From 6f0cab5ffd5738b7f50e0645bb8f15ef9945ae58 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 7 Dec 2021 17:47:03 +0000 Subject: [PATCH] Replace `FieldExt::from_u64` with `PrimeField: From` --- src/circuit.rs | 23 ++++------- src/circuit/gadget/ecc/chip/add.rs | 6 +-- src/circuit/gadget/ecc/chip/mul.rs | 6 +-- src/circuit/gadget/ecc/chip/mul/complete.rs | 6 +-- src/circuit/gadget/ecc/chip/mul/incomplete.rs | 13 +++--- src/circuit/gadget/ecc/chip/mul_fixed.rs | 8 ++-- .../ecc/chip/mul_fixed/base_field_elem.rs | 6 +-- .../gadget/ecc/chip/mul_fixed/full_width.rs | 8 ++-- .../gadget/ecc/chip/mul_fixed/short.rs | 31 ++++++-------- src/circuit/gadget/poseidon/pow5.rs | 2 +- src/circuit/gadget/sinsemilla/chip.rs | 4 +- .../gadget/sinsemilla/chip/generator_table.rs | 4 +- .../gadget/sinsemilla/chip/hash_to_point.rs | 6 +-- src/circuit/gadget/sinsemilla/commit_ivk.rs | 16 ++++---- src/circuit/gadget/sinsemilla/merkle/chip.rs | 13 +++--- src/circuit/gadget/sinsemilla/note_commit.rs | 38 +++++++++--------- src/circuit/gadget/utilities.rs | 4 +- src/circuit/gadget/utilities/cond_swap.rs | 2 +- .../gadget/utilities/decompose_running_sum.rs | 8 ++-- .../gadget/utilities/lookup_range_check.rs | 36 ++++++++--------- src/constants.rs | 40 +++++++------------ src/constants/load.rs | 4 +- src/constants/util.rs | 4 +- src/primitives/poseidon.rs | 2 +- src/primitives/sinsemilla/constants.rs | 2 +- src/spec.rs | 4 +- src/tree.rs | 2 +- src/value.rs | 6 +-- 28 files changed, 138 insertions(+), 166 deletions(-) diff --git a/src/circuit.rs b/src/circuit.rs index 79899c10..47bf7115 100644 --- a/src/circuit.rs +++ b/src/circuit.rs @@ -8,10 +8,7 @@ use halo2::{ transcript::{Blake2bRead, Blake2bWrite}, }; use memuse::DynamicUsage; -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, vesta, -}; +use pasta_curves::{arithmetic::CurveAffine, pallas, vesta}; use crate::{ constants::{ @@ -377,16 +374,14 @@ impl plonk::Circuit for Circuit { let v_old = self.load_private( layouter.namespace(|| "witness v_old"), config.advices[0], - self.v_old - .map(|v_old| pallas::Base::from_u64(v_old.inner())), + self.v_old.map(|v_old| pallas::Base::from(v_old.inner())), )?; // Witness v_new. let v_new = self.load_private( layouter.namespace(|| "witness v_new"), config.advices[0], - self.v_new - .map(|v_new| pallas::Base::from_u64(v_new.inner())), + self.v_new.map(|v_new| pallas::Base::from(v_new.inner())), )?; (psi_old, rho_old, cm_old, g_d_old, ak, nk, v_old, v_new) @@ -415,12 +410,8 @@ impl plonk::Circuit for Circuit { let v_net = { // v_old, v_new are guaranteed to be 64-bit values. Therefore, we can // move them into the base field. - let v_old = self - .v_old - .map(|v_old| pallas::Base::from_u64(v_old.inner())); - let v_new = self - .v_new - .map(|v_new| pallas::Base::from_u64(v_new.inner())); + let v_old = self.v_old.map(|v_old| pallas::Base::from(v_old.inner())); + let v_new = self.v_new.map(|v_new| pallas::Base::from(v_new.inner())); let magnitude_sign = v_old.zip(v_new).map(|(v_old, v_new)| { let is_negative = v_old < v_new; @@ -814,8 +805,8 @@ impl Instance { instance[RK_X] = *rk.x(); instance[RK_Y] = *rk.y(); instance[CMX] = self.cmx.inner(); - instance[ENABLE_SPEND] = vesta::Scalar::from_u64(self.enable_spend.into()); - instance[ENABLE_OUTPUT] = vesta::Scalar::from_u64(self.enable_output.into()); + instance[ENABLE_SPEND] = vesta::Scalar::from(u64::from(self.enable_spend)); + instance[ENABLE_OUTPUT] = vesta::Scalar::from(u64::from(self.enable_output)); [instance] } diff --git a/src/circuit/gadget/ecc/chip/add.rs b/src/circuit/gadget/ecc/chip/add.rs index 8bb6a490..489c10e9 100644 --- a/src/circuit/gadget/ecc/chip/add.rs +++ b/src/circuit/gadget/ecc/chip/add.rs @@ -121,8 +121,8 @@ impl Config { // Useful constants let one = Expression::Constant(pallas::Base::one()); - let two = Expression::Constant(pallas::Base::from_u64(2)); - let three = Expression::Constant(pallas::Base::from_u64(3)); + let two = Expression::Constant(pallas::Base::from(2)); + let three = Expression::Constant(pallas::Base::from(3)); // (x_q − x_p)⋅((x_q − x_p)⋅λ − (y_q−y_p)) = 0 let poly1 = { @@ -302,7 +302,7 @@ impl Config { } else { if !y_p.is_zero_vartime() { // 3(x_p)^2 - let three_x_p_sq = pallas::Base::from_u64(3) * x_p.square(); + let three_x_p_sq = pallas::Base::from(3) * x_p.square(); // 1 / 2(y_p) let inv_two_y_p = y_p.invert().unwrap() * pallas::Base::TWO_INV; // λ = 3(x_p)^2 / 2(y_p) diff --git a/src/circuit/gadget/ecc/chip/mul.rs b/src/circuit/gadget/ecc/chip/mul.rs