zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,220 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

62 Commits

Author SHA1 Message Date
Jack Grigg a65018f93c Fix variable name in `spec::diversify_hash` 
Closes zcash/orchard#368.
 2023-04-11 00:23:33 +00:00
Jack Grigg 3beea4adb7 Migrate to `ff 0.13` 
Closes zcash/orchard#371.
 2023-03-09 21:14:41 +00:00
Jack Grigg 050b2f231e Add `memuse::DynamicUsage` impls for types used for batch scanning 2022-10-15 23:29:06 +00:00
Jack Grigg 0b4d7bc9c6 Migrate note encryption to use prepared w-NAF APIs 2022-10-15 23:27:57 +00:00
Jack Grigg 311190c2d6 Migrate to final `halo2_gadgets` pre-release revision 
Includes API changes made in zcash/halo2#573.
 2022-05-10 21:55:20 +00:00
Jack Grigg 706cee42f5 Migrate to `ff 0.12` 2022-05-05 17:15:03 +00:00
Jack Grigg 4ec036c851 Remove unnecessary usage of `Vec` 2022-04-28 21:26:23 +00:00
Jack Grigg b1ce38405a Use `core` instead of `std` where possible 2022-04-28 20:20:23 +00:00
Jack Grigg 4574d4793a Migrate to 2021 edition 2022-04-28 17:23:30 +00:00
Jack Grigg 72b6febf7b Move zero-handling from inside CommitIVK to outside it 
This more closely matches the change to the protocol spec.
 2022-03-17 18:51:33 +00:00
Jack Grigg 5356804bfe Update comment in `spec::commit_ivk` 2022-03-15 23:26:57 +00:00
therealyingtong 72f1ca6b45 spec.rs: Check that commit_ivk returns a nonzero base. 2022-03-16 01:28:13 +08:00
therealyingtong f74cb9e4d3 Delete gadgets and their primitives; add `halo2_gadgets` dependency. 2022-01-29 01:57:01 +08:00
Jack Grigg f300cea2c8 Fix clippy lints 
These became stable lints between 1.51 and 1.54.
 2022-01-28 23:00:00 +08:00
therealyingtong 1a3cbeb896 Refactor src/constants and primitives::sinsemilla::constants. 2022-01-19 00:46:12 +08:00
str4d b13b9677cf
Merge pull request #254 from zcash/pasta_curves-prep 
Remove various usages of `FieldExt` methods
 2021-12-16 12:07:50 +00:00
Jack Grigg bfc65d5985 poseidon: Remove `self` parameter from `Domain` trait methods 
For almost all the sponge constructions defined in the Poseidon paper,
the domain can be defined completely statically. Variable-length hashing
requires knowledge of the message length, but that can be provided to
the fixed padding function in a subsequent commit, and in any case we
can't use variable-length inputs in a circuit.
 2021-12-10 02:40:33 +00:00
Jack Grigg 0378898289 Replace `FieldExt::{from, to}_bytes` with `PrimeField::{from, to}_repr` 2021-12-09 15:39:37 +00:00
Jack Grigg 6f0cab5ffd Replace `FieldExt::from_u64` with `PrimeField: From<u64>` 2021-12-09 15:38:36 +00:00
therealyingtong b63c868591 poseidon: Make Spec trait methods not take (&self) parameter. 2021-11-30 10:02:16 -05:00
therealyingtong 764c445a81 Rename poseidon::nullifier -> poseidon::p128pow5t3. 2021-10-12 11:58:27 +02:00
Jack Grigg 8c82ceecbf ff 0.11, group 0.11, pasta_curves 0.2 etc. 2021-09-06 20:39:43 +01:00
Kris Nuttycombe 5d78ab3508 Add Eq and Ord implementations for Orchard keys. 2021-08-23 11:29:06 -06:00
Kris Nuttycombe 77cf4c9831 Implement IncomingViewingKey::to_bytes 2021-08-23 11:27:02 -06:00
Jack Grigg f4a8c082a9 Use w-NAF in `ka_orchard` 
Improves the base-line cost of trial decryption by over 40%.
 2021-08-06 13:43:19 +01:00
Kris Nuttycombe b86967bc57
Merge pull request #135 from zcash/patch-ncc 
Partial fixes from NCC draft report
 2021-07-22 15:25:05 -06:00
therealyingtong 5ae9890913 mul::overflow.rs: Overflow check in variable-base scalar mul 
