From 3beea4adb71fa879b6c0d7f97541ba67b5382be2 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Tue, 28 Feb 2023 22:21:37 +0000
Subject: [PATCH] Migrate to `ff 0.13`

Closes zcash/orchard#371.
---
 CHANGELOG.md               |  2 ++
 Cargo.toml                 | 12 ++++++++----
 src/bundle.rs              |  5 +++--
 src/circuit.rs             |  2 +-
 src/circuit/commit_ivk.rs  |  7 ++++---
 src/circuit/gadget.rs      |  3 +--
 src/circuit/note_commit.rs |  8 +++-----
 src/constants.rs           |  2 +-
 src/note/nullifier.rs      |  6 +++---
 src/spec.rs                |  8 ++++----
 src/value.rs               |  5 +++--
 11 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bd61c977..1902cd28 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@ and this project adheres to Rust's notion of
 
 ### Changed
 - MSRV is now 1.60.0.
+- Migrated to `ff 0.13`, `group 0.13`, `pasta_curves 0.5`, `halo2_proofs 0.3`,
+  `reddsa 0.5`.
 - `orchard::builder`:
   - `Builder::{add_spend, add_output}` now use concrete error types instead of
     `&'static str`s.
diff --git a/Cargo.toml b/Cargo.toml
index 61c12692..caed5100 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -26,18 +26,18 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 aes = "0.7"
 bitvec = "1"
 blake2b_simd = "1"
-ff = "0.12"
+ff = "0.13"
 fpe = "0.5"
-group = { version = "0.12.1", features = ["wnaf-memuse"] }
+group = { version = "0.13", features = ["wnaf-memuse"] }
 halo2_gadgets = "0.2"
 halo2_proofs = "0.2"
 hex = "0.4"
 lazy_static = "1"
 memuse = { version = "0.2.1", features = ["nonempty"] }
-pasta_curves = "0.4"
+pasta_curves = "0.5"
 proptest = { version = "1.0.0", optional = true }
 rand = "0.8"
-reddsa = "0.3"
+reddsa = "0.5"
 nonempty = "0.7"
 serde = { version = "1.0", features = ["derive"] }
 subtle = "2.3"
@@ -86,3 +86,7 @@ debug = true
 
 [profile.bench]
 debug = true
+
+[patch.crates-io]
+halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "35eb268e202d76721abde3d6e50e719ae9140605" }
+halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "35eb268e202d76721abde3d6e50e719ae9140605" }
diff --git a/src/bundle.rs b/src/bundle.rs
index 239cce7c..228b9d10 100644
--- a/src/bundle.rs
+++ b/src/bundle.rs
@@ -483,8 +483,9 @@ pub struct BundleAuthorizingCommitment(pub Blake2bHash);
 #[cfg(any(test, feature = "test-dependencies"))]
 #[cfg_attr(docsrs, doc(cfg(feature = "test-dependencies")))]
 pub mod testing {
+    use group::ff::FromUniformBytes;
     use nonempty::NonEmpty;
-    use pasta_curves::{arithmetic::FieldExt, pallas};
+    use pasta_curves::pallas;
     use rand::{rngs::StdRng, SeedableRng};
     use reddsa::orchard::SpendAuth;
 
@@ -572,7 +573,7 @@ pub mod testing {
             // Instead of rejecting out-of-range bytes, let's reduce them.
             let mut buf = [0; 64];
             buf[..32].copy_from_slice(&bytes);
-            pallas::Base::from_bytes_wide(&buf)
+            pallas::Base::from_uniform_bytes(&buf)
         }
     }
 
diff --git a/src/circuit.rs b/src/circuit.rs
index d349180e..fa41b833 100644
--- a/src/circuit.rs
+++ b/src/circuit.rs
@@ -1055,7 +1055,7 @@ mod tests {
         let expected_proof_size = {
             let circuit_cost =
                 halo2_proofs::dev::CircuitCost::<pasta_curves::vesta::Point, _>::measure(
-                    K as usize,
+                    K,
                     &circuits[0],
                 );
             assert_eq!(usize::from(circuit_cost.proof_size(1)), 4992);
diff --git a/src/circuit/commit_ivk.rs b/src/circuit/commit_ivk.rs
index 8001a0ac..d96876af 100644
--- a/src/circuit/commit_ivk.rs
+++ b/src/circuit/commit_ivk.rs
@@ -1,11 +1,12 @@
 use core::iter;
 
