diff --git a/src/circuit.rs b/src/circuit.rs index e1ba1c88..fa719155 100644 --- a/src/circuit.rs +++ b/src/circuit.rs @@ -46,12 +46,10 @@ use gadget::{ }, sinsemilla::{ chip::{SinsemillaChip, SinsemillaConfig, SinsemillaHashDomains}, - commit_ivk::CommitIvkConfig, merkle::{ chip::{MerkleChip, MerkleConfig}, MerklePath, }, - note_commit::NoteCommitConfig, }, utilities::{copy, CellValue, UtilitiesInstructions, Var}, }; @@ -60,7 +58,11 @@ use std::convert::TryInto; use self::gadget::utilities::lookup_range_check::LookupRangeCheckConfig; +mod commit_ivk; pub(crate) mod gadget; +mod note_commit; +use commit_ivk::CommitIvkConfig; +use note_commit::NoteCommitConfig; /// Size of the Orchard circuit. const K: u32 = 11; diff --git a/src/circuit/gadget/sinsemilla/commit_ivk.rs b/src/circuit/commit_ivk.rs similarity index 98% rename from src/circuit/gadget/sinsemilla/commit_ivk.rs rename to src/circuit/commit_ivk.rs index 476691e9..928d8905 100644 --- a/src/circuit/gadget/sinsemilla/commit_ivk.rs +++ b/src/circuit/commit_ivk.rs @@ -8,16 +8,15 @@ use pasta_curves::{arithmetic::FieldExt, pallas}; use crate::{ circuit::gadget::{ ecc::{chip::EccChip, X}, + sinsemilla::{ + chip::{SinsemillaChip, SinsemillaCommitDomains, SinsemillaConfig}, + CommitDomain, Message, MessagePiece, + }, utilities::{bitrange_subset, bool_check, copy, CellValue, Var}, }, constants::T_P, }; -use super::{ - chip::{SinsemillaChip, SinsemillaCommitDomains, SinsemillaConfig}, - CommitDomain, Message, MessagePiece, -}; - #[derive(Clone, Debug)] pub struct CommitIvkConfig { q_commit_ivk: Selector, @@ -263,13 +262,13 @@ impl CommitIvkConfig { }); // Constrain b_0 to be 4 bits. - let b_0 = self.sinsemilla_config.lookup_config.witness_short_check( + let b_0 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "b_0 is 4 bits"), b_0, 4, )?; // Constrain b_2 to be 5 bits. - let b_2 = self.sinsemilla_config.lookup_config.witness_short_check( + let b_2 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "b_2 is 5 bits"), b_2, 5, @@ -307,7 +306,7 @@ impl CommitIvkConfig { .map(|(d_0, d_1)| d_0 + d_1 * pallas::Base::from_u64(1 << 9)); // Constrain d_0 to be 9 bits. - let d_0 = self.sinsemilla_config.lookup_config.witness_short_check( + let d_0 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "d_0 is 9 bits"), d_0, 9, @@ -400,7 +399,7 @@ impl CommitIvkConfig { let t_p = pallas::Base::from_u128(T_P); a + two_pow_130 - t_p }); - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose low 130 bits of (a + 2^130 - t_P)"), a_prime, 13, @@ -437,7 +436,7 @@ impl CommitIvkConfig { let t_p = pallas::Base::from_u128(T_P); b_2 + c * two_pow_5 + two_pow_140 - t_p }); - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose low 140 bits of (b_2 + c * 2^5 + 2^140 - t_P)"), b2_c_prime, 14, diff --git a/src/circuit/gadget/sinsemilla.rs b/src/circuit/gadget/sinsemilla.rs index de562d8d..c726a77a 100644 --- a/src/circuit/gadget/sinsemilla.rs +++ b/src/circuit/gadget/sinsemilla.rs @@ -9,10 +9,8 @@ use pasta_curves::arithmetic::{CurveAffine, FieldExt}; use std::{convert::TryInto, fmt::Debug}; pub mod chip; -pub mod commit_ivk; pub mod merkle; mod message; -pub mod note_commit; /// The set of circuit instructions required to use the [`Sinsemilla`](https://zcash.github.io/halo2/design/gadgets/sinsemilla.html) gadget. /// This trait is bounded on two constant parameters: `K`, the number of bits @@ -107,7 +105,8 @@ impl where SinsemillaChip: SinsemillaInstructions + Clone + Debug + Eq, { - fn from_bitstring( + /// Constructs a message from a bitstring. + pub fn from_bitstring( chip: SinsemillaChip, mut layouter: impl Layouter, bitstring: Vec>, @@ -140,7 +139,7 @@ where /// Constructs a message from a vector