Kris Nuttycombe
4888f0d16c
Rename Level -> Altitude
2021-06-23 15:57:33 -06:00
Kris Nuttycombe
e3abbf9a42
Add serde support for OrchardIncrementalTreeDigest
2021-06-23 15:57:33 -06:00
Kris Nuttycombe
7e79fd4b1c
Add necessary trait impls for OrchardIncrementalTreeDigest
...
Required to make the wrapper type usable for digests in
a serializable incremental merkle tree.
2021-06-23 15:57:33 -06:00
Kris Nuttycombe
ce4697aca5
Add construction of OrchardIncrementalTreeDigest
2021-06-22 18:14:27 -06:00
Kris Nuttycombe
4bb252eb0c
Add Orchard incremental merkle tree digests.
2021-06-22 18:14:27 -06:00
str4d
71756cffda
Merge pull request #128 from zcash/bundle-dynamic-usage
...
Add `Bundle<Authorized, _>::dynamic_usage` method
2021-06-22 17:46:15 +01:00
str4d
66340e2655
Merge pull request #67 from zcash/sinsemilla-chip-config
...
Sinsemilla chip with HashDomain
2021-06-22 16:20:35 +01:00
Jack Grigg
06f7d7fbe0
Add `Bundle<Authorized, _>::dynamic_usage` method
...
This will be used by `zcashd` as part of tracking the memory usage of
transactions.
2021-06-22 16:06:49 +01:00
str4d
a64a1cb951
Merge pull request #127 from daira/clippy-nightly-clean
...
Make this crate clippy clean for warnings on nightly
2021-06-21 18:48:38 +01:00
Daira Hopwood
81fb944997
Make this crate clippy clean for warnings on nightly.
...
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-21 18:04:00 +01:00
Daira Hopwood
8af84479b3
Rename "Sinsemilla gate" constraint to "y check".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-21 17:04:47 +01:00
str4d
93a7f1db22
Merge pull request #126 from zcash/proof-verification
...
Add `Bundle<Authorized, _>::verify_proof` API
2021-06-21 15:39:09 +01:00
Jack Grigg
62642fd804
Add `Bundle<Authorized, _>::verify_proof` API
2021-06-21 13:38:43 +01:00
therealyingtong
bd08808566
SinsemillaChip::configure(): Merge "Initial y_q" gate with main gate
...
This allows the MockProver to see the fixed_y_q query as semantically
connected to q_sinsemilla1.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 20:56:56 +08:00
Jack Grigg
a01c2ee829
test: Print layout for Sinsemilla test circuit
2021-06-20 11:51:33 +01:00
str4d
5f5238f411
Doc comment fixes
2021-06-20 11:30:43 +01:00
therealyingtong
002596f6cd
Docfixes and cleanups.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 12:11:01 +08:00
therealyingtong
744f3d1653
SinsemillaChip::configure(): Combine and label gates.
...
The gates "Secant line" and "Sinsemilla gate" were using the same
selectors and could be combined.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 11:26:59 +08:00
therealyingtong
eccd72fcd0
hash_piece(): Remove (correct) duplicate assignment of x_a.
...
hash_piece() is an internal API, which means its caller hash_message()
is working in the same region. We rely on the caller to have already
assigned each piece's initial x_a at the correct offset before making
the call to hash_piece().
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 11:14:02 +08:00
therealyingtong
9ce29d9d4d
hash_to_point(): Introduce final_piece boolean flag
...
This toggles the assignment of q_s2 on the last row of each piece.
We assign q_s2 = 2 on the last row of the final piece, and q_s2 = 0
on the last row of other pieces.
This allows us to process the final_piece in the main loop together
with the other pieces.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 11:00:14 +08:00
therealyingtong
031bb0bc87
SinsemillaChip::configure(): Introduce closures for Y_A and x_r
...
These expressions are derived multiple times in the gates.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 10:43:24 +08:00
therealyingtong
9072ed437d
generator_table.rs: Fix bug in y_p lookup expression.
...
Also, GeneratorTable::configure() was not being called in the main
SinsemillaChip::configure(), which meant the lookup argument had
not been activated. This has now been fixed.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-20 10:34:03 +08:00
Daira Hopwood
3543bab39d
Merge pull request #82 from zcash/book-sinsemilla-gadget
...
[book] Add Sinsemilla gadget description
2021-06-20 01:07:58 +01:00
therealyingtong
2f6ca9e6de
generator_table.rs: Enforce z_n = 0 for the last message piece.
