Jack Grigg
a65018f93c
Fix variable name in `spec::diversify_hash`
...
Closes zcash/orchard#368 .
2023-04-11 00:23:33 +00:00
Jack Grigg
3beea4adb7
Migrate to `ff 0.13`
...
Closes zcash/orchard#371 .
2023-03-09 21:14:41 +00:00
Jack Grigg
050b2f231e
Add `memuse::DynamicUsage` impls for types used for batch scanning
2022-10-15 23:29:06 +00:00
Jack Grigg
0b4d7bc9c6
Migrate note encryption to use prepared w-NAF APIs
2022-10-15 23:27:57 +00:00
Jack Grigg
311190c2d6
Migrate to final `halo2_gadgets` pre-release revision
...
Includes API changes made in zcash/halo2#573 .
2022-05-10 21:55:20 +00:00
Jack Grigg
706cee42f5
Migrate to `ff 0.12`
2022-05-05 17:15:03 +00:00
Jack Grigg
4ec036c851
Remove unnecessary usage of `Vec`
2022-04-28 21:26:23 +00:00
Jack Grigg
b1ce38405a
Use `core` instead of `std` where possible
2022-04-28 20:20:23 +00:00
Jack Grigg
4574d4793a
Migrate to 2021 edition
2022-04-28 17:23:30 +00:00
Jack Grigg
72b6febf7b
Move zero-handling from inside CommitIVK to outside it
...
This more closely matches the change to the protocol spec.
2022-03-17 18:51:33 +00:00
Jack Grigg
5356804bfe
Update comment in `spec::commit_ivk`
2022-03-15 23:26:57 +00:00
therealyingtong
72f1ca6b45
spec.rs: Check that commit_ivk returns a nonzero base.
2022-03-16 01:28:13 +08:00
therealyingtong
f74cb9e4d3
Delete gadgets and their primitives; add `halo2_gadgets` dependency.
2022-01-29 01:57:01 +08:00
Jack Grigg
f300cea2c8
Fix clippy lints
...
These became stable lints between 1.51 and 1.54.
2022-01-28 23:00:00 +08:00
therealyingtong
1a3cbeb896
Refactor src/constants and primitives::sinsemilla::constants.
2022-01-19 00:46:12 +08:00
str4d
b13b9677cf
Merge pull request #254 from zcash/pasta_curves-prep
...
Remove various usages of `FieldExt` methods
2021-12-16 12:07:50 +00:00
Jack Grigg
bfc65d5985
poseidon: Remove `self` parameter from `Domain` trait methods
...
For almost all the sponge constructions defined in the Poseidon paper,
the domain can be defined completely statically. Variable-length hashing
requires knowledge of the message length, but that can be provided to
the fixed padding function in a subsequent commit, and in any case we
can't use variable-length inputs in a circuit.
2021-12-10 02:40:33 +00:00
Jack Grigg
0378898289
Replace `FieldExt::{from, to}_bytes` with `PrimeField::{from, to}_repr`
2021-12-09 15:39:37 +00:00
Jack Grigg
6f0cab5ffd
Replace `FieldExt::from_u64` with `PrimeField: From<u64>`
2021-12-09 15:38:36 +00:00
therealyingtong
b63c868591
poseidon: Make Spec trait methods not take (&self) parameter.
2021-11-30 10:02:16 -05:00
therealyingtong
764c445a81
Rename poseidon::nullifier -> poseidon::p128pow5t3.
2021-10-12 11:58:27 +02:00
Jack Grigg
8c82ceecbf
ff 0.11, group 0.11, pasta_curves 0.2 etc.
2021-09-06 20:39:43 +01:00
Kris Nuttycombe
5d78ab3508
Add Eq and Ord implementations for Orchard keys.
2021-08-23 11:29:06 -06:00
Kris Nuttycombe
77cf4c9831
Implement IncomingViewingKey::to_bytes
2021-08-23 11:27:02 -06:00
Jack Grigg
f4a8c082a9
Use w-NAF in `ka_orchard`
...
Improves the base-line cost of trial decryption by over 40%.
