Jack Grigg
e0e082d265
test: Remove stray dbg!()
2021-06-05 22:39:57 +01:00
Jack Grigg
cbf7c3825f
builder: Store alpha and use it to derive rsk for signing spends
...
This was missed from zcash/orchard#49 , but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
2021-06-05 22:35:52 +01:00
str4d
cd1e72bbcd
Merge pull request #106 from zcash/refactor-constants
...
Refactor `constants` to add `constants::load`
2021-06-05 13:42:16 +01:00
str4d
243f862617
Fix clippy lints
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 13:18:14 +01:00
str4d
d3da71a4fd
Merge pull request #105 from zcash/constants-spend-auth-g
...
Add SpendAuthG fixed base
2021-06-05 12:09:51 +01:00
therealyingtong
40599144bf
utilities::plonk: Remove assumption that fixed columns default to 1
2021-06-05 15:33:12 +08:00
therealyingtong
6603e996ed
utilities::cond_swap: Directly witness swap bit
2021-06-05 15:32:43 +08:00
therealyingtong
9f27049c84
Add constants::load.rs
...
This makes it easier to load constants into the ECC chip.
2021-06-05 13:18:24 +08:00
therealyingtong
1d46a2d3e7
Add SpendAuthG fixed base.
...
Used in spend authority randomization where rk = ak + [alpha]SpendAuthG.
2021-06-05 13:16:56 +08:00
therealyingtong
f31b9feba0
utilities::enable_flag: Directly witness flag
2021-06-05 09:42:23 +08:00
str4d
7f097b8599
Merge pull request #104 from nuttycom/fix_point_gen
...
Avoid discards in arbitrary nullifier generation.
2021-06-05 00:43:47 +01:00
Kris Nuttycombe
6f3ac2cdcc
Avoid discards in arbitrary nullifier generation.
2021-06-04 17:36:50 -06:00
str4d
87a3d52641
Merge pull request #103 from zcash/bump-deps
...
Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1
2021-06-04 21:25:26 +01:00
Jack Grigg
bea8a9b7ff
Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1
2021-06-04 20:38:52 +01:00
therealyingtong
fea88c814c
Add enable flag chip
2021-06-04 18:08:59 +08:00
therealyingtong
4b0ea0be15
Add conditional swap chip
2021-06-04 18:08:59 +08:00
therealyingtong
4f87815262
Add standard PLONK chip
2021-06-04 18:08:59 +08:00
therealyingtong
4d8ae89aa9
Add Utilities chip
2021-06-04 18:08:59 +08:00
str4d
c5aa41e2e4
Merge pull request #86 from zcash/patch-fixed-mul
...
Update formula for fixed-base window tables.
2021-06-03 13:33:00 +01:00
str4d
505e003842
Merge pull request #28 from zcash/poseidon
...
Width-3 Poseidon chip
2021-06-03 12:38:16 +01:00
str4d
dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors
...
Add test vectors for key components
2021-06-02 22:23:54 +01:00
therealyingtong
fa9d8a992c
Update constants
2021-06-02 22:51:37 +08:00
therealyingtong
0636a6f2ec
Update window table formula.
...
Previously, the window table M for fixed-base scalar multiplication
computed M[w][k] = [(k+1)*(2^3)^w]B for each window w, where k is a
3-bit chunk in the scalar decomposition in the range [0..8).
However, in the case k_0 = 7, k_1= 0, the window table entries would
evaluate to:
* M[0][k_0] = [(7+1)*(2^3)^0]B = [8]B,
* M[1][k_1] = [(0+1)*(2^3)^1]B = [8]B,
which means the first addition would require complete addition.
To avoid this, we alter the formula to M[w][k] = [(k+2)*(2^3)^w]B.
We make a corresponding change to the formula for the last window
W. Previously, we had:
M[W][k] = [k * (2^3)^W - \sum((2^3)^j)]B, for j in [0..W-1).
Now, we have:
M[W][k] = [k * (2^3)^W - \sum(2^(3j+1))]B, for j in [0..W-1).
2021-06-02 22:51:37 +08:00
Jack Grigg
91db490e20
test: Add Poseidon test vectors
2021-06-01 18:36:11 +01:00
Daira Hopwood
5925852c7d
Add Poseidon test vector generated by the reference code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-01 18:36:11 +01:00
Jack Grigg
f5a4cc3550
poseidon::Hash gadget
2021-06-01 18:36:11 +01:00
Jack Grigg
38dd7b791d
PoseidonDuplexInstructions
2021-06-01 18:36:11 +01:00
Jack Grigg
a69d76113f
test: Rename MyCircuit to PermuteCircuit
2021-06-01 18:36:11 +01:00
Jack Grigg
d1fe466812
Replace PoseidonInstructions::State with PoseidonInstructions::Word
2021-06-01 18:36:11 +01:00
Jack Grigg
01eb431f1f
Remove "final" round logic from poseidon::Pow5T3Chip
...
This was a bug in the Poseidon reference implementation, fixed in v1.1.
2021-06-01 18:36:11 +01:00
Jack Grigg
40a19b429c
Test that poseidon::Pow5T3Chip chip correctly implements Poseidon
2021-06-01 18:36:11 +01:00
Jack Grigg
f1b8abfccb
Arity-3 Poseidon chip
2021-06-01 18:36:11 +01:00
Jack Grigg
363e6944ec
Poseidon instructions
2021-06-01 17:54:37 +01:00
str4d
5d57bee562
Merge pull request #97 from zcash/bump-halo2
...
Migrate to latest revision of halo2
2021-06-01 17:54:09 +01:00
Jack Grigg
dfa3fbb19b
Migrate to latest revision of halo2
2021-06-01 17:37:44 +01:00
str4d
803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains
...
Define explicit domains for PRF^expand
2021-06-01 14:31:04 +01:00
Kris Nuttycombe
2f2b9e5891
Merge pull request #92 from zcash/fix-lints
...
Fix lints
2021-05-28 14:26:18 -06:00
Jack Grigg
c4ffb7c617
Rework PRF^expand to use explicit domains
...
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
2021-05-28 13:12:25 +01:00
Jack Grigg
cea8a3ab69
Move prf_expand{_vec} into a submodule for clarity
2021-05-28 12:42:01 +01:00
Jack Grigg
7f47949b09
Take `self` directly in to_bytes methods where Self: Copy
2021-05-28 12:11:22 +01:00
Jack Grigg
cdfd2ab0f9
Remove clones from types that now impl Copy
2021-05-28 12:10:54 +01:00
Jack Grigg
5af73f7822
Add test vectors for key components
2021-05-28 11:57:21 +01:00
therealyingtong
79b0307b87
Formatting fixes
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-05-27 13:59:15 +08:00
ying tong
cdea8b1f67
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-05-22 22:55:14 +08:00
str4d
f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7
...
Remove rand 0.7 usage
2021-05-21 21:25:34 +01:00
str4d
97710e04d6
Merge pull request #80 from zcash/spec-updates
...
Update implementation to match protocol spec version 2021.2.0
2021-05-21 21:24:39 +01:00
str4d
2bbbc3ec94
Update comments
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-05-21 21:24:08 +01:00
str4d
9585c67ed2
book: Refine types on Commitments page
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-05-21 21:23:08 +01:00
therealyingtong
1a08d6e078
[book] Add Sinsemilla gadget description
2021-05-21 21:13:45 +08:00
str4d
7109153e88
Merge pull request #43 from zcash/constants
...
Add Orchard constants
2021-05-18 20:44:59 +01:00