index 3d522534..863c8ca8 100644 --- a/src/circuit/gadget/ecc/chip/mul.rs +++ b/src/circuit/gadget/ecc/chip/mul.rs @@ -143,7 +143,7 @@ impl Config { // z_0 = 2 * z_1 + k_0 // => k_0 = z_0 - 2 * z_1 - let lsb = z_0 - z_1 * pallas::Base::from_u64(2); + let lsb = z_0 - z_1 * pallas::Base::from(2); let bool_check = bool_check(lsb.clone()); @@ -326,8 +326,8 @@ impl Config { // Assign z_0 = 2⋅z_1 + k_0 let z_0 = { let z_0_val = z_1.value().zip(lsb).map(|(z_1, lsb)| { - let lsb = pallas::Base::from_u64(lsb as u64); - z_1 * pallas::Base::from_u64(2) + lsb + let lsb = pallas::Base::from(lsb as u64); + z_1 * pallas::Base::from(2) + lsb }); let z_0_cell = region.assign_advice( || "z_0", diff --git a/src/circuit/gadget/ecc/chip/mul/complete.rs b/src/circuit/gadget/ecc/chip/mul/complete.rs index d8bbe625..3b040b23 100644 --- a/src/circuit/gadget/ecc/chip/mul/complete.rs +++ b/src/circuit/gadget/ecc/chip/mul/complete.rs @@ -8,7 +8,7 @@ use halo2::{ poly::Rotation, }; -use pasta_curves::{arithmetic::FieldExt, pallas}; +use pasta_curves::pallas; #[derive(Copy, Clone, Debug, Eq, PartialEq)] pub struct Config { @@ -59,7 +59,7 @@ impl Config { let z_next = meta.query_advice(self.z_complete, Rotation::next()); // k_{i} = z_{i} - 2⋅z_{i+1} - let k = z_next - Expression::Constant(pallas::Base::from_u64(2)) * z_prev; + let k = z_next - Expression::Constant(pallas::Base::from(2)) * z_prev; // (k_i) ⋅ (1 - k_i) = 0 let bool_check = bool_check(k.clone()); @@ -137,7 +137,7 @@ impl Config { z = { // z_next = z_cur * 2 + k_next let z_val = z.value().zip(k.as_ref()).map(|(z_val, k)| { - pallas::Base::from_u64(2) * z_val + pallas::Base::from_u64(*k as u64) + pallas::Base::from(2) * z_val + pallas::Base::from(*k as u64) }); let z_cell = region.assign_advice( || "z", diff --git a/src/circuit/gadget/ecc/chip/mul/incomplete.rs b/src/circuit/gadget/ecc/chip/mul/incomplete.rs index 766026da..6c3bfff8 100644 --- a/src/circuit/gadget/ecc/chip/mul/incomplete.rs +++ b/src/circuit/gadget/ecc/chip/mul/incomplete.rs @@ -103,13 +103,13 @@ impl Config { // The current bit in the scalar decomposition, k_i = z_i - 2⋅z_{i+1}. // Recall that we assigned the cumulative variable `z_i` in descending order, // i from n down to 0. So z_{i+1} corresponds to the `z_prev` query. - let k = z_cur - z_prev * pallas::Base::from_u64(2); + let k = z_cur - z_prev * pallas::Base::from(2); // Check booleanity of decomposition. let bool_check = bool_check(k.clone()); // λ_{1,i}⋅(x_{A,i} − x_{P,i}) − y_{A,i} + (2k_i - 1) y_{P,i} = 0 let gradient_1 = lambda1_cur * (x_a_cur.clone() - x_p_cur) - y_a_cur.clone() - + (k * pallas::Base::from_u64(2) - one) * y_p_cur; + + (k * pallas::Base::from(2) - one) * y_p_cur; // λ_{2,i}^2 − x_{A,i-1} − x_{R,i} − x_{A,i} = 0 let secant_line = lambda2_cur.clone().square() @@ -245,9 +245,10 @@ impl Config { // Incomplete addition for (row, k) in bits.iter().enumerate() { // z_{i} = 2 * z_{i+1} + k_i - let z_val = z.value().zip(k.as_ref()).map(|(z_val, k)| { - pallas::Base::from_u64(2) * z_val + pallas::Base::from_u64(*k as u64) - }); + let z_val = z + .value() + .zip(k.as_ref()) + .map(|(z_val, k)| pallas::Base::from(2) * z_val + pallas::Base::from(*k as u64)); z = region.assign_advice( || "z", self.z, @@ -301,7 +302,7 @@ impl Config { .zip(x_a.value()) .zip(x_r) .map(|(((lambda1, y_a), x_a), x_r)| { - pallas::Base::from_u64(2) * y_a * (x_a - x_r).invert().unwrap() - lambda1 + pallas::Base::from(2) * y_a * (x_a - x_r).invert().unwrap() - lambda1 }); region.assign_advice( || "lambda2", diff --git a/src/circuit/gadget/ecc/chip/mul_fixed.rs b/src/circuit/gadget/ecc/chip/mul_fixed.rs index e4f2ba28..7e185000 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed.rs @@ -25,10 +25,10 @@ pub mod full_width; pub mod short; lazy_static! { - static ref TWO_SCALAR: pallas::Scalar = pallas::Scalar::from_u64(2); + static ref TWO_SCALAR: pallas::Scalar = pallas::Scalar::from(2); // H = 2^3 (3-bit window) - static ref H_SCALAR: pallas::Scalar = pallas::Scalar::from_u64(constants::H as u64); - static ref H_BASE: pallas::Base = pallas::Base::from_u64(constants::H as u64); + static ref H_SCALAR: pallas::Scalar = pallas::Scalar::from(constants::H as u64); + static ref H_BASE: pallas::Base = pallas::Base::from(constants::H as u64); } // A sum type for both full-width and short bases. This enables us to use the @@ -182,7 +182,7 @@ impl Config { // z_{i+1} = (z_i - a_i) / 2^3 // => a_i = z_i - z_{i+1} * 2^3 - let word = z_cur - z_next * pallas::Base::from_u64(constants::H