+use group::ff::{Field, PrimeField};
 use halo2_proofs::{
     circuit::{AssignedCell, Layouter, Value},
     plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
     poly::Rotation,
 };
-use pasta_curves::{arithmetic::FieldExt, pallas};
+use pasta_curves::pallas;
 
 use crate::constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains, T_P};
 use halo2_gadgets::{
@@ -667,7 +668,7 @@ mod tests {
         fixed_bases::COMMIT_IVK_PERSONALIZATION, OrchardCommitDomains, OrchardFixedBases,
         OrchardHashDomains, L_ORCHARD_BASE, T_Q,
     };
-    use group::ff::{Field, PrimeFieldBits};
+    use group::ff::{Field, PrimeField, PrimeFieldBits};
     use halo2_gadgets::{
         ecc::{
             chip::{EccChip, EccConfig},
@@ -684,7 +685,7 @@ mod tests {
         dev::MockProver,
         plonk::{Circuit, ConstraintSystem, Error},
     };
-    use pasta_curves::{arithmetic::FieldExt, pallas};
+    use pasta_curves::pallas;
     use rand::rngs::OsRng;
 
     #[test]
diff --git a/src/circuit/gadget.rs b/src/circuit/gadget.rs
index 21d24333..12c3c90e 100644
--- a/src/circuit/gadget.rs
+++ b/src/circuit/gadget.rs
@@ -20,7 +20,6 @@ use halo2_gadgets::{
     sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
 };
 use halo2_proofs::{
-    arithmetic::FieldExt,
     circuit::{AssignedCell, Chip, Layouter, Value},
     plonk::{self, Advice, Assigned, Column},
 };
@@ -78,7 +77,7 @@ impl super::Config {
 }
 
 /// An instruction set for adding two circuit words (field elements).
-pub(in crate::circuit) trait AddInstruction<F: FieldExt>: Chip<F> {
+pub(in crate::circuit) trait AddInstruction<F: Field>: Chip<F> {
     /// Constraints `a + b` and returns the sum.
     fn add(
         &self,
diff --git a/src/circuit/note_commit.rs b/src/circuit/note_commit.rs
index 1f4a3cec..3675b4fa 100644
--- a/src/circuit/note_commit.rs
+++ b/src/circuit/note_commit.rs
@@ -1,11 +1,12 @@
 use core::iter;
 
+use group::ff::PrimeField;
 use halo2_proofs::{
     circuit::{AssignedCell, Layouter, Value},
     plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
     poly::Rotation,
 };
-use pasta_curves::{arithmetic::FieldExt, pallas};
+use pasta_curves::pallas;
 
 use crate::{
     constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains, T_P},
@@ -2043,10 +2044,7 @@ mod tests {
         dev::MockProver,
         plonk::{Circuit, ConstraintSystem, Error},
     };
-    use pasta_curves::{
-        arithmetic::{CurveAffine, FieldExt},
-        pallas,
-    };
+    use pasta_curves::{arithmetic::CurveAffine, pallas};
 
     use rand::{rngs::OsRng, RngCore};
 
diff --git a/src/constants.rs b/src/constants.rs
index 5af82257..39fd3df5 100644
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -32,7 +32,7 @@ pub const KEY_DIVERSIFICATION_PERSONALIZATION: &str = "z.cash:Orchard-gd";
 #[cfg(test)]
 mod tests {
     use ff::PrimeField;
-    use pasta_curves::{arithmetic::FieldExt, pallas};
+    use pasta_curves::pallas;
 
