Jack Grigg
9117273c08
Fix bug in `Builder` initialization of `Circuit` struct
...
`rcv` was being used correctly outside the circuit to derive `cv_net`
but then `Circuit` was just storing 0. The `round_trip` test passed
because it uses `rcv = 0` everywhere.
2021-07-28 22:51:43 +01:00
Jack Grigg
a33d1bd90f
Add circuit benchmarks and (on Unix) flamegraphs
...
- Benchmarks: `cargo bench`
- Flamegraphs: `cargo bench -- --profile-time 100`
2021-07-28 15:09:31 +01:00
Jack Grigg
513f3cf8a6
Make `Builder::build` public
2021-07-28 14:37:12 +01:00
Jack Grigg
01fbd59683
Move proof creation out of `Builder::build`
2021-07-28 14:37:12 +01:00
Jack Grigg
6b495f711a
Extract InProgress type from Unauthorized and PartiallyAuthorized
...
This enables bundle proofs and signatures to be handled separately
outside the builder.
2021-07-28 13:48:03 +01:00
str4d
078b71a960
Merge pull request #165 from daira/bump-halo2
...
Update to assign_table API.
2021-07-27 21:29:27 +01:00
Jack Grigg
6185d8e295
Bump halo2 revision to include `Layouter::assign_table`
2021-07-27 20:54:48 +01:00
Daira Hopwood
145da9c510
Update to assign_table API.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 18:32:32 +01:00
str4d
a273307661
Merge pull request #164 from daira/book-decomposition
...
[book] decomposition.md: avoid introducing `m` when we already have `range`
2021-07-27 17:10:50 +01:00
Daira Hopwood
b2e25b5ac3
[book] decomposition.md: avoid introducing `m` when we already have `range`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 17:06:36 +01:00
ying tong
ee878ddc57
Merge pull request #162 from zcash/book-merge-lookups
...
[book] Merge lookup arguments for normal and short variants
2021-07-27 23:34:28 +08:00
ying tong
d8743b8870
Merge pull request #161 from zcash/merge-lookups
...
Merge lookup arguments in `lookup_range_check` helper.
2021-07-27 23:34:15 +08:00
ying tong
0bb4a7fd71
[book] decomposition.md: Formatting and phrasing fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-27 23:29:11 +08:00
ying tong
1c2ab16a15
Merge pull request #163 from zcash/book-notecommit-fixes
...
book: Fixes to NoteCommit page
2021-07-27 23:10:29 +08:00
therealyingtong
d3a7e9ed39
lookup_range_check: Merge running sum and short lookup arguments.
...
The lookup running sum decomposition uses the same lookup table as
its short variant. These two lookup arguments have been merged.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 09:50:17 +01:00
str4d
bb90f2eb7d
Merge pull request #101 from zcash/action-circuit
...
Action circuit
2021-07-27 09:49:23 +01:00
str4d
620e227854
Fix y-coordinate recovery in NoteCommit tests
2021-07-27 09:27:33 +01:00
therealyingtong
3f506a0129
circuit.rs: Minor cleanups and column optimisations.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 15:41:26 +08:00
therealyingtong
664125f44f
commit_ivk::tests: Check value of output ivk against expected ivk.
2021-07-27 15:33:13 +08:00
therealyingtong
fa135fe62e
note_commit::tests: Constrain output of NoteCommit to expected point.
2021-07-27 15:23:00 +08:00
therealyingtong
ac5404a943
[book] note-commit.md: Update NoteCommit gate region layout.
...
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
2021-07-27 13:56:10 +08:00
therealyingtong
7aa3174880
sinsemilla::note_commit: Improve NoteCommit gate layout.
...
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
This commit also includes several minor fixes:
- use strict mode for decomposition of j in y-coordinate check;
- Name All Polynomial Constraints;
- remove point_repr() helper function;
- variable renaming and docfixes.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 13:51:35 +08:00
therealyingtong
920fe64399
[book] note-commit.md: Document substitution of k_1 with z1_j.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 12:53:41 +08:00
therealyingtong
e4a960d7f1
sinsemilla::note_commit: Simplify y canonicity check region layout
...
Instead of separately witnessing k_1 and equating it to z1_j, we
can directly make use of z1_j in the gate. This allows us to fit
the region into a 5 x 2 area, improving the layout.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 12:49:42 +08:00
Jack Grigg
9ef46ae4ee
book: Fixes to NoteCommit page
...
Noticed during review.
