Jack Grigg
e90a5972f1
redpallas: Expose batch validation API
2021-06-14 21:41:12 +01:00
ebfull
ee26116fcf
Merge pull request #114 from zcash/util-range-check
...
utilities::lookup_range_check: Add LookupRangeCheck helper
2021-06-14 10:56:52 -06:00
therealyingtong
60861b7245
sinsemilla::constants.rs: Add INV_TWO_POW_K = 1 / 2^K constant.
2021-06-15 00:18:38 +08:00
therealyingtong
b7b8126ccf
spec.rs: Add lebs2ip function bounded on const generic L.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 23:20:59 +08:00
therealyingtong
e83880841a
utilities::lookup_range_check: Add LookupRangeCheck chip
...
This decomposes a field element into K-bit words and constrains each
word's range by looking it up in a K-bit lookup table.
The field element is broken down using a running sum. All interstitial
values of the running sum are returned.
2021-06-12 22:46:31 +08:00
Jack Grigg
769be6c080
Note encryption test vectors
2021-06-11 23:55:17 +01:00
str4d
0ead91a88c
Merge pull request #110 from zcash/tree-logic
...
Implement tree logic in Builder
2021-06-11 21:39:40 +01:00
str4d
d8f2af8983
Simplify `gen_const_array` implementation
...
Also includes a performance improvement to `i2lebsp_k`.
2021-06-11 20:46:30 +01:00
therealyingtong
18535894d6
constants::util.rs: Factor out gen_fixed_array() method.
2021-06-10 10:03:15 +08:00
therealyingtong
7818291118
primitives::sinsemilla.rs: Optimize and test i2lebsp_k
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-09 23:50:59 +08:00
therealyingtong
b33248bdb0
src::tree.rs: Implement MerklePath.root() method.
...
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
2021-06-08 22:31:24 +08:00
Jack Grigg
cbf7c3825f
builder: Store alpha and use it to derive rsk for signing spends
...
This was missed from zcash/orchard#49 , but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
2021-06-05 22:35:52 +01:00
Jack Grigg
bea8a9b7ff
Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1
2021-06-04 20:38:52 +01:00
Jack Grigg
91db490e20
test: Add Poseidon test vectors
2021-06-01 18:36:11 +01:00
Daira Hopwood
5925852c7d
Add Poseidon test vector generated by the reference code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-01 18:36:11 +01:00
Jack Grigg
f5a4cc3550
poseidon::Hash gadget
2021-06-01 18:36:11 +01:00
Jack Grigg
38dd7b791d
PoseidonDuplexInstructions
2021-06-01 18:36:11 +01:00
Jack Grigg
f1b8abfccb
Arity-3 Poseidon chip
2021-06-01 18:36:11 +01:00
str4d
f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7
...
Remove rand 0.7 usage
2021-05-21 21:25:34 +01:00
str4d
7109153e88
Merge pull request #43 from zcash/constants
...
Add Orchard constants
2021-05-18 20:44:59 +01:00
Kris Nuttycombe
800e540875
Make the `Bundle` type implement `Clone`
...
This is required for proptest generation that handles shrinking
correctly in librustzcash.
2021-05-13 15:35:44 -06:00
therealyingtong
077f809df7
Cleanups from code review
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-05-13 10:48:10 +08:00
Jack Grigg
012d14073d
Remove rand 0.7 usage
...
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
2021-05-09 07:51:55 +12:00
Kris Nuttycombe
a08d060725
Remove unneeded pub(crate)
2021-05-05 11:23:30 -06:00
therealyingtong
380ed377de
Fix bug in Sinsemilla S generators and add test
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-05-04 03:24:11 +08:00
Kris Nuttycombe
b1ac90b77a
Fix incorrect generator comments.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-30 08:02:09 -06:00
Kris Nuttycombe
4d89d45332
Add proptest generators for action and bundle types.
2021-04-28 18:04:17 -06:00
Kris Nuttycombe
a5c9fb953b
Add accessors necessary for zip-225 write.
2021-04-28 18:02:36 -06:00
Kris Nuttycombe
e743198a50
Expose constructors required for ZIP-225 parsing.