2021-08-06 13:43:19 +01:00
Kris Nuttycombe
b86967bc57
Merge pull request #135 from zcash/patch-ncc
...
Partial fixes from NCC draft report
2021-07-22 15:25:05 -06:00
therealyingtong
5ae9890913
mul::overflow.rs: Overflow check in variable-base scalar mul
...
Simplify the canonicity check for variable-base scalar multiplication,
by range-checking the low 130 bits rather than the low 127 bits.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
2021-07-07 23:10:59 +08:00
therealyingtong
ba7e1892de
Minor fixes involving constants.
...
- document that find_zs_and_us is not meant to be used anywhere
- use F::zero() instead of F::default() in constants/util.rs
- use personalisations from constants in spec.rs
2021-06-30 20:00:36 +08:00
therealyingtong
1ac3541505
Add spec::i2lebsp and constants::MERKLE_DEPTH_ORCHARD
2021-06-29 12:07:49 +08:00
Daira Hopwood
81fb944997
Make this crate clippy clean for warnings on nightly.
...
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-21 18:04:00 +01:00
ebfull
ee26116fcf
Merge pull request #114 from zcash/util-range-check
...
utilities::lookup_range_check: Add LookupRangeCheck helper
2021-06-14 10:56:52 -06:00
therealyingtong
f5bf0c1ef3
lookup_range_check.rs: Docfixes and minor refactors.
2021-06-15 00:18:38 +08:00
therealyingtong
b7b8126ccf
spec.rs: Add lebs2ip function bounded on const generic L.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 23:20:59 +08:00
Jack Grigg
37326df1ab
spec: Impl more traits for NonZero types
...
Also fixes their Default impls to use "1" as the default.
2021-06-11 23:55:17 +01:00
Jack Grigg
8a7ff1b28a
Structs representing note encryption key material
2021-06-11 23:54:35 +01:00
Jack Grigg
bea8a9b7ff
Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1
2021-06-04 20:38:52 +01:00
Jack Grigg
c4ffb7c617
Rework PRF^expand to use explicit domains
...
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
2021-05-28 13:12:25 +01:00
Jack Grigg
cea8a3ab69
Move prf_expand{_vec} into a submodule for clarity
2021-05-28 12:42:01 +01:00
str4d
2bbbc3ec94
Update comments
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-05-21 21:24:08 +01:00
Jack Grigg
736de1156b
Ensure that Notes always have valid commitments
...
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
2021-05-11 18:51:57 +08:00
Jack Grigg
76a39d29c1
Change diversify_hash and ka_orchard to use non-zero types
...
This matches the changes to KA^Orchard in spec version 2021.1.23.
2021-05-11 18:51:57 +08:00
Jack Grigg
9a828febd7
Change `commit_ivk` to return a non-zero Pallas base field element
...
The type system now enforces that `ivk != 0`.
2021-05-11 18:51:57 +08:00
Jack Grigg
c08d12cc52
Use incomplete addition in SinsemillaHashToPoint
...
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:
- When we generate keys or notes, if we encounter ⊥ we discard and
re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
from bytes), we check for and reject ⊥.
2021-04-20 10:05:56 +12:00
Jack Grigg
907ff46078
Simulate incomplete addition
...
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
2021-04-20 10:04:44 +12:00
Jack Grigg
4c34a61c57
Use const generics for poseidon::ConstantLength
2021-03-30 14:13:15 +13:00
Jack Grigg
0f8c5b7dd3
Document TODO for SinsemillaShortCommit usage
...
https://github.com/zcash/orchard/issues/55
2021-03-30 13:55:29 +13:00
Jack Grigg
3b14cfc133
Fix link to NU5 protocol spec draft
2021-03-30 13:54:23 +13:00
Jack Grigg
0f6eb9ca6c
Nullifier derivation
2021-03-26 07:51:05 +13:00
Jack Grigg
1a37ca492d
Extract spec::mod_r_p helper from spec::commit_ivk
2021-03-26 07:51:05 +13:00
therealyingtong
873e1b7d7e
Call hash_to_curve() only when constructing new domain
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-03-24 12:10:37 +08:00