mirror of https://github.com/zcash/orchard.git
* Add a pointer to how the Z and U constants for fixed-base scalar
multiplication can be reproduced. * Correct errors and omissions in the documentation of the fixed-base generators. Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
8a2abbb999
commit
ae1ba27d89
|
@ -4,7 +4,7 @@ version = "0.7.0"
|
||||||
authors = [
|
authors = [
|
||||||
"Sean Bowe <sean@electriccoin.co>",
|
"Sean Bowe <sean@electriccoin.co>",
|
||||||
"Jack Grigg <jack@electriccoin.co>",
|
"Jack Grigg <jack@electriccoin.co>",
|
||||||
"Daira Emma Hopwood <daira@jacaranda.org>",
|
"Daira-Emma Hopwood <daira@jacaranda.org>",
|
||||||
"Ying Tong Lai",
|
"Ying Tong Lai",
|
||||||
"Kris Nuttycombe <kris@electriccoin.co>",
|
"Kris Nuttycombe <kris@electriccoin.co>",
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use group::ff::PrimeField;
|
use group::ff::PrimeField;
|
||||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||||
|
|
||||||
/// Generator used in SinsemillaCommit randomness for IVK commitment
|
/// Generator used in SinsemillaCommit randomness for IVK commitment.
|
||||||
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
[
|
[
|
||||||
24, 161, 248, 95, 110, 72, 35, 152, 199, 237, 26, 211, 226, 127, 149, 2, 72, 137, 128, 64,
|
24, 161, 248, 95, 110, 72, 35, 152, 199, 237, 26, 211, 226, 127, 149, 2, 72, 137, 128, 64,
|
||||||
|
@ -13,7 +13,8 @@ pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
/// Full-width z-values for GENERATOR
|
/// Full-width z-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const Z: [u64; super::NUM_WINDOWS] = [
|
pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
18172, 17390, 61749, 65182, 33835, 155942, 26189, 52444, 40096, 139582, 99218, 20669, 291337,
|
18172, 17390, 61749, 65182, 33835, 155942, 26189, 52444, 40096, 139582, 99218, 20669, 291337,
|
||||||
12465, 132211, 75527, 68003, 95835, 237325, 21348, 35494, 215451, 49456, 6332, 99036, 224845,
|
12465, 132211, 75527, 68003, 95835, 237325, 21348, 35494, 215451, 49456, 6332, 99036, 224845,
|
||||||
|
@ -24,7 +25,8 @@ pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
7870, 143575, 13058, 27070, 30734, 41157, 2955,
|
7870, 143575, 13058, 27070, 30734, 41157, 2955,
|
||||||
];
|
];
|
||||||
|
|
||||||
/// Full-width u-values for GENERATOR
|
/// Full-width u-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use group::ff::PrimeField;
|
use group::ff::PrimeField;
|
||||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||||
|
|
||||||
/// Generator used in SinsemillaCommit randomness for note commitment
|
/// Generator used in SinsemillaCommit randomness for note commitment.
|
||||||
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
[
|
[
|
||||||
19, 110, 252, 15, 72, 44, 2, 44, 124, 164, 20, 252, 92, 197, 158, 35, 242, 61, 111, 147,
|
19, 110, 252, 15, 72, 44, 2, 44, 124, 164, 20, 252, 92, 197, 158, 35, 242, 61, 111, 147,
|
||||||
|
@ -13,7 +13,8 @@ pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
/// Full-width z-values for GENERATOR
|
/// Full-width z-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const Z: [u64; super::NUM_WINDOWS] = [
|
pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
253356, 149209, 114903, 10575, 6973, 30969, 55415, 206450, 18453, 24528, 13099, 213949, 29959,
|
253356, 149209, 114903, 10575, 6973, 30969, 55415, 206450, 18453, 24528, 13099, 213949, 29959,
|
||||||
49929, 80867, 17465, 43715, 80241, 55983, 132629, 66101, 24136, 31372, 107975, 161748, 24107,
|
49929, 80867, 17465, 43715, 80241, 55983, 132629, 66101, 24136, 31372, 107975, 161748, 24107,
|
||||||
|
@ -24,7 +25,8 @@ pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
41201, 40964, 8563, 36035, 6334, 176,
|
41201, 40964, 8563, 36035, 6334, 176,
|
||||||
];
|
];
|
||||||
|
|
||||||
/// Full-width u-values for GENERATOR
|
/// Full-width u-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
use group::ff::PrimeField;
|
use group::ff::PrimeField;
|
||||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||||
|
|
||||||
|
/// Generator used as $\mathcal{K}^{\mathsf{Orchard}}$ in DeriveNullifier.