2021-07-27 05:34:36 +01:00
therealyingtong
65ff84da0a
[book] decomposition.md: Merge lookup arguments for normal and short variants.
2021-07-27 11:56:18 +08:00
Daira Hopwood
29fe6e14fc
Merge pull request #148 from daira/daira-book-addition
...
[book] Fixes to the completeness arguments for cases of complete addition, and a fix to the last step of variable-base scalar multiplication
2021-07-27 02:10:49 +01:00
Daira Hopwood
a6badba32f
[book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: we always do addition (possibly of the zero point) at the end of variable-base scalar mul.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 02:01:21 +01:00
Daira Hopwood
7895a2a082
[book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: more formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 02:01:05 +01:00
Daira Hopwood
3dfefe0e85
[book] src/design/circuit/gadgets/ecc/addition.md: correctness and clarity.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:51:37 +01:00
Daira Hopwood
3ed388e6bb
[book] src/design/circuit/gadgets/ecc/addition.md: formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:51:28 +01:00
ying tong
4229ba1dec
Merge pull request #134 from zcash/book-sinsemilla-inputs
...
[book] Document decomposition and canonicity checks for Sinsemilla inputs
2021-07-27 03:29:13 +08:00
therealyingtong
b3ccd3f0dd
Use halo2 selector optimizations.
2021-07-27 03:14:34 +08:00
therealyingtong
65ccf80560
sinsemilla::note_commit: Check canonicity of y(g_d), y(pk_d).
...
Even though we only use the LSB of the y-coordinates as inputs to
the Sinsemilla hash, we still have to check that they are consistent
with the g_d and pk_d points that were passed in.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 03:13:54 +08:00
therealyingtong
f1ccc58d9a
[book] note-commit.md: y-coordinate canonicity constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:56:17 +08:00
ying tong
3833d665de
[book] Clarify upper bounds in canonicity shift constraints.
2021-07-26 12:05:25 +08:00
ying tong
14b8d9b048
[book] note-commit.md: 2^140 -> 2^130 in psi check.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-26 11:12:42 +08:00
ying tong
453681f309
[book] commit-ivk.md: Update region layout to use 9 advice columns.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-26 11:09:47 +08:00
therealyingtong
57f23d9f17
sinsemilla::commit_ivk: Fix two_pow_5 constraint bug.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-26 10:05:15 +08:00
Jack Grigg
0375c64801
[book] Update NoteCommit page to match Commit^ivk style
...
Constraint tables have been added along with the region layout. I also
fixed numerous bugs in the constraints (most of which appeared to be
copy-pasta bugs).
2021-07-26 02:05:35 +01:00
Jack Grigg
5aa05713e7
[book] Use \CommitIvk macro in page heading
...
We can't use KaTeX on the SUMMARY page that generates the sidebar, so
that continues to use a CamelCase approximation.
2021-07-26 02:05:35 +01:00
Jack Grigg
f376a61bb8
[book] Add macros, constraint tables, and region layout to Commit^ivk
...
I also merged in content from a page I wrote independently while
reviewing the Action circuit PR, and made various cleanups to the
Markdown source.
2021-07-26 02:05:35 +01:00
Daira Hopwood
4a5a4cc437
[book] merkle-crh.md: formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-26 02:05:35 +01:00
Daira Hopwood
ed20d539b2
[book] merkle-crh.md: corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-26 02:05:35 +01:00
Daira Hopwood
47a29f10aa
[book] Document NoteCommit message decomposition & canonicity checks
2021-07-26 02:05:35 +01:00
Daira Hopwood
2846593937
[book] Document CommitIvk message decomposition & canonicity checks
2021-07-26 02:05:35 +01:00
Daira Hopwood
9708e296c8
[book] Document Merkle chip layout and message decomposition.
2021-07-26 02:05:35 +01:00
therealyingtong
5b63550f50
sinsemilla::note_commit: Check that g1_g2_prime < 2^130 instead of 2^140.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-25 21:56:55 +08:00
ying tong
9a44a14863
Merge pull request #160 from zcash/book-recombine-sinsemilla-selectors
...
[book] Recombine Sinsemilla q_S1, q_S2, q_S3 selectors.
2021-07-25 21:16:12 +08:00
therealyingtong
d9351df544
sinsemilla::commit_ivk: Use 9 advice columns instead of 10
...
Change the region layout to only use 9 advice columns instead of 10.
Also rename variables to match the book.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-25 21:10:13 +08:00