mirror of https://github.com/zcash/orchard.git
circuit: Rotate`q_mul_lsb` selector up by one row
This ensures the "LSB check" gate only queries `cur` and `next` rows.
This commit is contained in:
parent
16e9076080
commit
0009070358
|
@ -99,12 +99,12 @@ impl Config {
|
|||
meta.create_gate("LSB check", |meta| {
|
||||
let q_mul_lsb = meta.query_selector(self.q_mul_lsb);
|
||||
|
||||
let z_1 = meta.query_advice(self.complete_config.z_complete, Rotation::prev());
|
||||
let z_0 = meta.query_advice(self.complete_config.z_complete, Rotation::cur());
|
||||
let x_p = meta.query_advice(self.add_config.x_p, Rotation::prev());
|
||||
let y_p = meta.query_advice(self.add_config.y_p, Rotation::prev());
|
||||
let base_x = meta.query_advice(self.add_config.x_p, Rotation::cur());
|
||||
let base_y = meta.query_advice(self.add_config.y_p, Rotation::cur());
|
||||
let z_1 = meta.query_advice(self.complete_config.z_complete, Rotation::cur());
|
||||
let z_0 = meta.query_advice(self.complete_config.z_complete, Rotation::next());
|
||||
let x_p = meta.query_advice(self.add_config.x_p, Rotation::cur());
|
||||
let y_p = meta.query_advice(self.add_config.y_p, Rotation::cur());
|
||||
let base_x = meta.query_advice(self.add_config.x_p, Rotation::next());
|
||||
let base_y = meta.query_advice(self.add_config.y_p, Rotation::next());
|
||||
|
||||
// z_0 = 2 * z_1 + k_0
|
||||
// => k_0 = z_0 - 2 * z_1
|
||||
|
@ -275,8 +275,8 @@ impl Config {
|
|||
/// addition subregion.
|
||||
///
|
||||
/// ```text
|
||||
/// | x_p | y_p | acc_x | acc_y | complete addition | z_1 |
|
||||
/// |base_x|base_y| res_x | res_y | | | | | | z_0 | q_mul_lsb = 1
|
||||
/// | x_p | y_p | acc_x | acc_y | complete addition | z_1 | q_mul_lsb = 1
|
||||
/// |base_x|base_y| res_x | res_y | | | | | | z_0 |
|
||||
/// ```
|
||||
fn process_lsb(
|
||||
&self,
|
||||
|
@ -288,7 +288,7 @@ impl Config {
|
|||
lsb: Option<bool>,
|
||||
) -> Result<(EccPoint, Z<pallas::Base>), Error> {
|
||||
// Enforce switching logic on LSB using a custom gate
|
||||
self.q_mul_lsb.enable(region, offset + 1)?;
|
||||
self.q_mul_lsb.enable(region, offset)?;
|
||||
|
||||
// z_1 has been assigned at (z_complete, offset).
|
||||
// Assign z_0 = 2⋅z_1 + k_0
|
||||
|
|
Loading…
Reference in New Issue