Daira Hopwood
dc021a2ef1
[book] Merge two similar paragraphs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:20:09 +01:00
Daira Hopwood
82316b607b
[book] Update the Sinsemilla constraints to handle the gap between field elements correctly.
...
This also changes i to be zero-based, which is more consistent with the spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:12:48 +01:00
Daira Hopwood
4cd0082294
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-18 21:27:55 +01:00
str4d
0b6bd66714
Merge pull request #120 from daira/fix-clippy-lints
...
Fix clippy lints
2021-06-16 20:24:02 +01:00
Daira Hopwood
1c19bea842
Fix clippy lints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-16 19:13:40 +01:00
str4d
37b1b7f357
Merge pull request #119 from zcash/anchor-serialization
...
Anchor serialization APIs
2021-06-15 16:25:36 +01:00
Jack Grigg
5264d53498
impl Copy for Anchor
2021-06-15 15:42:06 +01:00
Jack Grigg
019ae7da8e
Anchor::{from_bytes, to_bytes}
2021-06-15 15:41:57 +01:00
Daira Hopwood
e412a5a25b
Merge pull request #115 from zcash/anchor-type
...
Store anchors as pallas::Base instead of [u8; 32]
2021-06-15 14:18:48 +01:00
str4d
f7c64e0437
Merge pull request #117 from zcash/change-dep-patching
...
Use patches for halo2 and zcash_note_encryption dependencies
2021-06-15 01:09:18 +01:00
Jack Grigg
5759d66470
Use patches for halo2 and zcash_note_encryption dependencies
...
While these two are in flux, it's hard to keep these revisions consistent
(e.g. https://github.com/zcash/zcash/pull/5217 currently depends on two
different versions of zcash_note_encryption). Using patches allows the
downstream users (i.e. zcashd) to define its own set of patches, and keep
everything in sync. This works fine now because we aren't actively making
changes to the public APIs, only additions.
2021-06-14 23:17:15 +01:00
str4d
63ca1f8d3a
Merge pull request #116 from zcash/signature-validation
...
Signature validation APIs
2021-06-14 22:42:36 +01:00
Jack Grigg
e90a5972f1
redpallas: Expose batch validation API
2021-06-14 21:41:12 +01:00
Jack Grigg
eec17a9174
Add a `Bundle::binding_validating_key` method
...
This derives the `bvk` for validating `Authorized::binding_signature`.
2021-06-14 21:40:28 +01:00
ebfull
ee26116fcf
Merge pull request #114 from zcash/util-range-check
...
utilities::lookup_range_check: Add LookupRangeCheck helper
2021-06-14 10:56:52 -06:00
therealyingtong
f5bf0c1ef3
lookup_range_check.rs: Docfixes and minor refactors.
2021-06-15 00:18:38 +08:00
therealyingtong
60861b7245
sinsemilla::constants.rs: Add INV_TWO_POW_K = 1 / 2^K constant.
2021-06-15 00:18:38 +08:00
str4d
1182d8d5a7
Merge pull request #99 from zcash/note-encryption
...
Note encryption
2021-06-14 17:16:54 +01:00
ebfull
4a52d771b1
Merge pull request #113 from zcash/constants-concrete-type
...
`constants::load.rs`: Use concrete `pallas::Affine` type for generators
2021-06-14 09:25:17 -06:00
ebfull
83b76333d3
Merge pull request #107 from zcash/ecc-chip
...
[ECC chip] Incomplete and complete addition
2021-06-14 09:07:34 -06:00
therealyingtong
beaf4490f1
sinsemilla.md: Correct y_{A,i} and y_{P,i} formulas in gate specification
2021-06-14 21:30:51 +08:00
therealyingtong
c25526e216
lookup_range_check.rs: Delete wrong comment.
2021-06-14 19:55:51 +08:00
therealyingtong
8a8df98a50
add_incomplete::tests: Constrain output of `P + Q` test.
...
Also minor docfixes and refactors.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-14 00:19:21 +08:00
therealyingtong
70ec5755cf
lookup_range_check.rs: Add documentation and minor refactors.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 23:24:19 +08:00
therealyingtong
b7b8126ccf
spec.rs: Add lebs2ip function bounded on const generic L.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 23:20:59 +08:00
therealyingtong
7341996d2c
gadget::ecc.rs: Add EccInstructions::constrain_equal() instruction.
...
