therealyingtong
ae25310385
chip::mul_fixed.rs: Implement fixed-base scalar mul instruction.
...
Fixed-base scalar mul makes use of the add_incomplete and add
instructions internally. The full-width and short signed share
some common logic, which is captured in chip::mul_fixed.rs.
The signed short variant introduces additional logic to handle
the scalar's sign. This is done in the submodule mul_fixed::short.
2021-07-07 23:10:59 +08:00
therealyingtong
a263774abf
chip::witness_scalar_fixed.rs: Implement witness_scalar_fixed instruction.
...
A scalar used in fixed-base scalar mul needs to be decomposed into
windows to use with the fixed-base window table. Both full-width
and short signed scalars share some logic (captured in the function
decompose_scalar_fixed()).
A short signed scalar introduces additional logic: its magnitude is
decomposed, and its sign is separately witnessed. This is handled
in the submodule witness_scalar_fixed::short.
2021-07-07 23:10:59 +08:00
therealyingtong
cc9dd20536
chip::mul.rs: Implement variable-base scalar mul instruction.
...
This uses the complete addition instruction internally. The module
is split up into mul::incomplete.rs and mul::complete.rs, where
mul::incomplete handles the incomplete additions used in the
starting rounds of the variable-base scalar mul algorithm, and
mul::complete handles the complete additions in the final rounds.
Incomplete additions are broken into "hi" and "lo" halves and
processed on the same rows across different columns. This is an
optimization to make full use of the advice columns in this
instruction.
2021-07-07 23:10:59 +08:00
therealyingtong
64a2b02d42
ecc::chip.rs: Witness scalar for variable-base scalar mul
2021-07-07 23:10:59 +08:00
therealyingtong
0f60a81485
ecc::chip.rs: Add EccScalarFixed, EccScalarFixedShort structs
2021-07-07 23:10:59 +08:00
str4d
21b77d6ec5
Merge pull request #138 from nuttycom/public_orchard_domain
...
Make note encryption OrchardDomain type public.
2021-06-30 19:56:12 +01:00
Kris Nuttycombe
ab2622f59c
Make note encryption OrchardDomain type public.
2021-06-30 12:47:37 -06:00
Kris Nuttycombe
541898d22b
Merge pull request #137 from nuttycom/orchard_domain_for_action
...
Add for_action method for constructing an OrchardDomain
2021-06-30 12:07:22 -06:00
Kris Nuttycombe
234eed9cbb
Update src/note_encryption.rs
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-30 11:58:28 -06:00
Kris Nuttycombe
1e95360a74
Add for_action method for constructing an OrchardDomain
2021-06-30 11:21:07 -06:00
str4d
bb159a2ccf
Merge pull request #98 from zcash/merkle-chip
...
Merkle hash chip
2021-06-29 23:09:15 +01:00
Jack Grigg
7c38f149ac
rustfmt
2021-06-29 22:46:07 +01:00
str4d
cbded2b821
Optimize transpose_option_array
2021-06-29 22:43:50 +01:00
str4d
8dfcd7d49b
Remove unused lookup_config in MerkleConfig
2021-06-29 22:41:01 +01:00
str4d
9f1bd64fe9
Merge pull request #133 from zcash/patch-sinsemilla
...
Introduce `LookupRangeCheckConfig`s for each Sinsemilla advice column
2021-06-29 10:43:30 +01:00
str4d
3ecd0a122c
Merge pull request #132 from zcash/patch-lookup-range-check
...
Add short range check to `lookup_range_check` util
2021-06-29 10:38:14 +01:00
therealyingtong
3806a9d6f0
Further cleanups and docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 12:08:31 +08:00
therealyingtong
d68eb6583d
Docfixes, variable renames, cleanups
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 12:08:31 +08:00
therealyingtong
32e564a963
Constrain b_1 + 2^5 b_2 = z1_b in decomposition gate.
2021-06-29 12:08:31 +08:00
therealyingtong
db45c81ea6
sinsemilla::merkle.rs: Add test for MerkleChip.
2021-06-29 12:08:31 +08:00
therealyingtong
f30de79fc6
sinsemilla::merkle.rs: Implement MerkleInstructions for MerkleChip.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-29 12:08:31 +08:00
therealyingtong
569eb4baa6
sinsemilla::merkle.rs: Configure MerkleChip
...
MerkleChip::configure() takes a SinsemillaConfig as input.
