mirror of https://github.com/zcash/orchard.git
Merge pull request #196 from zcash/ff-0.11
ff 0.11, group 0.11, pasta_curves 0.2 etc.
This commit is contained in:
commit
52a19279df
10
Cargo.toml
10
Cargo.toml
|
@ -24,13 +24,13 @@ arrayvec = "0.7.0"
|
|||
bigint = "4"
|
||||
bitvec = "0.22"
|
||||
blake2b_simd = "0.5"
|
||||
ff = "0.10"
|
||||
ff = "0.11"
|
||||
fpe = "0.4"
|
||||
group = "0.10"
|
||||
group = "0.11"
|
||||
halo2 = "0.0"
|
||||
lazy_static = "1"
|
||||
memuse = { version = "0.1", features = ["nonempty"] }
|
||||
pasta_curves = "0.1.2"
|
||||
pasta_curves = "0.2"
|
||||
proptest = { version = "1.0.0", optional = true }
|
||||
rand = "0.8"
|
||||
nonempty = "0.7"
|
||||
|
@ -44,7 +44,7 @@ plotters = { version = "0.3.0", optional = true }
|
|||
|
||||
[dependencies.reddsa]
|
||||
git = "https://github.com/str4d/redjubjub.git"
|
||||
rev = "d5d8c5f3bb704bad8ae88fe4a29ae1f744774cb2"
|
||||
rev = "416a6a8ebf8bd42c114c938883016c04f338de72"
|
||||
|
||||
[dev-dependencies]
|
||||
criterion = "0.3"
|
||||
|
@ -84,6 +84,6 @@ debug = true
|
|||
debug = true
|
||||
|
||||
[patch.crates-io]
|
||||
halo2 = { git = "https://github.com/zcash/halo2.git", rev = "27c4187673a9c6ade13fbdbd4f20955530c22d7f" }
|
||||
halo2 = { git = "https://github.com/zcash/halo2.git", rev = "26047eaf323929935fd1e6aa3ae100b1113706e0" }
|
||||
zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "13b023387bafdc7b5712c933dc0e16ee94b96a6a" }
|
||||
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" }
|
||||
|
|
|
@ -1588,7 +1588,7 @@ mod tests {
|
|||
let g_d = self.gd_x.zip(self.gd_y_lsb).map(|(x, y_lsb)| {
|
||||
// Calculate y = (x^3 + 5).sqrt()
|
||||
let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap();
|
||||
if y.is_odd() ^ y_lsb.is_odd() {
|
||||
if bool::from(y.is_odd() ^ y_lsb.is_odd()) {
|
||||
y = -y;
|
||||
}
|
||||
pallas::Affine::from_xy(x, y).unwrap()
|
||||
|
@ -1602,7 +1602,7 @@ mod tests {
|
|||
let pk_d = self.pkd_x.zip(self.pkd_y_lsb).map(|(x, y_lsb)| {
|
||||
// Calculate y = (x^3 + 5).sqrt()
|
||||
let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap();
|
||||
if y.is_odd() ^ y_lsb.is_odd() {
|
||||
if bool::from(y.is_odd() ^ y_lsb.is_odd()) {
|
||||
y = -y;
|
||||
}
|
||||
pallas::Affine::from_xy(x, y).unwrap()
|
||||
|
|
|
@ -7,7 +7,7 @@ use std::mem;
|
|||
use aes::Aes256;
|
||||
use blake2b_simd::{Hash as Blake2bHash, Params};
|
||||
use fpe::ff1::{BinaryNumeralString, FF1};
|
||||
use group::{prime::PrimeCurveAffine, Curve, GroupEncoding};
|
||||
use group::{ff::Field, prime::PrimeCurveAffine, Curve, GroupEncoding};
|
||||
use halo2::arithmetic::FieldExt;
|
||||
use pasta_curves::pallas;
|
||||
use rand::RngCore;
|
||||
|
@ -65,7 +65,7 @@ impl SpendingKey {
|
|||
let ask = SpendAuthorizingKey::derive_inner(&sk);
|
||||
// If ivk = ⊥, discard this key.
