Update nullifier explanation to include Extract_P
2021-04-22 05:50:01 +01:00
Jack Grigg
3c2e32e156
Add some internal doc comments
2021-04-22 16:39:36 +12:00
Jack Grigg
09cca41ffb
Add getters for bundle and action internals
2021-04-22 16:39:36 +12:00
Jack Grigg
f1ad9d08de
Bundle and action constructors
2021-04-22 16:39:26 +12:00
Jack Grigg
01d241df7c
Rename some bundle and action variables to match the protocol spec
2021-04-22 16:38:17 +12:00
Jack Grigg
5dbcbf28fb
Bundle Authorization transformations
2021-04-22 16:37:31 +12:00
str4d
ea278aafcb
Merge pull request #63 from zcash/note-commitment-updates
...
Note commitment updates
2021-04-22 01:23:05 +01:00
Jack Grigg
bdaf9d06cc
clippy: Allow binary operators in IncompletePoint addition
...
It's not suspicious, it's constant time! :D
2021-04-22 12:09:32 +12:00
Jack Grigg
09e70cb6e3
Improve performance of IncompletePoint addition
...
We only need to track the occurrence of any edge cases, and we can do so
without expensive inversions at every addition step, by instead
performing the checks on the projective form directly.
2021-04-22 12:01:59 +12:00
Jack Grigg
3cadb7bb48
Update reddsa dependency
...
Earlier in this PR we updated the pasta_crate with a small refactor. The
updated crate also had a separate bugfix to the GroupHash implementation
which caused generators to change. Rust happily pulled in both versions
of pasta_curves, causing the ValueCommit proptests to fail because bsk
was generated with different bases in this crate and reddsa.
2021-04-22 11:12:34 +12:00
str4d
31d1a67837
Expand documentation of conditions on SpendingKeys
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 23:28:32 +01:00
str4d
edffeb870e
Merge pull request #69 from daira/daira-zeros
...
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard
2021-04-21 20:19:35 +01:00
Daira Hopwood
18bc70afa2
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard. fixes #62
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 18:38:25 +01:00
Daira Hopwood
f5bab61f81
Update nullifier explanation to include Extract_P.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 18:25:31 +01:00
str4d
b88e77dd56
Merge pull request #59 from zcash/valuecommit
...
Implement ValueCommit^Orchard
2021-04-20 20:45:19 +01:00
Jack Grigg
c7b9ce0ea9
Fix a clippy lint
...
This was leftover after an intermediate refactor that introduced
`hash_to_point_inner`.
2021-04-20 23:57:59 +12:00
Jack Grigg
b1286b4e94
Fix bundle::Action to hold cmx instead of cm
2021-04-20 10:26:58 +12:00
Jack Grigg
c08d12cc52
Use incomplete addition in SinsemillaHashToPoint
...
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:
- When we generate keys or notes, if we encounter ⊥ we discard and
re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
from bytes), we check for and reject ⊥.
2021-04-20 10:05:56 +12:00
Jack Grigg
907ff46078
Simulate incomplete addition
...
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
2021-04-20 10:04:44 +12:00
Steven Smith
07accbc9ab
Changing TGPPL references to BOSL
2021-04-16 09:24:18 -07:00
Jack Grigg
badaf23f25
Implement ValueCommit^Orchard
2021-04-15 17:08:06 +12:00
str4d
4b05c20a2d
Merge pull request #53 from daira/daira-unifiedaddrs
...
Orchard book: minimal description of unified addresses
2021-03-31 11:03:27 +13:00
ebfull
58a6aa3849
Merge pull request #56 from zcash/more-poseidon-const-generics
...
Use const generics for poseidon::ConstantLength
2021-03-30 09:53:05 -06:00
Jack Grigg
4c34a61c57
Use const generics for poseidon::ConstantLength
2021-03-30 14:13:15 +13:00
str4d
92cfa372e0
Merge pull request #44 from zcash/note-structure
...
Note structure
2021-03-30 14:01:56 +13:00
Jack Grigg
0f8c5b7dd3
Document TODO for SinsemillaShortCommit usage
...
https://github.com/zcash/orchard/issues/55
2021-03-30 13:55:29 +13:00
Jack Grigg
3b14cfc133
Fix link to NU5 protocol spec draft
2021-03-30 13:54:23 +13:00
Jack Grigg
5646ada113
Make nk the first argument to Nullifier::derive
...
This more closely matches DeriveNullifier in the spec.
2021-03-30 13:52:20 +13:00