Daira Hopwood
c4bdab59e3
Improve the explanation of incomplete addition:
...
* use biimplication in the correctness argument to ensure both soundness and completeness;
* avoid introducing lambda at all; it's unnecessary and omitting it shortens the explanation.
Co-authored-by: Jack Grigg <str4d@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-02-03 22:06:05 +00:00
Jack Grigg
5202ec6eda
Integrate `halo2_gadgets` into the workspace
...
THe SHA-256 example gadget has been moved into the `halo2_gadgets` crate
behind an `unstable` feature flag.
2022-01-27 23:32:04 +00:00
Jack Grigg
7e9ced2eaa
Merge `halo2_gadgets` from zcash/orchard into halo2_gadgets-import
2022-01-27 23:08:35 +00:00
Jack Grigg
a2367abcaf
Migrate to `halo2_gadgets` crate in subdir
...
- The crate module structure from `orchard` has been flattened.
- The book pages we want to include in `halo2` have been moved to their
target location, to avoid any conflicts during the merge.
- Common files that already exist in zcash/halo2 have been removed.
2022-01-27 23:08:01 +00:00
Jack Grigg
c2866beb47
Delete Orchard-specific code, dependencies, and book pages
...
The tests do not compile as of this commit, due to Orchard-specific
constants being deleted, but everything else compiles.
Co-authored-by: ying tong <yingtong@z.cash>
2022-01-27 23:07:59 +00:00
Jack Grigg
3c6558f049
Move `halo2` code into `halo2_proofs` crate
2022-01-20 18:50:43 +00:00
str4d
408b617376
Merge pull request #397 from rex4539/typos
...
Fix typos
2021-12-31 14:14:34 +00:00
ying tong
2ab6e1b0d6
[book] Fix SHA256 interpolation polynomial
...
Closes #434
2021-12-23 22:07:09 +08:00
therealyingtong
e0a0a0d509
book: Introduce RangeCheck macro.
2021-11-30 09:30:43 -05:00
therealyingtong
303bdc3f65
Replace local bool_check expressions with utilities::bool_check().
2021-11-29 21:45:48 -05:00
Jack Grigg
fa61746526
book: Rename remaining UPA references to PLONKish
...
These were missed in zcash/halo2#320 .
2021-11-15 15:53:38 +00:00
Dimitris Apostolou
58e3793911
Fix typos
2021-11-12 03:40:53 +02:00
Jack Grigg
a222cdc6d4
book: Document Debian packages required for `dev-graph` feature flag
2021-11-10 16:22:20 +00:00
str4d
a635b7c25a
Merge pull request #375 from zcash/366-dev-graph-examples
...
Update `dev-graph` examples
2021-11-11 03:48:41 +13:00
Kris Nuttycombe
8cfff30cc7
Apply suggestions from code review
2021-10-26 07:56:25 -06:00
ying tong
3d2c0e429e
[book] Update link `upa.md` -> `plonkish.md`
...
Closes #367
2021-10-14 12:38:52 +02:00
zyd
bac1aa4e84
book: Fix typo
2021-10-06 20:43:21 +08:00
zyd
b12d03e815
book: Fix typo
2021-10-02 11:10:47 +08:00
Jack Grigg
5be597c3bc
book: Add example for `halo2::dev::circuit_dot_graph`
2021-10-01 16:01:24 +01:00
Jack Grigg
c9d890377c
book: Render example for `CircuitLayout`
2021-10-01 13:39:04 +01:00
Jack Grigg
e3e68bc5d7
book: Fix bugs in dev tools page
2021-10-01 13:39:04 +01:00
zyd
c09344a93e
book: Fix typo
2021-09-26 23:04:01 +08:00
3for
536279d075
book: Fix typo
2021-09-26 16:41:36 +08:00
3for
70ec164ccd
Merge branch 'zcash:main' into main
2021-09-26 14:55:22 +08:00
3for
bcc9d5834b
book: Fix typo
2021-09-26 14:55:07 +08:00
3for
c89ef70035
book: Fix typo
2021-09-22 18:34:37 +08:00
3for
45a251537a
book: Fix typo
2021-09-22 14:58:18 +08:00
zyd
e1a4be5728
book: Fix typo
2021-09-21 23:16:05 +08:00
Sean Bowe
424af080ba
Add formal protocol description and preliminaries.
