zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
808 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

573 Commits

Author SHA1 Message Date
therealyingtong 52f53f3425 Remove IsIdentity trait from public EccInstructions. 
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
therealyingtong c80ccba801 Witness cm_old using Point::new(). 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
therealyingtong b0de6afd7c Reintroduce Point::new() API and constraints. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
Jack Grigg 751277cdb2 Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound 
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
 2021-09-28 13:13:25 -06:00
Jack Grigg 97c27e3d5a Use complete addition in SinsemillaCommit 
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
 2021-09-28 13:13:25 -06:00
therealyingtong 8c8a12a8df Minor fixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-28 13:13:25 -06:00
therealyingtong fa560d3aee Replace is_identity() instruction with IsIdentity trait. 2021-09-28 13:13:25 -06:00
therealyingtong 4a13ab4f6b Docfixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
Daira Hopwood 6b6b515232 `hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>` 
because any exceptional case is treated as an error, and therefore the identity cannot be returned.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 8ad3003e27 Remove Point::new() API and introduce is_identity() instruction. 
Also remove the q_point selector and gate from the circuit.
 2021-09-28 13:13:25 -06:00
therealyingtong ec27989b9b Clippy and formatting fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong a5a6e78d42 src/circuit.rs: Use NonIdentityPoint for all witnessed points. 
The witnessed points are cm_old, g_d_old, pk_d_old, ak.

g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong cdcfcbc0c2 gadget::sinsemilla: Propagate changes to the Sinsemilla gadget. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 258fe5796b ecc::chip: Propagate changes to sub-chips. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong df26a6c674 chip::witness_point.rs: Constraints for non-identity point. 
The point_non_id() method returns an error if the given point is
the identity.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 88eb762cf2 ecc::chip.rs: Introduce NonIdentityEccPoint struct. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong f5ed26790a gadget::ecc: Introduce NonIdentityPoint associated type and gadget. 
The add_incomplete() and mul() APIs have been removed from the
Point gadget, since we cannot perform incomplete addition or
variable-base scalar multiplication on the identity.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
Sean Bowe f9aa765787 Add test against hardcoded pinned verification key 2021-09-28 12:54:13 -06:00
therealyingtong 1f2132a8c0 Use correct MERKLE_DEPTH_ORCHARD in proptests. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-16 21:37:59 +02:00
therealyingtong d47c157ae0 Replace arb_tree proptest with incrementalmerkletree impl. 2021-09-16 20:50:27 +02:00
therealyingtong 2c551db32b Use gen_const_array_with_default where possible. 2021-09-16 18:20:51 +02:00
therealyingtong 291400ec33 Rename MerkleCrhOrchardOutput -> MerkleHashOrchard. 2021-09-16 15:38:01 +02:00
therealyingtong e9dc2f747f Move hash_with_l() logic into MerkleCrhOrchardOutput::combine(). 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-16 15:37:22 +02:00
therealyingtong 58de805a13 sinsemilla::merkle.rs: Use tree::MerklePath::root in tests. 2021-09-16 15:36:24 +02:00
therealyingtong f75f890a64 Update tree::MerklePath::root to be total. 2021-09-16 15:36:24 +02:00
Jack Grigg 414eef3ce5 memuse 0.2 2021-09-14 20:40:15 +01:00
Kris Nuttycombe 4488288ac0
Merge pull request #198 from zcash/merkle-path-test-vectors 
Add Merkle path test vectors
 2021-09-14 07:22:28 -06:00
str4d 3dd2a1872a
Merge pull request #169 from zcash/circuit-constraint-refinements 
Circuit constraint refinements to reduce proof size
 2021-09-14 02:05:41 +01:00
Jack Grigg 29a4bbcbc1 Add Merkle path test vectors 2021-09-14 00:15:39 +01:00
Daira Hopwood ee44d2ccf0
Apply suggestions from code review 2021-09-07 02:45:10 +01:00
Daira Hopwood 97e18a8190
Apply suggestions from code review 2021-09-07 00:56:22 +01:00
Daira Hopwood faddaf9e30 note_commit.rs: make two_pow_* definitions more consistent. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-07 00:52:37 +01:00
Jack Grigg 8c82ceecbf ff 0.11, group 0.11, pasta_curves 0.2 etc. 2021-09-06 20:39:43 +01:00
Jack Grigg 7fad21e7d6 Switch to `memuse` crate for measuring heap allocations 2021-09-05 01:33:27 +01:00
Daira Hopwood c24c67d5f0 cargo fmt 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 14:11:08 +01:00
Kris Nuttycombe e4a54cdf61 Improve error handling in zip32 APIs. 2021-08-31 16:49:58 -06:00
therealyingtong c3e24794f0 zip32.rs: master and child key derivation for ExtendedSpendingKey 2021-08-31 15:49:32 -06:00
Kris Nuttycombe 77be355912 Apply suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 0449edd5b8 Validate the sign of the y-coordinate for ak when deserializing. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 43abadfb55 Adds decryption for a specific index within a bundle. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe c406461f64 Expose inner representation of NoteValue 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 872f337811 Expose SpendingKey byte representation. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe c803114bf6 Go ahead and clone IVKs to limit borrowing hassles. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe d8bf892c72 Return key used to decrypt an output along with decrypted note contents. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 5d78ab3508 Add Eq and Ord implementations for Orchard keys. 2021-08-23 11:29:06 -06:00
Kris Nuttycombe 52f0f158ef Add serialization and parsing of full viewing keys. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe 1fd00e6236 Add raw address serialization and parsing. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe e33cd4ade4 Add trial decryption of actions to Bundle 2021-08-23 11:28:25 -06:00
Kris Nuttycombe 77cf4c9831 Implement IncomingViewingKey::to_bytes 2021-08-23 11:27:02 -06:00
str4d f2400baa01
Improve NoteCommit input value gate doc 
Brings it in line with the other gate docs.

Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-19 14:35:56 +01:00