|
||||||
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
[
|
[
|
||||||
117, 202, 71, 228, 167, 106, 111, 211, 155, 219, 181, 204, 146, 177, 126, 94, 207, 201,
|
117, 202, 71, 228, 167, 106, 111, 211, 155, 219, 181, 204, 146, 177, 126, 94, 207, 201,
|
||||||
|
@ -12,7 +13,8 @@ pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
/// Full-width z-values for GENERATOR
|
/// Full-width z-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const Z: [u64; super::NUM_WINDOWS] = [
|
pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
34374, 173069, 40776, 220066, 45494, 37762, 5245, 11979, 33386, 238556, 128731, 12128, 89982,
|
34374, 173069, 40776, 220066, 45494, 37762, 5245, 11979, 33386, 238556, 128731, 12128, 89982,
|
||||||
85351, 9804, 12820, 80455, 100009, 24382, 17854, 26367, 7067, 102106, 64293, 114999, 172304,
|
85351, 9804, 12820, 80455, 100009, 24382, 17854, 26367, 7067, 102106, 64293, 114999, 172304,
|
||||||
|
@ -24,6 +26,7 @@ pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
];
|
];
|
||||||
|
|
||||||
/// Full-width u-values for GENERATOR
|
/// Full-width u-values for GENERATOR
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
use group::ff::PrimeField;
|
use group::ff::PrimeField;
|
||||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||||
|
|
||||||
/// The value commitment is used to check balance between inputs and outputs. The value is
|
/// Generator used as $\mathcal{G}^{\mathsf{Orchard}}$ in Spend authorization signatures.
|
||||||
/// placed over this generator.
|
|
||||||
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
[
|
[
|
||||||
99, 201, 117, 184, 132, 114, 26, 141, 12, 161, 112, 123, 227, 12, 127, 12, 95, 68, 95, 62,
|
99, 201, 117, 184, 132, 114, 26, 141, 12, 161, 112, 123, 227, 12, 127, 12, 95, 68, 95, 62,
|
||||||
|
@ -14,7 +13,8 @@ pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
/// Full-width z-values for GENERATOR
|
/// Full-width z-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const Z: [u64; super::NUM_WINDOWS] = [
|
pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
49707, 15701, 45931, 163127, 41654, 212130, 34473, 25205, 4118, 10240, 12264, 22866, 203610,
|
49707, 15701, 45931, 163127, 41654, 212130, 34473, 25205, 4118, 10240, 12264, 22866, 203610,
|
||||||
18808, 13851, 62448, 62380, 94497, 39496, 73216, 32037, 32774, 61690, 39173, 74580, 84678,
|
18808, 13851, 62448, 62380, 94497, 39496, 73216, 32037, 32774, 61690, 39173, 74580, 84678,
|
||||||
|
@ -25,7 +25,8 @@ pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
100797, 80349, 87315, 77372, 96572, 18965,
|
100797, 80349, 87315, 77372, 96572, 18965,
|
||||||
];
|
];
|
||||||
|
|
||||||
/// Full-width u-values for GENERATOR
|
/// Full-width u-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
use group::ff::PrimeField;
|
use group::ff::PrimeField;
|
||||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||||
|
|
||||||
/// The value commitment is used to check balance between inputs and outputs. The value is
|
/// The value commitment is a homomorphic Pedersen commitment used to check balance between inputs
|
||||||
/// placed over this generator.
