Jack Grigg
01d241df7c
Rename some bundle and action variables to match the protocol spec
2021-04-22 16:38:17 +12:00
Jack Grigg
5dbcbf28fb
Bundle Authorization transformations
2021-04-22 16:37:31 +12:00
str4d
ea278aafcb
Merge pull request #63 from zcash/note-commitment-updates
...
Note commitment updates
2021-04-22 01:23:05 +01:00
Jack Grigg
bdaf9d06cc
clippy: Allow binary operators in IncompletePoint addition
...
It's not suspicious, it's constant time! :D
2021-04-22 12:09:32 +12:00
Jack Grigg
09e70cb6e3
Improve performance of IncompletePoint addition
...
We only need to track the occurrence of any edge cases, and we can do so
without expensive inversions at every addition step, by instead
performing the checks on the projective form directly.
2021-04-22 12:01:59 +12:00
Jack Grigg
3cadb7bb48
Update reddsa dependency
...
Earlier in this PR we updated the pasta_crate with a small refactor. The
updated crate also had a separate bugfix to the GroupHash implementation
which caused generators to change. Rust happily pulled in both versions
of pasta_curves, causing the ValueCommit proptests to fail because bsk
was generated with different bases in this crate and reddsa.
2021-04-22 11:12:34 +12:00
str4d
31d1a67837
Expand documentation of conditions on SpendingKeys
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 23:28:32 +01:00
str4d
edffeb870e
Merge pull request #69 from daira/daira-zeros
...
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard
2021-04-21 20:19:35 +01:00
Daira Hopwood
18bc70afa2
[Book] Explain the decision to exclude zero points and scalars for KA.Orchard. fixes #62
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 18:38:25 +01:00
Daira Hopwood
f5bab61f81
Update nullifier explanation to include Extract_P.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 18:25:31 +01:00
str4d
b88e77dd56
Merge pull request #59 from zcash/valuecommit
...
Implement ValueCommit^Orchard
2021-04-20 20:45:19 +01:00
Jack Grigg
c7b9ce0ea9
Fix a clippy lint
...
This was leftover after an intermediate refactor that introduced
`hash_to_point_inner`.
2021-04-20 23:57:59 +12:00
Jack Grigg
b1286b4e94
Fix bundle::Action to hold cmx instead of cm
2021-04-20 10:26:58 +12:00
Jack Grigg
c08d12cc52
Use incomplete addition in SinsemillaHashToPoint
...
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:
- When we generate keys or notes, if we encounter ⊥ we discard and
re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
from bytes), we check for and reject ⊥.
2021-04-20 10:05:56 +12:00
Jack Grigg
907ff46078
Simulate incomplete addition
...
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
2021-04-20 10:04:44 +12:00
therealyingtong
96d60b3f13
Move addition sections into ecc.rs
2021-04-17 12:53:10 +08:00
Steven Smith
07accbc9ab
Changing TGPPL references to BOSL
2021-04-16 09:24:18 -07:00
Jack Grigg
badaf23f25
Implement ValueCommit^Orchard
2021-04-15 17:08:06 +12:00
ying tong
cd809c57dc
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-04-09 16:53:35 +08:00
ying tong
137066e056
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-09 16:51:14 +08:00
str4d
4b05c20a2d
Merge pull request #53 from daira/daira-unifiedaddrs
...
Orchard book: minimal description of unified addresses
2021-03-31 11:03:27 +13:00
ebfull
58a6aa3849
Merge pull request #56 from zcash/more-poseidon-const-generics
...
Use const generics for poseidon::ConstantLength
2021-03-30 09:53:05 -06:00
Jack Grigg
4c34a61c57
Use const generics for poseidon::ConstantLength
2021-03-30 14:13:15 +13:00
str4d
92cfa372e0
Merge pull request #44 from zcash/note-structure
...
Note structure
2021-03-30 14:01:56 +13:00
Jack Grigg
0f8c5b7dd3
Document TODO for SinsemillaShortCommit usage
...
https://github.com/zcash/orchard/issues/55
2021-03-30 13:55:29 +13:00
Jack Grigg
3b14cfc133
Fix link to NU5 protocol spec draft
2021-03-30 13:54:23 +13:00
Jack Grigg
5646ada113
Make nk the first argument to Nullifier::derive
...
This more closely matches DeriveNullifier in the spec.
2021-03-30 13:52:20 +13:00
therealyingtong
c074990bb9
[book] Document ECC gadget in circuit
2021-03-29 14:01:05 +08:00
Daira Hopwood
0191fa0a47
Orchard book: minimal description of unified addresses.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-27 17:08:39 +00:00
str4d
d61b9b939c
Merge pull request #52 from zcash/poseidon-const-generics
...
Refactor Poseidon primitive to use const generics
2021-03-26 15:25:33 +13:00
Jack Grigg
061ad0656b
Refactor Poseidon primitive to use const generics
2021-03-26 09:07:38 +13:00
Jack Grigg
c756657bd2
Set MSRV to 1.51.0
...
Yay const generics!
2021-03-26 08:13:25 +13:00
Jack Grigg
0f6eb9ca6c
Nullifier derivation
2021-03-26 07:51:05 +13:00
Jack Grigg
1a37ca492d
Extract spec::mod_r_p helper from spec::commit_ivk
2021-03-26 07:51:05 +13:00
Jack Grigg
680c917ce6
Note commitment derivation
2021-03-26 07:51:05 +13:00
str4d
ee2bfa7f43
Merge pull request #41 from zcash/poseidon-primitive
...
Poseidon primitive
2021-03-26 07:36:45 +13:00
str4d
df5e0d92f3
Merge pull request #46 from zcash/sinsemilla-api
...
Generalise Sinsemilla API
2021-03-24 17:37:36 +13:00
therealyingtong
a2c1bfb52a
Remove unnecessary clone()
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:30:03 +08:00
therealyingtong
9c75839e62
Minor changes
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:25:28 +08:00
therealyingtong
7a210fabf3
Store HashDomain in CommitDomain
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:11:13 +08:00
therealyingtong
18fba2a62e
Add getters for Q() and R()
2021-03-24 12:10:37 +08:00
therealyingtong
873e1b7d7e
Call hash_to_curve() only when constructing new domain
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:10:37 +08:00
ying tong
946b50ebfe
Add documentation
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-03-24 12:09:11 +08:00
therealyingtong
a3134e34c5
Introduce HashDomain and CommitDomain traits
...
Co-authored-by: Jack Grigg <thestr4d@gmail.com>
2021-03-24 12:09:11 +08:00
therealyingtong
ee969a64a8
Add Sinsemilla constants
2021-03-24 12:09:11 +08:00
str4d
7c8098ad43
Merge pull request #50 from zcash/key-derivation-benchmark
...
Add small key derivation benchmarks
2021-03-24 17:05:36 +13:00
Jack Grigg
b8f02c3b32
Temporarily allow dead code
...
This will make the lints more useful while we are implementing the
Orchard protocol.
2021-03-20 18:31:22 +13:00
Jack Grigg
f18ffa63d5
Add small key derivation benchmarks
2021-03-20 18:19:51 +13:00
str4d
e0a2141888
Merge pull request #48 from zcash/pasta-curves
...
Use the pasta_curves crate directly
2021-03-19 08:35:00 +13:00
Jack Grigg
1ceb60379f
poseidon: Clarify that R_F must be even
2021-03-18 16:47:06 +13:00