pub trait SinsemillaInstructions<C: CurveAffine, const K: usize, const MAX_WORDS: usize> {
type CellValue: Var<C::Base>;
type Message: From<Vec<Self::MessagePiece>>;
type MessagePiece: Clone + Debug;
type RunningSum;
type X;
type NonIdentityPoint: Clone + Debug;
type FixedPoints: FixedPoints<C>;
type HashDomains: HashDomains<C>;
type CommitDomains: CommitDomains<C, Self::FixedPoints, Self::HashDomains>;
fn witness_message_piece(
&self,
layouter: impl Layouter<C::Base>,
value: Option<C::Base>,
num_words: usize
) -> Result<Self::MessagePiece, Error>;
fn hash_to_point(
&self,
layouter: impl Layouter<C::Base>,
Q: C,
message: Self::Message
) -> Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>;
fn extract(point: &Self::NonIdentityPoint) -> Self::X;
}Expand description
The set of circuit instructions required to use the Sinsemilla gadget.
This trait is bounded on two constant parameters: K, the number of bits
in each word accepted by the Sinsemilla hash, and MAX_WORDS, the maximum
number of words that a single hash instance can process.
Required Associated Types
type Message: From<Vec<Self::MessagePiece>>
type Message: From<Vec<Self::MessagePiece>>
A message composed of Self::MessagePieces.
type MessagePiece: Clone + Debug
type MessagePiece: Clone + Debug
A piece in a message containing a number of K-bit words.
A Self::MessagePiece fits in a single base field element,
which means it can only contain up to N words, where
N*K <= C::Base::CAPACITY.
For example, in the case K = 10, CAPACITY = 254, we can fit
up to N = 25 words in a single base field element.
type RunningSum
type RunningSum
A cumulative sum z is used to decompose a Sinsemilla message. It
produces intermediate values for each word in the message, such
that z_next = (z_cur - word_next) / 2^K.
These intermediate values are useful for range checks on subsets of the Sinsemilla message. Sinsemilla messages in the Orchard protocol are composed of field elements, and we need to check the canonicity of the field element encodings in certain cases.
The x-coordinate of a point output of Self::hash_to_point.
type NonIdentityPoint: Clone + Debug
type NonIdentityPoint: Clone + Debug
A point output of Self::hash_to_point.
type FixedPoints: FixedPoints<C>
type FixedPoints: FixedPoints<C>
A type enumerating the fixed points used in CommitDomains.
type HashDomains: HashDomains<C>
type HashDomains: HashDomains<C>
HashDomains used in this instruction.
type CommitDomains: CommitDomains<C, Self::FixedPoints, Self::HashDomains>
type CommitDomains: CommitDomains<C, Self::FixedPoints, Self::HashDomains>
CommitDomains used in this instruction.
Required Methods
fn witness_message_piece(
&self,
layouter: impl Layouter<C::Base>,
value: Option<C::Base>,
num_words: usize
) -> Result<Self::MessagePiece, Error>
fn witness_message_piece(
&self,
layouter: impl Layouter<C::Base>,
value: Option<C::Base>,
num_words: usize
) -> Result<Self::MessagePiece, Error>
Witness a message piece given a field element. Returns a Self::MessagePiece
encoding the given message.
Panics
Panics if num_words exceed the maximum number of K-bit words that
can fit into a single base field element.
fn hash_to_point(
&self,
layouter: impl Layouter<C::Base>,
Q: C,
message: Self::Message
) -> Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>
fn hash_to_point(
&self,
layouter: impl Layouter<C::Base>,
Q: C,
message: Self::Message
) -> Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>
Hashes a message to an ECC curve point. This returns both the resulting point, as well as the message decomposition in the form of intermediate values in a cumulative sum.
fn extract(point: &Self::NonIdentityPoint) -> Self::X
fn extract(point: &Self::NonIdentityPoint) -> Self::X
Extracts the x-coordinate of the output of a Sinsemilla hash.