2021-09-20 09:30:02 -06:00
zyd
9c945b982a
book: Fix typo
2021-09-19 22:47:20 +08:00
3for
10c0e59835
book: Fix typo
2021-09-18 18:38:04 +08:00
Jack Grigg
1a05398c30
book: Update rotations for Commit^ivk region
...
Matches the change made in zcash/orchard#169 .
2021-09-14 02:09:14 +01:00
str4d
9705ebf353
Merge pull request #182 from zcash/book-notecommit-optimisations
...
[book] Document NoteCommit region optimisations
2021-09-14 02:00:49 +01:00
Jack Grigg
3d7649c5b9
book: Move Sinsemilla constraints table to bottom of page
...
This moves it below the rationale for the lookup being degree-6.
2021-09-07 14:20:03 +01:00
Daira Hopwood
cc0ac1a744
note_commit.md: make the descriptions of range checks for k_0 and k_2 consistent with other short range checks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-07 02:39:46 +01:00
Daira Hopwood
462550a26b
note_commit.md: fix typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-07 02:26:40 +01:00
Daira Hopwood
030c7d1e30
note-commit.md: non-cosmetic improvements (summary, gate names, region layout for y constraints).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-07 01:45:12 +01:00
Daira Hopwood
c1dc97477e
note-commit.md: cosmetics and line wrapping.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-07 01:41:16 +01:00
Daira Hopwood
4c25e3c99d
note-commit.md: fix an erroneous constraint.
...
See https://github.com/zcash/orchard/pull/169/files#r700990376 .
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-02 12:23:48 +01:00
Daira Hopwood
9fcbe5dc1b
note-commit.md: missing h_0 in a layout diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 17:27:00 +01:00
Daira Hopwood
14081efe9b
note-commit.md: formatting fix.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 15:57:10 +01:00
therealyingtong
4082ee615f
[book] sinsemilla.md: Correct constraint degrees.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-08-17 00:07:30 +08:00
therealyingtong
a72d4d3a7f
[book] note-commit.md: Update field element regions.
2021-08-13 12:22:51 +08:00
therealyingtong
8d7bf509f2
[book] note-commit.md: Update message piece decomposition gates.
2021-08-13 01:19:30 +08:00
parazyd
1b0a22096b
book: Fix rendering of cost-model output.
...
This should stop html tags appearing inside the <code> tags.
2021-07-31 15:24:50 +02:00
Daira Hopwood
b2e25b5ac3
[book] decomposition.md: avoid introducing `m` when we already have `range`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 17:06:36 +01:00
ying tong
ee878ddc57
Merge pull request #162 from zcash/book-merge-lookups
...
[book] Merge lookup arguments for normal and short variants
2021-07-27 23:34:28 +08:00
ying tong
0bb4a7fd71
[book] decomposition.md: Formatting and phrasing fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-27 23:29:11 +08:00
therealyingtong
ac5404a943
[book] note-commit.md: Update NoteCommit gate region layout.
...
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
2021-07-27 13:56:10 +08:00
therealyingtong
920fe64399
[book] note-commit.md: Document substitution of k_1 with z1_j.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 12:53:41 +08:00
Jack Grigg
9ef46ae4ee
book: Fixes to NoteCommit page
...
Noticed during review.
2021-07-27 05:34:36 +01:00
therealyingtong
65ff84da0a
[book] decomposition.md: Merge lookup arguments for normal and short variants.
