zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
834 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

834 Commits

Author SHA1 Message Date
Jack Grigg 6b495f711a Extract InProgress type from Unauthorized and PartiallyAuthorized 
This enables bundle proofs and signatures to be handled separately
outside the builder.
 2021-07-28 13:48:03 +01:00
str4d 078b71a960
Merge pull request #165 from daira/bump-halo2 
Update to assign_table API.
 2021-07-27 21:29:27 +01:00
Jack Grigg 6185d8e295 Bump halo2 revision to include `Layouter::assign_table` 2021-07-27 20:54:48 +01:00
Daira Hopwood 145da9c510 Update to assign_table API. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 18:32:32 +01:00
str4d a273307661
Merge pull request #164 from daira/book-decomposition 
[book] decomposition.md: avoid introducing `m` when we already have `range`
 2021-07-27 17:10:50 +01:00
Daira Hopwood b2e25b5ac3 [book] decomposition.md: avoid introducing `m` when we already have `range`. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 17:06:36 +01:00
ying tong ee878ddc57
Merge pull request #162 from zcash/book-merge-lookups 
[book] Merge lookup arguments for normal and short variants
 2021-07-27 23:34:28 +08:00
ying tong d8743b8870
Merge pull request #161 from zcash/merge-lookups 
Merge lookup arguments in `lookup_range_check` helper.
 2021-07-27 23:34:15 +08:00
ying tong 0bb4a7fd71
[book] decomposition.md: Formatting and phrasing fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
 2021-07-27 23:29:11 +08:00
ying tong 1c2ab16a15
Merge pull request #163 from zcash/book-notecommit-fixes 
book: Fixes to NoteCommit page
 2021-07-27 23:10:29 +08:00
therealyingtong d3a7e9ed39 lookup_range_check: Merge running sum and short lookup arguments. 
The lookup running sum decomposition uses the same lookup table as
its short variant. These two lookup arguments have been merged.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 09:50:17 +01:00
str4d bb90f2eb7d
Merge pull request #101 from zcash/action-circuit 
Action circuit
 2021-07-27 09:49:23 +01:00
str4d 620e227854
Fix y-coordinate recovery in NoteCommit tests 2021-07-27 09:27:33 +01:00
therealyingtong 3f506a0129 circuit.rs: Minor cleanups and column optimisations. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 15:41:26 +08:00
therealyingtong 664125f44f commit_ivk::tests: Check value of output ivk against expected ivk. 2021-07-27 15:33:13 +08:00
therealyingtong fa135fe62e note_commit::tests: Constrain output of NoteCommit to expected point. 2021-07-27 15:23:00 +08:00
therealyingtong ac5404a943 [book] note-commit.md: Update NoteCommit gate region layout. 
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
 2021-07-27 13:56:10 +08:00
therealyingtong 7aa3174880 sinsemilla::note_commit: Improve NoteCommit gate layout. 
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.

