zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

circuit: Rotate`q_mul_lsb` selector up by one row 

This ensures the "LSB check" gate only queries `cur` and `next` rows.
This commit is contained in:
Jack Grigg 2021-07-29 14:54:36 +01:00
parent 16e9076080
commit 0009070358
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/circuit/gadget/ecc/chip/mul.rs
View File

@ -99,12 +99,12 @@ impl Config {
meta.create_gate("LSB check", |meta| {
let q_mul_lsb = meta.query_selector(self.q_mul_lsb);
let z_1 = meta.query_advice(self.complete_config.z_complete, Rotation::prev());
let z_0 = meta.query_advice(self.complete_config.z_complete, Rotation::cur());
let x_p = meta.query_advice(self.add_config.x_p, Rotation::prev());
let y_p = meta.query_advice(self.add_config.y_p, Rotation::prev());
let base_x = meta.query_advice(self.add_config.x_p, Rotation::cur());
let base_y = meta.query_advice(self.add_config.y_p, Rotation::cur());
let z_1 = meta.query_advice(self.complete_config.z_complete, Rotation::cur());
let z_0 = meta.query_advice(self.complete_config.z_complete, Rotation::next());
let x_p = meta.query_advice(self.add_config.x_p, Rotation::cur());
let y_p = meta.query_advice(self.add_config.y_p, Rotation::cur());
let base_x = meta.query_advice(self.add_config.x_p, Rotation::next());
let base_y = meta.query_advice(self.add_config.y_p, Rotation::next());
// z_0 = 2 * z_1 + k_0
// => k_0 = z_0 - 2 * z_1
@ -275,8 +275,8 @@ impl Config {
/// addition subregion.
///
/// ```text
/// | x_p | y_p | acc_x | acc_y | complete addition | z_1 |
/// |base_x|base_y| res_x | res_y | | | | | | z_0 | q_mul_lsb = 1
/// | x_p | y_p | acc_x | acc_y | complete addition | z_1 | q_mul_lsb = 1
/// |base_x|base_y| res_x | res_y | | | | | | z_0 |
/// ```
fn process_lsb(
&self,
@ -288,7 +288,7 @@ impl Config {
lsb: Option<bool>,
) -> Result<(EccPoint, Z<pallas::Base>), Error> {
// Enforce switching logic on LSB using a custom gate
self.q_mul_lsb.enable(region, offset + 1)?;
self.q_mul_lsb.enable(region, offset)?;
// z_1 has been assigned at (z_complete, offset).
// Assign z_0 = 2⋅z_1 + k_0