Jack Grigg
8a7ff1b28a
Structs representing note encryption key material
2021-06-11 23:54:35 +01:00
Jack Grigg
6823272cfe
Add zcash_note_encryption to dependencies
2021-06-11 23:54:35 +01:00
str4d
0ead91a88c
Merge pull request #110 from zcash/tree-logic
...
Implement tree logic in Builder
2021-06-11 21:39:40 +01:00
str4d
bd30783a52
Make `hash_layer` comment a doc comment
...
This way, it renders with `cargo doc --document-private-items`
2021-06-11 20:46:30 +01:00
str4d
d8f2af8983
Simplify `gen_const_array` implementation
...
Also includes a performance improvement to `i2lebsp_k`.
2021-06-11 20:46:30 +01:00
str4d
b85c5207a1
Merge pull request #112 from zcash/book-uncommitted-leaves
...
[book] commitment-tree.md: Update Uncommitted^Orchard from 0 -> 2.
2021-06-11 15:50:40 +01:00
str4d
8464df6e46
Merge pull request #108 from zcash/102-sign-with-rsk
...
builder: Store alpha and use it to derive rsk for signing spends
2021-06-11 14:42:16 +01:00
therealyingtong
0e9726ae69
tree.rs: Use 2 as uncommitted leaf and check against test vectors.
2021-06-11 20:24:55 +08:00
therealyingtong
ab454f4fb2
[book] commitment-tree.md: Update Uncommitted^Orchard from 0 -> 2.
2021-06-11 18:45:25 +08:00
therealyingtong
380128ed49
tree::MerklePath: Add postion() and auth_path() getters.
2021-06-10 16:55:49 +08:00
therealyingtong
b3daeb0861
tree::testing: Fix and test arb_tree().
2021-06-10 13:54:42 +08:00
therealyingtong
2d0afe9357
constants.rs: Introduce L_ORCHARD_MERKLE constant
...
Also test that L_ORCHARD_BASE, L_ORCHARD_SCALAR, L_ORCHARD_MERKLE
are consistent with the Pallas curve.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-10 10:33:06 +08:00
therealyingtong
e8e22886f4
tree.rs: MerklePath.root(): Fix missing bitmask in swap calculation
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-10 10:29:08 +08:00
therealyingtong
18535894d6
constants::util.rs: Factor out gen_fixed_array() method.
2021-06-10 10:03:15 +08:00
therealyingtong
7818291118
primitives::sinsemilla.rs: Optimize and test i2lebsp_k
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-09 23:50:59 +08:00
therealyingtong
8f8eff23d8
Update proptests to generate Merkle paths
2021-06-08 22:38:11 +08:00
therealyingtong
b33248bdb0
src::tree.rs: Implement MerklePath.root() method.
...
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
2021-06-08 22:31:24 +08:00
str4d
e21f133862
Merge pull request #109 from zcash/halo2-bump
...
Migrate to latest version of halo2
2021-06-07 20:03:23 +01:00
Jack Grigg
94e730ad4c
Migrate to latest version of halo2
...
This brings in:
- Fixes and improvements to `MockProver`.
- Support for annotating constraints within gates.
- Removal of Selector rotations.
2021-06-07 19:49:25 +01:00
str4d
2be13bfa80
Merge pull request #89 from zcash/utils-chip
...
Chip for general utils
2021-06-07 19:40:56 +01:00
str4d
3ff307f946
docs: Clarify EnableFlagInstructions::enable_flag
2021-06-07 19:34:48 +01:00
therealyingtong
54c8cfd1d0
Documentation improvements and minor refactors.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-08 00:28:32 +08:00
therealyingtong
0f2dfc5508
Use UtilitiesInstructions::Var instead of internal associated type.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-08 00:20:09 +08:00
Jack Grigg
e0e082d265
test: Remove stray dbg!()
2021-06-05 22:39:57 +01:00
Jack Grigg
cbf7c3825f
builder: Store alpha and use it to derive rsk for signing spends
...
This was missed from zcash/orchard#49 , but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
2021-06-05 22:35:52 +01:00
str4d
cd1e72bbcd
Merge pull request #106 from zcash/refactor-constants
...
