Sean Bowe
75bb8121fb
Switch to domain prefix based on what is suggested in #182 by @daira.
2021-02-22 16:13:11 -07:00
Sean Bowe
1078f854e3
Remove BLAKE2B_PERSONALIZATION constant.
2021-02-22 15:53:22 -07:00
Sean Bowe
5503517ac1
Produce URS using `hashtocurve` logic.
2021-02-22 15:50:01 -07:00
Sean Bowe
df8dcce042
Add CurveExt and AffineExt associated types to project Group trait implementations.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-02-22 15:47:57 -07:00
Jack Grigg
b4ed5295fe
Migrate to group traits
...
The `Curve` trait is now `CurveExt: group::prime::PrimeCurve`, and
`CurveAffine` is now `CurveAffine: group::prime::PrimeCurveAffine`.
There is no `CurveAffine` trait in `group`, and it's a widely-used
trait in this crate, so we don't rename it to `CurveAffineExt`.
2021-02-22 20:20:23 +00:00
Jack Grigg
55fb581f17
Define hash-to-curve over Curve, not CurveAffine
...
This removes an unnecessary layer of indirection from the type system,
and ensures that these APIs depend on the halo2-specific trait with the
extensions we require.
2021-02-22 20:12:10 +00:00
Jack Grigg
082d66d6e7
pasta: Reorganize the curve macro
...
This will make the migration to group easier to review.
2021-02-22 20:05:12 +00:00
Jack Grigg
7037d55320
Rename Curve and CurveAffine properties to match group traits
2021-02-22 20:05:08 +00:00
Jack Grigg
81a7936d99
pasta: Split halo2-specific curve-specific logic into a separate macro
2021-02-22 18:53:27 +00:00
Sean Bowe
e93de2c285
Avoid heap allocations within hash_to_curve.
2021-02-22 10:15:30 -07:00
Daira Hopwood
16e5f96f3f
Fix a clippy lint.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-22 16:02:38 +00:00
Daira Hopwood
e408a351d5
Remove a redundant bool::from.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:43:11 +00:00
Daira Hopwood
7dc21f4727
Repair test vectors and add tests for map_to_curve_simple_swu.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:01:19 +00:00
Daira Hopwood
24def7ce02
Fix case where the input to map_to_curve_simple_swu is 0, and remove unneeded B_OVER_ZA constants.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:00:50 +00:00
Daira Hopwood
642aad68a3
Revert comment changes that are no longer relevant, now that we don't expose the isogenous curves in the API
2021-02-20 21:54:50 +00:00
Daira Hopwood
a14eccc13d
Remove unused hash support for Pasta Fp and Fq.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-20 21:51:32 +00:00
therealyingtong
84f732acb4
Add circuit::RegionIndex and circuit::RegionStart newtypes
2021-02-20 21:26:42 +08:00
Daira Hopwood
8b8dbbe2bb
Refine type of buf in hash_to_field as suggested by @ebfull.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-19 15:52:11 +00:00
Daira Hopwood
6d8c899e16
Rename map_to_curve to map_to_curve_simple_swu.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-19 15:52:11 +00:00
Daira Hopwood
785ad5375c
Switch from XOF:SHAKE128 to XMD:BLAKE2b.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-19 15:52:11 +00:00
Daira Hopwood
25ea5d07f7
Fix error in doc comment.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-19 15:52:11 +00:00
Daira Hopwood
9aa3327a0a
Fix clippy lints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-19 15:52:11 +00:00
Sean Bowe
c17cd408f1
Fix point doubling on isogenous curve and add test for isogeny of identity.
2021-02-19 15:52:11 +00:00
Sean Bowe
d14d2314a1
Remove isogenous curve from public API.
2021-02-19 15:52:11 +00:00
Sean Bowe
b488355e13
Add example to hash_to_curve doc comment.
2021-02-19 15:52:11 +00:00
Sean Bowe
dc069dff31
Rename hasher to hash_to_curve.
2021-02-19 15:52:11 +00:00
Sean Bowe
f6f008f905
Remove `MINUS_B_OVER_A` constant.
2021-02-19 15:52:11 +00:00
Sean Bowe
c48229ce0f
Remove dependency on byteorder crate
2021-02-19 15:52:11 +00:00
Sean Bowe
783e602e85
Remove `SimplifiedSWUWithDegree3Isogeny` structure because state is no longer necessary.
2021-02-19 15:52:11 +00:00
Sean Bowe
83e2656c3e
Introduce Curve::hasher abstraction.
2021-02-19 15:52:11 +00:00
Sean Bowe
68a7a19d3b
Move hashtocurve module into pasta module.
2021-02-19 15:52:11 +00:00
Sean Bowe
b134a73ef5
Hardcode isogeny constants and constants for hash to curve.