of [`MessagePiece`]s. /// /// [`MessagePiece`]: SinsemillaInstructions::MessagePiece - fn from_pieces( + pub fn from_pieces( chip: SinsemillaChip, pieces: Vec>, ) -> Self { @@ -169,7 +168,8 @@ impl where SinsemillaChip: SinsemillaInstructions + Clone + Debug + Eq, { - fn inner(&self) -> SinsemillaChip::MessagePiece { + /// Returns the inner MessagePiece contained in this gadget. + pub fn inner(&self) -> SinsemillaChip::MessagePiece { self.inner } } @@ -179,7 +179,7 @@ impl where SinsemillaChip: SinsemillaInstructions + Clone + Debug + Eq, { - fn from_bitstring( + pub fn from_bitstring( chip: SinsemillaChip, layouter: impl Layouter, bitstring: &[Option], @@ -214,7 +214,7 @@ where Self::from_field_elem(chip, layouter, piece_value, num_words) } - fn from_field_elem( + pub fn from_field_elem( chip: SinsemillaChip, layouter: impl Layouter, field_elem: Option, diff --git a/src/circuit/gadget/sinsemilla/chip.rs b/src/circuit/gadget/sinsemilla/chip.rs index 8cac3fea..33667069 100644 --- a/src/circuit/gadget/sinsemilla/chip.rs +++ b/src/circuit/gadget/sinsemilla/chip.rs @@ -63,16 +63,21 @@ pub struct SinsemillaConfig { witness_pieces: Column, /// The lookup table where $(\mathsf{idx}, x_p, y_p)$ are loaded for the $2^K$ /// generators of the Sinsemilla hash. - pub(super) generator_table: GeneratorTableConfig, + generator_table: GeneratorTableConfig, /// An advice column configured to perform lookup range checks. - pub(super) lookup_config: LookupRangeCheckConfig, + lookup_config: LookupRangeCheckConfig, } impl SinsemillaConfig { /// Returns an array of all advice columns in this config, in arbitrary order. - pub(super) fn advices(&self) -> [Column; 5] { + pub fn advices(&self) -> [Column; 5] { [self.x_a, self.x_p, self.bits, self.lambda_1, self.lambda_2] } + + /// Returns the lookup table config of this Sinsemilla config. + pub fn lookup_config(&self) -> &LookupRangeCheckConfig { + &self.lookup_config + } } #[derive(Eq, PartialEq, Clone, Debug)] diff --git a/src/circuit/gadget/sinsemilla/merkle.rs b/src/circuit/gadget/sinsemilla/merkle.rs index d9be7163..36c61c34 100644 --- a/src/circuit/gadget/sinsemilla/merkle.rs +++ b/src/circuit/gadget/sinsemilla/merkle.rs @@ -4,11 +4,12 @@ use halo2::{ }; use pasta_curves::arithmetic::CurveAffine; -use super::{HashDomains, SinsemillaInstructions}; - use crate::{ - circuit::gadget::utilities::{ - cond_swap::CondSwapInstructions, transpose_option_array, UtilitiesInstructions, + circuit::gadget::{ + sinsemilla::{HashDomains, SinsemillaInstructions}, + utilities::{ + cond_swap::CondSwapInstructions, transpose_option_array, UtilitiesInstructions, + }, }, spec::i2lebsp, }; diff --git a/src/circuit/gadget/sinsemilla/merkle/chip.rs b/src/circuit/gadget/sinsemilla/merkle/chip.rs index ce25531e..a268aef9 100644 --- a/src/circuit/gadget/sinsemilla/merkle/chip.rs +++ b/src/circuit/gadget/sinsemilla/merkle/chip.rs @@ -5,17 +5,19 @@ use halo2::{ }; use pasta_curves::{arithmetic::FieldExt, pallas}; -use super::super::{ - chip::{SinsemillaChip, SinsemillaConfig}, - SinsemillaInstructions, -}; use super::MerkleInstructions; use crate::{ - circuit::gadget::utilities::{ - bitrange_subset, - cond_swap::{CondSwapChip, CondSwapConfig, CondSwapInstructions}, - copy, CellValue, UtilitiesInstructions, Var, + circuit::gadget::{ + sinsemilla::{ + chip::{SinsemillaChip, SinsemillaConfig}, + SinsemillaInstructions, + }, + utilities::{ + bitrange_subset, + cond_swap::{CondSwapChip, CondSwapConfig, CondSwapInstructions}, + copy, CellValue, UtilitiesInstructions, Var, + }, }, constants::{L_ORCHARD_BASE, MERKLE_DEPTH_ORCHARD}, primitives::sinsemilla, @@ -209,11 +211,10 @@ impl MerkleInstructions We need to hash g★_d || pk★_d || i2lebsp_{64}(v) || rho || psi, @@ -552,14 +551,14 @@ impl NoteCommitConfig { let b_3 = pkd_x.map(|pkd_x| bitrange_subset(pkd_x, 0..4)); // Constrain b_0 to be 4 bits - let b_0 = self.sinsemilla_config.lookup_config.witness_short_check( + let b_0 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "b_0 is 4 bits"), b_0, 4, )?; // Constrain b_3 to be 4 bits - let b_3 = self.sinsemilla_config.lookup_config.witness_short_check( + let b_3 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "b_3 is 4 bits"), b_3, 4, @@ -597,7 +596,7 @@ impl NoteCommitConfig { let d_3 = value_val.map(|value| bitrange_subset(value, 8..58)); // Constrain d_2 to be 8 bits - let d_2 = self.sinsemilla_config.lookup_config.witness_short_check( + let d_2 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "d_2 is 8 bits"), d_2, 8, @@ -628,14 +627,14 @@ impl NoteCommitConfig { let e_1 = rho_val.map(|rho| bitrange_subset(rho, 0..4)); // Constrain e_0 to be 6 bits. - let e_0 = self.sinsemilla_config.lookup_config.witness_short_check( + let e_0 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "e_0 is 6 bits"), e_0, 6, )?; // Constrain e_1 to be 4 bits. - let e_1 = self.sinsemilla_config.lookup_config.witness_short_check( + let e_1 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "e_1 is 4 bits"), e_1, 4, @@ -664,7 +663,7 @@ impl NoteCommitConfig { let g_2 = psi_val.map(|psi| bitrange_subset(psi, 9..249)); // Constrain g_1 to be 9 bits. - let g_1 = self.sinsemilla_config.lookup_config.witness_short_check( + let g_1 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "g_1 is 9 bits"), g_1, 9, @@ -690,7 +689,7 @@ impl NoteCommitConfig { let h_1 = psi_val.map(|psi| bitrange_subset(psi, 254..255)); // Constrain h_0 to be 5 bits. - let h_0 = self.sinsemilla_config.lookup_config.witness_short_check( + let h_0 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "h_0 is 5 bits"), h_0, 5, @@ -835,7 +834,7 @@ impl NoteCommitConfig { let t_p = pallas::Base::from_u128(T_P); a + two_pow_130 - t_p }); - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose low 130 bits of (a + 2^130 - t_P)"), a_prime, 13, @@ -874,7 +873,7 @@ impl NoteCommitConfig { b_3 + (two_pow_4 * c) + two_pow_140 - t_p }); - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose low 140 bits of (b_3 + 2^4 c + 2^140 - t_P)"), b3_c_prime, 14, @@ -914,7 +913,7 @@ impl NoteCommitConfig { // Decompose the low 140 bits of e1_f_prime = e_1 + 2^4 f + 2^140 - t_P, // and output the running sum at the end of it. // If e1_f_prime < 2^140, the running sum will be 0. - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose low 140 bits of (e_1 + 2^4 f + 2^140 - t_P)"), e1_f_prime, 14, @@ -951,7 +950,7 @@ impl NoteCommitConfig { g_1 + (two_pow_9 * g_2) + two_pow_130 - t_p }); - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose low 130 bits of (g_1 + (2^9)g_2 + 2^130 - t_P)"), g1_g2_prime, 13, @@ -984,14 +983,14 @@ impl NoteCommitConfig { }; // Range-constrain k_0 to be 9 bits. - let k_0 = self.sinsemilla_config.lookup_config.witness_short_check( + let k_0 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "Constrain k_0 to be 9 bits"), k_0, 9, )?; // Range-constrain k_2 to be 4 bits. - let k_2 = self.sinsemilla_config.lookup_config.witness_short_check( + let k_2 = self.sinsemilla_config.lookup_config().witness_short_check( layouter.namespace(|| "Constrain k_2 to be 4 bits"), k_2, 4, @@ -1004,7 +1003,7 @@ impl NoteCommitConfig { let two_pow_10 = pallas::Base::from_u64(1 << 10); lsb + two * k_0 + two_pow_10 * k_1 }); - let zs = self.sinsemilla_config.lookup_config.witness_check( + let zs = self.sinsemilla_config.lookup_config().witness_check( layouter.namespace(|| "Decompose j = LSB + (2)k_0 + (2^10)k_1"), j, 25,