zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
840 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

600 Commits

Author SHA1 Message Date
therealyingtong 9ce29d9d4d hash_to_point(): Introduce final_piece boolean flag 
This toggles the assignment of q_s2 on the last row of each piece.
We assign q_s2 = 2 on the last row of the final piece, and q_s2 = 0
on the last row of other pieces.

This allows us to process the final_piece in the main loop together
with the other pieces.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 11:00:14 +08:00
therealyingtong 031bb0bc87 SinsemillaChip::configure(): Introduce closures for Y_A and x_r 
These expressions are derived multiple times in the gates.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 10:43:24 +08:00
therealyingtong 9072ed437d generator_table.rs: Fix bug in y_p lookup expression. 
Also, GeneratorTable::configure() was not being called in the main
SinsemillaChip::configure(), which meant the lookup argument had
not been activated. This has now been fixed.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 10:34:03 +08:00
therealyingtong 2f6ca9e6de generator_table.rs: Enforce z_n = 0 for the last message piece. 2021-06-19 22:39:19 +08:00
therealyingtong 158ab865f8 gadget::sinsemilla.rs: Add Sinsemilla test. 2021-06-19 18:17:11 +08:00
therealyingtong eba2172f4f chip::hash_to_point.rs: Implement hash_to_point instruction. 2021-06-19 18:17:10 +08:00
therealyingtong f122e481a7 sinsemilla::chip.rs: Configure Sinsemilla gates. 2021-06-19 18:17:09 +08:00
therealyingtong 7cddc9b587 sinsemilla::chip.rs: Implement witness_message_* APIs. 
witness_message() witnesses a full message given a bitstring.

The other two APIs, witness_message_piece_bitstring() and
witness_message_piece_field(), both witness a message piece, i.e.
part of a message that fits within a single base field element.

witness_message_piece_bitstring() takes in a bitstring, while
witness_message_piece_field() takes in a field element. In the
latter case, the number of words encoded must be specified.
 2021-06-19 18:14:22 +08:00
therealyingtong 74e617b46d chip::generator_table.rs: Load Sinsemilla generator lookup table. 
The 2^K table of generators used in the Sinsemilla hash. These
are loaded into a lookup table.
 2021-06-19 18:14:22 +08:00
therealyingtong ebb7dae063 sinsemilla::chip.rs: Add Sinsemilla chip. 
The chip that will implement SinsemillaInstructions.
 2021-06-19 18:14:22 +08:00
therealyingtong e2859df4eb sinsemilla::message.rs: Add message module. 
This defines a Sinsemilla message in terms of pieces and subpieces.
This is useful when decomposing field elements and packing them
into K-bit messages.
 2021-06-19 18:14:22 +08:00
therealyingtong af2ac762f4 gadget::sinsemilla.rs: Add Sinsemilla instructions. 
SinsemillaInstructions has two const generic parameters: K, which
is the number of bits in each word of the hash, and MAX_WORDS,
which is the maximum number of words the hash can process.

For Orchard, K = 10, MAX_WORDS = 253.
 2021-06-19 18:14:22 +08:00
therealyingtong 83eddd8857 ecc::chip.rs: Add Point::from_coordinates_unchecked() API 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-19 18:14:22 +08:00
Daira Hopwood 1c19bea842 Fix clippy lints. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-16 19:13:40 +01:00
Jack Grigg 5264d53498 impl Copy for Anchor 2021-06-15 15:42:06 +01:00
Jack Grigg 019ae7da8e Anchor::{from_bytes, to_bytes} 2021-06-15 15:41:57 +01:00
Daira Hopwood e412a5a25b
Merge pull request #115 from zcash/anchor-type 
Store anchors as pallas::Base instead of [u8; 32]
 2021-06-15 14:18:48 +01:00
Jack Grigg e90a5972f1 redpallas: Expose batch validation API 2021-06-14 21:41:12 +01:00
Jack Grigg eec17a9174 Add a `Bundle::binding_validating_key` method 
This derives the `bvk` for validating `Authorized::binding_signature`.
 2021-06-14 21:40:28 +01:00
ebfull ee26116fcf
Merge pull request #114 from zcash/util-range-check 
utilities::lookup_range_check: Add LookupRangeCheck helper
 2021-06-14 10:56:52 -06:00
therealyingtong f5bf0c1ef3 lookup_range_check.rs: Docfixes and minor refactors. 2021-06-15 00:18:38 +08:00
therealyingtong 60861b7245 sinsemilla::constants.rs: Add INV_TWO_POW_K = 1 / 2^K constant. 2021-06-15 00:18:38 +08:00
str4d 1182d8d5a7
Merge pull request #99 from zcash/note-encryption 
Note encryption
 2021-06-14 17:16:54 +01:00
ebfull 4a52d771b1
Merge pull request #113 from zcash/constants-concrete-type 
`constants::load.rs`: Use concrete `pallas::Affine` type for generators
 2021-06-14 09:25:17 -06:00
therealyingtong c25526e216 lookup_range_check.rs: Delete wrong comment. 2021-06-14 19:55:51 +08:00
therealyingtong 8a8df98a50 add_incomplete::tests: Constrain output of `P + Q` test. 
Also minor docfixes and refactors.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-14 00:19:21 +08:00
therealyingtong 70ec5755cf lookup_range_check.rs: Add documentation and minor refactors. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-13 23:24:19 +08:00
therealyingtong b7b8126ccf spec.rs: Add lebs2ip function bounded on const generic L. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-13 23:20:59 +08:00
therealyingtong 7341996d2c gadget::ecc.rs: Add EccInstructions::constrain_equal() instruction. 
This allows us to constrain two points to be equal in value at the
gadget level.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-13 21:26:30 +08:00
therealyingtong b299a51b31 lookup_range_check.rs: Downgrade from Chip to Config. 
We need to be able to toggle the lookup on and off on specific
offsets. These offsets are often assigned outside the logic of
the decomposition.
 2021-06-13 09:40:50 +08:00
therealyingtong cdab5bf8c4 gadget::utilities.rs: Remove Chip bound on UtilitiesInstructions. 2021-06-13 09:40:20 +08:00
Jack Grigg de78186503 Store anchors as pallas::Base instead of [u8; 32] 
This matches what we store in `MerklePath`, and better enforces the
required type.
 2021-06-12 21:35:37 +01:00
therealyingtong e83880841a utilities::lookup_range_check: Add LookupRangeCheck chip 
This decomposes a field element into K-bit words and constrains each
word's range by looking it up in a K-bit lookup table.