|
/// and outputs. This is its randomness base, $\mathcal{R}^{\mathsf{Orchard}}$.
|
||||||
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
[
|
[
|
||||||
145, 90, 60, 136, 104, 198, 195, 14, 47, 128, 144, 238, 69, 215, 110, 64, 72, 32, 141, 234,
|
145, 90, 60, 136, 104, 198, 195, 14, 47, 128, 144, 238, 69, 215, 110, 64, 72, 32, 141, 234,
|
||||||
|
@ -14,7 +14,8 @@ pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
/// Full-width z-values for GENERATOR
|
/// Full-width z-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const Z: [u64; super::NUM_WINDOWS] = [
|
pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
181916, 22148, 340526, 80718, 104958, 86894, 43381, 1060, 82130, 4741, 55897, 4304, 114469,
|
181916, 22148, 340526, 80718, 104958, 86894, 43381, 1060, 82130, 4741, 55897, 4304, 114469,
|
||||||
20503, 25001, 62408, 52978, 35893, 72071, 154369, 67304, 7299, 27960, 42929, 51869, 89967,
|
20503, 25001, 62408, 52978, 35893, 72071, 154369, 67304, 7299, 27960, 42929, 51869, 89967,
|
||||||
|
@ -25,7 +26,8 @@ pub const Z: [u64; super::NUM_WINDOWS] = [
|
||||||
22632, 163228, 12997, 4461, 32320, 13430,
|
22632, 163228, 12997, 4461, 32320, 13430,
|
||||||
];
|
];
|
||||||
|
|
||||||
/// Full-width u-values for GENERATOR
|
/// Full-width u-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
use group::ff::PrimeField;
|
use group::ff::PrimeField;
|
||||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||||
|
|
||||||
/// The value commitment is used to check balance between inputs and outputs. The value is
|
/// The value commitment is a homomorphic Pedersen commitment used to check balance between inputs
|
||||||
/// placed over this generator.
|
/// and outputs. This is its value base, $\mathcal{V}^{\mathsf{Orchard}}$.
|
||||||
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
[
|
[
|
||||||
103, 67, 249, 58, 110, 189, 167, 42, 140, 124, 90, 43, 127, 163, 4, 254, 50, 178, 155, 79,
|
103, 67, 249, 58, 110, 189, 167, 42, 140, 124, 90, 43, 127, 163, 4, 254, 50, 178, 155, 79,
|
||||||
|
@ -14,13 +14,15 @@ pub const GENERATOR: ([u8; 32], [u8; 32]) = (
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
/// Short signed z-values for GENERATOR
|
/// Short signed z-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const Z_SHORT: [u64; super::NUM_WINDOWS_SHORT] = [
|
pub const Z_SHORT: [u64; super::NUM_WINDOWS_SHORT] = [
|
||||||
163547, 76040, 88852, 128479, 54088, 89871, 39598, 144309, 43471, 102492, 741, 55288, 33756,
|
163547, 76040, 88852, 128479, 54088, 89871, 39598, 144309, 43471, 102492, 741, 55288, 33756,
|
||||||
77312, 12095, 48253, 45718, 202901, 33132, 71081, 152108, 169712,
|
77312, 12095, 48253, 45718, 202901, 33132, 71081, 152108, 169712,
|
||||||
];
|
];
|
||||||
|
|
||||||
/// Short signed u-values for GENERATOR
|
/// Short signed u-values for GENERATOR.
|
||||||
|
/// These can be reproduced by [`halo2_gadgets::ecc::chip::constants::find_zs_and_us`].
|
||||||
pub const U_SHORT: [[[u8; 32]; super::H]; super::NUM_WINDOWS_SHORT] = [
|
pub const U_SHORT: [[[u8; 32]; super::H]; super::NUM_WINDOWS_SHORT] = [
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|
Loading…
Reference in New Issue