as u64); + let word = z_cur - z_next * pallas::Base::from(constants::H as u64); self.coords_check(meta, q_mul_fixed_running_sum, word) }); diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs b/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs index dcf9aaf3..e72de865 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs @@ -89,7 +89,7 @@ impl Config { let alpha_2_range_check = range_check(alpha_2.clone(), 1 << 1); // Check that α_1 + 2^2 α_2 = z_84_alpha let z_84_alpha_check = z_84_alpha.clone() - - (alpha_1.clone() + alpha_2.clone() * pallas::Base::from_u64(1 << 2)); + - (alpha_1.clone() + alpha_2.clone() * pallas::Base::from(1 << 2)); std::iter::empty() .chain(Some(("alpha_1_range_check", alpha_1_range_check))) @@ -455,11 +455,11 @@ pub mod tests { // (There is another *non-canonical* sequence // 5333333333333333333333333333333333333333332711161673731021062440252244051273333333333 in octal.) { - let h = pallas::Base::from_u64(constants::H as u64); + let h = pallas::Base::from(constants::H as u64); let scalar_fixed = "1333333333333333333333333333333333333333333333333333333333333333333333333333333333334" .chars() .fold(pallas::Base::zero(), |acc, c| { - acc * &h + &pallas::Base::from_u64(c.to_digit(8).unwrap().into()) + acc * &h + &pallas::Base::from(c.to_digit(8).unwrap() as u64) }); let result = { let scalar_fixed = chip.load_private( diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs b/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs index a800fbcc..10b09146 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs @@ -10,7 +10,7 @@ use halo2::{ plonk::{ConstraintSystem, Error, Selector}, poly::Rotation, }; -use pasta_curves::{arithmetic::FieldExt, pallas}; +use pasta_curves::pallas; #[derive(Clone, Copy, Debug, Eq, PartialEq)] pub struct Config { @@ -99,7 +99,7 @@ impl Config { assert_eq!(windows.len(), NUM_WINDOWS); windows .into_iter() - .map(|window| Some(pallas::Base::from_u64(window as u64))) + .map(|window| Some(pallas::Base::from(window as u64))) .collect() } else { vec![None; NUM_WINDOWS] @@ -272,11 +272,11 @@ pub mod tests { // (There is another *non-canonical* sequence // 5333333333333333333333333333333333333333332711161673731021062440252244051273333333333 in octal.) { - let h = pallas::Scalar::from_u64(constants::H as u64); + let h = pallas::Scalar::from(constants::H as u64); let scalar_fixed = "1333333333333333333333333333333333333333333333333333333333333333333333333333333333334" .chars() .fold(pallas::Scalar::zero(), |acc, c| { - acc * &h + &pallas::Scalar::from_u64(c.to_digit(8).unwrap().into()) + acc * &h + &pallas::Scalar::from(c.to_digit(8).unwrap() as u64) }); let (result, _) = base.mul(layouter.namespace(|| "mul with double"), Some(scalar_fixed))?; diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/short.rs b/src/circuit/gadget/ecc/chip/mul_fixed/short.rs index a7dc5cbb..19894147 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/short.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/short.rs @@ -191,8 +191,7 @@ impl Config { use pasta_curves::arithmetic::FieldExt; if let (Some(magnitude), Some(sign)) = (scalar.magnitude.value(), scalar.sign.value()) { - let magnitude_is_valid = - magnitude <= &pallas::Base::from_u64(0xFFFF_FFFF_FFFF_FFFFu64); + let magnitude_is_valid = magnitude <= &pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64); let sign_is_valid = sign * sign == pallas::Base::one(); if magnitude_is_valid && sign_is_valid { let base: super::OrchardFixedBases = base.clone().into(); @@ -287,25 +286,21 @@ pub mod tests { } let magnitude_signs = [ - ( - "random [a]B", - pallas::Base::from_u64(rand::random::()), - { - let mut random_sign = pallas::Base::one(); - if rand::random::() { - random_sign = -random_sign; - } - random_sign - }, - ), + ("random [a]B", pallas::Base::from(rand::random::()), { + let mut random_sign = pallas::Base::one(); + if rand::random::() { + random_sign = -random_sign; + } + random_sign + }), ( "[2^64 - 1]B", - pallas::Base::from_u64(0xFFFF_FFFF_FFFF_FFFFu64), + pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64), pallas::Base::one(), ), ( "-[2^64 - 1]B", - pallas::Base::from_u64(0xFFFF_FFFF_FFFF_FFFFu64), + pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64), -pallas::Base::one(), ), // There is a single canonical sequence of window values for which a doubling occurs on the last step: @@ -313,12 +308,12 @@ pub mod tests { // [0xB6DB_6DB6_DB6D_B6DC] B ( "mul_with_double", - pallas::Base::from_u64(0xB6DB_6DB6_DB6D_B6DCu64), + pallas::Base::from(0xB6DB_6DB6_DB6D_B6DCu64), pallas::Base::one(), ), ( "mul_with_double negative", - pallas::Base::from_u64(0xB6DB_6DB6_DB6D_B6DCu64), + pallas::Base::from(0xB6DB_6DB6_DB6D_B6DCu64), -pallas::Base::one(), ), ]; @@ -561,7 +556,7 @@ pub mod tests { { let magnitude_u64 = rand::random::(); let circuit = MyCircuit { - magnitude: Some(pallas::Base::from_u64(magnitude_u64)), + magnitude: Some(pallas::Base::from(magnitude_u64)), sign: Some(pallas::Base::zero()), magnitude_error: None, }; diff --git a/src/circuit/gadget/poseidon/pow5.rs b/src/circuit/gadget/poseidon/pow5.rs index de6d4aa6..839809e9 100644 --- a/src/circuit/gadget/poseidon/pow5.rs +++ b/src/circuit/gadget/poseidon/pow5.rs @@ -671,7 +671,7 @@ mod tests { // For the purpose of this test, compute the real final state inline. let mut expected_final_state = (0..WIDTH) - .map(|idx| Fp::from_u64(idx as u64)) + .map(|idx| Fp::from(idx as u64)) .collect::>() .try_into() .unwrap(); diff --git a/src/circuit/gadget/sinsemilla/chip.rs b/src/circuit/gadget/sinsemilla/chip.rs index 9c011b23..c3b5267a 100644 --- a/src/circuit/gadget/sinsemilla/chip.rs +++ b/src/circuit/gadget/sinsemilla/chip.rs @@ -145,7 +145,7 @@ impl SinsemillaChip { // Set up lookup argument GeneratorTableConfig::configure(meta, config.clone()); - let two = pallas::Base::from_u64(2); + let two = pallas::Base::from(2); // Closures for expressions that are derived multiple times // x_r = lambda_1^2 - x_a - x_p @@ -210,7 +210,7 @@ impl SinsemillaChip { // - rhs = (2 * Y_A_cur + (2 - q_s3) * Y_A_next + 2 * q_s3 * y_a_final) let y_check = { // lhs = 4 * lambda_2_cur * (x_a_cur - x_a_next) - let lhs = lambda_2_cur * pallas::Base::from_u64(4) * (x_a_cur - x_a_next); + let lhs = lambda_2_cur * pallas::Base::from(4) * (x_a_cur - x_a_next); // rhs = 2 * Y_A_cur + (2 - q_s3) * Y_A_next + 2 * q_s3 * y_a_final let rhs = { diff --git a/src/circuit/gadget/sinsemilla/chip/generator_table.rs b/src/circuit/gadget/sinsemilla/chip/generator_table.rs index 5c0624ac..71039d28 100644 --- a/src/circuit/gadget/sinsemilla/chip/generator_table.rs +++ b/src/circuit/gadget/sinsemilla/chip/generator_table.rs @@ -42,7 +42,7 @@ impl GeneratorTableConfig { let word = { let z_cur = meta.query_advice(config.bits, Rotation::cur()); let z_next = meta.query_advice(config.bits, Rotation::next()); - z_cur - ((q_s2 - q_s3) * z_next * pallas::Base::from_u64(1 << sinsemilla::K)) + z_cur - ((q_s2 - q_s3) * z_next * pallas::Base::from(1 << sinsemilla::K)) }; let x_p = meta.query_advice(config.x_p, Rotation::cur()); @@ -84,7 +84,7 @@ impl GeneratorTableConfig { || "table_idx", self.table_idx, index, - || Ok(pallas::Base::from_u64(index as u64)), + || Ok(pallas::Base::from(index as u64)), )?; table.assign_cell(|| "table_x", self.table_x, index, || Ok(*x))?; table.assign_cell(|| "table_y", self.table_y, index, || Ok(*y))?; diff --git a/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs b/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs index 332bebe7..dcfb3522 100644 --- a/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs +++ b/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs @@ -224,7 +224,7 @@ impl SinsemillaChip { offset + piece.num_words() - 1, || { Ok(if final_piece { - pallas::Base::from_u64(2) + pallas::Base::from(2) } else { pallas::Base::zero() }) @@ -291,7 +291,7 @@ impl SinsemillaChip { // z_{i + 1} = (z_i - m_{i + 1}) / 2^K z = z .zip(*word) - .map(|(z, word)| (z - pallas::Base::from_u64(word as u64)) * inv_2_k); + .map(|(z, word)| (z - pallas::Base::from(word as u64)) * inv_2_k); let cell = region.assign_advice( || format!("z_{:?}", idx + 1), config.bits, @@ -356,7 +356,7 @@ impl SinsemillaChip { let lambda_2 = { let lambda_2 = x_a.value().zip(y_a.0).zip(x_r).zip(lambda_1).map( |(((x_a, y_a), x_r), lambda_1)| { - pallas::Base::from_u64(2) * y_a * (x_a - x_r).invert().unwrap() - lambda_1 + pallas::Base::from(2) * y_a * (x_a - x_r).invert().unwrap() - lambda_1 }, ); diff --git a/src/circuit/gadget/sinsemilla/commit_ivk.rs b/src/circuit/gadget/sinsemilla/commit_ivk.rs index 4cca41fe..16a8c905 100644 --- a/src/circuit/gadget/sinsemilla/commit_ivk.rs +++ b/src/circuit/gadget/sinsemilla/commit_ivk.rs @@ -67,8 +67,8 @@ impl CommitIvkConfig { let q_commit_ivk = meta.query_selector(config.q_commit_ivk); // Useful constants - let two_pow_4 = pallas::Base::from_u64(1 << 4); - let two_pow_5 = pallas::Base::from_u64(1 << 5); + let two_pow_4 = pallas::Base::from(1 << 4); + let two_pow_5 = pallas::Base::from(1 << 5); let two_pow_9 = two_pow_4 * two_pow_5; let two_pow_250 = pallas::Base::from_u128(1 << 125).square(); let two_pow_254 = two_pow_250 * two_pow_4; @@ -119,7 +119,7 @@ impl CommitIvkConfig { // Check that nk = b_2 (5 bits) || c (240 bits) || d_0 (9 bits) || d_1 (1 bit) let nk_decomposition_check = { - let two_pow_245 = pallas::Base::from_u64(1 << 49).pow(&[5, 0, 0, 0]); + let two_pow_245 = pallas::Base::from(1 << 49).pow(&[5, 0, 0, 0]); b_2.clone() + c.clone() * two_pow_5 @@ -181,7 +181,7 @@ impl CommitIvkConfig { // Check that b2_c_prime = b_2 + c * 2^5 + 2^140 - t_P. // This is checked regardless of the value of d_1. let b2_c_prime_check = { - let two_pow_5 = pallas::Base::from_u64(1 << 5); + let two_pow_5 = pallas::Base::from(1 << 5); let two_pow_140 = Expression::Constant(pallas::Base::from_u128(1 << 70).square()); let t_p = Expression::Constant(pallas::Base::from_u128(T_P)); @@ -257,8 +257,8 @@ impl CommitIvkConfig { let b_2 = nk.value().map(|value| bitrange_subset(value, 0..5)); let b = b_0.zip(b_1).zip(b_2).map(|((b_0, b_1), b_2)| { - let b1_shifted = b_1 * pallas::Base::from_u64(1 << 4); - let b2_shifted = b_2 * pallas::Base::from_u64(1 << 5); + let b1_shifted = b_1 * pallas::Base::from(1 << 4); + let b2_shifted = b_2 * pallas::Base::from(1 << 5); b_0 + b1_shifted + b2_shifted }); @@ -304,7 +304,7 @@ impl CommitIvkConfig { let d = d_0 .zip(d_1) - .map(|(d_0, d_1)| d_0 + d_1 * pallas::Base::from_u64(1 << 9)); + .map(|(d_0, d_1)| d_0 + d_1 * pallas::Base::from(1 << 9)); // Constrain d_0 to be 9 bits. let d_0 = self.sinsemilla_config.lookup_config.witness_short_check( @@ -444,7 +444,7 @@ impl CommitIvkConfig { // Decompose the low 140 bits of b2_c_prime = b_2 + c * 2^5 + 2^140 - t_P, and output // the running sum at the end of it. If b2_c_prime < 2^140, the running sum will be 0. let b2_c_prime = b_2.value().zip(c.value()).map(|(b_2, c)| { - let two_pow_5 = pallas::Base::from_u64(1 << 5); + let two_pow_5 = pallas::Base::from(1 << 5); let two_pow_140 = pallas::Base::from_u128(1u128 << 70).square(); let t_p = pallas::Base::from_u128(T_P); b_2 + c * two_pow_5 + two_pow_140 - t_p diff --git a/src/circuit/gadget/sinsemilla/merkle/chip.rs b/src/circuit/gadget/sinsemilla/merkle/chip.rs index 3909ed14..609eb75e 100644 --- a/src/circuit/gadget/sinsemilla/merkle/chip.rs +++ b/src/circuit/gadget/sinsemilla/merkle/chip.rs @@ -82,7 +82,7 @@ impl MerkleChip { let q_decompose = meta.query_selector(q_decompose); let l_whole = meta.query_advice(advices[4], Rotation::next()); - let two_pow_5 = pallas::Base::from_u64(1 << 5); + let two_pow_5 = pallas::Base::from(1 << 5); let two_pow_10 = two_pow_5.square(); // a_whole is constrained by Sinsemilla to be 250 bits. @@ -101,7 +101,7 @@ impl MerkleChip { let z1_a = meta.query_advice(advices[0], Rotation::next()); let a_1 = z1_a; // a_0 = a - (a_1 * 2^10) - let a_0 = a_whole - a_1.clone() * pallas::Base::from_u64(1 << 10); + let a_0 = a_whole - a_1.clone() * pallas::Base::from(1 << 10); let l_check = a_0 - l_whole; // b = b_0||b_1||b_2 @@ -185,12 +185,12 @@ impl MerkleInstructions(field_elem: &F, bitrange: R /// i.e. 0 ≤ word < range. pub fn range_check(word: Expression, range: usize) -> Expression { (1..range).fold(word.clone(), |acc, i| { - acc * (Expression::Constant(F::from_u64(i as u64)) - word.clone()) + acc * (Expression::Constant(F::from(i as u64)) - word.clone()) }) } @@ -176,7 +176,7 @@ mod tests { || format!("witness {}", self.0), config.advice, 0, - || Ok(pallas::Base::from_u64(self.0.into())), + || Ok(pallas::Base::from(self.0 as u64)), )?; Ok(()) diff --git a/src/circuit/gadget/utilities/cond_swap.rs b/src/circuit/gadget/utilities/cond_swap.rs index d4cf1c8f..003d9ab8 100644 --- a/src/circuit/gadget/utilities/cond_swap.rs +++ b/src/circuit/gadget/utilities/cond_swap.rs @@ -84,7 +84,7 @@ impl CondSwapInstructions for CondSwapChip { )?; // Witness `swap` value - let swap_val = swap.map(|swap| F::from_u64(swap as u64)); + let swap_val = swap.map(|swap| F::from(swap as u64)); region.assign_advice( || "swap", config.swap, diff --git a/src/circuit/gadget/utilities/decompose_running_sum.rs b/src/circuit/gadget/utilities/decompose_running_sum.rs index 1374ad54..b9bc6f8a 100644 --- a/src/circuit/gadget/utilities/decompose_running_sum.rs +++ b/src/circuit/gadget/utilities/decompose_running_sum.rs @@ -84,7 +84,7 @@ impl let z_next = meta.query_advice(config.z, Rotation::next()); // z_i = 2^{K}⋅z_{i + 1} + k_i // => k_i = z_i - 2^{K}⋅z_{i + 1} - let word = z_cur - z_next * F::from_u64(1 << WINDOW_NUM_BITS); + let word = z_cur - z_next * F::from(1 << WINDOW_NUM_BITS); vec![q_range_check * range_check(word, 1 << WINDOW_NUM_BITS)] }); @@ -182,11 +182,11 @@ impl // Assign running sum `z_{i+1}` = (z_i - k_i) / (2^K) for i = 0..