The field element is broken down using a running sum. All interstitial
values of the running sum are returned.
 2021-06-12 22:46:31 +08:00
therealyingtong a11c2066ef chip::add.rs: Use Expression::square() + other minor refactors 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-12 20:25:12 +08:00
therealyingtong e259bb3846 ecc::chip.rs: Use concrete pallas::Affine for Chip impl. 
The EccInstructions trait is still generic over C: CurveAffine;
however, the EccChip implementation is specific to the pasta
curves.
 2021-06-12 20:25:09 +08:00
therealyingtong aec7a7f850 ecc::chip.rs: Stub out scalar-mul-related structs and types. 
These will be updated or restored in #111.
 2021-06-12 20:24:14 +08:00
ying tong e1779dab70 Docfixes and minor refactors. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-06-12 12:41:27 +08:00
therealyingtong 6dabb16edc chip::add.rs: Use batch inversion for alpha, beta, gamma, delta 2021-06-12 12:41:27 +08:00
therealyingtong f655e38e3e chip::add_incomplete.rs: Remove superfluous check. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-12 12:41:27 +08:00
therealyingtong aff56e6763 ecc::chip.rs: Make EccPoint.x, EccPoint.y private fields 
Also add public getters x() and y().

Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-12 12:41:27 +08:00
therealyingtong 433791fcb0 chip::witness_point.rs: Allow witnessing the identity. 2021-06-12 12:41:27 +08:00
therealyingtong 36d7888c1c ecc.rs: Add tests for complete and incomplete addition. 2021-06-12 12:41:27 +08:00
therealyingtong 6491ea90dd ecc::chip.rs: Bound EccConfig on <C: CurveAffine>. 2021-06-12 12:41:27 +08:00
therealyingtong e802e2917a chip::add.rs: Implement complete addition instruction. 2021-06-12 12:41:27 +08:00
therealyingtong 7dc11b95d2 chip::add_incomplete.rs: Implement add_incomplete() instruction 2021-06-12 12:41:27 +08:00
therealyingtong 7eb86eb0c2 chip::witness_point.rs: Implement witness_point() instruction. 2021-06-12 12:41:27 +08:00
therealyingtong 6627b2258f ecc::chip.rs: Add ECC chip. 
Implement witness_scalar_var() and extract_p() instructions inline.
 2021-06-12 12:41:27 +08:00
therealyingtong e15648cb67 gadget::ecc: Remove representations of fixed points in the circuit 
Fixed points are represented by precomputed window tables. These
are not "initialized" in the circuit at any single point, but are
loaded into fixed columns at the offsets where the fixed points
are used.

