mirror of https://github.com/zcash/orchard.git
Migrate to `halo2::plonk::Constraints` helper
This commit is contained in:
parent
fbeaff4fd2
commit
52449ef88f
|
@ -80,3 +80,7 @@ debug = true
|
||||||
|
|
||||||
[profile.bench]
|
[profile.bench]
|
||||||
debug = true
|
debug = true
|
||||||
|
|
||||||
|
[patch.crates-io]
|
||||||
|
halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "0c33fa4e6e41464884765c8fb4cefebafd300ca2" }
|
||||||
|
halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "0c33fa4e6e41464884765c8fb4cefebafd300ca2" }
|
||||||
|
|
|
@ -6,7 +6,8 @@ use group::{Curve, GroupEncoding};
|
||||||
use halo2_proofs::{
|
use halo2_proofs::{
|
||||||
circuit::{floor_planner, AssignedCell, Layouter},
|
circuit::{floor_planner, AssignedCell, Layouter},
|
||||||
plonk::{
|
plonk::{
|
||||||
self, Advice, Column, Expression, Instance as InstanceColumn, Selector, SingleVerifier,
|
self, Advice, Column, Constraints, Expression, Instance as InstanceColumn, Selector,
|
||||||
|
SingleVerifier,
|
||||||
},
|
},
|
||||||
poly::Rotation,
|
poly::Rotation,
|
||||||
transcript::{Blake2bRead, Blake2bWrite},
|
transcript::{Blake2bRead, Blake2bWrite},
|
||||||
|
@ -161,22 +162,24 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
||||||
let not_enable_spends = one.clone() - meta.query_advice(advices[6], Rotation::cur());
|
let not_enable_spends = one.clone() - meta.query_advice(advices[6], Rotation::cur());
|
||||||
let not_enable_outputs = one - meta.query_advice(advices[7], Rotation::cur());
|
let not_enable_outputs = one - meta.query_advice(advices[7], Rotation::cur());
|
||||||
|
|
||||||
[
|
Constraints::with_selector(
|
||||||
(
|
q_orchard,
|
||||||
"v_old - v_new = magnitude * sign",
|
[
|
||||||
v_old.clone() - v_new.clone() - magnitude * sign,
|
(
|
||||||
),
|
"v_old - v_new = magnitude * sign",
|
||||||
(
|
v_old.clone() - v_new.clone() - magnitude * sign,
|
||||||
"Either v_old = 0, or anchor equals public input",
|
),
|
||||||
v_old.clone() * (anchor - pub_input_anchor),
|
(
|
||||||
),
|
"Either v_old = 0, or anchor equals public input",
|
||||||
("v_old = 0 or enable_spends = 1", v_old * not_enable_spends),
|
v_old.clone() * (anchor - pub_input_anchor),
|
||||||
(
|
),
|
||||||
"v_new = 0 or enable_outputs = 1",
|
("v_old = 0 or enable_spends = 1", v_old * not_enable_spends),
|
||||||
v_new * not_enable_outputs,
|
(
|
||||||
),
|
"v_new = 0 or enable_outputs = 1",
|
||||||
]
|
v_new * not_enable_outputs,
|
||||||
.map(move |(name, poly)| (name, q_orchard.clone() * poly))
|
),
|
||||||
|
],
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// Addition of two field elements poseidon_hash(nk, rho_old) + psi_old.
|
// Addition of two field elements poseidon_hash(nk, rho_old) + psi_old.