=n-1. // Outside of this helper, z_0 = alpha must have already been loaded into the // `z` column at `offset`. - let two_pow_k_inv = F::from_u64(1 << WINDOW_NUM_BITS as u64).invert().unwrap(); + let two_pow_k_inv = F::from(1 << WINDOW_NUM_BITS as u64).invert().unwrap(); for (i, word) in words.iter().enumerate() { // z_next = (z_cur - word) / (2^K) let z_next = { - let word = word.map(|word| F::from_u64(word as u64)); + let word = word.map(|word| F::from(word as u64)); let z_next_val = z .value() .zip(word) @@ -319,7 +319,7 @@ mod tests { // Random 64-bit word { - let alpha = pallas::Base::from_u64(rand::random()); + let alpha = pallas::Base::from(rand::random::()); // Strict full decomposition should pass. let circuit: MyCircuit< diff --git a/src/circuit/gadget/utilities/lookup_range_check.rs b/src/circuit/gadget/utilities/lookup_range_check.rs index 6bb478d3..4d1ad033 100644 --- a/src/circuit/gadget/utilities/lookup_range_check.rs +++ b/src/circuit/gadget/utilities/lookup_range_check.rs @@ -76,7 +76,7 @@ impl LookupRangeCheckConfig let running_sum_lookup = { let running_sum_word = { let z_next = meta.query_advice(config.running_sum, Rotation::next()); - z_cur.clone() - z_next * F::from_u64(1 << K) + z_cur.clone() - z_next * F::from(1 << K) }; q_running.clone() * running_sum_word @@ -104,7 +104,7 @@ impl LookupRangeCheckConfig let shifted_word = meta.query_advice(config.running_sum, Rotation::cur()); let inv_two_pow_s = meta.query_advice(config.running_sum, Rotation::next()); - let two_pow_k = F::from_u64(1 << K); + let two_pow_k = F::from(1 << K); // shifted_word = word * 2^{K-s} // = word * 2^K * inv_two_pow_s @@ -128,7 +128,7 @@ impl LookupRangeCheckConfig || "table_idx", self.table_idx, index, - || Ok(F::from_u64(index as u64)), + || Ok(F::from(index as u64)), )?; } Ok(()) @@ -210,7 +210,7 @@ impl LookupRangeCheckConfig let words: Option> = bits.map(|bits| { bits.chunks_exact(K) - .map(|word| F::from_u64(lebs2ip::(&(word.try_into().unwrap())))) + .map(|word| F::from(lebs2ip::(&(word.try_into().unwrap())))) .collect::>() }); if let Some(words) = words { @@ -229,7 +229,7 @@ impl LookupRangeCheckConfig // For `element` = a_0 + 2^10 a_1 + ... + 2^{120} a_{12}}, initialize z_0 = `element`. // If `element` fits in 130 bits, we end up with z_{13} = 0. let mut z = element; - let inv_two_pow_k = F::from_u64(1u64 << K).invert().unwrap(); + let inv_two_pow_k = F::from(1u64 << K).invert().unwrap(); for (idx, word) in words.iter().enumerate() { // Enable q_lookup on this row self.q_lookup.enable(region, idx)?; @@ -336,7 +336,7 @@ impl LookupRangeCheckConfig // Assign shifted `element * 2^{K - num_bits}` let shifted = element.value().map(|element| { - let shift = F::from_u64(1 << (K - num_bits)); + let shift = F::from(1 << (K - num_bits)); *element * shift }); @@ -348,7 +348,7 @@ impl LookupRangeCheckConfig )?; // Assign 2^{-num_bits} from a fixed column. - let inv_two_pow_s = F::from_u64(1 << num_bits).invert().unwrap(); + let inv_two_pow_s = F::from(1 << num_bits).invert().unwrap(); region.assign_advice_from_constant( || format!("2^(-{})", num_bits), self.running_sum, @@ -411,12 +411,8 @@ mod tests { // Lookup constraining element to be no longer than num_words * K bits. let elements_and_expected_final_zs = [ - ( - F::from_u64((1 << (self.num_words * K)) - 1), - F::zero(), - true, - ), // a word that is within self.num_words * K bits long - (F::from_u64(1 << (self.num_words * K)), F::one(), false), // a word that is just over self.num_words * K bits long + (F::from((1 << (self.num_words * K)) - 1), F::zero(), true), // a word that is within self.num_words * K bits long + (F::from(1 << (self.num_words * K)), F::one(), false), // a word that is just over self.num_words * K bits long ]; fn expected_zs( @@ -431,7 +427,7 @@ mod tests { .take(num_words * K) .collect::>() .chunks_exact(K) - .map(|chunk| F::from_u64(lebs2ip::(chunk.try_into().unwrap()))) + .map(|chunk| F::from(lebs2ip::(chunk.try_into().unwrap()))) .collect::>() }; let expected_zs = { @@ -538,7 +534,7 @@ mod tests { // Edge case: K bits { let circuit: MyCircuit = MyCircuit { - element: Some(pallas::Base::from_u64((1 << K) - 1)), + element: Some(pallas::Base::from((1 << K) - 1)), num_bits: