zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
485 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

23 Commits

Author SHA1 Message Date
therealyingtong 5ae9890913 mul::overflow.rs: Overflow check in variable-base scalar mul 
Simplify the canonicity check for variable-base scalar multiplication,
by range-checking the low 130 bits rather than the low 127 bits.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-07-07 23:10:59 +08:00
therealyingtong a3ca27b756 ecc::tests: Add tests for variable- and fixed-base scalar mul. 2021-07-07 23:10:59 +08:00
therealyingtong 8a8df98a50 add_incomplete::tests: Constrain output of `P + Q` test. 
Also minor docfixes and refactors.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-14 00:19:21 +08:00
therealyingtong 7341996d2c gadget::ecc.rs: Add EccInstructions::constrain_equal() instruction. 
This allows us to constrain two points to be equal in value at the
gadget level.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-13 21:26:30 +08:00
therealyingtong e259bb3846 ecc::chip.rs: Use concrete pallas::Affine for Chip impl. 
The EccInstructions trait is still generic over C: CurveAffine;
however, the EccChip implementation is specific to the pasta
curves.
 2021-06-12 20:25:09 +08:00
ying tong e1779dab70 Docfixes and minor refactors. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-06-12 12:41:27 +08:00
therealyingtong aff56e6763 ecc::chip.rs: Make EccPoint.x, EccPoint.y private fields 
Also add public getters x() and y().

Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-12 12:41:27 +08:00
therealyingtong 433791fcb0 chip::witness_point.rs: Allow witnessing the identity. 2021-06-12 12:41:27 +08:00
therealyingtong 36d7888c1c ecc.rs: Add tests for complete and incomplete addition. 2021-06-12 12:41:27 +08:00
therealyingtong 6627b2258f ecc::chip.rs: Add ECC chip. 
Implement witness_scalar_var() and extract_p() instructions inline.
 2021-06-12 12:41:27 +08:00
therealyingtong e15648cb67 gadget::ecc: Remove representations of fixed points in the circuit 
Fixed points are represented by precomputed window tables. These
are not "initialized" in the circuit at any single point, but are
loaded into fixed columns at the offsets where the fixed points
are used.

Thus, we don't need FixedPoint and get_fixed() in the circuit.
Similarly, we can remove FixedPointShort and get_fixed_short().
 2021-06-12 12:41:27 +08:00
therealyingtong ff504c1a3f Address review comments. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-18 17:14:13 +08:00
therealyingtong 2962115aef Reintroduce point doubling API 2021-05-18 16:54:52 +08:00
therealyingtong af30f4b141 Add Eq to the EccChip trait 2021-05-18 16:12:06 +08:00
therealyingtong caa3791562 Documentation fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-18 16:07:40 +08:00
therealyingtong edea9bde73 Document incomplete point addition error handling 2021-05-18 13:28:17 +08:00
therealyingtong c8076c2864 Add FixedPointsShort associated type 2021-05-18 13:28:17 +08:00
therealyingtong 74c797165f Add range check for short scalar 2021-05-18 13:28:16 +08:00
therealyingtong db60fd2262 Add FixedPointShort associated type 2021-05-06 15:55:15 +08:00
therealyingtong 6a64bc1c37 Expose Point.add_incomplete() 2021-05-06 12:54:21 +08:00
therealyingtong 4f2b4d2935 Address review comments 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-05-05 20:23:29 +08:00
therealyingtong 4bf6202c35 Modify ECC gadget to work with chip refactor 2021-05-04 12:11:28 +08:00
Jack Grigg bbf2dc271e Add ECC gadgets and instructions 
Migrated from the halo2 crate; we may re-upstream them later (or move
gadgets into their own crate) once we've stabilised them.
 2021-02-25 18:11:46 +00:00