Simplify the canonicity check for variable-base scalar multiplication,
by range-checking the low 130 bits rather than the low 127 bits.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-07-07 23:10:59 +08:00
therealyingtong ba7e1892de Minor fixes involving constants. 
- document that find_zs_and_us is not meant to be used anywhere
- use F::zero() instead of F::default() in constants/util.rs
- use personalisations from constants in spec.rs
 2021-06-30 20:00:36 +08:00
therealyingtong 1ac3541505 Add spec::i2lebsp and constants::MERKLE_DEPTH_ORCHARD 2021-06-29 12:07:49 +08:00
Daira Hopwood 81fb944997 Make this crate clippy clean for warnings on nightly. 
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:04:00 +01:00
ebfull ee26116fcf
Merge pull request #114 from zcash/util-range-check 
utilities::lookup_range_check: Add LookupRangeCheck helper
 2021-06-14 10:56:52 -06:00
therealyingtong f5bf0c1ef3 lookup_range_check.rs: Docfixes and minor refactors. 2021-06-15 00:18:38 +08:00
therealyingtong b7b8126ccf spec.rs: Add lebs2ip function bounded on const generic L. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-13 23:20:59 +08:00
Jack Grigg 37326df1ab spec: Impl more traits for NonZero types 
Also fixes their Default impls to use "1" as the default.
 2021-06-11 23:55:17 +01:00
Jack Grigg 8a7ff1b28a Structs representing note encryption key material 2021-06-11 23:54:35 +01:00
Jack Grigg bea8a9b7ff Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1 2021-06-04 20:38:52 +01:00
Jack Grigg c4ffb7c617 Rework PRF^expand to use explicit domains 
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
 2021-05-28 13:12:25 +01:00
Jack Grigg cea8a3ab69 Move prf_expand{_vec} into a submodule for clarity 2021-05-28 12:42:01 +01:00
str4d 2bbbc3ec94
Update comments 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-05-21 21:24:08 +01:00
Jack Grigg 736de1156b Ensure that Notes always have valid commitments 
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
 2021-05-11 18:51:57 +08:00
Jack Grigg 76a39d29c1 Change diversify_hash and ka_orchard to use non-zero types 
This matches the changes to KA^Orchard in spec version 2021.1.23.
 2021-05-11 18:51:57 +08:00
Jack Grigg 9a828febd7 Change `commit_ivk` to return a non-zero Pallas base field element 
The type system now enforces that `ivk != 0`.
 2021-05-11 18:51:57 +08:00
Jack Grigg c08d12cc52 Use incomplete addition in SinsemillaHashToPoint 
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:

- When we generate keys or notes, if we encounter ⊥ we discard and
  re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
  from bytes), we check for and reject ⊥.
 2021-04-20 10:05:56 +12:00
Jack Grigg 907ff46078 Simulate incomplete addition 
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
 2021-04-20 10:04:44 +12:00
Jack Grigg 4c34a61c57 Use const generics for poseidon::ConstantLength 2021-03-30 14:13:15 +13:00
Jack Grigg 0f8c5b7dd3 Document TODO for SinsemillaShortCommit usage 
https://github.com/zcash/orchard/issues/55
 2021-03-30 13:55:29 +13:00
Jack Grigg 3b14cfc133 Fix link to NU5 protocol spec draft 2021-03-30 13:54:23 +13:00
Jack Grigg 0f6eb9ca6c Nullifier derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 1a37ca492d Extract spec::mod_r_p helper from spec::commit_ivk 2021-03-26 07:51:05 +13:00
therealyingtong 873e1b7d7e Call hash_to_curve() only when constructing new domain 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-03-24 12:10:37 +08:00