2021-02-19 15:52:11 +00:00
Sean Bowe
5b33ff9cab
Consolidate the hashtocurve module traits into a single structure.
2021-02-19 15:52:11 +00:00
Sean Bowe
e4e8aef5b6
Simplify HashToCurve trait.
2021-02-19 15:52:11 +00:00
Daira Hopwood
db11c47045
Apply suggestions from code review
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-02-19 15:52:11 +00:00
Daira Hopwood
fa3afc29bb
Add an implementation of simplified SWU hash-to-curve.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-19 15:52:11 +00:00
Daira Hopwood
4d61ad8ff5
Need a borrow here.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-18 23:50:19 +00:00
Sean Bowe
0316019a94
Add test for polynomial rotation in Lagrange form.
2021-02-18 16:25:00 -07:00
Sean Bowe
81af4e43d1
Update pinned verification key to account for circuit changes
2021-02-18 15:48:20 -07:00
therealyingtong
d29246b49b
Rename const_* -> constant_*
2021-02-18 15:41:36 -07:00
therealyingtong
4bf46fc349
Add Expression::Const variant
2021-02-18 15:41:36 -07:00
therealyingtong
6a7f869f66
Clippy fixes
2021-02-18 15:41:36 -07:00
therealyingtong
df2d818891
Account for Rotations of LagrangeCoeff values
2021-02-18 15:41:36 -07:00
therealyingtong
8e56b415fb
Rename column -> expression for lookups
2021-02-18 15:41:36 -07:00
therealyingtong
2f2de13887
Calculate required degree of lookup
2021-02-18 15:41:36 -07:00
therealyingtong
aca6de61f8
Evaluate Expressions and all variants
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-02-18 15:41:36 -07:00
therealyingtong
d8534e1c50
Pass Expressions to meta.lookup()
2021-02-18 15:41:35 -07:00
ebfull
9401ceb68d
Merge pull request #173 from zcash/vk-transcript
...
Hash verification key into transcript
2021-02-18 13:28:57 -07:00
Sean Bowe
5e20b0f2a7
Automatically derive PinnedVerificationKey's Debug impl.
2021-02-18 07:51:41 -07:00
Sean Bowe
7fcd302d2d
cargo fmt
2021-02-17 15:40:41 -07:00
Sean Bowe
8060a12ea4
Fix minor nit (match ergonomics)
2021-02-17 15:39:46 -07:00
Sean Bowe
2b1c319ba0
Use pretty-printing in test of verification key pinning.
2021-02-17 15:38:43 -07:00
Sean Bowe
2fe4e0d900
Change personalization of BLAKE2b used in hash_into.
2021-02-17 15:20:19 -07:00
Sean Bowe
87536cea10
Use newtypes to simplify Debug implementations for pinning verification keys.
2021-02-17 15:20:19 -07:00
Sean Bowe
2076701fc3
cargo fmt
2021-02-17 15:19:34 -07:00
Sean Bowe
34a5bfd4b1
Remove unused TryInto import.
2021-02-17 15:19:34 -07:00
Sean Bowe
6226426be0
Restore whitespace
2021-02-17 15:19:34 -07:00
ebfull
bc9d05e67b
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-02-17 15:19:34 -07:00
Sean Bowe
98f5b17359
Remove unused import
2021-02-17 15:19:34 -07:00
Sean Bowe
ea563434f4
Remove hash_into from Rotation.
2021-02-17 15:19:34 -07:00
Sean Bowe
dfa7d96fa9
Refactor verification key hashing logic to use Display impls.
2021-02-17 15:19:34 -07:00
therealyingtong
f35e190455
Hash in field modulus, curve parameters
2021-02-17 15:19:34 -07:00
therealyingtong
52c028b4da
Disambiguate naming of hash() -> hash_into()
2021-02-17 15:19:34 -07:00
therealyingtong
e7d6f67564
Rename aux -> instance after rebasing
2021-02-17 15:19:34 -07:00
therealyingtong
b204ff74a8
Do not return hash results from component hash() methods
2021-02-17 15:19:34 -07:00
therealyingtong
4aa4b4463a
Hash domain and cs into transcript
2021-02-17 15:19:34 -07:00
therealyingtong
437782e902
Hash fixed_commitments and permutations into transcript
2021-02-17 15:19:33 -07:00
Jack Grigg
0c4f779993
ff 0.9
2021-02-17 20:42:27 +00:00
ebfull
068babe3d0
Merge pull request #193 from zcash/any-permutation
...