     #[test]
     // Orchard uses the Pallas base field as its base field.
diff --git a/src/note/nullifier.rs b/src/note/nullifier.rs
index 591ea655..a18e77fe 100644
--- a/src/note/nullifier.rs
+++ b/src/note/nullifier.rs
@@ -66,8 +66,8 @@ impl Nullifier {
 #[cfg(any(test, feature = "test-dependencies"))]
 #[cfg_attr(docsrs, doc(cfg(feature = "test-dependencies")))]
 pub mod testing {
-    use group::Group;
-    use pasta_curves::{arithmetic::FieldExt, pallas};
+    use group::{ff::FromUniformBytes, Group};
+    use pasta_curves::pallas;
     use proptest::collection::vec;
     use proptest::prelude::*;
 
@@ -79,7 +79,7 @@ pub mod testing {
         pub fn arb_nullifier()(
             bytes in vec(any::<u8>(), 64)
         ) -> Nullifier {
-            let point = pallas::Point::generator() * pallas::Scalar::from_bytes_wide(&<[u8; 64]>::try_from(bytes).unwrap());
+            let point = pallas::Point::generator() * pallas::Scalar::from_uniform_bytes(&<[u8; 64]>::try_from(bytes).unwrap());
             Nullifier(extract_p(&point))
         }
     }
diff --git a/src/spec.rs b/src/spec.rs
index 3af8b97d..91ff2b29 100644
--- a/src/spec.rs
+++ b/src/spec.rs
@@ -3,10 +3,10 @@
 use core::iter;
 use core::ops::Deref;
 
-use ff::{Field, PrimeField, PrimeFieldBits};
+use ff::{Field, FromUniformBytes, PrimeField, PrimeFieldBits};
 use group::{Curve, Group, GroupEncoding, WnafBase, WnafScalar};
 use halo2_gadgets::{poseidon::primitives as poseidon, sinsemilla::primitives as sinsemilla};
-use halo2_proofs::arithmetic::{CurveAffine, CurveExt, FieldExt};
+use halo2_proofs::arithmetic::{CurveAffine, CurveExt};
 use memuse::DynamicUsage;
 use pasta_curves::pallas;
 use subtle::{ConditionallySelectable, CtOption};
@@ -176,7 +176,7 @@ impl PreparedNonZeroScalar {
 ///
 /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 pub(crate) fn to_base(x: [u8; 64]) -> pallas::Base {
-    pallas::Base::from_bytes_wide(&x)
+    pallas::Base::from_uniform_bytes(&x)
 }
 
 /// $\mathsf{ToScalar}^\mathsf{Orchard}(x) := LEOS2IP_{\ell_\mathsf{PRFexpand}}(x) (mod r_P)$
@@ -185,7 +185,7 @@ pub(crate) fn to_base(x: [u8; 64]) -> pallas::Base {
 ///
 /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 pub(crate) fn to_scalar(x: [u8; 64]) -> pallas::Scalar {
-    pallas::Scalar::from_bytes_wide(&x)
+    pallas::Scalar::from_uniform_bytes(&x)
 }
 
 /// Converts from pallas::Base to pallas::Scalar (aka $x \pmod{r_\mathbb{P}}$).
diff --git a/src/value.rs b/src/value.rs
index 1cef61c8..b20d8709 100644
--- a/src/value.rs
+++ b/src/value.rs
@@ -361,7 +361,8 @@ impl ValueCommitment {
 #[cfg(any(test, feature = "test-dependencies"))]
 #[cfg_attr(docsrs, doc(cfg(feature = "test-dependencies")))]
 pub mod testing {
-    use pasta_curves::{arithmetic::FieldExt, pallas};
+    use group::ff::FromUniformBytes;
+    use pasta_curves::pallas;
     use proptest::prelude::*;
 
     use super::{NoteValue, ValueCommitTrapdoor, ValueSum, MAX_NOTE_VALUE, VALUE_SUM_RANGE};
@@ -372,7 +373,7 @@ pub mod testing {
             // Instead of rejecting out-of-range bytes, let's reduce them.
             let mut buf = [0; 64];
             buf[..32].copy_from_slice(&bytes);
-            pallas::Scalar::from_bytes_wide(&buf)
+            pallas::Scalar::from_uniform_bytes(&buf)
         }
     }