2021-04-28 18:02:36 -06:00
therealyingtong
de75c9538b
Update constants after hash_to_field fix ( zcash/pasta_curves@a119467 )
2021-04-28 20:53:14 +08:00
therealyingtong
4f1f32dab0
Add Sinsemilla constants
2021-04-28 20:53:14 +08:00
Jack Grigg
30f01d122c
Bundle builder
2021-04-27 14:31:21 +12:00
Jack Grigg
35f65bb26a
Expose RedPallas rerandomization
2021-04-23 01:06:10 +12:00
str4d
ea278aafcb
Merge pull request #63 from zcash/note-commitment-updates
...
Note commitment updates
2021-04-22 01:23:05 +01:00
Jack Grigg
bdaf9d06cc
clippy: Allow binary operators in IncompletePoint addition
...
It's not suspicious, it's constant time! :D
2021-04-22 12:09:32 +12:00
Jack Grigg
09e70cb6e3
Improve performance of IncompletePoint addition
...
We only need to track the occurrence of any edge cases, and we can do so
without expensive inversions at every addition step, by instead
performing the checks on the projective form directly.
2021-04-22 12:01:59 +12:00
Jack Grigg
c7b9ce0ea9
Fix a clippy lint
...
This was leftover after an intermediate refactor that introduced
`hash_to_point_inner`.
2021-04-20 23:57:59 +12:00
Jack Grigg
c08d12cc52
Use incomplete addition in SinsemillaHashToPoint
...
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:
- When we generate keys or notes, if we encounter ⊥ we discard and
re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
from bytes), we check for and reject ⊥.
2021-04-20 10:05:56 +12:00
Jack Grigg
907ff46078
Simulate incomplete addition
...
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
2021-04-20 10:04:44 +12:00
Jack Grigg
badaf23f25
Implement ValueCommit^Orchard
2021-04-15 17:08:06 +12:00
Jack Grigg
4c34a61c57
Use const generics for poseidon::ConstantLength
2021-03-30 14:13:15 +13:00
Jack Grigg
061ad0656b
Refactor Poseidon primitive to use const generics
2021-03-26 09:07:38 +13:00
str4d
ee2bfa7f43
Merge pull request #41 from zcash/poseidon-primitive
...
Poseidon primitive
2021-03-26 07:36:45 +13:00
therealyingtong
a2c1bfb52a
Remove unnecessary clone()
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:30:03 +08:00
therealyingtong
9c75839e62
Minor changes
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:25:28 +08:00
therealyingtong
7a210fabf3
Store HashDomain in CommitDomain
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:11:13 +08:00
therealyingtong
18fba2a62e
Add getters for Q() and R()
2021-03-24 12:10:37 +08:00
therealyingtong
873e1b7d7e
Call hash_to_curve() only when constructing new domain
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:10:37 +08:00
ying tong
946b50ebfe
Add documentation
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-03-24 12:09:11 +08:00
therealyingtong
a3134e34c5
Introduce HashDomain and CommitDomain traits
...
Co-authored-by: Jack Grigg <thestr4d@gmail.com>
2021-03-24 12:09:11 +08:00
therealyingtong
ee969a64a8
Add Sinsemilla constants
2021-03-24 12:09:11 +08:00
Jack Grigg
1ceb60379f
poseidon: Clarify that R_F must be even
2021-03-18 16:47:06 +13:00
Jack Grigg
4c3e20535d
poseidon: s/arity/width
...
To match the paper more closely (arity specifically refers to Merkle
tree instantiations).
2021-03-18 16:47:04 +13:00
Jack Grigg
2beb6c3e82
Invert the Poseidon test vectors for Orchard
...
We now hard-code the Poseidon round constants and MDS for the Poseidon
specification used for Orchard nullifiers, as produced by the reference
implementation, and test that our constant generation can recreate them.
2021-03-18 16:47:01 +13:00
Jack Grigg
872471af17
Fix Poseidon instance definition
...
