Jack Grigg
84aa43fe8b
bench: Fix circuit benchmarks
...
Criterion's benchmark grouping does not match on group names; it only
groups benchmarks that are run prior to that specific benchmark group
instance being dropped. Since each benchmark group holds a mutable
reference to the criterion instance, this means we can't have multiple
active groups collecting measurements. Instead, we need to collect the
proving benchmarks for all recipient numbers, followed by verification
benchmarks.
2021-12-09 13:18:39 +00:00
str4d
99b767a3a1
Merge pull request #252 from zcash/circuit-pin-proof-size
...
circuit: Pin the proof size
2021-12-06 20:03:22 +00:00
Jack Grigg
fe7796b884
circuit: Ensure that the real proof length matches calculated length
2021-12-06 19:44:44 +00:00
Jack Grigg
e2c300368b
circuit: Pin the proof size
...
This is to ensure that if any future circuit changes are made, their
effect on the proof size (if any) will be noticed.
2021-12-06 18:01:55 +00:00
ebfull
53b68ea799
Merge pull request #249 from zcash/241-spendingkey-ct_eq
...
Replace `PartialEq, PartialOrd` with `ConstantTimeEq` on `{Extended}SpendingKey`
2021-12-02 11:45:44 -07:00
Jack Grigg
37f1bba998
Remove `PartialEq, PartialOrd` impls from `{Extended}SpendingKey`
2021-11-30 23:25:35 +00:00
Jack Grigg
674ceb54c8
`impl ConstantTimeEq for {Extended}SpendingKey`
2021-11-30 23:24:50 +00:00
str4d
68b790c7da
Merge pull request #239 from nuttycom/di_from_bytes
...
Add construction of DiversifierIndex directly from bytes.
2021-11-29 17:46:44 +00:00
Kris Nuttycombe
14c4b40dfc
Add construction of DiversifierIndex directly from bytes.
2021-11-24 18:09:25 -07:00
str4d
067e26822d
Merge pull request #238 from zcash/reddsa-0.1.0
...
Use reddsa 0.1 instead of the git dependency
2021-11-23 14:12:19 +00:00
Jack Grigg
1cd9e7d4d4
Use reddsa 0.1 instead of the git dependency
2021-11-19 23:10:46 +00:00
ying tong
dfcea20569
Merge pull request #218 from zcash/zcash_note_encryption-batchdomain
...
Migrate to `zcash_note_encryption::BatchDomain`
2021-11-17 15:13:57 +01:00
str4d
465afd162e
Merge pull request #229 from zcash/228-fix-ivk-to_bytes
...
Fix `IncomingViewingKey::to_bytes`
2021-11-17 13:30:54 +00:00
Jack Grigg
8c018eff7e
Migrate to `zcash_note_encryption::BatchDomain`
2021-11-17 12:15:21 +00:00
Jack Grigg
235cd791b4
Fix `IncomingViewingKey::to_bytes`
...
`slice::copy_from_slice` panics if the source and destination slices are
not the same length.
Closes zcash/orchard#228 .
2021-11-17 12:12:20 +00:00
str4d
d43ad00b8d
Merge pull request #223 from dconnolly/patch-1
...
Add `orchard::circuit::Instance::from_parts()`
2021-11-17 11:12:16 +00:00
Deirdre Connolly
568e24cd5f
Derive Clone for circuit::Instance
2021-11-04 23:30:57 -04:00
Deirdre Connolly
7412dfe79a
Update src/circuit.rs
...
Co-authored-by: str4d <thestr4d@gmail.com>
2021-11-04 17:54:30 -04:00
Deirdre Connolly
e51e92e848
Add `orchard::circuit::Instance::from_parts()`
2021-11-03 23:24:54 -04:00
ebfull
4f9c0be42e
Merge pull request #187 from zcash/poseidon-fq
...
primitives::poseidon: Add constants for Fq field modulus.
2021-10-15 08:29:01 -06:00
therealyingtong
c61524ea29
p128pow5t3::tests: Extract verify_constants_helper.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-10-12 11:58:27 +02:00
therealyingtong
2c97e56da7
Add hash() and permute() test vectors for Poseidon over Fq.
2021-10-12 11:58:27 +02:00
therealyingtong
f5775b6c6d
p128pow5t3.rs: Test against reference input for Fq field modulus.
2021-10-12 11:58:27 +02:00
therealyingtong
4eb4c57827
Impl Spec for P128Pow5T3 over Fq.
2021-10-12 11:58:27 +02:00
therealyingtong
764c445a81
Rename poseidon::nullifier -> poseidon::p128pow5t3.
2021-10-12 11:58:27 +02:00
therealyingtong
8e00f69d63
primitives::poseidon: Add constants for Fq field modulus.
2021-10-12 11:58:27 +02:00
str4d
2c8241f25b
Merge pull request #209 from zcash/circuit-bugfixes
...
Circuit bugfixes
2021-09-29 10:06:25 +13:00
Jack Grigg
631182fb77
Update selector columns in expected-failure tests
...
The addition of the non-identity selector caused the layouter to reorder
some of the selectors in the ECC gadget test circuit.
2021-09-28 21:49:06 +01:00
str4d
41066a310a
Merge pull request #208 from zcash/halo2-beta-1
...
Switch to halo2 0.1.0-beta.1
2021-09-29 09:12:15 +13:00
Daira Hopwood
d77cb82c8d
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-09-28 21:09:39 +01:00
Jack Grigg
d0056d9050
Test that we can't witness the identity as a NonIdentityPoint
2021-09-28 21:00:29 +01:00
Jack Grigg
608da3f686
Switch to halo2 0.1.0-beta.1
...
This is equivalent to the git revision we were previously patching.
2021-09-28 20:48:19 +01:00
Sean Bowe
ebfd919abc
Update circuit description.
2021-09-28 20:31:32 +01:00
str4d
aec3b1d52d
Remove unnecessary clones in closure
2021-09-28 20:31:32 +01:00
therealyingtong
52f53f3425
Remove IsIdentity trait from public EccInstructions.
...
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
c80ccba801
Witness cm_old using Point::new().
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
b0de6afd7c
Reintroduce Point::new() API and constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
Jack Grigg
751277cdb2
Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound
...
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
2021-09-28 13:13:25 -06:00
Jack Grigg
97c27e3d5a
Use complete addition in SinsemillaCommit
...
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
2021-09-28 13:13:25 -06:00
therealyingtong
8c8a12a8df
Minor fixes.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-28 13:13:25 -06:00
therealyingtong
fa560d3aee
Replace is_identity() instruction with IsIdentity trait.
2021-09-28 13:13:25 -06:00
therealyingtong
4a13ab4f6b
Docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
Daira Hopwood
6b6b515232
`hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>`
...
because any exceptional case is treated as an error, and therefore the identity cannot be returned.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
8ad3003e27
Remove Point::new() API and introduce is_identity() instruction.
...
Also remove the q_point selector and gate from the circuit.
2021-09-28 13:13:25 -06:00
therealyingtong
ec27989b9b
Clippy and formatting fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
a5a6e78d42
src/circuit.rs: Use NonIdentityPoint for all witnessed points.
...
The witnessed points are cm_old, g_d_old, pk_d_old, ak.
g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
cdcfcbc0c2
gadget::sinsemilla: Propagate changes to the Sinsemilla gadget.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
258fe5796b
ecc::chip: Propagate changes to sub-chips.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
df26a6c674
chip::witness_point.rs: Constraints for non-identity point.
...
The point_non_id() method returns an error if the given point is
the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
88eb762cf2
ecc::chip.rs: Introduce NonIdentityEccPoint struct.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00