K, }; let prover = MockProver::::run(11, &circuit, vec![]).unwrap(); @@ -548,7 +544,7 @@ mod tests { // Element within `num_bits` { let circuit: MyCircuit = MyCircuit { - element: Some(pallas::Base::from_u64((1 << 6) - 1)), + element: Some(pallas::Base::from((1 << 6) - 1)), num_bits: 6, }; let prover = MockProver::::run(11, &circuit, vec![]).unwrap(); @@ -558,7 +554,7 @@ mod tests { // Element larger than `num_bits` but within K bits { let circuit: MyCircuit = MyCircuit { - element: Some(pallas::Base::from_u64(1 << 6)), + element: Some(pallas::Base::from(1 << 6)), num_bits: 6, }; let prover = MockProver::::run(11, &circuit, vec![]).unwrap(); @@ -574,7 +570,7 @@ mod tests { // Element larger than K bits { let circuit: MyCircuit = MyCircuit { - element: Some(pallas::Base::from_u64(1 << K)), + element: Some(pallas::Base::from(1 << K)), num_bits: 6, }; let prover = MockProver::::run(11, &circuit, vec![]).unwrap(); @@ -597,11 +593,11 @@ mod tests { // num_bits { let num_bits = 6; - let shifted = pallas::Base::from_u64((1 << num_bits) - 1); + let shifted = pallas::Base::from((1 << num_bits) - 1); // Recall that shifted = element * 2^{K-s} // => element = shifted * 2^{s-K} let element = shifted - * pallas::Base::from_u64(1 << (K as u64 - num_bits)) + * pallas::Base::from(1 << (K as u64 - num_bits)) .invert() .unwrap(); let circuit: MyCircuit = MyCircuit { diff --git a/src/constants.rs b/src/constants.rs index c95c27e8..c417a078 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -100,8 +100,8 @@ fn compute_window_table(base: C, num_windows: usize) -> Vec<[C; (0..H) .map(|k| { // scalar = (k+2)*(8^w) - let scalar = C::ScalarExt::from_u64(k as u64 + 2) - * C::ScalarExt::from_u64(H as u64).pow(&[w as u64, 0, 0, 0]); + let scalar = C::Scalar::from(k as u64 + 2) + * C::Scalar::from(H as u64).pow(&[w as u64, 0, 0, 0]); (base * scalar).to_affine() }) .collect::>() @@ -114,19 +114,14 @@ fn compute_window_table(base: C, num_windows: usize) -> Vec<[C; // For the last window, we compute [k * (2^3)^w - sum]B, where sum is defined // as sum = \sum_{j = 0}^{`num_windows - 2`} 2^{3j+1} let sum = (0..(num_windows - 1)).fold(C::ScalarExt::zero(), |acc, j| { - acc + C::ScalarExt::from_u64(2).pow(&[ - FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1, - 0, - 0, - 0, - ]) + acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1, 0, 0, 0]) }); window_table.push( (0..H) .map(|k| { // scalar = k * (2^3)^w - sum, where w = `num_windows - 1` - let scalar = C::ScalarExt::from_u64(k as u64) - * C::ScalarExt::from_u64(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0]) + let scalar = C::Scalar::from(k as u64) + * C::Scalar::from(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0]) - sum; (base * scalar).to_affine() }) @@ -142,7 +137,7 @@ fn compute_window_table(base: C, num_windows: usize) -> Vec<[C; /// Here, we pre-compute and store the coefficients of the interpolation polynomial. fn compute_lagrange_coeffs(base: C, num_windows: usize) -> Vec<[C::Base; H]> { // We are interpolating over the 3-bit window, k \in [0..8) - let points: Vec<_> = (0..H).map(|i| C::Base::from_u64(i as u64)).collect(); + let points: Vec<_> = (0..H).map(|i| C::Base::from(i as u64)).collect(); let window_table = compute_window_table(base, num_windows); @@ -183,8 +178,8 @@ fn find_zs_and_us(base: C, num_windows: usize) -> Option(base: C, num_windows: usize) { // Compute the actual x-coordinate of the multiple [(k+2)*(8^w)]B. let point = base - * C::Scalar::from_u64(bits as u64 + 2) - * C::Scalar::from_u64(H as u64).pow(&[idx as u64, 0, 0, 0]); + * C::Scalar::from(bits as u64 + 2) + * C::Scalar::from(H as u64).pow(&[idx as u64, 0, 0, 0]); let x = *point.to_affine().coordinates().unwrap().x(); // Check that the interpolated x-coordinate matches the actual one. @@ -235,15 +230,10 @@ fn test_lagrange_coeffs(base: C, num_windows: usize) { // Compute the actual x-coordinate of the multiple [k * (8^84) - offset]B, // where offset = \sum_{j = 0}^{83} 2^{3j+1} let offset = (0..(num_windows - 1)).fold(C::Scalar::zero(), |acc, w| { - acc + C::Scalar::from_u64(2).pow(&[ - FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, - 0, - 0, - 0, - ]) + acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0]) }); - let scalar = C::Scalar::from_u64(bits as u64) - * C::Scalar::from_u64(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0]) + let scalar = C::Scalar::from(bits as u64) + * C::Scalar::from(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0]) - offset; let point = base * scalar; let x = *point.to_affine().coordinates().unwrap().x(); @@ -265,8 +255,8 @@ fn test_zs_and_us(base: C, z: &[u64], u: &[[[u8; 32]; H]], num_w for (u, point) in u.iter().zip(window_points.iter()) { let y = *point.coordinates().unwrap().y(); let u = C::Base::from_bytes(u).unwrap(); - assert_eq!