|
||||||
|
@ -187,7 +190,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
||||||
let hash_old = meta.query_advice(advices[7], Rotation::cur());
|
let hash_old = meta.query_advice(advices[7], Rotation::cur());
|
||||||
let psi_old = meta.query_advice(advices[8], Rotation::cur());
|
let psi_old = meta.query_advice(advices[8], Rotation::cur());
|
||||||
|
|
||||||
vec![q_add * (hash_old + psi_old - sum)]
|
Constraints::with_selector(q_add, Some(hash_old + psi_old - sum))
|
||||||
});
|
});
|
||||||
|
|
||||||
// Fixed columns for the Sinsemilla generator lookup table
|
// Fixed columns for the Sinsemilla generator lookup table
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
use halo2_proofs::{
|
use halo2_proofs::{
|
||||||
circuit::{AssignedCell, Layouter},
|
circuit::{AssignedCell, Layouter},
|
||||||
plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
|
plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
|
||||||
poly::Rotation,
|
poly::Rotation,
|
||||||
};
|
};
|
||||||
use pasta_curves::{arithmetic::FieldExt, pallas};
|
use pasta_curves::{arithmetic::FieldExt, pallas};
|
||||||
|
@ -205,16 +205,18 @@ impl CommitIvkConfig {
|
||||||
.chain(Some(("z14_b2_c_prime", z14_b2_c_prime)))
|
.chain(Some(("z14_b2_c_prime", z14_b2_c_prime)))
|
||||||
};
|
};
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("b1_bool_check", b1_bool_check)))
|
q_commit_ivk,
|
||||||
.chain(Some(("d1_bool_check", d1_bool_check)))
|
std::iter::empty()
|
||||||
.chain(Some(("b_decomposition_check", b_decomposition_check)))
|
.chain(Some(("b1_bool_check", b1_bool_check)))
|
||||||
.chain(Some(("d_decomposition_check", d_decomposition_check)))
|
.chain(Some(("d1_bool_check", d1_bool_check)))
|
||||||
.chain(Some(("ak_decomposition_check", ak_decomposition_check)))
|
.chain(Some(("b_decomposition_check", b_decomposition_check)))
|
||||||
.chain(Some(("nk_decomposition_check", nk_decomposition_check)))
|
.chain(Some(("d_decomposition_check", d_decomposition_check)))
|
||||||
.chain(ak_canonicity_checks)
|
.chain(Some(("ak_decomposition_check", ak_decomposition_check)))
|
||||||
.chain(nk_canonicity_checks)
|
.chain(Some(("nk_decomposition_check", nk_decomposition_check)))
|
||||||
.map(move |(name, poly)| (name, q_commit_ivk.clone() * poly))
|
.chain(ak_canonicity_checks)
|
||||||
|
.chain(nk_canonicity_checks),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
config
|
config
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
use halo2_proofs::{
|
use halo2_proofs::{
|
||||||
circuit::{AssignedCell, Layouter},
|
circuit::{AssignedCell, Layouter},
|
||||||
plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
|
plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
|
||||||
poly::Rotation,
|
poly::Rotation,
|
||||||
};
|
};
|
||||||
use pasta_curves::{arithmetic::FieldExt, pallas};
|
use pasta_curves::{arithmetic::FieldExt, pallas};
|
||||||
|
@ -143,11 +143,13 @@ impl NoteCommitConfig {
|
||||||
let decomposition_check =
|
let decomposition_check =
|
||||||
b - (b_0 + b_1.clone() * two_pow_4 + b_2.clone() * two_pow_5 + b_3 * two_pow_6);
|
b - (b_0 + b_1.clone() * two_pow_4 + b_2.clone() * two_pow_5 + b_3 * two_pow_6);
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("bool_check b_1", bool_check(b_1))))
|
q_notecommit_b,
|
||||||
.chain(Some(("bool_check b_2", bool_check(b_2))))
|
std::iter::empty()
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
.chain(Some(("bool_check b_1", bool_check(b_1))))
|
||||||
.map(move |(name, poly)| (name, q_notecommit_b.clone() * poly))
|
.chain(Some(("bool_check b_2", bool_check(b_2))))
|
||||||
|
.chain(Some(("decomposition", decomposition_check))),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | q_notecommit_d |
|
// | A_6 | A_7 | A_8 | q_notecommit_d |