This commit also includes several minor fixes:
- use strict mode for decomposition of j in y-coordinate check;
- Name All Polynomial Constraints;
- remove point_repr() helper function;
- variable renaming and docfixes.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 13:51:35 +08:00
therealyingtong 920fe64399 [book] note-commit.md: Document substitution of k_1 with z1_j. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 12:53:41 +08:00
therealyingtong e4a960d7f1 sinsemilla::note_commit: Simplify y canonicity check region layout 
Instead of separately witnessing k_1 and equating it to z1_j, we
can directly make use of z1_j in the gate. This allows us to fit
the region into a 5 x 2 area, improving the layout.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 12:49:42 +08:00
Jack Grigg 9ef46ae4ee book: Fixes to NoteCommit page 
Noticed during review.
 2021-07-27 05:34:36 +01:00
therealyingtong 65ff84da0a [book] decomposition.md: Merge lookup arguments for normal and short variants. 2021-07-27 11:56:18 +08:00
Daira Hopwood 29fe6e14fc
Merge pull request #148 from daira/daira-book-addition 
[book] Fixes to the completeness arguments for cases of complete addition, and a fix to the last step of variable-base scalar multiplication
 2021-07-27 02:10:49 +01:00
Daira Hopwood a6badba32f [book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: we always do addition (possibly of the zero point) at the end of variable-base scalar mul. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 02:01:21 +01:00
Daira Hopwood 7895a2a082 [book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: more formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 02:01:05 +01:00
Daira Hopwood 3dfefe0e85 [book] src/design/circuit/gadgets/ecc/addition.md: correctness and clarity. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 01:51:37 +01:00
Daira Hopwood 3ed388e6bb [book] src/design/circuit/gadgets/ecc/addition.md: formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 01:51:28 +01:00
ying tong 4229ba1dec
Merge pull request #134 from zcash/book-sinsemilla-inputs 
[book] Document decomposition and canonicity checks for Sinsemilla inputs
 2021-07-27 03:29:13 +08:00
therealyingtong b3ccd3f0dd Use halo2 selector optimizations. 2021-07-27 03:14:34 +08:00
therealyingtong 65ccf80560 sinsemilla::note_commit: Check canonicity of y(g_d), y(pk_d). 
Even though we only use the LSB of the y-coordinates as inputs to
the Sinsemilla hash, we still have to check that they are consistent
with the g_d and pk_d points that were passed in.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 03:13:54 +08:00
therealyingtong f1ccc58d9a [book] note-commit.md: y-coordinate canonicity constraints. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 01:56:17 +08:00
ying tong 3833d665de
[book] Clarify upper bounds in canonicity shift constraints. 2021-07-26 12:05:25 +08:00
ying tong 14b8d9b048
[book] note-commit.md: 2^140 -> 2^130 in psi check. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-26 11:12:42 +08:00
ying tong 453681f309
[book] commit-ivk.md: Update region layout to use 9 advice columns. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-07-26 11:09:47 +08:00
therealyingtong 57f23d9f17 sinsemilla::commit_ivk: Fix two_pow_5 constraint bug. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-26 10:05:15 +08:00
Jack Grigg 0375c64801 [book] Update NoteCommit page to match Commit^ivk style 
Constraint tables have been added along with the region layout. I also
fixed numerous bugs in the constraints (most of which appeared to be
copy-pasta bugs).
 2021-07-26 02:05:35 +01:00
Jack Grigg 5aa05713e7 [book] Use \CommitIvk macro in page heading 
We can't use KaTeX  on the SUMMARY page that generates the sidebar, so
that continues to use a CamelCase approximation.
 2021-07-26 02:05:35 +01:00
Jack Grigg f376a61bb8 [book] Add macros, constraint tables, and region layout to Commit^ivk 
I also merged in content from a page I wrote independently while
reviewing the Action circuit PR, and made various cleanups to the
Markdown source.
 2021-07-26 02:05:35 +01:00
Daira Hopwood 4a5a4cc437 [book] merkle-crh.md: formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-26 02:05:35 +01:00
Daira Hopwood ed20d539b2 [book] merkle-crh.md: corrections. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-26 02:05:35 +01:00
Daira Hopwood 47a29f10aa [book] Document NoteCommit message decomposition & canonicity checks 2021-07-26 02:05:35 +01:00
Daira Hopwood 2846593937 [book] Document CommitIvk message decomposition & canonicity checks 2021-07-26 02:05:35 +01:00
Daira Hopwood 9708e296c8 [book] Document Merkle chip layout and message decomposition. 2021-07-26 02:05:35 +01:00
therealyingtong 5b63550f50 sinsemilla::note_commit: Check that g1_g2_prime < 2^130 instead of 2^140. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-25 21:56:55 +08:00
ying tong 9a44a14863
Merge pull request #160 from zcash/book-recombine-sinsemilla-selectors 
[book] Recombine Sinsemilla q_S1, q_S2, q_S3 selectors.
 2021-07-25 21:16:12 +08:00
therealyingtong d9351df544 sinsemilla::commit_ivk: Use 9 advice columns instead of 10 
Change the region layout to only use 9 advice columns instead of 10.
Also rename variables to match the book.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-25 21:10:13 +08:00
therealyingtong 5999d4be6d sinsemilla::commit_ivk.rs: Change z14_c -> z13_c 
This matches the constraint specified in the book.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-25 21:10:13 +08:00
therealyingtong 4d1cd2651a Return full running sum [z_0, ..., z_W] from lookup_range_check and decompose_running_sum. 
Previously, these two helpers were returning different outputs.
They have now been standardised to return only the full running
sum.

Note the z_0 is the original element being decomposed by the
helper.
 2021-07-25 21:10:13 +08:00
Jack Grigg 092cc389bb More small circuit optimisations 
- Placing the Poseidon `state` columns after the `partial_sbox` column
  instead of before it causes them to line up with vast stretch of free
  space, enabling the pad-and-add region to be layed out there.

- Using the `Region::assign_advice_from_constant` API to initialise the
  Poseidon state removes fixed-column contention between that region and
  fixed-base scalar multiplication, enabling it to also be layed out
  within the free space.
  - If https://github.com/zcash/halo2/issues/334 were implemented then
    this region would disappear.

- The overflow check in variable-base scalar mul is also moved into the
  columns with free space.
 2021-07-25 21:10:13 +08:00
therealyingtong 7af1ae5b52 note_commit: Decompose q_canon into two binary selectors. 
Previously, q_canon was a non-binary fixed column that was set to
either {1, 2}. It has been decomposed into two binary selectors.
 2021-07-25 21:10:13 +08:00