str4d
93a7f1db22
Merge pull request #126 from zcash/proof-verification
...
Add `Bundle<Authorized, _>::verify_proof` API
2021-06-21 15:39:09 +01:00
Jack Grigg
62642fd804
Add `Bundle<Authorized, _>::verify_proof` API
2021-06-21 13:38:43 +01:00
therealyingtong
bd08808566
SinsemillaChip::configure(): Merge "Initial y_q" gate with main gate
...
This allows the MockProver to see the fixed_y_q query as semantically
connected to q_sinsemilla1.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 20:56:56 +08:00
Jack Grigg
a01c2ee829
test: Print layout for Sinsemilla test circuit
2021-06-20 11:51:33 +01:00
str4d
5f5238f411
Doc comment fixes
2021-06-20 11:30:43 +01:00
therealyingtong
002596f6cd
Docfixes and cleanups.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 12:11:01 +08:00
therealyingtong
744f3d1653
SinsemillaChip::configure(): Combine and label gates.
...
The gates "Secant line" and "Sinsemilla gate" were using the same
selectors and could be combined.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 11:26:59 +08:00
therealyingtong
eccd72fcd0
hash_piece(): Remove (correct) duplicate assignment of x_a.
...
hash_piece() is an internal API, which means its caller hash_message()
is working in the same region. We rely on the caller to have already
assigned each piece's initial x_a at the correct offset before making
the call to hash_piece().
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 11:14:02 +08:00
therealyingtong
9ce29d9d4d
hash_to_point(): Introduce final_piece boolean flag
...
This toggles the assignment of q_s2 on the last row of each piece.
We assign q_s2 = 2 on the last row of the final piece, and q_s2 = 0
on the last row of other pieces.
This allows us to process the final_piece in the main loop together
with the other pieces.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 11:00:14 +08:00
therealyingtong
031bb0bc87
SinsemillaChip::configure(): Introduce closures for Y_A and x_r
...
These expressions are derived multiple times in the gates.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 10:43:24 +08:00
therealyingtong
9072ed437d
generator_table.rs: Fix bug in y_p lookup expression.
...
Also, GeneratorTable::configure() was not being called in the main
SinsemillaChip::configure(), which meant the lookup argument had
not been activated. This has now been fixed.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 10:34:03 +08:00
Daira Hopwood
3543bab39d
Merge pull request #82 from zcash/book-sinsemilla-gadget
...
[book] Add Sinsemilla gadget description
2021-06-20 01:07:58 +01:00
therealyingtong
2f6ca9e6de
generator_table.rs: Enforce z_n = 0 for the last message piece.
2021-06-19 22:39:19 +08:00
Daira Hopwood
9adeead975
[book] Make the order of advice columns for Sinsemilla the same as in the code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 15:35:34 +01:00
Daira Hopwood
9dc909e842
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:37:07 +01:00
Daira Hopwood
2a8fe30fa8
[book] Clarify that x_Q, z_0, z'_0, etc. are copied in using equality constraints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:32:11 +01:00
therealyingtong
158ab865f8
gadget::sinsemilla.rs: Add Sinsemilla test.
2021-06-19 18:17:11 +08:00
therealyingtong
eba2172f4f
chip::hash_to_point.rs: Implement hash_to_point instruction.
2021-06-19 18:17:10 +08:00
therealyingtong
f122e481a7
sinsemilla::chip.rs: Configure Sinsemilla gates.
2021-06-19 18:17:09 +08:00
therealyingtong
7cddc9b587
sinsemilla::chip.rs: Implement witness_message_* APIs.
...
witness_message() witnesses a full message given a bitstring.
The other two APIs, witness_message_piece_bitstring() and
witness_message_piece_field(), both witness a message piece, i.e.
part of a message that fits within a single base field element.
witness_message_piece_bitstring() takes in a bitstring, while
witness_message_piece_field() takes in a field element. In the
latter case, the number of words encoded must be specified.
2021-06-19 18:14:22 +08:00
therealyingtong
74e617b46d
chip::generator_table.rs: Load Sinsemilla generator lookup table.
...
The 2^K table of generators used in the Sinsemilla hash. These
are loaded into a lookup table.
2021-06-19 18:14:22 +08:00
therealyingtong
ebb7dae063
sinsemilla::chip.rs: Add Sinsemilla chip.
...
The chip that will implement SinsemillaInstructions.
2021-06-19 18:14:22 +08:00
therealyingtong
e2859df4eb
sinsemilla::message.rs: Add message module.
...
This defines a Sinsemilla message in terms of pieces and subpieces.
This is useful when decomposing field elements and packing them
into K-bit messages.