(C::Base::from_u64(*z) + y, u * u); // allow either square root - assert!(bool::from((C::Base::from_u64(*z) - y).sqrt().is_none())); + assert_eq!(C::Base::from(*z) + y, u * u); // allow either square root + assert!(bool::from((C::Base::from(*z) - y).sqrt().is_none())); } } } diff --git a/src/constants/load.rs b/src/constants/load.rs index e2743f26..22b2d80c 100644 --- a/src/constants/load.rs +++ b/src/constants/load.rs @@ -177,7 +177,7 @@ impl From<[u64; NUM_WINDOWS]> for Z { fn from(zs: [u64; NUM_WINDOWS]) -> Self { Self( zs.iter() - .map(|z| pallas::Base::from_u64(*z)) + .map(|z| pallas::Base::from(*z)) .collect::>() .into_boxed_slice() .try_into() @@ -194,7 +194,7 @@ impl From<[u64; NUM_WINDOWS_SHORT]> for ZShort { fn from(zs: [u64; NUM_WINDOWS_SHORT]) -> Self { Self( zs.iter() - .map(|z| pallas::Base::from_u64(*z)) + .map(|z| pallas::Base::from(*z)) .collect::>() .into_boxed_slice() .try_into() diff --git a/src/constants/util.rs b/src/constants/util.rs index b325091c..cc69c7dc 100644 --- a/src/constants/util.rs +++ b/src/constants/util.rs @@ -1,5 +1,5 @@ use ff::{Field, PrimeFieldBits}; -use halo2::arithmetic::{CurveAffine, FieldExt}; +use halo2::arithmetic::CurveAffine; /// Decompose a word `alpha` into `window_num_bits` bits (little-endian) /// For a window size of `w`, this returns [k_0, ..., k_n] where each `k_i` @@ -33,7 +33,7 @@ pub fn decompose_word( /// Evaluate y = f(x) given the coefficients of f(x) pub fn evaluate(x: u8, coeffs: &[C::Base]) -> C::Base { - let x = C::Base::from_u64(x as u64); + let x = C::Base::from(x as u64); coeffs .iter() .rev() diff --git a/src/primitives/poseidon.rs b/src/primitives/poseidon.rs index 1afe5cbe..f45cf6bf 100644 --- a/src/primitives/poseidon.rs +++ b/src/primitives/poseidon.rs @@ -370,7 +370,7 @@ mod tests { #[test] fn orchard_spec_equivalence() { - let message = [pallas::Base::from_u64(6), pallas::Base::from_u64(42)]; + let message = [pallas::Base::from(6), pallas::Base::from(42)]; let (round_constants, mds, _) = OrchardNullifier::constants(); diff --git a/src/primitives/sinsemilla/constants.rs b/src/primitives/sinsemilla/constants.rs index 47f3535f..8c767ed2 100644 --- a/src/primitives/sinsemilla/constants.rs +++ b/src/primitives/sinsemilla/constants.rs @@ -135,7 +135,7 @@ mod tests { #[test] fn inv_two_pow_k() { - let two_pow_k = pallas::Base::from_u64(1u64 << K); + let two_pow_k = pallas::Base::from(1u64 << K); let inv_two_pow_k = pallas::Base::from_bytes(&INV_TWO_POW_K).unwrap(); assert_eq!(two_pow_k * inv_two_pow_k, pallas::Base::one()); diff --git a/src/spec.rs b/src/spec.rs index 7d1cd698..264d2ffc 100644 --- a/src/spec.rs +++ b/src/spec.rs @@ -251,8 +251,8 @@ pub(crate) fn extract_p_bottom(point: CtOption) -> CtOption(bits: &[bool; L]) -> F { - F::from_u64(lebs2ip::(bits)) +pub fn lebs2ip_field(bits: &[bool; L]) -> F { + F::from(lebs2ip::(bits)) } /// The u64 integer represented by an L-bit little-endian bitstring. diff --git a/src/tree.rs b/src/tree.rs index d3101e73..14948db3 100644 --- a/src/tree.rs +++ b/src/tree.rs @@ -23,7 +23,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; // The uncommitted leaf is defined as pallas::Base(2). // lazy_static! { - static ref UNCOMMITTED_ORCHARD: pallas::Base = pallas::Base::from_u64(2); + static ref UNCOMMITTED_ORCHARD: pallas::Base = pallas::Base::from(2); pub(crate) static ref EMPTY_ROOTS: Vec = { iter::empty() .chain(Some(MerkleHashOrchard::empty_leaf())) diff --git a/src/value.rs b/src/value.rs index 7152643d..b3e626b6 100644 --- a/src/value.rs +++ b/src/value.rs @@ -23,7 +23,7 @@ use bitvec::{array::BitArray, order::Lsb0}; use ff::{Field, PrimeField}; use group::{Curve, Group, GroupEncoding}; use pasta_curves::{ - arithmetic::{CurveAffine, CurveExt, FieldExt}, + arithmetic::{CurveAffine, CurveExt}, pallas, }; use rand::RngCore; @@ -252,9 +252,9 @@ impl ValueCommitment { let abs_value = u64::try_from(value.0.abs()).expect("value must be in valid range"); let value = if value.0.is_negative() { - -pallas::Scalar::from_u64(abs_value) + -pallas::Scalar::from(abs_value) } else { - pallas::Scalar::from_u64(abs_value) + pallas::Scalar::from(abs_value) }; ValueCommitment(V * value + R * rcv.0)