995728caa6
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
2021-08-12 15:45:14 +08:00
8e13986101
Implement `Domain::batch_epk` for note decryption
...
Improves throughput of batched trial decryption by around 10%.
2021-08-12 01:36:38 +01:00
8c15cc25be
Benchmark batch trial decryption
2021-08-12 01:36:38 +01:00
0d306d18aa
Expose and benchmark Poseidon
2021-08-10 13:44:04 +01:00
08b279b900
Expose and benchmark Sinsemilla primitive
2021-08-10 13:39:14 +01:00
c4fb1efb1c
Merge pull request #176 from zcash/doc-cmx-canon
...
ExtractedNoteCommitment::from_bytes: Document cmx canonicity.
2021-08-09 18:33:03 +01:00
e62cfaa398
ExtractedNoteCommitment::from_bytes: Document cmx canonicity.
2021-08-09 20:11:27 +08:00
506b6a6dcd
Merge pull request #175 from zcash/note-decryption-wnaf
...
Use w-NAF in `ka_orchard`
2021-08-06 15:00:19 +01:00
f4a8c082a9
Use w-NAF in `ka_orchard`
...
Improves the base-line cost of trial decryption by over 40%.
2021-08-06 13:43:19 +01:00
fe923cc391
Merge pull request #174 from zcash/bench-note-decryption
...
Benchmark note decryption
2021-08-06 11:17:59 +01:00
cad3c8a1b8
Add benchmark for note decryption
2021-08-06 01:03:03 +01:00
2283310236
Expose `orchard::note_encryption::{CompactAction, OrchardNoteEncryption}`
...
This also removes the `orchard::OrchardDomain` re-export, which is now
available at `orchard::note_encryption::OrchardDomain`.
2021-08-06 01:01:12 +01:00
d0baa18fc6
Merge pull request #173 from nuttycom/update_incrementalmerkletree
...
Update incrementalmerkletree version.
2021-08-05 15:11:13 +01:00
d8091dd575
Update incrementalmerkletree version.
2021-08-05 07:51:19 -06:00
55279b8648
Merge pull request #171 from daira/poseidon-rounds-update
...
Update Poseidon instantiation from 58 to 56 partial rounds. fixes #166
2021-08-05 14:36:42 +01:00
e4612f7f6c
Update Poseidon instantiation from 58 to 56 partial rounds. fixes #166
...
Test vectors are from https://github.com/zcash-hackworks/zcash-test-vectors/pull/45
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-04 13:04:13 +01:00
9af22a8cbc
circuit: Add region layout diagrams for y_switch constraint
...
Helps to see why we can't optimise it to remove the `prev` query.
2021-07-29 20:57:33 +01:00
6aa85fcdfe
circuit: Refactor NoteCommit input processing into multiple regions
...
The new regions take up more cells overall, but across fewer columns,
and the gates now only query `cur` and `next` rows.
2021-07-29 20:13:27 +01:00
2198675f9d
circuit: Rotate `q_commit_ivk` selector up by one row
...
This ensures the Commit^ivk gate only queries `cur` and `next` rows.
2021-07-29 14:56:56 +01:00
0009070358
circuit: Rotate`q_mul_lsb` selector up by one row
...
This ensures the "LSB check" gate only queries `cur` and `next` rows.
2021-07-29 14:56:56 +01:00
16e9076080
Add names to some nameless constraints
2021-07-29 14:56:56 +01:00
8454f86d42
Merge pull request #140 from nuttycom/bundle_zip244_commitments
...
Implement ZIP-244 txid and authorizing commitments.
2021-07-29 14:45:24 +01:00
40d80c4d6f
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 07:16:14 -06:00
7ddbe3ab44
Merge pull request #167 from zcash/bench-action-circuit
...
Add Action circuit benchmarks, fix Builder bug
2021-07-29 13:31:58 +01:00
1ecd7a9555
Add another data point to the bundle benchmarks
2021-07-28 23:06:40 +01:00
9117273c08
Fix bug in `Builder` initialization of `Circuit` struct
...
