zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Migrate to `halo2::plonk::Constraints` helper

This commit is contained in:
Jack Grigg 2022-04-28 17:29:49 +00:00
parent fbeaff4fd2
commit 52449ef88f
4 changed files with 96 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.toml
View File

@ -80,3 +80,7 @@ debug = true
[profile.bench]
debug = true
[patch.crates-io]
halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "0c33fa4e6e41464884765c8fb4cefebafd300ca2" }
halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "0c33fa4e6e41464884765c8fb4cefebafd300ca2" }

39
src/circuit.rs
View File

@ -6,7 +6,8 @@ use group::{Curve, GroupEncoding};
use halo2_proofs::{
circuit::{floor_planner, AssignedCell, Layouter},
plonk::{
self, Advice, Column, Expression, Instance as InstanceColumn, Selector, SingleVerifier,
self, Advice, Column, Constraints, Expression, Instance as InstanceColumn, Selector,
SingleVerifier,
},
poly::Rotation,
transcript::{Blake2bRead, Blake2bWrite},
@ -161,22 +162,24 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let not_enable_spends = one.clone() - meta.query_advice(advices[6], Rotation::cur());
let not_enable_outputs = one - meta.query_advice(advices[7], Rotation::cur());
[
(
"v_old - v_new = magnitude * sign",
v_old.clone() - v_new.clone() - magnitude * sign,
),
(
"Either v_old = 0, or anchor equals public input",
v_old.clone() * (anchor - pub_input_anchor),
),
("v_old = 0 or enable_spends = 1", v_old * not_enable_spends),
(
"v_new = 0 or enable_outputs = 1",
v_new * not_enable_outputs,
),
]
.map(move |(name, poly)| (name, q_orchard.clone() * poly))
Constraints::with_selector(
q_orchard,
[
(
"v_old - v_new = magnitude * sign",
v_old.clone() - v_new.clone() - magnitude * sign,
),
(
"Either v_old = 0, or anchor equals public input",
v_old.clone() * (anchor - pub_input_anchor),
),
("v_old = 0 or enable_spends = 1", v_old * not_enable_spends),
(
"v_new = 0 or enable_outputs = 1",
v_new * not_enable_outputs,
),
],
)
});
// Addition of two field elements poseidon_hash(nk, rho_old) + psi_old.
@ -187,7 +190,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let hash_old = meta.query_advice(advices[7], Rotation::cur());
let psi_old = meta.query_advice(advices[8], Rotation::cur());
vec![q_add * (hash_old + psi_old - sum)]
Constraints::with_selector(q_add, Some(hash_old + psi_old - sum))
});
// Fixed columns for the Sinsemilla generator lookup table

24
src/circuit/commit_ivk.rs
View File

@ -1,6 +1,6 @@
use halo2_proofs::{
circuit::{AssignedCell, Layouter},
plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
poly::Rotation,
};
use pasta_curves::{arithmetic::FieldExt, pallas};
@ -205,16 +205,18 @@ impl CommitIvkConfig {
.chain(Some(("z14_b2_c_prime", z14_b2_c_prime)))
};
std::iter::empty()
.chain(Some(("b1_bool_check", b1_bool_check)))
.chain(Some(("d1_bool_check", d1_bool_check)))
.chain(Some(("b_decomposition_check", b_decomposition_check)))
.chain(Some(("d_decomposition_check", d_decomposition_check)))
.chain(Some(("ak_decomposition_check", ak_decomposition_check)))
.chain(Some(("nk_decomposition_check", nk_decomposition_check)))
.chain(ak_canonicity_checks)
.chain(nk_canonicity_checks)
.map(move |(name, poly)| (name, q_commit_ivk.clone() * poly))
Constraints::with_selector(
q_commit_ivk,
std::iter::empty()
.chain(Some(("b1_bool_check", b1_bool_check)))
.chain(Some(("d1_bool_check", d1_bool_check)))
.chain(Some(("b_decomposition_check", b_decomposition_check)))
.chain(Some(("d_decomposition_check", d_decomposition_check)))
.chain(Some(("ak_decomposition_check", ak_decomposition_check)))
.chain(Some(("nk_decomposition_check", nk_decomposition_check)))
.chain(ak_canonicity_checks)
.chain(nk_canonicity_checks),
)
});
config