This allows us to constrain two points to be equal in value at the
gadget level.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 21:26:30 +08:00
therealyingtong
b299a51b31
lookup_range_check.rs: Downgrade from Chip to Config.
...
We need to be able to toggle the lookup on and off on specific
offsets. These offsets are often assigned outside the logic of
the decomposition.
2021-06-13 09:40:50 +08:00
therealyingtong
cdab5bf8c4
gadget::utilities.rs: Remove Chip bound on UtilitiesInstructions.
2021-06-13 09:40:20 +08:00
Jack Grigg
de78186503
Store anchors as pallas::Base instead of [u8; 32]
...
This matches what we store in `MerklePath`, and better enforces the
required type.
2021-06-12 21:35:37 +01:00
therealyingtong
e83880841a
utilities::lookup_range_check: Add LookupRangeCheck chip
...
This decomposes a field element into K-bit words and constrains each
word's range by looking it up in a K-bit lookup table.
The field element is broken down using a running sum. All interstitial
values of the running sum are returned.
2021-06-12 22:46:31 +08:00
therealyingtong
a11c2066ef
chip::add.rs: Use Expression::square() + other minor refactors
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-12 20:25:12 +08:00
therealyingtong
e259bb3846
ecc::chip.rs: Use concrete pallas::Affine for Chip impl.
...
The EccInstructions trait is still generic over C: CurveAffine;
however, the EccChip implementation is specific to the pasta
curves.
2021-06-12 20:25:09 +08:00
therealyingtong
aec7a7f850
ecc::chip.rs: Stub out scalar-mul-related structs and types.
...
These will be updated or restored in #111 .
2021-06-12 20:24:14 +08:00
ying tong
e1779dab70
Docfixes and minor refactors.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-12 12:41:27 +08:00
therealyingtong
6dabb16edc
chip::add.rs: Use batch inversion for alpha, beta, gamma, delta
2021-06-12 12:41:27 +08:00
therealyingtong
f655e38e3e
chip::add_incomplete.rs: Remove superfluous check.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-12 12:41:27 +08:00
therealyingtong
aff56e6763
ecc::chip.rs: Make EccPoint.x, EccPoint.y private fields
...
Also add public getters x() and y().
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-12 12:41:27 +08:00
therealyingtong
433791fcb0
chip::witness_point.rs: Allow witnessing the identity.
2021-06-12 12:41:27 +08:00
therealyingtong
36d7888c1c
ecc.rs: Add tests for complete and incomplete addition.
2021-06-12 12:41:27 +08:00
therealyingtong
6491ea90dd
ecc::chip.rs: Bound EccConfig on <C: CurveAffine>.
2021-06-12 12:41:27 +08:00
therealyingtong
e802e2917a
chip::add.rs: Implement complete addition instruction.
2021-06-12 12:41:27 +08:00
therealyingtong
7dc11b95d2
chip::add_incomplete.rs: Implement add_incomplete() instruction
2021-06-12 12:41:27 +08:00
therealyingtong
7eb86eb0c2
chip::witness_point.rs: Implement witness_point() instruction.
2021-06-12 12:41:27 +08:00
therealyingtong
6627b2258f
ecc::chip.rs: Add ECC chip.
...
Implement witness_scalar_var() and extract_p() instructions inline.
2021-06-12 12:41:27 +08:00
therealyingtong
e15648cb67
gadget::ecc: Remove representations of fixed points in the circuit
...
Fixed points are represented by precomputed window tables. These
are not "initialized" in the circuit at any single point, but are
loaded into fixed columns at the offsets where the fixed points
are used.
Thus, we don't need FixedPoint and get_fixed() in the circuit.
Similarly, we can remove FixedPointShort and get_fixed_short().
2021-06-12 12:41:27 +08:00
therealyingtong
ddb9500991
constants::load.rs: Use concrete pallas::Affine type for generators
...
The Orchard fixed bases are Pallas curve points and are not generic
over other curves.
2021-06-12 12:36:43 +08:00
Jack Grigg
769be6c080
Note encryption test vectors
2021-06-11 23:55:17 +01:00
Jack Grigg
37326df1ab
spec: Impl more traits for NonZero types
...
Also fixes their Default impls to use "1" as the default.
2021-06-11 23:55:17 +01:00
Jack Grigg
57f84c3eea
builder: Encrypt output notes
2021-06-11 23:55:17 +01:00
Jack Grigg
99665572a2
Orchard note encryption
2021-06-11 23:55:16 +01:00