2021-06-29 12:08:31 +08:00
therealyingtong
6976e2baeb
sinsemilla::merkle.rs: Derive SinsemillaInstructions, CondSwapInstructions for MerkleChip
2021-06-29 12:08:31 +08:00
therealyingtong
68878d88b1
sinsemilla::merkle.rs: Add MerkleChip
2021-06-29 12:08:31 +08:00
therealyingtong
d090da0159
sinsemilla::merkle.rs: Add MerkleInstructions.
...
This has three const generic parameters: PATH_LENGTH, K, MAX_WORDS.
PATH_LENGTH is the length of the Merkle path being hashed. K and
MAX_WORDS parameterize the internal Sinsemilla instance used in
hashing the path.
2021-06-29 12:08:31 +08:00
therealyingtong
1ac3541505
Add spec::i2lebsp and constants::MERKLE_DEPTH_ORCHARD
2021-06-29 12:07:49 +08:00
therealyingtong
12cef17559
Cleanups and minor refactors.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-29 12:02:54 +08:00
ying tong
209e6a1132
Docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-29 09:51:02 +08:00
str4d
51f1c9197d
Merge pull request #129 from zcash/nonempty-0.7
...
nonempty 0.7
2021-06-28 22:30:27 +01:00
Jack Grigg
3badd42d15
nonempty 0.7
...
We can now correctly measure the heap-allocated memory used by a bundle.
2021-06-28 20:57:49 +01:00
str4d
1f861423c2
Merge pull request #122 from nuttycom/incremental_merkle_tree
...
Add Orchard incremental merkle tree digests.
2021-06-28 19:12:13 +01:00
Jack Grigg
9bf066ef8b
rustfmt
2021-06-28 18:48:58 +01:00
str4d
93ab753b8c
Apply string fixes from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:47:02 +01:00
Kris Nuttycombe
ffafb6308c
Fix clippy complaints.
2021-06-28 10:56:25 -06:00
Kris Nuttycombe
0d078c8a90
Rustfmt
2021-06-28 10:01:13 -06:00
Kris Nuttycombe
cc708a6b4a
Update to released incrementalmerkletree version.
2021-06-28 09:43:18 -06:00
therealyingtong
9b47bd0db4
sinsemilla::tests: Use separate constants columns for chips.
...
To be replaced by the public inputs API.
2021-06-25 15:07:27 +08:00
therealyingtong
2ec30943b3
Configure each Sinsemilla advice column for use with a K-bit lookup.
...
Inputs to Sinsemilla often need to be decomposed and range-constrained.
2021-06-25 15:07:27 +08:00
therealyingtong
bdcdb8ac13
Move witness_message() and witness_message_piece_bitstring() to gadget level
...
These instructions were not making any assignments; instead, they
were calling through to witness_message_piece_field().
This PR also renames the witness_message_piece_field() instruction
to witness_message_piece().
2021-06-25 15:07:27 +08:00
therealyingtong
6fdee71667
Adjustments to APIs in sinsemilla::chip and sinsemilla::message.
2021-06-25 15:07:27 +08:00
therealyingtong
c43c91b796
gadget::utilities: Adjustments to utilities gadgets and helpers.
2021-06-25 15:05:39 +08:00
therealyingtong
3840f280d7
lookup_range_check.rs: Add short range check lookup.
...
Also introduce a "strict" mode for the full-length lookup, where
"true" requires the field element to be within num_words * K bits,
whereas "false" does not.
2021-06-25 15:05:39 +08:00
Kris Nuttycombe
e37cec1e53
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-24 12:39:28 -06:00
Kris Nuttycombe
fc41db1ab5
Add UNCOMMITTED_ORCHARD constant.
2021-06-24 12:33:02 -06:00
Kris Nuttycombe
90d0c254cf
Account for non-canonical base in serde deserialization.
2021-06-24 09:57:35 -06:00
Kris Nuttycombe
78adc9c810
Anchor computation is partial.
2021-06-24 09:43:10 -06:00
str4d
af335ff7de
Merge pull request #130 from nuttycom/use_value_commitment_constants
...
Use constants for value commitment hash-to-curve.
2021-06-24 01:21:25 +01:00
Kris Nuttycombe
f22907a4d7
Use constants for value commitment hash-to-curve.
...
Fixes #76
2021-06-23 18:04:17 -06:00
Kris Nuttycombe
52394b8e8d
Add test for incremental Merkle tree root calculation.
...
Fix indexing in perfect subtree computation test for auth paths.
2021-06-23 15:57:33 -06:00
Kris Nuttycombe
1b42ae707b
Make proptest bundle size configurable.
2021-06-23 15:57:33 -06:00