mirror of https://github.com/zcash/orchard.git
Add mul_short::tests cases and address review comments.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
32f3068886
commit
90474995a7
|
@ -100,7 +100,8 @@ pub trait EccInstructions<C: CurveAffine>: Chip<C::Base> + UtilitiesInstructions
|
|||
base: &Self::FixedPoints,
|
||||
) -> Result<(Self::Point, Self::ScalarFixed), Error>;
|
||||
|
||||
/// Performs fixed-base scalar multiplication using a short signed scalar, returning `[scalar] base`.
|
||||
/// Performs fixed-base scalar multiplication using a short signed scalar, returning
|
||||
/// `[magnitude * sign] base`.
|
||||
fn mul_fixed_short(
|
||||
&self,
|
||||
layouter: &mut impl Layouter<C::Base>,
|
||||
|
|
|
@ -163,7 +163,9 @@ impl Config {
|
|||
&self.super_config.perm,
|
||||
)?;
|
||||
|
||||
// Copy last window to `u` column
|
||||
// Copy last window to `u` column.
|
||||
// (Although the last window is not a `u` value; we are copying it into the `u`
|
||||
// column because there is an available cell there.)
|
||||
let z_21 = scalar.running_sum[20];
|
||||
copy(
|
||||
&mut region,
|
||||
|
@ -459,30 +461,60 @@ pub mod tests {
|
|||
|
||||
// Magnitude larger than 64 bits should fail
|
||||
{
|
||||
let circuit = MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 64)),
|
||||
sign: Some(pallas::Base::one()),
|
||||
};
|
||||
let circuits = [
|
||||
// 2^64
|
||||
MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 64)),
|
||||
sign: Some(pallas::Base::one()),
|
||||
},
|
||||
// -2^64
|
||||
MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 64)),
|
||||
sign: Some(-pallas::Base::one()),
|
||||
},
|
||||
// 2^66
|
||||
MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 66)),
|
||||
sign: Some(pallas::Base::one()),
|
||||
},
|
||||
// -2^66
|
||||
MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 66)),
|
||||
sign: Some(-pallas::Base::one()),
|
||||
},
|
||||
// 2^254
|
||||
MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 127).square()),
|
||||
sign: Some(pallas::Base::one()),
|
||||
},
|
||||
// -2^254
|
||||
MyCircuit {
|
||||
magnitude: Some(pallas::Base::from_u128(1 << 127).square()),
|
||||
sign: Some(-pallas::Base::one()),
|
||||
},
|
||||
];
|
||||
|
||||
let prover = MockProver::<pallas::Base>::run(11, &circuit, vec![]).unwrap();
|
||||
assert_eq!(
|
||||
prover.verify(),
|
||||
Err(vec![
|
||||
VerifyFailure::Constraint {
|
||||
constraint: ((4, "final z = 0").into(), 0, "").into(),
|
||||
row: 24
|
||||
},
|
||||
VerifyFailure::Constraint {
|
||||
constraint: (
|
||||
(15, "Short fixed-base mul gate").into(),
|
||||
0,
|
||||
"last_window_check"
|
||||
)
|
||||
.into(),
|
||||
row: 26
|
||||
}
|
||||
])
|
||||
);
|
||||
for circuit in circuits.iter() {
|
||||
let prover = MockProver::<pallas::Base>::run(11, circuit, vec![]).unwrap();
|
||||
assert_eq!(
|
||||
prover.verify(),
|
||||
Err(vec![
|
||||
VerifyFailure::Constraint {
|
||||
constraint: ((4, "final z = 0").into(), 0, "").into(),
|
||||
row: 24
|
||||
},
|
||||
VerifyFailure::Constraint {
|
||||
constraint: (
|
||||
(15, "Short fixed-base mul gate").into(),
|
||||
0,
|
||||
"last_window_check"
|
||||
)
|
||||
.into(),
|
||||
row: 26
|
||||
}
|
||||
])
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Sign that is not +/- 1 should fail
|
||||
|
|
|
@ -308,6 +308,29 @@ mod tests {
|
|||
};
|
||||
let prover = MockProver::<pallas::Base>::run(8, &circuit, vec![]).unwrap();
|
||||
assert_eq!(prover.verify(), Ok(()));
|
||||
}
|
||||
|
||||
// Random 64-bit word
|
||||
{
|
||||
let alpha = pallas::Base::from_u64(rand::random());
|
||||
|
||||
// Strict full decomposition should pass.
|
||||
let circuit: MyCircuit<
|
||||
pallas::Base,
|
||||
L_VALUE,
|
||||
FIXED_BASE_WINDOW_SIZE,
|
||||
NUM_WINDOWS_SHORT,
|
||||
> = MyCircuit {
|
||||
alpha: Some(alpha),
|
||||
strict: true,
|
||||
};
|
||||
let prover = MockProver::<pallas::Base>::run(8, &circuit, vec![]).unwrap();
|
||||
assert_eq!(prover.verify(), Ok(()));
|
||||
}
|
||||
|
||||
// 2^64
|
||||
{
|
||||
let alpha = pallas::Base::from_u128(1 << 64);
|
||||
|
||||
// Strict partial decomposition should fail.
|
||||
let circuit: MyCircuit<
|
||||
|
@ -347,23 +370,5 @@ mod tests {
|
|||
let prover = MockProver::<pallas::Base>::run(8, &circuit, vec![]).unwrap();
|
||||
assert_eq!(prover.verify(), Ok(()));
|
||||
}
|
||||
|
||||
// Random 64-bit word
|
||||
{
|
||||
let alpha = pallas::Base::from_u64(rand::random());
|
||||
|
||||
// Strict full decomposition should pass.
|
||||
let circuit: MyCircuit<
|
||||
pallas::Base,
|
||||
L_VALUE,
|
||||
FIXED_BASE_WINDOW_SIZE,
|
||||
NUM_WINDOWS_SHORT,
|
||||
> = MyCircuit {
|
||||
alpha: Some(alpha),
|
||||
strict: true,
|
||||
};
|
||||
let prover = MockProver::<pallas::Base>::run(8, &circuit, vec![]).unwrap();
|
||||
assert_eq!(prover.verify(), Ok(()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue