mirror of https://github.com/zcash/orchard.git
generator_table.rs: Fix bug in y_p lookup expression.
Also, GeneratorTable::configure() was not being called in the main SinsemillaChip::configure(), which meant the lookup argument had not been activated. This has now been fixed. Co-authored-by: Jack Grigg <jack@electriccoin.co>
This commit is contained in:
parent
2f6ca9e6de
commit
9072ed437d
|
@ -123,6 +123,9 @@ impl SinsemillaChip {
|
||||||
perm,
|
perm,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Set up lookup argument
|
||||||
|
GeneratorTableConfig::configure(meta, config.clone());
|
||||||
|
|
||||||
let two = Expression::Constant(pallas::Base::from_u64(2));
|
let two = Expression::Constant(pallas::Base::from_u64(2));
|
||||||
// Check that the initial x_A, x_P, lambda_1, lambda_2 are consistent with y_Q.
|
// Check that the initial x_A, x_P, lambda_1, lambda_2 are consistent with y_Q.
|
||||||
meta.create_gate("Initial y_Q", |meta| {
|
meta.create_gate("Initial y_Q", |meta| {
|
||||||
|
|
|
@ -56,7 +56,7 @@ impl GeneratorTableConfig {
|
||||||
|
|
||||||
let x_p = meta.query_advice(config.x_p, Rotation::cur());
|
let x_p = meta.query_advice(config.x_p, Rotation::cur());
|
||||||
|
|
||||||
// y_{p,i} = (Y_{A,i} / 2) - lambda1 * (x_{A,i} - x_{R,i}),
|
// y_{p,i} = (Y_{A,i} / 2) - lambda1 * (x_{A,i} - x_{P,i}),
|
||||||
// where Y_{A,i} = (lambda1_i + lambda2_i) * (x_{A,i} - x_{R,i}),
|
// where Y_{A,i} = (lambda1_i + lambda2_i) * (x_{A,i} - x_{R,i}),
|
||||||
// x_{R,i} = lambda1^2 - x_{A,i} - x_{P,i}
|
// x_{R,i} = lambda1^2 - x_{A,i} - x_{P,i}
|
||||||
//
|
//
|
||||||
|
@ -66,9 +66,9 @@ impl GeneratorTableConfig {
|
||||||
let x_a = meta.query_advice(config.x_a, Rotation::cur());
|
let x_a = meta.query_advice(config.x_a, Rotation::cur());
|
||||||
|
|
||||||
let x_r = lambda1.clone().square() - x_a.clone() - x_p.clone();
|
let x_r = lambda1.clone().square() - x_a.clone() - x_p.clone();
|
||||||
let Y_A = (lambda1.clone() + lambda2) * (x_a.clone() - x_r.clone());
|
let Y_A = (lambda1.clone() + lambda2) * (x_a.clone() - x_r);
|
||||||
|
|
||||||
(Y_A * pallas::Base::TWO_INV) * (lambda1 * (x_a - x_r))
|
(Y_A * pallas::Base::TWO_INV) - (lambda1 * (x_a - x_p.clone()))
|
||||||
};
|
};
|
||||||
|
|
||||||
// Lookup expressions default to the first entry when `q_s1`
|
// Lookup expressions default to the first entry when `q_s1`
|
||||||
|
|
Loading…
Reference in New Issue