Daira Hopwood
6458e27185
Add minimal test that `Builder::value_balance` works.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-09-19 14:05:46 +01:00
Daira Hopwood
fbfc8f9ed8
Correct the doc comment for the `Builder::value_balance` method added in #352 .
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-09-19 14:05:46 +01:00
Daira Hopwood
f206b3f5d4
Merge pull request #352 from zingolabs/add_value_balance_to_builder
...
add value_balance to builder
2022-09-19 13:20:17 +01:00
Hazel OHearn
8011e0d57a
add value_balance to builder
2022-09-15 16:47:54 -03:00
Kris Nuttycombe
4b83deb240
Merge branch 'main' into add-proof-to-batch
2022-09-15 12:41:02 -06:00
Kris Nuttycombe
b81d0d1198
Merge pull request #344 from zingolabs/publicize_note_and_diversifier_construction
...
Publicize necessary functionality for creating diversifiers and notes from data
2022-09-15 12:39:56 -06:00
Hazel OHearn
0800d23fe7
Publicize diversifier method of Address, fix comments, etc
2022-09-15 14:40:21 -03:00
Daira Hopwood
2ff7ff4a54
Dummy implementation of Domain methods for prepared ivk and epk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-09-15 03:33:04 +01:00
Tomas Krnak
158f3e6e71
Publicize `ValueCommitment::derive` constructor
2022-08-13 15:35:01 +02:00
Daira Hopwood
2d15aeaa69
Update to new annotation syntax.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-07-21 21:43:00 +01:00
Taylor Hornby
7c83d6d676
Label consensus rules in orchard
2022-07-21 14:39:49 -06:00
Hazel OHearn
22e7ba14a2
Add random_seed getter fn
2022-07-07 11:05:07 -03:00
Hazel OHearn
45bcc16f80
Publicize necessary functionality for reading diversifiers and notes from data
2022-07-05 14:55:44 -03:00
Jack Grigg
63fc2adc0e
Expose `Proof::add_to_batch` in public API
...
This supports downstream users that want more control over how proof
batches are processed, instead of just batch validating Orchard bundles
with `orchard::bundle::BatchValidator`.
2022-07-04 20:05:47 +00:00
str4d
baabe3d7e2
Merge pull request #340 from zingolabs/enable_compact_action_and_orchard_domain_creation_without_action
...
Add OrchardDomain::for_nullifier and CompactAction::from_parts
2022-06-24 16:32:34 +01:00
Jack Grigg
e76a91adff
Document how to obtain inputs for `Builder::add_spend`
...
Closes zcash/orchard#244 .
2022-06-23 22:51:05 +00:00
Jack Grigg
da7358a48c
Fix incorrect namespaces in circuit debug code
...
Closes zcash/orchard#329 .
2022-06-23 22:33:10 +00:00
str4d
4bed67218a
Add note about relationship between signatures and proofs
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2022-06-23 22:33:40 +01:00
Jack Grigg
81626b3b28
Add batch-verification of proofs to `orchard::bundle::BatchValidator`
2022-06-23 19:45:42 +00:00
Jack Grigg
35a76f03b8
Add `orchard::bundle::BatchValidator`
...
Adapted from the `BatchValidator` in `zcashd`, that only handles
RedPallas signatures.
2022-06-23 19:45:25 +00:00
Hazel OHearn
22b77c028f
Remove unneeded generic type from for_nullifier
2022-06-23 16:29:55 -03:00
Jack Grigg
be69324b9c
Migrate to `halo2_proofs 0.2.0`
2022-06-23 19:24:57 +00:00
Hazel OHearn
6956c18d31
Add CompactAction::nullifier getter fn
2022-06-23 16:06:37 -03:00
Hazel OHearn
4e12b4e90a
Add OrchardDomain::for_nullifier and CompactAction::from_parts
2022-06-22 17:41:24 -03:00
Jack Grigg
07239e50a8
Add protocol rule links for the Orchard circuit constraints
...
Part of zcash/zcash#3957 .
2022-05-25 22:10:29 +00:00
Jack Grigg
311190c2d6
Migrate to final `halo2_gadgets` pre-release revision
...
Includes API changes made in zcash/halo2#573 .
2022-05-10 21:55:20 +00:00
str4d
15007026b1
Merge pull request #325 from zcash/fix-lints
...
Fix lints
2022-05-06 20:51:43 +01:00
Jack Grigg
07a88ae9f9
Fix rustdoc lint
2022-05-06 19:33:10 +00:00
Jack Grigg
6d6832f3f1
Fix clippy lints
2022-05-06 19:33:10 +00:00
therealyingtong
2f2bab5627
circuit.rs: Use BaseFitsInScalarInstructions for variable-base mul.