Thus, we don't need FixedPoint and get_fixed() in the circuit.
Similarly, we can remove FixedPointShort and get_fixed_short().
 2021-06-12 12:41:27 +08:00
therealyingtong ddb9500991 constants::load.rs: Use concrete pallas::Affine type for generators 
The Orchard fixed bases are Pallas curve points and are not generic
over other curves.
 2021-06-12 12:36:43 +08:00
Jack Grigg 769be6c080 Note encryption test vectors 2021-06-11 23:55:17 +01:00
Jack Grigg 37326df1ab spec: Impl more traits for NonZero types 
Also fixes their Default impls to use "1" as the default.
 2021-06-11 23:55:17 +01:00
Jack Grigg 57f84c3eea builder: Encrypt output notes 2021-06-11 23:55:17 +01:00
Jack Grigg 99665572a2 Orchard note encryption 2021-06-11 23:55:16 +01:00
Jack Grigg 11350339f5 Ensure that derived esk is non-zero 
There's a (negligble) chance that we could generate (or be sent
adversarially) a RandomSeed which derives esk == 0. It's not hard to
detect and reject, in order to satisfy the type system.
 2021-06-11 23:54:35 +01:00
Jack Grigg 8a7ff1b28a Structs representing note encryption key material 2021-06-11 23:54:35 +01:00
str4d 0ead91a88c
Merge pull request #110 from zcash/tree-logic 
Implement tree logic in Builder
 2021-06-11 21:39:40 +01:00
str4d bd30783a52 Make `hash_layer` comment a doc comment 
This way, it renders with `cargo doc --document-private-items`
 2021-06-11 20:46:30 +01:00
str4d d8f2af8983 Simplify `gen_const_array` implementation 
Also includes a performance improvement to `i2lebsp_k`.
 2021-06-11 20:46:30 +01:00
str4d 8464df6e46
Merge pull request #108 from zcash/102-sign-with-rsk 
builder: Store alpha and use it to derive rsk for signing spends
 2021-06-11 14:42:16 +01:00
therealyingtong 0e9726ae69 tree.rs: Use 2 as uncommitted leaf and check against test vectors. 2021-06-11 20:24:55 +08:00
therealyingtong 380128ed49 tree::MerklePath: Add postion() and auth_path() getters. 2021-06-10 16:55:49 +08:00
therealyingtong b3daeb0861 tree::testing: Fix and test arb_tree(). 2021-06-10 13:54:42 +08:00
therealyingtong 2d0afe9357 constants.rs: Introduce L_ORCHARD_MERKLE constant 
Also test that L_ORCHARD_BASE, L_ORCHARD_SCALAR, L_ORCHARD_MERKLE
are consistent with the Pallas curve.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-10 10:33:06 +08:00
therealyingtong e8e22886f4 tree.rs: MerklePath.root(): Fix missing bitmask in swap calculation 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-10 10:29:08 +08:00
therealyingtong 18535894d6 constants::util.rs: Factor out gen_fixed_array() method. 2021-06-10 10:03:15 +08:00
therealyingtong 7818291118 primitives::sinsemilla.rs: Optimize and test i2lebsp_k 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-09 23:50:59 +08:00
therealyingtong 8f8eff23d8 Update proptests to generate Merkle paths 2021-06-08 22:38:11 +08:00
therealyingtong b33248bdb0 src::tree.rs: Implement MerklePath.root() method. 
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
 2021-06-08 22:31:24 +08:00
Jack Grigg 94e730ad4c Migrate to latest version of halo2 
This brings in:
- Fixes and improvements to `MockProver`.
- Support for annotating constraints within gates.
- Removal of Selector rotations.
 2021-06-07 19:49:25 +01:00
str4d 2be13bfa80
Merge pull request #89 from zcash/utils-chip 
Chip for general utils
 2021-06-07 19:40:56 +01:00
str4d 3ff307f946
docs: Clarify EnableFlagInstructions::enable_flag 2021-06-07 19:34:48 +01:00
therealyingtong 54c8cfd1d0 Documentation improvements and minor refactors. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-08 00:28:32 +08:00
therealyingtong 0f2dfc5508 Use UtilitiesInstructions::Var instead of internal associated type. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-08 00:20:09 +08:00
Jack Grigg e0e082d265 test: Remove stray dbg!() 2021-06-05 22:39:57 +01:00
Jack Grigg cbf7c3825f builder: Store alpha and use it to derive rsk for signing spends 
This was missed from zcash/orchard#49, but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
 2021-06-05 22:35:52 +01:00
str4d cd1e72bbcd
Merge pull request #106 from zcash/refactor-constants 
Refactor `constants` to add `constants::load`
 2021-06-05 13:42:16 +01:00
str4d 243f862617
Fix clippy lints 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-05 13:18:14 +01:00
str4d d3da71a4fd
Merge pull request #105 from zcash/constants-spend-auth-g 
Add SpendAuthG fixed base
 2021-06-05 12:09:51 +01:00
therealyingtong 40599144bf utilities::plonk: Remove assumption that fixed columns default to 1 2021-06-05 15:33:12 +08:00
therealyingtong 6603e996ed utilities::cond_swap: Directly witness swap bit 2021-06-05 15:32:43 +08:00
therealyingtong 9f27049c84 Add constants::load.rs 
This makes it easier to load constants into the ECC chip.
 2021-06-05 13:18:24 +08:00
therealyingtong 1d46a2d3e7 Add SpendAuthG fixed base. 
Used in spend authority randomization where rk = ak + [alpha]SpendAuthG.
 2021-06-05 13:16:56 +08:00
therealyingtong f31b9feba0 utilities::enable_flag: Directly witness flag 2021-06-05 09:42:23 +08:00
Kris Nuttycombe 6f3ac2cdcc Avoid discards in arbitrary nullifier generation. 2021-06-04 17:36:50 -06:00
Jack Grigg bea8a9b7ff Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1 2021-06-04 20:38:52 +01:00
therealyingtong fea88c814c Add enable flag chip 2021-06-04 18:08:59 +08:00
therealyingtong 4b0ea0be15 Add conditional swap chip 2021-06-04 18:08:59 +08:00
therealyingtong 4f87815262 Add standard PLONK chip 2021-06-04 18:08:59 +08:00
therealyingtong 4d8ae89aa9 Add Utilities chip 2021-06-04 18:08:59 +08:00
str4d c5aa41e2e4
Merge pull request #86 from zcash/patch-fixed-mul 
Update formula for fixed-base window tables.
 2021-06-03 13:33:00 +01:00
str4d 505e003842
Merge pull request #28 from zcash/poseidon 
Width-3 Poseidon chip
 2021-06-03 12:38:16 +01:00
str4d dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors 
Add test vectors for key components
 2021-06-02 22:23:54 +01:00
therealyingtong fa9d8a992c Update constants 2021-06-02 22:51:37 +08:00
therealyingtong 0636a6f2ec Update window table formula. 
Previously, the window table M for fixed-base scalar multiplication
computed M[w][k] = [(k+1)*(2^3)^w]B for each window w, where k is a
3-bit chunk in the scalar decomposition in the range [0..8).

However, in the case k_0 = 7, k_1= 0, the window table entries would
evaluate to:
* M[0][k_0] = [(7+1)*(2^3)^0]B = [8]B,
* M[1][k_1] = [(0+1)*(2^3)^1]B = [8]B,
which means the first addition would require complete addition.

To avoid this, we alter the formula to M[w][k] = [(k+2)*(2^3)^w]B.

We make a corresponding change to the formula for the last window
W. Previously, we had:
M[W][k] = [k * (2^3)^W - \sum((2^3)^j)]B, for j in [0..W-1).