Allow permutations to be over all column types
2021-02-17 09:06:27 -07:00
therealyingtong
a19dc68dee
Use Column<Any> in Permutation::Argument
2021-02-17 21:32:17 +08:00
Jack Grigg
bea5f7f418
Add gadgets for elliptic curve operations
2021-02-17 00:49:22 +00:00
Jack Grigg
25573bbeb8
Alter the SHA-256 gadget to require namespacing
2021-02-17 00:16:47 +00:00
Jack Grigg
4c5a00b767
SHA-256 gadgets and chip traits
2021-02-15 16:35:58 +00:00
Daira Hopwood
22297bbc89
Merge pull request #185 from daira/aux-to-instance
...
Rename "auxiliary column" to "instance column" in the book and in code
2021-02-15 15:42:54 +00:00
Sean Bowe
3b954cdd3b
Allow unknown clippy lints so that lints added in nightly don't break CI
2021-02-15 07:53:27 -07:00
Daira Hopwood
760d69bd2c
Rename "auxiliary column" to "instance column" in the book and in code. fixes #181
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-14 21:09:49 +00:00
Sean Bowe
175c1449d3
Disable clippy::upper_case_acronyms lint.
2021-02-14 09:39:05 -07:00
Sean Bowe
4b960a7c0c
cargo fmt
2021-02-14 09:28:51 -07:00
ebfull
9fc45ad11e
Merge pull request #163 from zcash/region-helpers
...
Helpers for implementing regions
2021-02-12 10:03:39 -07:00
Jack Grigg
821bca0abe
Reduce FieldExt bound to Field for Neg and Sub impls on Expression<F>
2021-02-12 16:52:42 +00:00
Sean Bowe
d3cd39fc6d
Add common_scalar method to Transcript.
2021-02-12 09:08:56 -07:00
Jack Grigg
5905230174
Fix stable clippy lints
2021-02-05 16:48:41 +00:00
Jack Grigg
3fc245343e
Return results from assigned regions
...
This makes it easier to pass variables out of a region.
2021-02-01 21:42:57 +00:00
Jack Grigg
db0477a606
impl<F: FieldExt> {Neg, Sub} for Expression<F>
2021-02-01 21:42:57 +00:00
Jack Grigg
0a378c3d0f
Require Circuit::Config implement Clone instead of Copy
2021-02-01 19:05:19 +00:00
Jack Grigg
c95f0b7c0c
circuit_layout: Darken the cells of the region that have been assigned to
...
We record every instance of a cell assignment, so that cells which are
double-assigned (which is usually a mistake) will appear darker.
2021-02-01 18:38:22 +00:00
Jack Grigg
3c1132ec59
Add halo2::dev::circuit_layout behind dev-graph feature flag
...
This method renders circuits as tables, showing how the various regions
within them have been layed out.
2021-02-01 18:38:20 +00:00
Jack Grigg
7dd6e65a5f
Add halo2::dev::circuit_dot_graph behind dev-graph feature flag
...
This method renders circuits as dot graphs, to help circuit developers
understand their structure.
2021-02-01 18:38:16 +00:00
Jack Grigg
82da677add
Add name field to ConstraintSystem::create_gate
...
The name has type `&'static str`, as gates apply to every row and thus
do not require any runtime information to name.
2021-02-01 18:38:13 +00:00
Jack Grigg
bf771a7446
Add namespacing and gadget name collection to Layouter
2021-02-01 18:38:04 +00:00
Jack Grigg
60061f64fd
Add name field to Layouter::assign_region
2021-02-01 18:34:24 +00:00
Jack Grigg
4c3adf59d5
Add annotations to Region::{assign_advice, assign_fixed}
...
This enables circuits to annotate individual cells with variable names
or similar protocol-specific metadata.
2021-02-01 18:33:25 +00:00
therealyingtong
48bfea9782
Replace DummyHash with BLAKE2b
2021-02-02 00:53:53 +08:00
therealyingtong
ea14d99a83
Renaming and cleanups from code review
...
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
2021-02-02 00:05:55 +08:00
therealyingtong
a00d7c2fa6
Cleanups from code review
...
Co-authored-by: Kris Nuttycombe <kris.nuttycombe@gmail.com>
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
2021-01-31 11:48:32 +08:00
therealyingtong
de86391f0e
Update test to pass multiple ConcreteCircuits
2021-01-31 11:48:32 +08:00
therealyingtong
def65609b1
Refactor PLONK verifier
2021-01-31 11:45:40 +08:00
therealyingtong
02b5b8442b
Refactor PLONK prover
2021-01-31 11:45:40 +08:00
ebfull
5f89227cdd
Merge pull request #135 from zcash/serialize-params
...
Serialize params
2021-01-30 11:43:55 -07:00
str4d
7448f9b930
Merge pull request #156 from zcash/clippy-fixes
...
Clippy lint fixes
2021-01-30 13:14:46 +13:00