106
src/circuit/note_commit.rs
View File

@ -1,6 +1,6 @@
use halo2_proofs::{
circuit::{AssignedCell, Layouter},
plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
poly::Rotation,
};
use pasta_curves::{arithmetic::FieldExt, pallas};
@ -143,11 +143,13 @@ impl NoteCommitConfig {
let decomposition_check =
b - (b_0 + b_1.clone() * two_pow_4 + b_2.clone() * two_pow_5 + b_3 * two_pow_6);
std::iter::empty()
.chain(Some(("bool_check b_1", bool_check(b_1))))
.chain(Some(("bool_check b_2", bool_check(b_2))))
.chain(Some(("decomposition", decomposition_check)))
.map(move |(name, poly)| (name, q_notecommit_b.clone() * poly))
Constraints::with_selector(
q_notecommit_b,
std::iter::empty()
.chain(Some(("bool_check b_1", bool_check(b_1))))
.chain(Some(("bool_check b_2", bool_check(b_2))))
.chain(Some(("decomposition", decomposition_check))),
)
});
// | A_6 | A_7 | A_8 | q_notecommit_d |
@ -172,11 +174,13 @@ impl NoteCommitConfig {
let decomposition_check =
d - (d_0.clone() + d_1.clone() * two + d_2 * two_pow_2 + d_3 * two_pow_10);
std::iter::empty()
.chain(Some(("bool_check d_0", bool_check(d_0))))
.chain(Some(("bool_check d_1", bool_check(d_1))))
.chain(Some(("decomposition", decomposition_check)))
.map(move |(name, poly)| (name, q_notecommit_d.clone() * poly))
Constraints::with_selector(
q_notecommit_d,
std::iter::empty()
.chain(Some(("bool_check d_0", bool_check(d_0))))
.chain(Some(("bool_check d_1", bool_check(d_1))))
.chain(Some(("decomposition", decomposition_check))),
)
});
// | A_6 | A_7 | A_8 | q_notecommit_e |
@ -195,9 +199,7 @@ impl NoteCommitConfig {
// e = e_0 + (2^6) e_1
let decomposition_check = e - (e_0 + e_1 * two_pow_6);
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.map(move |(name, poly)| (name, q_notecommit_e.clone() * poly))
Constraints::with_selector(q_notecommit_e, Some(("decomposition", decomposition_check)))
});
// | A_6 | A_7 | q_notecommit_g |
@ -219,10 +221,12 @@ impl NoteCommitConfig {
// g = g_0 + (2) g_1 + (2^10) g_2
let decomposition_check = g - (g_0.clone() + g_1 * two + g_2 * two_pow_10);
std::iter::empty()
.chain(Some(("bool_check g_0", bool_check(g_0))))
.chain(Some(("decomposition", decomposition_check)))
.map(move |(name, poly)| (name, q_notecommit_g.clone() * poly))
Constraints::with_selector(
q_notecommit_g,
std::iter::empty()
.chain(Some(("bool_check g_0", bool_check(g_0))))
.chain(Some(("decomposition", decomposition_check))),
)
});
// | A_6 | A_7 | A_8 | q_notecommit_h |
@ -241,10 +245,12 @@ impl NoteCommitConfig {
// h = h_0 + (2^5) h_1
let decomposition_check = h - (h_0 + h_1.clone() * two_pow_5);
std::iter::empty()
.chain(Some(("bool_check h_1", bool_check(h_1))))
.chain(Some(("decomposition", decomposition_check)))
.map(move |(name, poly)| (name, q_notecommit_h.clone() * poly))
Constraints::with_selector(
q_notecommit_h,
std::iter::empty()
.chain(Some(("bool_check h_1", bool_check(h_1))))
.chain(Some(("decomposition", decomposition_check))),
)
});
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_g_d |
@ -285,11 +291,13 @@ impl NoteCommitConfig {
.chain(Some(("b_1 = 1 => z13_a_prime", z13_a_prime)))
.map(move |(name, poly)| (name, b_1.clone() * poly));
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("a_prime_check", a_prime_check)))
.chain(canonicity_checks)
.map(move |(name, poly)| (name, q_notecommit_g_d.clone() * poly))
Constraints::with_selector(
q_notecommit_g_d,
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("a_prime_check", a_prime_check)))
.chain(canonicity_checks),
)
});
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_pk_d |
@ -330,11 +338,13 @@ impl NoteCommitConfig {
.chain(Some(("d_0 = 1 => z14_b3_c_prime", z14_b3_c_prime)))
.map(move |(name, poly)| (name, d_0.clone() * poly));
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("b3_c_prime_check", b3_c_prime_check)))
.chain(canonicity_checks)
.map(move |(name, poly)| (name, q_notecommit_pk_d.clone() * poly))
Constraints::with_selector(
q_notecommit_pk_d,
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("b3_c_prime_check", b3_c_prime_check)))
.chain(canonicity_checks),
)
});
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_value |
@ -355,9 +365,7 @@ impl NoteCommitConfig {
// value = d_2 + (2^8)d_3 + (2^58)e_0
let value_check = d_2 + d_3 * two_pow_8 + e_0 * two_pow_58 - value;
std::iter::empty()
.chain(Some(("value_check", value_check)))
.map(move |(name, poly)| (name, q_notecommit_value.clone() * poly))
Constraints::with_selector(q_notecommit_value, Some(("value_check", value_check)))
});
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_rho |
@ -396,11 +404,13 @@ impl NoteCommitConfig {
.chain(Some(("g_0 = 1 => z14_e1_f_prime", z14_e1_f_prime)))
.map(move |(name, poly)| (name, g_0.clone() * poly));
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("e1_f_prime_check", e1_f_prime_check)))
.chain(canonicity_checks)
.map(move |(name, poly)| (name, q_notecommit_rho.clone() * poly))
Constraints::with_selector(
q_notecommit_rho,
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("e1_f_prime_check", e1_f_prime_check)))
.chain(canonicity_checks),
)
});
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_psi |
@ -444,11 +454,13 @@ impl NoteCommitConfig {
.chain(Some(("h_1 = 1 => z13_g1_g2_prime", z13_g1_g2_prime)))
.map(move |(name, poly)| (name, h_1.clone() * poly));
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("g1_g2_prime_check", g1_g2_prime_check)))
.chain(canonicity_checks)
.map(move |(name, poly)| (name, q_notecommit_psi.clone() * poly))
Constraints::with_selector(
q_notecommit_psi,
std::iter::empty()
.chain(Some(("decomposition", decomposition_check)))
.chain(Some(("g1_g2_prime_check", g1_g2_prime_check)))
.chain(canonicity_checks),
)
});
/*
@ -516,9 +528,7 @@ impl NoteCommitConfig {
.map(move |(name, poly)| (name, k_3.clone() * poly))
};
decomposition_checks
.chain(canonicity_checks)
.map(move |(name, poly)| (name, q_y_canon.clone() * poly))
Constraints::with_selector(q_y_canon, decomposition_checks.chain(canonicity_checks))
});
config