Now, we have:
M[W][k] = [k * (2^3)^W - \sum(2^(3j+1))]B, for j in [0..W-1).
 2021-06-02 22:51:37 +08:00
Jack Grigg 91db490e20 test: Add Poseidon test vectors 2021-06-01 18:36:11 +01:00
Daira Hopwood 5925852c7d Add Poseidon test vector generated by the reference code. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-01 18:36:11 +01:00
Jack Grigg f5a4cc3550 poseidon::Hash gadget 2021-06-01 18:36:11 +01:00
Jack Grigg 38dd7b791d PoseidonDuplexInstructions 2021-06-01 18:36:11 +01:00
Jack Grigg a69d76113f test: Rename MyCircuit to PermuteCircuit 2021-06-01 18:36:11 +01:00
Jack Grigg d1fe466812 Replace PoseidonInstructions::State with PoseidonInstructions::Word 2021-06-01 18:36:11 +01:00
Jack Grigg 01eb431f1f Remove "final" round logic from poseidon::Pow5T3Chip 
This was a bug in the Poseidon reference implementation, fixed in v1.1.
 2021-06-01 18:36:11 +01:00
Jack Grigg 40a19b429c Test that poseidon::Pow5T3Chip chip correctly implements Poseidon 2021-06-01 18:36:11 +01:00
Jack Grigg f1b8abfccb Arity-3 Poseidon chip 2021-06-01 18:36:11 +01:00
Jack Grigg 363e6944ec Poseidon instructions 2021-06-01 17:54:37 +01:00
Jack Grigg dfa3fbb19b Migrate to latest revision of halo2 2021-06-01 17:37:44 +01:00
str4d 803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains 
Define explicit domains for PRF^expand
 2021-06-01 14:31:04 +01:00
Jack Grigg c4ffb7c617 Rework PRF^expand to use explicit domains 
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
 2021-05-28 13:12:25 +01:00
Jack Grigg cea8a3ab69 Move prf_expand{_vec} into a submodule for clarity 2021-05-28 12:42:01 +01:00
Jack Grigg 7f47949b09 Take `self` directly in to_bytes methods where Self: Copy 2021-05-28 12:11:22 +01:00
Jack Grigg cdfd2ab0f9 Remove clones from types that now impl Copy 2021-05-28 12:10:54 +01:00
Jack Grigg 5af73f7822 Add test vectors for key components 2021-05-28 11:57:21 +01:00
str4d f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7 
Remove rand 0.7 usage
 2021-05-21 21:25:34 +01:00
str4d 97710e04d6
Merge pull request #80 from zcash/spec-updates 
Update implementation to match protocol spec version 2021.2.0
 2021-05-21 21:24:39 +01:00
str4d 2bbbc3ec94
Update comments 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-05-21 21:24:08 +01:00
str4d 7109153e88
Merge pull request #43 from zcash/constants 
Add Orchard constants
 2021-05-18 20:44:59 +01:00
str4d 38f1c9e14f
Merge pull request #75 from zcash/ecc-gadget 
Modify ECC gadget to work with chip refactor
 2021-05-18 20:34:28 +01:00
therealyingtong ff504c1a3f Address review comments. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-18 17:14:13 +08:00
therealyingtong 2962115aef Reintroduce point doubling API 2021-05-18 16:54:52 +08:00
therealyingtong af30f4b141 Add Eq to the EccChip trait 2021-05-18 16:12:06 +08:00
therealyingtong caa3791562 Documentation fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-18 16:07:40 +08:00
therealyingtong edea9bde73 Document incomplete point addition error handling 2021-05-18 13:28:17 +08:00
therealyingtong c8076c2864 Add FixedPointsShort associated type 2021-05-18 13:28:17 +08:00
therealyingtong 74c797165f Add range check for short scalar 2021-05-18 13:28:16 +08:00
therealyingtong fb9da0b1b3 Address review comments. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-05-18 09:45:03 +08:00
Kris Nuttycombe 800e540875 Make the `Bundle` type implement `Clone` 
This is required for proptest generation that handles shrinking
correctly in librustzcash.
 2021-05-13 15:35:44 -06:00
therealyingtong 81d751d1b6 Add proptest for decompose_scalar_fixed() 2021-05-13 12:52:03 +08:00
therealyingtong 077f809df7 Cleanups from code review 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-05-13 10:48:10 +08:00
Jack Grigg 4423b50788 Include ρ as an input to the derivation of ψ, esk, and rcm 
This brings the implementation in line with spec version 2021.2.0 and
the Orchard book.
 2021-05-11 18:51:57 +08:00
Jack Grigg 736de1156b Ensure that Notes always have valid commitments 
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
 2021-05-11 18:51:57 +08:00
Jack Grigg d8cc596bbe Create separate types for protocol-level and user-level ivk 
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:

- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
  corresponding to the `ivk` type in the protocol spec. It is now
  crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
  `ivk`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 76a39d29c1 Change diversify_hash and ka_orchard to use non-zero types 
This matches the changes to KA^Orchard in spec version 2021.1.23.
 2021-05-11 18:51:57 +08:00
Jack Grigg 9a828febd7 Change `commit_ivk` to return a non-zero Pallas base field element 
The type system now enforces that `ivk != 0`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 012d14073d Remove rand 0.7 usage 
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
 2021-05-09 07:51:55 +12:00
therealyingtong db60fd2262 Add FixedPointShort associated type 2021-05-06 15:55:15 +08:00
therealyingtong 6a64bc1c37 Expose Point.add_incomplete() 2021-05-06 12:54:21 +08:00
therealyingtong e82a76da2a Remove unused OrchardFixedBases trait 2021-05-06 12:52:52 +08:00
Kris Nuttycombe c9f1060bb9 Minor correction to type signature (naming) 2021-05-05 17:44:15 -06:00
Kris Nuttycombe bf4532fd7d Properly condition generators on flags. 2021-05-05 17:36:05 -06:00
Kris Nuttycombe 71736433d0 Rename arb_nonnegative_note_value -> arb_note_value_bounded 2021-05-05 17:23:21 -06:00
Kris Nuttycombe 3170096134 Publicly expose `MAX_NOTE_VALUE` 2021-05-05 17:19:42 -06:00
Kris Nuttycombe 6373d3d422 Fix incorrect generation for bsk/bvk consistency test. 2021-05-05 17:12:31 -06:00
Kris Nuttycombe 8f3f4a8479 Make note module public. 2021-05-05 14:05:17 -06:00
Kris Nuttycombe 6c681d0539 Generate uniformly distributed nullifiers. 2021-05-05 13:39:41 -06:00
Kris Nuttycombe aa11eb1372 Derive the full range of ValueCommitment values. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-05-05 12:02:50 -06:00
Kris Nuttycombe e72d74ccd6 Remove extraneous pub exports from the root. 2021-05-05 11:46:24 -06:00
Kris Nuttycombe 7ea8900a58 Implement AsRef for Proof 2021-05-05 11:39:07 -06:00
Kris Nuttycombe a08d060725 Remove unneeded pub(crate) 2021-05-05 11:23:30 -06:00
Kris Nuttycombe 226673938a Pass flags to arbitrary action generators. 2021-05-05 11:21:45 -06:00
Kris Nuttycombe 88b8265165 Generate both spend and output values for actions. 2021-05-05 11:14:38 -06:00
therealyingtong 4f2b4d2935 Address review comments 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-05-05 20:23:29 +08:00
Kris Nuttycombe a789b89135 Check both u64 max and min in ValueSum arithemetic. 2021-05-04 16:35:49 -06:00
therealyingtong 4bf6202c35 Modify ECC gadget to work with chip refactor 2021-05-04 12:11:28 +08:00
therealyingtong b5de8e6c27 Only store Z_SHORT and U_SHORT for value_commit_v 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-04 05:05:32 +08:00
therealyingtong 380ed377de Fix bug in Sinsemilla S generators and add test 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-04 03:24:11 +08:00
therealyingtong 11d90692e1 Fix bugs in value_commit_v, value_commit_r generators 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-04 02:04:56 +08:00
therealyingtong 119d721ecd Use ArrayVec 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-03 23:58:41 +08:00
ying tong 1ee5392163
Documentation fixes 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-03 22:28:22 +08:00
Kris Nuttycombe 4afdeeeb76 Add mapping over bundle value balance. 2021-04-30 09:43:51 -06:00
Kris Nuttycombe b1ac90b77a
Fix incorrect generator comments. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-30 08:02:09 -06:00
Kris Nuttycombe a119a27ee7 Clean up value balance generation. 2021-04-30 07:59:46 -06:00
Kris Nuttycombe 25c90dda4b Add fast generation for not-consensus-valid authorized bundles and actions. 2021-04-29 16:14:16 -06:00
Kris Nuttycombe 3c12877f87 Use a deterministic PRNG seeded from arb data for proptests. 2021-04-29 09:55:11 -06:00
Kris Nuttycombe f91088d35b Use builder to generate "valid" bundles via proptest. 2021-04-28 18:21:12 -06:00
Kris Nuttycombe 4d89d45332 Add proptest generators for action and bundle types. 2021-04-28 18:04:17 -06:00
Kris Nuttycombe 75573d331a Add canonical byte conversions for value commitments. 2021-04-28 18:03:50 -06:00
Kris Nuttycombe fc0f55d82b Make ValueSum correctly respect the proper specified range. 2021-04-28 18:03:50 -06:00
Kris Nuttycombe a5c9fb953b Add accessors necessary for zip-225 write. 2021-04-28 18:02:36 -06:00
Kris Nuttycombe e743198a50 Expose constructors required for ZIP-225 parsing. 2021-04-28 18:02:36 -06:00
Jack Grigg d383ff5054 Fix clippy lints 2021-04-29 10:57:53 +12:00
Jack Grigg 223b7ac533 Replace signing metadata tuple with struct 
This enables the dummy-only first field to be properly documented.
 2021-04-29 10:40:23 +12:00
therealyingtong de75c9538b Update constants after hash_to_field fix (zcash/pasta_curves@a119467) 2021-04-28 20:53:14 +08:00
therealyingtong 13d7da3c45 Replace OrchardFixedBases enum with newtypes 
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
 2021-04-28 20:53:14 +08:00
therealyingtong e26b6c6123 Test every row in test_lagrange_coeffs() instead of using random scalar 2021-04-28 20:53:14 +08:00
therealyingtong ce6e59bdb8 Address review comments 2021-04-28 20:53:14 +08:00
therealyingtong 17b66e1c6a Remember u-values 2021-04-28 20:53:14 +08:00
therealyingtong 69d4c4c35a Round up division for NUM_WINDOWS 2021-04-28 20:53:14 +08:00
therealyingtong 70ce1ca53f Impl PartialOrd and Ord for OrchardFixedBases 2021-04-28 20:53:14 +08:00
therealyingtong 21060393fe Remove redundant imports 2021-04-28 20:53:14 +08:00
therealyingtong 6cc957e998 Add constants for short signed scalar mul 2021-04-28 20:53:14 +08:00
therealyingtong e4d6af620f Add l_value to constants 2021-04-28 20:53:14 +08:00
therealyingtong 3381b15cd9 Use fixed-size array for windows in tables 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-04-28 20:53:14 +08:00
therealyingtong d915097407 Implement Hash, PartialEq, Eq for OrchardFixedBases 2021-04-28 20:53:14 +08:00
therealyingtong 2c11f3a048 Add Orchard fixed bases and tests 2021-04-28 20:53:14 +08:00
therealyingtong 4f1f32dab0 Add Sinsemilla constants 2021-04-28 20:53:14 +08:00
therealyingtong 91fd290ffc Add SWU hash-to-curve personalizations 2021-04-28 20:53:14 +08:00
Jack Grigg 186914166a Use `zero` instead of `default` for empty values 2021-04-28 09:06:33 +12:00
Jack Grigg 30f01d122c Bundle builder 2021-04-27 14:31:21 +12:00
Jack Grigg 497f7e0b86 Remove bundle::Unauthorized type 
It is being replaced by context-specific unauthorized or
partially-authorized types. The only general type we need is Authorized
which is used in transactions.
 2021-04-27 12:30:16 +12:00
Jack Grigg 316729302d cargo fmt 2021-04-27 12:28:42 +12:00
Jack Grigg a60051c8a2 Add from_raw constructors to NoteValue and ValueSum 
These might be replaced later with APIs that can provide more useful
bounds checks, but we do need some way to construct these types.
 2021-04-27 12:27:23 +12:00
Jack Grigg 52d87e257c Return SpendingKey from Note::dummy 
We need the spending keys to create valid spendAuth signatures for
Actions containing dummy spent notes.
 2021-04-27 12:26:24 +12:00
Jack Grigg 5ec65c5d2a Add a mutable context to Bundle::{try_}authorize 
This enables us to work around lifetime restrictions on e.g. the
randomness source at signing time, where it is needed for both
per-Action and Bundle-level signatures.
 2021-04-27 12:24:33 +12:00
Jack Grigg 29b3071c67 Fix doc comments for bundle flags 2021-04-27 09:10:32 +12:00
Kris Nuttycombe 36529629bc Expose Flags constructor & accessors. 2021-04-27 09:04:03 +12:00
str4d 3dbebbe08b
Merge pull request #58 from zcash/proof-placeholder 
Proving and verifying keys, and placeholder proof logic
 2021-04-26 19:11:56 +01:00
str4d 0f6794f291
Merge pull request #70 from zcash/bundle-apis 
Bundle APIs
 2021-04-22 21:23:14 +01:00
Kris Nuttycombe 7d243ae60a
Apply suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-22 07:32:20 -06:00
Jack Grigg 4c4400cb63 Proving and verifying keys, and placeholder proof logic 2021-04-23 01:08:43 +12:00
Jack Grigg f62bbbbb95 Small conversion helpers 2021-04-23 01:08:43 +12:00
Jack Grigg 35f65bb26a Expose RedPallas rerandomization 2021-04-23 01:06:10 +12:00
str4d 4db3b54c8b
Generate dummy nullifiers with the same distribution as real ones 
The x-coordinates of Pallas points are not uniformly distributed base field elements.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-22 13:54:17 +01:00
Jack Grigg dbfbc66ac7 Add NoteValue::zero as an alias for NoteValue::default 2021-04-23 00:46:39 +12:00
Jack Grigg 77121facb7 Dummy note generation 2021-04-23 00:46:39 +12:00
Jack Grigg 3c2e32e156 Add some internal doc comments 2021-04-22 16:39:36 +12:00
Jack Grigg 09cca41ffb Add getters for bundle and action internals 2021-04-22 16:39:36 +12:00
Jack Grigg f1ad9d08de Bundle and action constructors 2021-04-22 16:39:26 +12:00
Jack Grigg 01d241df7c Rename some bundle and action variables to match the protocol spec 2021-04-22 16:38:17 +12:00
Jack Grigg 5dbcbf28fb Bundle Authorization transformations 2021-04-22 16:37:31 +12:00
str4d ea278aafcb
Merge pull request #63 from zcash/note-commitment-updates 
Note commitment updates
 2021-04-22 01:23:05 +01:00
Jack Grigg bdaf9d06cc clippy: Allow binary operators in IncompletePoint addition 
It's not suspicious, it's constant time! :D
 2021-04-22 12:09:32 +12:00
Jack Grigg 09e70cb6e3 Improve performance of IncompletePoint addition 
We only need to track the occurrence of any edge cases, and we can do so
without expensive inversions at every addition step, by instead
performing the checks on the projective form directly.
 2021-04-22 12:01:59 +12:00
str4d 31d1a67837
Expand documentation of conditions on SpendingKeys 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 23:28:32 +01:00
Jack Grigg c7b9ce0ea9 Fix a clippy lint 
This was leftover after an intermediate refactor that introduced
`hash_to_point_inner`.
 2021-04-20 23:57:59 +12:00
Jack Grigg b1286b4e94 Fix bundle::Action to hold cmx instead of cm 2021-04-20 10:26:58 +12:00
Jack Grigg c08d12cc52 Use incomplete addition in SinsemillaHashToPoint 
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:

- When we generate keys or notes, if we encounter ⊥ we discard and
  re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
  from bytes), we check for and reject ⊥.
 2021-04-20 10:05:56 +12:00
Jack Grigg 907ff46078 Simulate incomplete addition 
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
 2021-04-20 10:04:44 +12:00
Jack Grigg badaf23f25 Implement ValueCommit^Orchard 2021-04-15 17:08:06 +12:00
Jack Grigg 4c34a61c57 Use const generics for poseidon::ConstantLength 2021-03-30 14:13:15 +13:00
str4d 92cfa372e0
Merge pull request #44 from zcash/note-structure 
Note structure
 2021-03-30 14:01:56 +13:00
Jack Grigg 0f8c5b7dd3 Document TODO for SinsemillaShortCommit usage 
https://github.com/zcash/orchard/issues/55
 2021-03-30 13:55:29 +13:00
Jack Grigg 3b14cfc133 Fix link to NU5 protocol spec draft 2021-03-30 13:54:23 +13:00
Jack Grigg 5646ada113 Make nk the first argument to Nullifier::derive 
This more closely matches DeriveNullifier in the spec.
 2021-03-30 13:52:20 +13:00
Jack Grigg 061ad0656b Refactor Poseidon primitive to use const generics 2021-03-26 09:07:38 +13:00
Jack Grigg 0f6eb9ca6c Nullifier derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 1a37ca492d Extract spec::mod_r_p helper from spec::commit_ivk 2021-03-26 07:51:05 +13:00
Jack Grigg 680c917ce6 Note commitment derivation 2021-03-26 07:51:05 +13:00
str4d ee2bfa7f43
Merge pull request #41 from zcash/poseidon-primitive 
Poseidon primitive
 2021-03-26 07:36:45 +13:00
therealyingtong a2c1bfb52a Remove unnecessary clone() 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:30:03 +08:00
therealyingtong 9c75839e62 Minor changes 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:25:28 +08:00
therealyingtong 7a210fabf3 Store HashDomain in CommitDomain 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:11:13 +08:00
therealyingtong 18fba2a62e Add getters for Q() and R() 2021-03-24 12:10:37 +08:00
therealyingtong 873e1b7d7e Call hash_to_curve() only when constructing new domain 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:10:37 +08:00
ying tong 946b50ebfe Add documentation 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-03-24 12:09:11 +08:00
therealyingtong a3134e34c5 Introduce HashDomain and CommitDomain traits 
Co-authored-by: Jack Grigg <thestr4d@gmail.com>
 2021-03-24 12:09:11 +08:00
therealyingtong ee969a64a8 Add Sinsemilla constants 2021-03-24 12:09:11 +08:00
Jack Grigg b8f02c3b32 Temporarily allow dead code 
This will make the lints more useful while we are implementing the
Orchard protocol.
 2021-03-20 18:31:22 +13:00
Jack Grigg 1ceb60379f poseidon: Clarify that R_F must be even 2021-03-18 16:47:06 +13:00
Jack Grigg 4c3e20535d poseidon: s/arity/width 
To match the paper more closely (arity specifically refers to Merkle
tree instantiations).
 2021-03-18 16:47:04 +13:00
Jack Grigg 2beb6c3e82 Invert the Poseidon test vectors for Orchard 
We now hard-code the Poseidon round constants and MDS for the Poseidon
specification used for Orchard nullifiers, as produced by the reference
implementation, and test that our constant generation can recreate them.
 2021-03-18 16:47:01 +13:00
Jack Grigg 872471af17 Fix Poseidon instance definition 
For Orchard, we want a Poseidon instance with a width of 3 field
elements and an output of one field element. The Poseidon instances
defined in the Poseidon paper have their output size equal to their
capacity size; with a capacity of 1 and pallas::Base as the field,
Poseidon-128 has the corresponding security level.