`rcv` was being used correctly outside the circuit to derive `cv_net`
but then `Circuit` was just storing 0. The `round_trip` test passed
because it uses `rcv = 0` everywhere.
2021-07-28 22:51:43 +01:00
a33d1bd90f
Add circuit benchmarks and (on Unix) flamegraphs
...
- Benchmarks: `cargo bench`
- Flamegraphs: `cargo bench -- --profile-time 100`
2021-07-28 15:09:31 +01:00
513f3cf8a6
Make `Builder::build` public
2021-07-28 14:37:12 +01:00
01fbd59683
Move proof creation out of `Builder::build`
2021-07-28 14:37:12 +01:00
6b495f711a
Extract InProgress type from Unauthorized and PartiallyAuthorized
...
This enables bundle proofs and signatures to be handled separately
outside the builder.
2021-07-28 13:48:03 +01:00
078b71a960
Merge pull request #165 from daira/bump-halo2
...
Update to assign_table API.
2021-07-27 21:29:27 +01:00
6185d8e295
Bump halo2 revision to include `Layouter::assign_table`
2021-07-27 20:54:48 +01:00
145da9c510
Update to assign_table API.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 18:32:32 +01:00
a273307661
Merge pull request #164 from daira/book-decomposition
...
[book] decomposition.md: avoid introducing `m` when we already have `range`
2021-07-27 17:10:50 +01:00
b2e25b5ac3
[book] decomposition.md: avoid introducing `m` when we already have `range`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 17:06:36 +01:00
ee878ddc57
Merge pull request #162 from zcash/book-merge-lookups
...
[book] Merge lookup arguments for normal and short variants
2021-07-27 23:34:28 +08:00
d8743b8870
Merge pull request #161 from zcash/merge-lookups
...
Merge lookup arguments in `lookup_range_check` helper.
2021-07-27 23:34:15 +08:00
0bb4a7fd71
[book] decomposition.md: Formatting and phrasing fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-27 23:29:11 +08:00
1c2ab16a15
Merge pull request #163 from zcash/book-notecommit-fixes
...
book: Fixes to NoteCommit page
2021-07-27 23:10:29 +08:00
d3a7e9ed39
lookup_range_check: Merge running sum and short lookup arguments.
...
The lookup running sum decomposition uses the same lookup table as
its short variant. These two lookup arguments have been merged.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 09:50:17 +01:00
bb90f2eb7d
Merge pull request #101 from zcash/action-circuit
...
Action circuit
2021-07-27 09:49:23 +01:00
620e227854
Fix y-coordinate recovery in NoteCommit tests
2021-07-27 09:27:33 +01:00
3f506a0129
circuit.rs: Minor cleanups and column optimisations.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 15:41:26 +08:00
664125f44f
commit_ivk::tests: Check value of output ivk against expected ivk.
2021-07-27 15:33:13 +08:00
fa135fe62e
note_commit::tests: Constrain output of NoteCommit to expected point.
2021-07-27 15:23:00 +08:00
ac5404a943
[book] note-commit.md: Update NoteCommit gate region layout.
...
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
2021-07-27 13:56:10 +08:00
7aa3174880
sinsemilla::note_commit: Improve NoteCommit gate layout.
...
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
This commit also includes several minor fixes:
- use strict mode for decomposition of j in y-coordinate check;
- Name All Polynomial Constraints;
- remove point_repr() helper function;
- variable renaming and docfixes.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 13:51:35 +08:00
920fe64399
[book] note-commit.md: Document substitution of k_1 with z1_j.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 12:53:41 +08:00
e4a960d7f1
sinsemilla::note_commit: Simplify y canonicity check region layout
...
Instead of separately witnessing k_1 and equating it to z1_j, we
can directly make use of z1_j in the gate. This allows us to fit
the region into a 5 x 2 area, improving the layout.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 12:49:42 +08:00
9ef46ae4ee
book: Fixes to NoteCommit page
...
Noticed during review.
2021-07-27 05:34:36 +01:00
therealyingtong
Jack Grigg
Kris Nuttycombe
Daira Hopwood
Kris Nuttycombe