2021-06-19 22:39:19 +08:00
Daira Hopwood
9adeead975
[book] Make the order of advice columns for Sinsemilla the same as in the code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 15:35:34 +01:00
Daira Hopwood
9dc909e842
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:37:07 +01:00
Daira Hopwood
2a8fe30fa8
[book] Clarify that x_Q, z_0, z'_0, etc. are copied in using equality constraints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:32:11 +01:00
therealyingtong
158ab865f8
gadget::sinsemilla.rs: Add Sinsemilla test.
2021-06-19 18:17:11 +08:00
therealyingtong
eba2172f4f
chip::hash_to_point.rs: Implement hash_to_point instruction.
2021-06-19 18:17:10 +08:00
therealyingtong
f122e481a7
sinsemilla::chip.rs: Configure Sinsemilla gates.
2021-06-19 18:17:09 +08:00
therealyingtong
7cddc9b587
sinsemilla::chip.rs: Implement witness_message_* APIs.
...
witness_message() witnesses a full message given a bitstring.
The other two APIs, witness_message_piece_bitstring() and
witness_message_piece_field(), both witness a message piece, i.e.
part of a message that fits within a single base field element.
witness_message_piece_bitstring() takes in a bitstring, while
witness_message_piece_field() takes in a field element. In the
latter case, the number of words encoded must be specified.
2021-06-19 18:14:22 +08:00
therealyingtong
74e617b46d
chip::generator_table.rs: Load Sinsemilla generator lookup table.
...
The 2^K table of generators used in the Sinsemilla hash. These
are loaded into a lookup table.
2021-06-19 18:14:22 +08:00
therealyingtong
ebb7dae063
sinsemilla::chip.rs: Add Sinsemilla chip.
...
The chip that will implement SinsemillaInstructions.
2021-06-19 18:14:22 +08:00
therealyingtong
e2859df4eb
sinsemilla::message.rs: Add message module.
...
This defines a Sinsemilla message in terms of pieces and subpieces.
This is useful when decomposing field elements and packing them
into K-bit messages.
2021-06-19 18:14:22 +08:00
therealyingtong
af2ac762f4
gadget::sinsemilla.rs: Add Sinsemilla instructions.
...
SinsemillaInstructions has two const generic parameters: K, which
is the number of bits in each word of the hash, and MAX_WORDS,
which is the maximum number of words the hash can process.
For Orchard, K = 10, MAX_WORDS = 253.
2021-06-19 18:14:22 +08:00
therealyingtong
83eddd8857
ecc::chip.rs: Add Point::from_coordinates_unchecked() API
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-19 18:14:22 +08:00
Daira Hopwood
48573705dc
[book] Adjust the definition of m_{i+1} so that the last z_n does not need to be constrained to 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 08:53:41 +01:00
Daira Hopwood
22036e9f41
[book] More formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:49:46 +01:00
Daira Hopwood
aac10b816f
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:45:50 +01:00
Daira Hopwood
dc021a2ef1
[book] Merge two similar paragraphs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:20:09 +01:00
Daira Hopwood
82316b607b
[book] Update the Sinsemilla constraints to handle the gap between field elements correctly.
...
This also changes i to be zero-based, which is more consistent with the spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:12:48 +01:00
Daira Hopwood
4cd0082294
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-18 21:27:55 +01:00
str4d
0b6bd66714
Merge pull request #120 from daira/fix-clippy-lints
...
Fix clippy lints
2021-06-16 20:24:02 +01:00
Daira Hopwood
1c19bea842
Fix clippy lints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-16 19:13:40 +01:00
str4d
37b1b7f357
Merge pull request #119 from zcash/anchor-serialization
...
Anchor serialization APIs
2021-06-15 16:25:36 +01:00
Jack Grigg
5264d53498
impl Copy for Anchor
2021-06-15 15:42:06 +01:00
Jack Grigg
019ae7da8e
Anchor::{from_bytes, to_bytes}
2021-06-15 15:41:57 +01:00
Daira Hopwood
e412a5a25b
Merge pull request #115 from zcash/anchor-type
...
Store anchors as pallas::Base instead of [u8; 32]
2021-06-15 14:18:48 +01:00
str4d
f7c64e0437
Merge pull request #117 from zcash/change-dep-patching
...
Use patches for halo2 and zcash_note_encryption dependencies
2021-06-15 01:09:18 +01:00
Jack Grigg
5759d66470
Use patches for halo2 and zcash_note_encryption dependencies
...
While these two are in flux, it's hard to keep these revisions consistent
(e.g. https://github.com/zcash/zcash/pull/5217 currently depends on two
different versions of zcash_note_encryption). Using patches allows the
downstream users (i.e. zcashd) to define its own set of patches, and keep
everything in sync. This works fine now because we aren't actively making
changes to the public APIs, only additions.
2021-06-14 23:17:15 +01:00