2021-07-27 11:56:18 +08:00
Daira Hopwood
a6badba32f
[book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: we always do addition (possibly of the zero point) at the end of variable-base scalar mul.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 02:01:21 +01:00
Daira Hopwood
7895a2a082
[book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: more formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 02:01:05 +01:00
Daira Hopwood
3dfefe0e85
[book] src/design/circuit/gadgets/ecc/addition.md: correctness and clarity.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:51:37 +01:00
Daira Hopwood
3ed388e6bb
[book] src/design/circuit/gadgets/ecc/addition.md: formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:51:28 +01:00
therealyingtong
f1ccc58d9a
[book] note-commit.md: y-coordinate canonicity constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:56:17 +08:00
ying tong
3833d665de
[book] Clarify upper bounds in canonicity shift constraints.
2021-07-26 12:05:25 +08:00
ying tong
14b8d9b048
[book] note-commit.md: 2^140 -> 2^130 in psi check.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-26 11:12:42 +08:00
ying tong
453681f309
[book] commit-ivk.md: Update region layout to use 9 advice columns.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-26 11:09:47 +08:00
Jack Grigg
0375c64801
[book] Update NoteCommit page to match Commit^ivk style
...
Constraint tables have been added along with the region layout. I also
fixed numerous bugs in the constraints (most of which appeared to be
copy-pasta bugs).
2021-07-26 02:05:35 +01:00
Jack Grigg
5aa05713e7
[book] Use \CommitIvk macro in page heading
...
We can't use KaTeX on the SUMMARY page that generates the sidebar, so
that continues to use a CamelCase approximation.
2021-07-26 02:05:35 +01:00
Jack Grigg
f376a61bb8
[book] Add macros, constraint tables, and region layout to Commit^ivk
...
I also merged in content from a page I wrote independently while
reviewing the Action circuit PR, and made various cleanups to the
Markdown source.
2021-07-26 02:05:35 +01:00
Daira Hopwood
4a5a4cc437
[book] merkle-crh.md: formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-26 02:05:35 +01:00
Daira Hopwood
ed20d539b2
[book] merkle-crh.md: corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-26 02:05:35 +01:00
Daira Hopwood
47a29f10aa
[book] Document NoteCommit message decomposition & canonicity checks
2021-07-26 02:05:35 +01:00
Daira Hopwood
2846593937
[book] Document CommitIvk message decomposition & canonicity checks
2021-07-26 02:05:35 +01:00
Daira Hopwood
9708e296c8
[book] Document Merkle chip layout and message decomposition.
2021-07-26 02:05:35 +01:00
therealyingtong
5dc5e6479a
[book] Recombine Sinsemilla q_S1, q_S2, q_S3 selectors.
...
Since q_S1, q_S2, q_S3 are not simple selectors, they cannot be
automatically combined. We manually combine them here.
2021-07-25 20:28:05 +08:00
ying tong
a2ed3f1b52
Merge pull request #155 from zcash/book-selector-optimisations
...
[Book] Undo selector optimisations
2021-07-25 00:57:35 +08:00
ying tong
3d56fb0716
Merge pull request #146 from zcash/book-short-scalar-mul
...
[book] Update constraints for short signed fixed-base mul.
2021-07-25 00:54:32 +08:00
therealyingtong
782a70a786
[book] Minor fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-25 00:52:38 +08:00
ying tong
ce881bc4fe
[book] Formatting fix.
2021-07-25 00:40:44 +08:00
therealyingtong
78b0ec4e7b
[book] Sinsemilla: reintroduce fixed_y_q column.
...
Loading fixed_y_q into an advice column introduces an additional
row. Instead, we load it into a fixed column.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-24 23:15:17 +08:00
ying tong
6c55e1a7e3
[book] Fix updates to Sinsemilla writeup.
2021-07-23 20:34:16 +08:00
therealyingtong
7866623a1b
[book] Undo selector optimisation in variable-base scalar mul
...
