pub trait SinsemillaInstructions<C: CurveAffine, const K: usize, const MAX_WORDS: usize> {
type CellValue: Var<C::Base>;
type Message: From<Vec<Self::MessagePiece>>;
type MessagePiece: Clone + Debug;
type RunningSum;
type X;
type NonIdentityPoint: Clone + Debug;
type FixedPoints: FixedPoints<C>;
type HashDomains: HashDomains<C>;
type CommitDomains: CommitDomains<C, Self::FixedPoints, Self::HashDomains>;
fn witness_message_piece(
&self,
layouter: impl Layouter<C::Base>,
value: Value<C::Base>,
num_words: usize
) -> Result<Self::MessagePiece, Error>;
fn hash_to_point(
&self,
layouter: impl Layouter<C::Base>,
Q: C,
message: Self::Message
) -> Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>;
fn extract(point: &Self::NonIdentityPoint) -> Self::X;
}
Expand description
The set of circuit instructions required to use the Sinsemilla
gadget.
This trait is bounded on two constant parameters: K
, the number of bits
in each word accepted by the Sinsemilla hash, and MAX_WORDS
, the maximum
number of words that a single hash instance can process.
Required Associated Types
sourcetype Message: From<Vec<Self::MessagePiece>>
type Message: From<Vec<Self::MessagePiece>>
A message composed of Self::MessagePiece
s.
sourcetype MessagePiece: Clone + Debug
type MessagePiece: Clone + Debug
A piece in a message containing a number of K
-bit words.
A Self::MessagePiece
fits in a single base field element,
which means it can only contain up to N
words, where
N*K <= C::Base::CAPACITY
.
For example, in the case K = 10
, CAPACITY = 254
, we can fit
up to N = 25
words in a single base field element.
sourcetype RunningSum
type RunningSum
A cumulative sum z
is used to decompose a Sinsemilla message. It
produces intermediate values for each word in the message, such
that z_next
= (z_cur
- word_next
) / 2^K
.
These intermediate values are useful for range checks on subsets of the Sinsemilla message. Sinsemilla messages in the Orchard protocol are composed of field elements, and we need to check the canonicity of the field element encodings in certain cases.
The x-coordinate of a point output of Self::hash_to_point
.
sourcetype NonIdentityPoint: Clone + Debug
type NonIdentityPoint: Clone + Debug
A point output of Self::hash_to_point
.
sourcetype FixedPoints: FixedPoints<C>
type FixedPoints: FixedPoints<C>
A type enumerating the fixed points used in CommitDomains
.
sourcetype HashDomains: HashDomains<C>
type HashDomains: HashDomains<C>
HashDomains used in this instruction.
sourcetype CommitDomains: CommitDomains<C, Self::FixedPoints, Self::HashDomains>
type CommitDomains: CommitDomains<C, Self::FixedPoints, Self::HashDomains>
CommitDomains used in this instruction.
Required Methods
sourcefn witness_message_piece(
&self,
layouter: impl Layouter<C::Base>,
value: Value<C::Base>,
num_words: usize
) -> Result<Self::MessagePiece, Error>
fn witness_message_piece(
&self,
layouter: impl Layouter<C::Base>,
value: Value<C::Base>,
num_words: usize
) -> Result<Self::MessagePiece, Error>
Witness a message piece given a field element. Returns a Self::MessagePiece
encoding the given message.
Panics
Panics if num_words
exceed the maximum number of K
-bit words that
can fit into a single base field element.
sourcefn hash_to_point(
&self,
layouter: impl Layouter<C::Base>,
Q: C,
message: Self::Message
) -> Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>
fn hash_to_point(
&self,
layouter: impl Layouter<C::Base>,
Q: C,
message: Self::Message
) -> Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>
Hashes a message to an ECC curve point. This returns both the resulting point, as well as the message decomposition in the form of intermediate values in a cumulative sum.
sourcefn extract(point: &Self::NonIdentityPoint) -> Self::X
fn extract(point: &Self::NonIdentityPoint) -> Self::X
Extracts the x-coordinate of the output of a Sinsemilla hash.