We do deviate from the paper's instance by adding a single partial
round, which makes the circuit easier to implement in Halo 2.
 2021-03-18 16:39:09 +13:00
Jack Grigg 761dea6cc1 Implement domain separation for poseidon::Hash 
Domain separation is implemented as specified in the Poseidon paper.
We only require constant-input-length hashing.
 2021-03-18 16:38:59 +13:00
Jack Grigg c578c22fe8 Silence clippy needless_range_loop warnings 
I'm using range loops explicitly to make certain logic clearer.
 2021-03-18 16:38:30 +13:00
Jack Grigg 6bcfecd039 Add poseidon::Spec::Rate associated type 
This removes the need for specifying the rate at runtime, and removes
the remaining heap allocations from Duplex::absorb and Duplex::squeeze.
 2021-03-18 16:38:28 +13:00
Jack Grigg 6548666e37 Add poseidon::Spec::State associated type 
We reuse this type for the per-round round constants, and rows of the
MDS, to provide some type-level same-length guarantees. Once we can use
const generics, these will all be replaced by [F; Spec::ARITY].
 2021-03-18 16:38:26 +13:00
Jack Grigg 5c8e9beea7 Simplify poseidon::Spec and remove poseidon::Generic 
Poseidon specifications are now all concrete, and only generation of
constants at runtime requires an instance of the specification.
 2021-03-18 16:38:23 +13:00
Jack Grigg 266705166f Poseidon duplex sponge and hash function 2021-03-18 16:38:21 +13:00
Jack Grigg 9a2c1b0217 Make poseidon::Generic specific to SboxType::Pow 
We don't currently require SboxType::Inv, so let's simplify for now.
 2021-03-18 16:38:17 +13:00
Jack Grigg 8408f4690c Rename poseidon::PoseidonSpec trait to poseidon::Spec 2021-03-18 16:38:14 +13:00
Jack Grigg 3fb5bf8344 Modify constant generation to match reference implementation 2021-03-18 16:38:07 +13:00
Jack Grigg e1719c42bc Add test vectors from the reference implementation 
These are generated using v1.1 of the reference implementation.
 2021-03-18 16:38:06 +13:00
Jack Grigg 84907c50e1 Poseidon specification and constants 2021-03-18 16:37:36 +13:00
Jack Grigg 3911fb3202 Use Pallas directly from pasta_curves crate 2021-03-18 15:06:16 +13:00
str4d 05e86a4d98
Reuse the hasher inside diversify_hash 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-18 13:39:04 +13:00
str4d 51fd94df72
Fix section numbers after spec changes 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-18 13:38:11 +13:00
Jack Grigg 861eec1765 Document sinsemilla::Pad 2021-03-18 08:30:22 +13:00
Jack Grigg 42ea809b64 Update protocol spec references 2021-03-18 08:30:22 +13:00
Jack Grigg e0417268ad Make address generation infallible again 
DiversifyHash is altered to replace the identity with another fixed
point that is known to not be the identity.
 2021-03-18 08:30:22 +13:00
Jack Grigg 8e55b46dbf Deduplicate default address generation 2021-03-16 10:01:50 +13:00
Jack Grigg 3c8befa0f3 Remove TODO from extract_p 
The protocol spec now returns \mathbb{P}_x instead of a bit sequence,
matching what we do here.
 2021-03-16 09:36:59 +13:00
Jack Grigg 46bf89c122 Update ivk derivation to match latest protocol spec draft 2021-03-16 09:33:07 +13:00
Jack Grigg e0b40cb3cb FullViewingKey::address_at(impl Into<DiversifierIndex>) 
This is a more usable API, which we can use when we have the full
viewing key and can obtain the DiversifierKey.
 2021-03-16 09:20:45 +13:00
Jack Grigg e98f324d7d Ensure diversify_hash does not return the identity 
This makes diversified address generation fallible (though with
negligible probability). We expose this to users, so they can decide how
to handle it (either just unwrapping, or incrementing the diversifier
index).