Previously, we were using a non-binary selector q_mul = {1, 2, 3}
to switch between three cases. Now, we replace this with three
binary selectors.
2021-07-22 22:39:17 +08:00
therealyingtong
c5cda9481d
[book] Undo selector optimisations in Sinsemilla
...
- Instead of defining a synthetic q_S3 based on a combination of
of q_S1, q_S2, we simply create another selector q_S3.
- Instead of using fixed_y_q as a nonbinary selector, replace it
with q_S4 and copy the fixed value into a row above.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-22 22:19:01 +08:00
ying tong
c23897ea8d
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-19 19:01:06 +08:00
Daira Hopwood
20c347b269
Merge pull request #320 from daira/book-zk-changes
...
[Book] Zero knowledge changes (and misc cleanups)
2021-07-12 20:35:20 +01:00
Daira Hopwood
43ffa37740
[book] Nullifiers: the scalar is (...) mod p, not ... (mod p).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 20:24:18 +01:00
Daira Hopwood
c76358769c
book/src/design/nullifiers.md: cosmetics (make the table fit).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 20:20:00 +01:00
Daira Hopwood
103c93391d
Clarify the statement about the δ^i being distinct quadratic non-residues.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 17:24:21 +01:00
therealyingtong
2dd23f47b8
[book] Update constraints for short signed fixed-base mul.
...
Previously, we witnessed the magnitude of a short signed scalar
directly as three-bit windows. Now, we decompose and range-constrain
it using a running sum.
2021-07-12 11:58:32 +08:00
Daira Hopwood
8ac20608e4
Merge branch 'kw-halo-book' into book-zk-changes
...
Co-authored-by: Kevaundray Wedderburn <kevtheappdev@gmail.com>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:32:36 +01:00
Daira Hopwood
06ff90ba95
Rename UPA to PLONKish.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:12:58 +01:00
Daira Hopwood
6a11c2b97e
Update the circuit commitments section for the changes to the permutation argument.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:03:41 +01:00
Daira Hopwood
1b3241d757
Clarify product argument and add a diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:03:41 +01:00
Daira Hopwood
fedcc1960d
Permutation argument cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:01:39 +01:00
Daira Hopwood
69ca38d2b1
Update permutation argument for zero knowledge changes in #316 .
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:01:39 +01:00
Daira Hopwood
25b42a531d
Follow https://github.com/zcash/halo2/pull/316 and https://github.com/zcash/orchard/issues/143
...
in using 1 - Z(X) instead of Z(X) - 1.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:01:39 +01:00
Daira Hopwood
0dbf7cf4af
Match the order of q_last and q_blind in the implementation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:01:39 +01:00
Daira Hopwood
5deb3fcd72
Lookup argument cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:01:39 +01:00
Daira Hopwood
55c48007c9
Update lookup argument for zero knowledge changes in #316 .
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 02:01:39 +01:00
Jack Grigg
5fe6323a8d
book: Add note about efficient FFTs for Pallas and Vesta
2021-07-09 19:53:41 +01:00
Jack Grigg
fe4996af35
book: Add a note about the multiplicative subgroups we use for Halo 2
2021-07-09 17:48:43 +01:00
Jack Grigg
9f77c93d4e
book: Fix definition of the nth roots of unity
2021-07-09 17:48:03 +01:00
therealyingtong
d9f134ac4b
[book] Details and formatting changes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-09 10:09:10 +08:00
ying tong
2febafbdfe
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-08 16:40:44 +08:00
therealyingtong
afc8d9a142
[book] Eliminate alpha_0 lookup decomposition when checking canonicity of base field element used in fixed-base mul.
2021-07-08 11:12:13 +08:00
therealyingtong
091592e110
[book] Document canonicity check for fixed-base scalar mul when base field element is used as the scalar.
2021-07-07 17:10:18 +08:00