zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
840 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

840 Commits

Author SHA1 Message Date
therealyingtong 96504e7162 Further fixes. 2021-10-19 14:59:16 +02:00
therealyingtong 56225d603a Update dependencies' versions. 2021-10-13 16:16:32 +02:00
therealyingtong ebd8595bc5 Remove from_coordinates_unchecked() API, introduce copy_point() 
Now that the Sinsemilla and ECC instructions are in different
crates, ECC can no longer limit from_coordinates_unchecked()
to just the crate.

Instead of exposing this API publically, we introduce a copy_point()
instruction that allows the output of Sinsemilla hash_to_point to be
copied and checked by the ECC chip.
 2021-10-13 14:46:17 +02:00
therealyingtong cf5dd3b396 Further cleanups. 2021-10-12 15:58:10 +02:00
therealyingtong c6a37af154 Refactor Sinsemilla tests to be generic over domains. 
This removes the need to import OrchardHashDomains and
OrchardCommitDomains to the sinsemilla crate.
 2021-10-12 15:56:35 +02:00
therealyingtong 1acf0c2c15 Refactor ECC tests to be generic over fixed bases. 
This removes the need to import OrchardFixedBases to the halo2_ecc
crate.
 2021-10-12 14:51:22 +02:00
therealyingtong a997364545 Move fixed bases utils into halo2_ecc crate. 2021-10-12 14:36:08 +02:00
therealyingtong f762ee342e Imports, dependencies, documentation cleanups. 2021-10-12 14:27:37 +02:00
therealyingtong f7e150a81b Create halo2-gadgets workspace. 2021-10-12 14:08:43 +02:00
therealyingtong 6c6b5e66f3 sinsemilla::merkle.rs: Implement i2lebsp locally. 
Also include gen_const_array helper in gadget::utilities.
 2021-10-12 12:51:41 +02:00
therealyingtong 2c3c3cefdc Move primitives::sinsemilla::i2lebsp_k into constants::sinsemilla. 2021-10-12 12:51:15 +02:00
therealyingtong 5168c0c2bb Refactor src/constants and primitives::sinsemilla::constants. 2021-10-12 12:49:52 +02:00
therealyingtong f34b4ba51c lookup_range_check: Introduce local lebs2ip method. 2021-10-12 12:28:38 +02:00
therealyingtong 76431eefad Move decompose_word into from constants::util into gadget::utilities. 
This helper is not used outside of the gadget.
 2021-10-12 12:28:22 +02:00
therealyingtong e3aad46785 ecc: Merge FixedPoints, FixedPointsBaseField, FixedPointsShort types. 
This API change defines a FixedPoints trait that is implemented for
all OrchardFixedBases. This makes EccChip, SinsemillaChip, and
MerkleChip generic over the fixed bases used.
 2021-10-12 12:26:18 +02:00
therealyingtong 951dd0a108 gadget::sinsemilla: Move Orchard-specific inputs into parent folder. 
The sinsemilla submodules note_commit and commit_ivk are tailored
for input lengths specific to Orchard. They have been moved out of
the gadget folder and into the parent circuit folder.
 2021-10-12 12:02:33 +02:00
therealyingtong c61524ea29 p128pow5t3::tests: Extract verify_constants_helper. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-10-12 11:58:27 +02:00
therealyingtong 2c97e56da7 Add hash() and permute() test vectors for Poseidon over Fq. 2021-10-12 11:58:27 +02:00
therealyingtong f5775b6c6d p128pow5t3.rs: Test against reference input for Fq field modulus. 2021-10-12 11:58:27 +02:00
therealyingtong 4eb4c57827 Impl Spec for P128Pow5T3 over Fq. 2021-10-12 11:58:27 +02:00
therealyingtong 764c445a81 Rename poseidon::nullifier -> poseidon::p128pow5t3. 2021-10-12 11:58:27 +02:00
therealyingtong 8e00f69d63 primitives::poseidon: Add constants for Fq field modulus. 2021-10-12 11:58:27 +02:00
str4d 2c8241f25b
Merge pull request #209 from zcash/circuit-bugfixes 
Circuit bugfixes
 2021-09-29 10:06:25 +13:00
Jack Grigg 631182fb77 Update selector columns in expected-failure tests 
The addition of the non-identity selector caused the layouter to reorder
some of the selectors in the ECC gadget test circuit.
 2021-09-28 21:49:06 +01:00
str4d 41066a310a
Merge pull request #208 from zcash/halo2-beta-1 
Switch to halo2 0.1.0-beta.1
 2021-09-29 09:12:15 +13:00
Daira Hopwood d77cb82c8d
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-09-28 21:09:39 +01:00
Jack Grigg d0056d9050 Test that we can't witness the identity as a NonIdentityPoint 2021-09-28 21:00:29 +01:00
Jack Grigg 608da3f686 Switch to halo2 0.1.0-beta.1 
This is equivalent to the git revision we were previously patching.
 2021-09-28 20:48:19 +01:00
Sean Bowe ebfd919abc Update circuit description. 2021-09-28 20:31:32 +01:00
str4d aec3b1d52d Remove unnecessary clones in closure 2021-09-28 20:31:32 +01:00
therealyingtong 52f53f3425 Remove IsIdentity trait from public EccInstructions. 
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
therealyingtong c80ccba801 Witness cm_old using Point::new(). 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
therealyingtong b0de6afd7c Reintroduce Point::new() API and constraints. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
Jack Grigg 751277cdb2 Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound 
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
 2021-09-28 13:13:25 -06:00
Jack Grigg 97c27e3d5a Use complete addition in SinsemillaCommit 
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
 2021-09-28 13:13:25 -06:00
therealyingtong 8c8a12a8df Minor fixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-28 13:13:25 -06:00
therealyingtong fa560d3aee Replace is_identity() instruction with IsIdentity trait. 2021-09-28 13:13:25 -06:00
therealyingtong 4a13ab4f6b Docfixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
Daira Hopwood 6b6b515232 `hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>` 
because any exceptional case is treated as an error, and therefore the identity cannot be returned.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 8ad3003e27 Remove Point::new() API and introduce is_identity() instruction. 
Also remove the q_point selector and gate from the circuit.
 2021-09-28 13:13:25 -06:00
therealyingtong ec27989b9b Clippy and formatting fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong a5a6e78d42 src/circuit.rs: Use NonIdentityPoint for all witnessed points. 
The witnessed points are cm_old, g_d_old, pk_d_old, ak.

g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong cdcfcbc0c2 gadget::sinsemilla: Propagate changes to the Sinsemilla gadget. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 258fe5796b ecc::chip: Propagate changes to sub-chips. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong df26a6c674 chip::witness_point.rs: Constraints for non-identity point. 
The point_non_id() method returns an error if the given point is
the identity.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 88eb762cf2 ecc::chip.rs: Introduce NonIdentityEccPoint struct. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong f5ed26790a gadget::ecc: Introduce NonIdentityPoint associated type and gadget. 
The add_incomplete() and mul() APIs have been removed from the
Point gadget, since we cannot perform incomplete addition or
variable-base scalar multiplication on the identity.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
str4d 05f3226314
Merge pull request #206 from defuse/comment-fixes 
Correct a couple comments
 2021-09-29 08:13:08 +13:00
str4d ff7343fe1a
Merge pull request #207 from zcash/circuit_description_test 
Add test against hardcoded pinned verification key
 2021-09-29 08:11:57 +13:00
Sean Bowe f9aa765787 Add test against hardcoded pinned verification key 2021-09-28 12:54:13 -06:00