2021-06-19 18:14:22 +08:00
therealyingtong
af2ac762f4
gadget::sinsemilla.rs: Add Sinsemilla instructions.
...
SinsemillaInstructions has two const generic parameters: K, which
is the number of bits in each word of the hash, and MAX_WORDS,
which is the maximum number of words the hash can process.
For Orchard, K = 10, MAX_WORDS = 253.
2021-06-19 18:14:22 +08:00
therealyingtong
83eddd8857
ecc::chip.rs: Add Point::from_coordinates_unchecked() API
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-19 18:14:22 +08:00
Daira Hopwood
48573705dc
[book] Adjust the definition of m_{i+1} so that the last z_n does not need to be constrained to 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 08:53:41 +01:00
Daira Hopwood
22036e9f41
[book] More formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:49:46 +01:00
Daira Hopwood
aac10b816f
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:45:50 +01:00
Daira Hopwood
dc021a2ef1
[book] Merge two similar paragraphs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:20:09 +01:00
Daira Hopwood
82316b607b
[book] Update the Sinsemilla constraints to handle the gap between field elements correctly.
...
This also changes i to be zero-based, which is more consistent with the spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:12:48 +01:00
Daira Hopwood
4cd0082294
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-18 21:27:55 +01:00
str4d
0b6bd66714
Merge pull request #120 from daira/fix-clippy-lints
...
Fix clippy lints
2021-06-16 20:24:02 +01:00
Daira Hopwood
1c19bea842
Fix clippy lints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-16 19:13:40 +01:00
str4d
37b1b7f357
Merge pull request #119 from zcash/anchor-serialization
...
Anchor serialization APIs
2021-06-15 16:25:36 +01:00
Jack Grigg
5264d53498
impl Copy for Anchor
2021-06-15 15:42:06 +01:00
Jack Grigg
019ae7da8e
Anchor::{from_bytes, to_bytes}
2021-06-15 15:41:57 +01:00
Daira Hopwood
e412a5a25b
Merge pull request #115 from zcash/anchor-type
...
Store anchors as pallas::Base instead of [u8; 32]
2021-06-15 14:18:48 +01:00
str4d
f7c64e0437
Merge pull request #117 from zcash/change-dep-patching
...
Use patches for halo2 and zcash_note_encryption dependencies
2021-06-15 01:09:18 +01:00
Jack Grigg
5759d66470
Use patches for halo2 and zcash_note_encryption dependencies
...
While these two are in flux, it's hard to keep these revisions consistent
(e.g. https://github.com/zcash/zcash/pull/5217 currently depends on two
different versions of zcash_note_encryption). Using patches allows the
downstream users (i.e. zcashd) to define its own set of patches, and keep
everything in sync. This works fine now because we aren't actively making
changes to the public APIs, only additions.
2021-06-14 23:17:15 +01:00
str4d
63ca1f8d3a
Merge pull request #116 from zcash/signature-validation
...
Signature validation APIs
2021-06-14 22:42:36 +01:00
Jack Grigg
e90a5972f1
redpallas: Expose batch validation API
2021-06-14 21:41:12 +01:00
Jack Grigg
eec17a9174
Add a `Bundle::binding_validating_key` method
...
This derives the `bvk` for validating `Authorized::binding_signature`.
2021-06-14 21:40:28 +01:00
ebfull
ee26116fcf
Merge pull request #114 from zcash/util-range-check
...
utilities::lookup_range_check: Add LookupRangeCheck helper
2021-06-14 10:56:52 -06:00
therealyingtong
f5bf0c1ef3
lookup_range_check.rs: Docfixes and minor refactors.
2021-06-15 00:18:38 +08:00
therealyingtong
60861b7245
sinsemilla::constants.rs: Add INV_TWO_POW_K = 1 / 2^K constant.
2021-06-15 00:18:38 +08:00
str4d
1182d8d5a7
Merge pull request #99 from zcash/note-encryption
...
Note encryption
2021-06-14 17:16:54 +01:00
ebfull
4a52d771b1
Merge pull request #113 from zcash/constants-concrete-type
...
`constants::load.rs`: Use concrete `pallas::Affine` type for generators
2021-06-14 09:25:17 -06:00
ebfull
83b76333d3
Merge pull request #107 from zcash/ecc-chip
...
[ECC chip] Incomplete and complete addition
2021-06-14 09:07:34 -06:00
therealyingtong
beaf4490f1
sinsemilla.md: Correct y_{A,i} and y_{P,i} formulas in gate specification
2021-06-14 21:30:51 +08:00
therealyingtong
c25526e216
lookup_range_check.rs: Delete wrong comment.
2021-06-14 19:55:51 +08:00