For Orchard, we want a Poseidon instance with a width of 3 field
elements and an output of one field element. The Poseidon instances
defined in the Poseidon paper have their output size equal to their
capacity size; with a capacity of 1 and pallas::Base as the field,
Poseidon-128 has the corresponding security level.
We do deviate from the paper's instance by adding a single partial
round, which makes the circuit easier to implement in Halo 2.
2021-03-18 16:39:09 +13:00
Jack Grigg
761dea6cc1
Implement domain separation for poseidon::Hash
...
Domain separation is implemented as specified in the Poseidon paper.
We only require constant-input-length hashing.
2021-03-18 16:38:59 +13:00
Jack Grigg
c578c22fe8
Silence clippy needless_range_loop warnings
...
I'm using range loops explicitly to make certain logic clearer.
2021-03-18 16:38:30 +13:00
Jack Grigg
6bcfecd039
Add poseidon::Spec::Rate associated type
...
This removes the need for specifying the rate at runtime, and removes
the remaining heap allocations from Duplex::absorb and Duplex::squeeze.
2021-03-18 16:38:28 +13:00
Jack Grigg
6548666e37
Add poseidon::Spec::State associated type
...
We reuse this type for the per-round round constants, and rows of the
MDS, to provide some type-level same-length guarantees. Once we can use
const generics, these will all be replaced by [F; Spec::ARITY].
2021-03-18 16:38:26 +13:00
Jack Grigg
5c8e9beea7
Simplify poseidon::Spec and remove poseidon::Generic
...
Poseidon specifications are now all concrete, and only generation of
constants at runtime requires an instance of the specification.
2021-03-18 16:38:23 +13:00
Jack Grigg
266705166f
Poseidon duplex sponge and hash function
2021-03-18 16:38:21 +13:00
Jack Grigg
9a2c1b0217
Make poseidon::Generic specific to SboxType::Pow
...
We don't currently require SboxType::Inv, so let's simplify for now.
2021-03-18 16:38:17 +13:00
Jack Grigg
8408f4690c
Rename poseidon::PoseidonSpec trait to poseidon::Spec
2021-03-18 16:38:14 +13:00
Jack Grigg
3fb5bf8344
Modify constant generation to match reference implementation
2021-03-18 16:38:07 +13:00
Jack Grigg
e1719c42bc
Add test vectors from the reference implementation
...
These are generated using v1.1 of the reference implementation.
2021-03-18 16:38:06 +13:00
Jack Grigg
84907c50e1
Poseidon specification and constants
2021-03-18 16:37:36 +13:00
Jack Grigg
3911fb3202
Use Pallas directly from pasta_curves crate
2021-03-18 15:06:16 +13:00
str4d
51fd94df72
Fix section numbers after spec changes
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-03-18 13:38:11 +13:00
Jack Grigg
861eec1765
Document sinsemilla::Pad
2021-03-18 08:30:22 +13:00
Jack Grigg
9455158190
Use protocol spec URL anchors as link handles
2021-03-06 01:18:58 +00:00
Jack Grigg
27501702d5
Use orchard::redpallas types in orchard::keys implementation
2021-03-06 00:03:26 +00:00
Jack Grigg
eaa7158751
Use reddsa to instantiate orchard::redpallas
2021-03-05 23:46:20 +00:00
Jack Grigg
f0779792bc
Orchard key components
2021-03-05 23:28:16 +00:00
Jack Grigg
d7f8584d20
Fix clippy lint
2021-03-05 20:09:51 +00:00
Jack Grigg
be758de3bb
Fix protocol spec references after PDF rename
2021-03-05 20:00:45 +00:00
Jack Grigg
22658c3bc4
sinsemilla: Use lebs2ip_K to match protocol spec naming
2021-03-02 01:21:07 +00:00
Jack Grigg
a26e1c7879
sinsemilla: Remove the ExactSizeIterator bound
2021-03-01 23:34:02 +00:00
Jack Grigg
a03ee8797d
Implement Sinsemilla primitives
2021-02-27 17:10:28 +08:00
Jack Grigg
ae252f57a8
Add skeleton for RedPallas
2021-01-20 20:35:54 +00:00