|
||||||
|
@ -172,11 +174,13 @@ impl NoteCommitConfig {
|
||||||
let decomposition_check =
|
let decomposition_check =
|
||||||
d - (d_0.clone() + d_1.clone() * two + d_2 * two_pow_2 + d_3 * two_pow_10);
|
d - (d_0.clone() + d_1.clone() * two + d_2 * two_pow_2 + d_3 * two_pow_10);
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("bool_check d_0", bool_check(d_0))))
|
q_notecommit_d,
|
||||||
.chain(Some(("bool_check d_1", bool_check(d_1))))
|
std::iter::empty()
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
.chain(Some(("bool_check d_0", bool_check(d_0))))
|
||||||
.map(move |(name, poly)| (name, q_notecommit_d.clone() * poly))
|
.chain(Some(("bool_check d_1", bool_check(d_1))))
|
||||||
|
.chain(Some(("decomposition", decomposition_check))),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | q_notecommit_e |
|
// | A_6 | A_7 | A_8 | q_notecommit_e |
|
||||||
|
@ -195,9 +199,7 @@ impl NoteCommitConfig {
|
||||||
// e = e_0 + (2^6) e_1
|
// e = e_0 + (2^6) e_1
|
||||||
let decomposition_check = e - (e_0 + e_1 * two_pow_6);
|
let decomposition_check = e - (e_0 + e_1 * two_pow_6);
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(q_notecommit_e, Some(("decomposition", decomposition_check)))
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
|
||||||
.map(move |(name, poly)| (name, q_notecommit_e.clone() * poly))
|
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | q_notecommit_g |
|
// | A_6 | A_7 | q_notecommit_g |
|
||||||
|
@ -219,10 +221,12 @@ impl NoteCommitConfig {
|
||||||
// g = g_0 + (2) g_1 + (2^10) g_2
|
// g = g_0 + (2) g_1 + (2^10) g_2
|
||||||
let decomposition_check = g - (g_0.clone() + g_1 * two + g_2 * two_pow_10);
|
let decomposition_check = g - (g_0.clone() + g_1 * two + g_2 * two_pow_10);
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("bool_check g_0", bool_check(g_0))))
|
q_notecommit_g,
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
std::iter::empty()
|
||||||
.map(move |(name, poly)| (name, q_notecommit_g.clone() * poly))
|
.chain(Some(("bool_check g_0", bool_check(g_0))))
|
||||||
|
.chain(Some(("decomposition", decomposition_check))),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | q_notecommit_h |
|
// | A_6 | A_7 | A_8 | q_notecommit_h |
|
||||||
|
@ -241,10 +245,12 @@ impl NoteCommitConfig {
|
||||||
// h = h_0 + (2^5) h_1
|
// h = h_0 + (2^5) h_1
|
||||||
let decomposition_check = h - (h_0 + h_1.clone() * two_pow_5);
|
let decomposition_check = h - (h_0 + h_1.clone() * two_pow_5);
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("bool_check h_1", bool_check(h_1))))
|
q_notecommit_h,
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
std::iter::empty()
|
||||||
.map(move |(name, poly)| (name, q_notecommit_h.clone() * poly))
|
.chain(Some(("bool_check h_1", bool_check(h_1))))
|
||||||
|
.chain(Some(("decomposition", decomposition_check))),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_g_d |
|
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_g_d |
|
||||||
|
@ -285,11 +291,13 @@ impl NoteCommitConfig {
|
||||||
.chain(Some(("b_1 = 1 => z13_a_prime", z13_a_prime)))
|
.chain(Some(("b_1 = 1 => z13_a_prime", z13_a_prime)))
|
||||||
.map(move |(name, poly)| (name, b_1.clone() * poly));
|
.map(move |(name, poly)| (name, b_1.clone() * poly));
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
q_notecommit_g_d,
|
||||||
.chain(Some(("a_prime_check", a_prime_check)))
|
std::iter::empty()
|
||||||
.chain(canonicity_checks)
|
.chain(Some(("decomposition", decomposition_check)))
|
||||||
.map(move |(name, poly)| (name, q_notecommit_g_d.clone() * poly))
|
.chain(Some(("a_prime_check", a_prime_check)))
|
||||||
|
.chain(canonicity_checks),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_pk_d |
|