We alter spending key construction to reject spending keys that would
not result in a default address (with diversifier index 0).
 2021-03-16 09:03:44 +13:00
Jack Grigg f7cad7762a Add clarifying note about nomenclature 
There's no point in documenting everything as being an Orchard whizzbang.
We are in the `orchard` crate, so the context should be obvious. This
also fits with the standard Rust naming guideline of not duplicating
module names in type name prefixes (`foo::bar::BarThing`).
 2021-03-09 10:39:02 +13:00
Jack Grigg 2462bb219b Use [u8; 64] as the output of prf_expand to match the spec 2021-03-09 10:33:56 +13:00
Jack Grigg cef44f5f53 Fix intra-crate doc links 2021-03-09 09:27:34 +13:00
Jack Grigg bf5fb7a668 Add missing spec links to key docs 2021-03-09 09:22:38 +13:00
Jack Grigg 307787ec17 Use spec name for SpendValidatingKey 2021-03-09 09:20:09 +13:00
Jack Grigg 26701c33af Fix commit_ivk specification 
Commit^ivk takes ak as a point, and commits to its entire serialization
(not just the x coordinate).
 2021-03-09 08:28:53 +13:00
str4d cfaa61ab14 Remove unnecessary conversions for DiversifierIndex 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-09 07:40:01 +13:00
Jack Grigg 57c64922f6 Add internal CommitIvkRandomness type 2021-03-09 07:38:15 +13:00
Jack Grigg 9455158190 Use protocol spec URL anchors as link handles 2021-03-06 01:18:58 +00:00
Jack Grigg 71542f7ec2 Add internal DiversifiedTransmissionKey type 2021-03-06 01:03:53 +00:00
str4d a61be5d58b
Fix typo in documentation 
Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
 2021-03-06 13:58:48 +13:00
Jack Grigg 5772c71a89 Add doctest example to orchard::Address that exercises key derivation 2021-03-06 00:57:30 +00:00
Jack Grigg 27501702d5 Use orchard::redpallas types in orchard::keys implementation 2021-03-06 00:03:26 +00:00
Jack Grigg eaa7158751 Use reddsa to instantiate orchard::redpallas 2021-03-05 23:46:20 +00:00
Jack Grigg ceac39d74e Implement ZIP 32 diversifier derivation 2021-03-05 23:36:38 +00:00
Jack Grigg f0779792bc Orchard key components 2021-03-05 23:28:16 +00:00
str4d 35da17944a
Merge pull request #21 from zcash/sinsemilla 
Implement Sinsemilla primitives
 2021-03-06 09:16:08 +13:00
Jack Grigg d7f8584d20 Fix clippy lint 2021-03-05 20:09:51 +00:00
Jack Grigg be758de3bb Fix protocol spec references after PDF rename 2021-03-05 20:00:45 +00:00
Jack Grigg 9882373e85 Make Bundle a parametric type over an Authorization trait 
This enables us to construct Bundles at various stages of
authorization:

- `Bundle<Unauthorized>`: A bundle with all effecting data but no
  proofs or signatures.
- `Bundle<Authorized>`: A bundle with all proofs and signatures,
  suitable for inclusion in a block.
- `Bundle<Partial>`: Example of some in-progress bundle authorization,
  for example during a FROST threshold multisignature protocol.

Also adds the bundle flags field from ZIP 225.
 2021-03-03 17:39:53 +00:00
Jack Grigg 22658c3bc4 sinsemilla: Use lebs2ip_K to match protocol spec naming 2021-03-02 01:21:07 +00:00
Jack Grigg a26e1c7879 sinsemilla: Remove the ExactSizeIterator bound 2021-03-01 23:34:02 +00:00
Jack Grigg a03ee8797d Implement Sinsemilla primitives 2021-02-27 17:10:28 +08:00
Jack Grigg bbf2dc271e Add ECC gadgets and instructions 
Migrated from the halo2 crate; we may re-upstream them later (or move
gadgets into their own crate) once we've stabilised them.
 2021-02-25 18:11:46 +00:00
Jack Grigg 97d75bab9a Enforce in type system that a Bundle contains at least one Action 2021-02-24 20:10:10 +00:00
Jack Grigg 693587a402 Rename SignedBundle to AuthorizedBundle and move the proof there 
Closes zcash/orchard#19.
 2021-02-24 20:10:10 +00:00
Jack Grigg 5bce857569 Fill out note components 2021-02-08 15:21:04 +00:00
Jack Grigg bf9e77b629 Move ovk to be derived from fvk instead of the spending key 2021-02-08 15:01:34 +00:00
Jack Grigg 1add6a7ef0 Fix FVK doc comment 2021-02-03 14:19:29 +00:00
Jack Grigg aeddfb64e5 Make Diversifier a newtype around [u8; 11] 2021-02-03 14:16:58 +00:00
Jack Grigg a564ba76ce Remove Chain and value::Constraint traits 
There was push-back on having this crate require these traits, due to the
additional complexity within this crate. My rationale for including them
was to make it simpler to reason about what is responsible for enforcing
chain-specific constraints, and to reduce duplication (by enabling the
wrapping chain implementation to use type definitions and leverage all
built-in behaviour, instead of newtypes and needing to add a bunch of
wrapping logic and boilerplate, some of which would encode chain-specific
logic).

We'll try working within the requirement that this crate enforces minimal
base constraints and hard-codes any constants, and then have the wrapping
chain provide encoding prefixes and additional value constraints where
necessary.
 2021-01-21 12:23:08 +00:00
Jack Grigg ae252f57a8 Add skeleton for RedPallas 2021-01-20 20:35:54 +00:00
Jack Grigg 1b9f6450cb Add skeleton for actions and bundles 2021-01-20 20:31:09 +00:00
Jack Grigg d65968ed38 Skeleton for notes and values 2021-01-20 20:31:09 +00:00
Jack Grigg 5285737bf0 Add skeleton of key structure 2021-01-20 19:51:03 +00:00
Jack Grigg 10bae831eb Rename to Orchard 2021-01-08 16:51:10 +00:00
Jack Grigg 7905a0c80a Update crate attributes 2020-10-20 22:44:33 +01:00
Sean Bowe d2fa7fbaf1
Initial commit 2020-10-20 15:12:37 -06:00