|
||||
let ivk = KeyAgreementPrivateKey::derive_inner(&(&sk).into());
|
||||
CtOption::new(sk, !(ask.ct_is_zero() | ivk.is_none()))
|
||||
CtOption::new(sk, !(ask.is_zero() | ivk.is_none()))
|
||||
}
|
||||
|
||||
/// Returns the raw bytes of the spending key.
|
||||
|
@ -116,7 +116,7 @@ impl From<&SpendingKey> for SpendAuthorizingKey {
|
|||
fn from(sk: &SpendingKey) -> Self {
|
||||
let ask = Self::derive_inner(sk);
|
||||
// SpendingKey cannot be constructed such that this assertion would fail.
|
||||
assert!(!bool::from(ask.ct_is_zero()));
|
||||
assert!(!bool::from(ask.is_zero()));
|
||||
// TODO: Add TryFrom<S::Scalar> for SpendAuthorizingKey.
|
||||
let ret = SpendAuthorizingKey(ask.to_bytes().try_into().unwrap());
|
||||
// If the last bit of repr_P(ak) is 1, negate ask.
|
||||
|
|
|
@ -130,7 +130,7 @@ impl<F: FieldExt> Grain<F> {
|
|||
view[i / 8] |= if bit { 1 << (i % 8) } else { 0 };
|
||||
}
|
||||
|
||||
if let Some(f) = F::from_repr(bytes) {
|
||||
if let Some(f) = F::from_repr_vartime(bytes) {
|
||||
break f;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -54,7 +54,7 @@ pub(super) fn generate_mds<F: FieldExt, const T: usize>(
|
|||
for j in 0..T {
|
||||
let sum = xs[i] + ys[j];
|
||||
// We leverage the secure MDS selection counter to also check this.
|
||||
assert!(!sum.is_zero());
|
||||
assert!(!sum.is_zero_vartime());
|
||||
mds[i][j] = sum.invert().unwrap();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -78,7 +78,7 @@ impl NonZeroPallasBase {
|
|||
}
|
||||
|
||||
pub(crate) fn from_base(b: pallas::Base) -> CtOption<Self> {
|
||||
CtOption::new(NonZeroPallasBase(b), !b.ct_is_zero())
|
||||
CtOption::new(NonZeroPallasBase(b), !b.is_zero())
|
||||
}
|
||||
|
||||
/// Constructs a wrapper for a base field element that is guaranteed to be non-zero.
|
||||
|
@ -87,7 +87,7 @@ impl NonZeroPallasBase {
|
|||
///
|
||||
/// Panics if `s.is_zero()`.
|
||||
fn guaranteed(s: pallas::Base) -> Self {
|
||||
assert!(!s.is_zero());
|
||||
assert!(!bool::from(s.is_zero()));
|
||||
NonZeroPallasBase(s)
|
||||
}
|
||||
}
|
||||
|
@ -120,7 +120,7 @@ impl NonZeroPallasScalar {
|
|||
}
|
||||
|
||||
pub(crate) fn from_scalar(s: pallas::Scalar) -> CtOption<Self> {
|
||||
CtOption::new(NonZeroPallasScalar(s), !s.ct_is_zero())
|
||||
CtOption::new(NonZeroPallasScalar(s), !s.is_zero())
|
||||
}
|
||||
|
||||
/// Constructs a wrapper for a scalar field element that is guaranteed to be non-zero.
|
||||
|
@ -129,7 +129,7 @@ impl NonZeroPallasScalar {
|
|||
///
|
||||
/// Panics if `s.is_zero()`.
|
||||
fn guaranteed(s: pallas::Scalar) -> Self {
|
||||
assert!(!s.is_zero());
|
||||
assert!(!bool::from(s.is_zero()));
|
||||
NonZeroPallasScalar(s)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -61,7 +61,7 @@ impl Anchor {
|
|||
|
||||
impl Anchor {
|
||||
/// Parses an Orchard anchor from a byte encoding.
|
||||
pub fn from_bytes(bytes: [u8; 32]) -> Option<Anchor> {
|
||||
pub fn from_bytes(bytes: [u8; 32]) -> CtOption<Anchor> {
|
||||
pallas::Base::from_repr(bytes).map(Anchor)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue