sinsemilla::constants.rs: Add INV_TWO_POW_K = 1 / 2^K constant.

src/circuit/gadget/utilities/lookup_range_check.rs

@@ -175,7 +175,7 @@ mod tests {
     use super::super::{CellValue, UtilitiesInstructions, Var};
     use super::LookupRangeCheckConfig;
 
-    use crate::primitives::sinsemilla::K;
+    use crate::primitives::sinsemilla::{INV_TWO_POW_K, K};
     use crate::spec::lebs2ip;
     use ff::PrimeFieldBits;
     use halo2::{
@@ -306,10 +306,10 @@ mod tests {
                 .collect::<Vec<_>>()
         };
         let expected_zs = {
-            let inv_2_pow_k = F::from_u64(1u64 << K).invert().unwrap();
+            let inv_two_pow_k = F::from_bytes(&INV_TWO_POW_K).unwrap();
             chunks.iter().fold(vec![element], |mut zs, a_i| {
                 // z_{i + 1} = (z_i - a_i) / 2^{K}
-                let z = (zs[zs.len() - 1] - a_i) * inv_2_pow_k;
+                let z = (zs[zs.len() - 1] - a_i) * inv_two_pow_k;
                 zs.push(z);
                 zs
             })

src/primitives/sinsemilla/constants.rs

@@ -5,6 +5,12 @@ use halo2::arithmetic::{CurveAffine, CurveExt};
 /// Number of bits of each message piece in $\mathsf{SinsemillaHashToPoint}$
 pub const K: usize = 10;
 
+/// $\frac{1}{2^K}$
+pub const INV_TWO_POW_K: [u8; 32] = [
+    1, 0, 192, 196, 160, 229, 70, 82, 221, 165, 74, 202, 85, 7, 62, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 240, 63,
+];
+
 /// The largest integer such that $2^c \leq (r_P - 1) / 2$, where $r_P$ is the order
 /// of Pallas.
 pub const C: usize = 253;
@@ -132,4 +138,12 @@ mod tests {
             pallas::Base::from_bytes(&Q_MERKLE_CRH.1).unwrap()
         );
     }
+
+    #[test]
+    fn inv_two_pow_k() {
+        let two_pow_k = pallas::Base::from_u64(1u64 << K);
+        let inv_two_pow_k = pallas::Base::from_bytes(&INV_TWO_POW_K).unwrap();
+
+        assert_eq!(two_pow_k * inv_two_pow_k, pallas::Base::one());
+    }
 }