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_pk_d |
|
||||||
|
@ -330,11 +338,13 @@ impl NoteCommitConfig {
|
||||||
.chain(Some(("d_0 = 1 => z14_b3_c_prime", z14_b3_c_prime)))
|
.chain(Some(("d_0 = 1 => z14_b3_c_prime", z14_b3_c_prime)))
|
||||||
.map(move |(name, poly)| (name, d_0.clone() * poly));
|
.map(move |(name, poly)| (name, d_0.clone() * poly));
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
q_notecommit_pk_d,
|
||||||
.chain(Some(("b3_c_prime_check", b3_c_prime_check)))
|
std::iter::empty()
|
||||||
.chain(canonicity_checks)
|
.chain(Some(("decomposition", decomposition_check)))
|
||||||
.map(move |(name, poly)| (name, q_notecommit_pk_d.clone() * poly))
|
.chain(Some(("b3_c_prime_check", b3_c_prime_check)))
|
||||||
|
.chain(canonicity_checks),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_value |
|
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_value |
|
||||||
|
@ -355,9 +365,7 @@ impl NoteCommitConfig {
|
||||||
// value = d_2 + (2^8)d_3 + (2^58)e_0
|
// value = d_2 + (2^8)d_3 + (2^58)e_0
|
||||||
let value_check = d_2 + d_3 * two_pow_8 + e_0 * two_pow_58 - value;
|
let value_check = d_2 + d_3 * two_pow_8 + e_0 * two_pow_58 - value;
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(q_notecommit_value, Some(("value_check", value_check)))
|
||||||
.chain(Some(("value_check", value_check)))
|
|
||||||
.map(move |(name, poly)| (name, q_notecommit_value.clone() * poly))
|
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_rho |
|
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_rho |
|
||||||
|
@ -396,11 +404,13 @@ impl NoteCommitConfig {
|
||||||
.chain(Some(("g_0 = 1 => z14_e1_f_prime", z14_e1_f_prime)))
|
.chain(Some(("g_0 = 1 => z14_e1_f_prime", z14_e1_f_prime)))
|
||||||
.map(move |(name, poly)| (name, g_0.clone() * poly));
|
.map(move |(name, poly)| (name, g_0.clone() * poly));
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
q_notecommit_rho,
|
||||||
.chain(Some(("e1_f_prime_check", e1_f_prime_check)))
|
std::iter::empty()
|
||||||
.chain(canonicity_checks)
|
.chain(Some(("decomposition", decomposition_check)))
|
||||||
.map(move |(name, poly)| (name, q_notecommit_rho.clone() * poly))
|
.chain(Some(("e1_f_prime_check", e1_f_prime_check)))
|
||||||
|
.chain(canonicity_checks),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_psi |
|
// | A_6 | A_7 | A_8 | A_9 | q_notecommit_psi |
|
||||||
|
@ -444,11 +454,13 @@ impl NoteCommitConfig {
|
||||||
.chain(Some(("h_1 = 1 => z13_g1_g2_prime", z13_g1_g2_prime)))
|
.chain(Some(("h_1 = 1 => z13_g1_g2_prime", z13_g1_g2_prime)))
|
||||||
.map(move |(name, poly)| (name, h_1.clone() * poly));
|
.map(move |(name, poly)| (name, h_1.clone() * poly));
|
||||||
|
|
||||||
std::iter::empty()
|
Constraints::with_selector(
|
||||||
.chain(Some(("decomposition", decomposition_check)))
|
q_notecommit_psi,
|
||||||
.chain(Some(("g1_g2_prime_check", g1_g2_prime_check)))
|
std::iter::empty()
|
||||||
.chain(canonicity_checks)
|
.chain(Some(("decomposition", decomposition_check)))
|
||||||
.map(move |(name, poly)| (name, q_notecommit_psi.clone() * poly))
|
.chain(Some(("g1_g2_prime_check", g1_g2_prime_check)))
|
||||||
|
.chain(canonicity_checks),
|
||||||
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -516,9 +528,7 @@ impl NoteCommitConfig {
|
||||||
.map(move |(name, poly)| (name, k_3.clone() * poly))
|
.map(move |(name, poly)| (name, k_3.clone() * poly))
|
||||||
};
|
};
|
||||||
|
|
||||||
decomposition_checks
|
Constraints::with_selector(q_y_canon, decomposition_checks.chain(canonicity_checks))
|
||||||
.chain(canonicity_checks)
|
|
||||||
.map(move |(name, poly)| (name, q_y_canon.clone() * poly))
|
|
||||||
});
|
});
|
||||||
|
|
||||||
config
|
config
|
||||||
|
|
Loading…
Reference in New Issue