Refactor `constants` to add `constants::load`
2021-06-05 13:42:16 +01:00
str4d
243f862617
Fix clippy lints
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 13:18:14 +01:00
str4d
d3da71a4fd
Merge pull request #105 from zcash/constants-spend-auth-g
...
Add SpendAuthG fixed base
2021-06-05 12:09:51 +01:00
therealyingtong
40599144bf
utilities::plonk: Remove assumption that fixed columns default to 1
2021-06-05 15:33:12 +08:00
therealyingtong
6603e996ed
utilities::cond_swap: Directly witness swap bit
2021-06-05 15:32:43 +08:00
therealyingtong
9f27049c84
Add constants::load.rs
...
This makes it easier to load constants into the ECC chip.
2021-06-05 13:18:24 +08:00
therealyingtong
1d46a2d3e7
Add SpendAuthG fixed base.
...
Used in spend authority randomization where rk = ak + [alpha]SpendAuthG.
2021-06-05 13:16:56 +08:00
therealyingtong
f31b9feba0
utilities::enable_flag: Directly witness flag
2021-06-05 09:42:23 +08:00
str4d
7f097b8599
Merge pull request #104 from nuttycom/fix_point_gen
...
Avoid discards in arbitrary nullifier generation.
2021-06-05 00:43:47 +01:00
Kris Nuttycombe
6f3ac2cdcc
Avoid discards in arbitrary nullifier generation.
2021-06-04 17:36:50 -06:00
str4d
87a3d52641
Merge pull request #103 from zcash/bump-deps
...
Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1
2021-06-04 21:25:26 +01:00
Jack Grigg
bea8a9b7ff
Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1
2021-06-04 20:38:52 +01:00
therealyingtong
fea88c814c
Add enable flag chip
2021-06-04 18:08:59 +08:00
therealyingtong
4b0ea0be15
Add conditional swap chip
2021-06-04 18:08:59 +08:00
therealyingtong
4f87815262
Add standard PLONK chip
2021-06-04 18:08:59 +08:00
therealyingtong
4d8ae89aa9
Add Utilities chip
2021-06-04 18:08:59 +08:00
str4d
c5aa41e2e4
Merge pull request #86 from zcash/patch-fixed-mul
...
Update formula for fixed-base window tables.
2021-06-03 13:33:00 +01:00
str4d
505e003842
Merge pull request #28 from zcash/poseidon
...
Width-3 Poseidon chip
2021-06-03 12:38:16 +01:00
str4d
dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors
...
Add test vectors for key components
2021-06-02 22:23:54 +01:00
therealyingtong
fa9d8a992c
Update constants
2021-06-02 22:51:37 +08:00
therealyingtong
0636a6f2ec
Update window table formula.
...
Previously, the window table M for fixed-base scalar multiplication
computed M[w][k] = [(k+1)*(2^3)^w]B for each window w, where k is a
3-bit chunk in the scalar decomposition in the range [0..8).
However, in the case k_0 = 7, k_1= 0, the window table entries would
evaluate to:
* M[0][k_0] = [(7+1)*(2^3)^0]B = [8]B,
* M[1][k_1] = [(0+1)*(2^3)^1]B = [8]B,
which means the first addition would require complete addition.
To avoid this, we alter the formula to M[w][k] = [(k+2)*(2^3)^w]B.
We make a corresponding change to the formula for the last window
W. Previously, we had:
M[W][k] = [k * (2^3)^W - \sum((2^3)^j)]B, for j in [0..W-1).
Now, we have:
M[W][k] = [k * (2^3)^W - \sum(2^(3j+1))]B, for j in [0..W-1).
2021-06-02 22:51:37 +08:00
Jack Grigg
91db490e20
test: Add Poseidon test vectors
2021-06-01 18:36:11 +01:00
Daira Hopwood
5925852c7d
Add Poseidon test vector generated by the reference code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-01 18:36:11 +01:00
Jack Grigg
f5a4cc3550
poseidon::Hash gadget
2021-06-01 18:36:11 +01:00
Jack Grigg
38dd7b791d
PoseidonDuplexInstructions
2021-06-01 18:36:11 +01:00