2022-05-06 18:58:18 +00:00
therealyingtong
4e6200796e
Implement new FixedPoint trait for OrchardFixedBasesFull.
2022-05-06 18:58:18 +00:00
str4d
c7361e8a8a
Merge pull request #299 from jarys/external-signatures
...
Support externally computed signatures
2022-05-06 15:02:03 +01:00
Jack Grigg
706cee42f5
Migrate to `ff 0.12`
2022-05-05 17:15:03 +00:00
Tomas Krnak
e47abb8018
Support externally computed signatures
...
Co-authored-by: str4d <thestr4d@gmail.com>
2022-05-05 18:12:27 +02:00
Jack Grigg
0603d602d0
Rename `anchor` to `root`, and `pub_input_anchor` to `anchor`
...
This ensures that we are consistent in the circuit in referring to the
public bundle anchor as `anchor`, and the calculated Merkle tree root as
`root`.
2022-05-04 23:57:26 +00:00
Jack Grigg
8c7bb5b95d
Rename `RangeConstrained::subset_of` to `bitrange_of`
2022-05-04 23:54:16 +00:00
Jack Grigg
3ca8c662a4
Merge branch 'main' into str4d/circuit-review
2022-05-04 17:09:15 +00:00
str4d
dc89386df1
Merge pull request #320 from zcash/243-compact-action-nullifier
...
Add nullifier field to `CompactAction`
2022-05-04 16:27:03 +01:00
Jack Grigg
c0b7fa2007
Add nullifier field to `CompactAction`
...
Also reorders the fields to match the ZIP 244 order.
Closes zcash/orchard#243 .
2022-05-04 15:01:05 +00:00
Jack Grigg
3ccf27e519
Update `Builder::build` docs
...
Closes zcash/orchard#279 .
2022-05-04 14:57:08 +00:00
Kris Nuttycombe
4e3e469780
Update incrementalmerkletree dependency version.
2022-05-04 08:01:02 -06:00
Jack Grigg
b46e4822d2
Update comments on `gadget::note_commit`
2022-05-04 03:01:17 +00:00
Jack Grigg
903f9e8160
Adjust APIs of NoteCommit circuit impl to separate gadget and chip
...
The separation isn't quite complete, as we removed the `GateCells`
abstraction, but it makes the outer APIs clearer.
2022-05-04 03:01:17 +00:00
Jack Grigg
8f15db1d01
Inline `NoteCommitConfig::assign_gate`
...
After the previous refactors, the `GateCells` struct now serves no
purpose. We also make a few type safety improvements at the same time.
2022-05-04 02:05:57 +00:00
Jack Grigg
bf99f13282
Refactor NoteCommit message piece decompositions onto per-region structs
2022-05-04 02:05:57 +00:00
Jack Grigg
3ced2c9c0b
Refactor NoteCommit region assignment onto per-region structs
2022-05-04 02:05:57 +00:00
Jack Grigg
f7ed302547
Refactor NoteCommit gate configuration into per-region structs
2022-05-03 23:31:17 +00:00
Jack Grigg
c4bf8105f2
Use `AssignedCell<NoteValue, _>` for circuit note values
2022-05-03 23:24:48 +00:00
Jack Grigg
0bad10d3eb
Replace `UtilitiesInstructions` usage with a dedicated helper
...
The new helper enables returning typed `AssignedCell`s, rather than only
`AssignedCell<F, F>`.
2022-05-03 23:24:48 +00:00
Jack Grigg
314728aada
Update comments on `gadget::commit_ivk`
2022-05-03 23:24:48 +00:00
Jack Grigg
bd104360a7
Migrate to `halo2_gadgets::utilities::RangeConstrained` newtype
2022-05-03 23:24:48 +00:00
Jack Grigg
3e40780313
Adjust APIs of Commit^ivk circuit impl to separate gadget and chip
2022-05-02 12:36:37 +00:00
Jack Grigg
a491688944
Circuit cleanups and documentation
2022-04-29 20:24:52 +00:00
Jack Grigg
3b922f8f48
Extract a `ValueCommit^Orchard` gadget from the circuit
2022-04-29 20:05:00 +00:00
Jack Grigg
dafb357dc0
Extract a `DeriveNullifier` gadget from the circuit
...
This introduces an `AddChip` implementing field element addition on a
single row, precisely matching what the nullifier integrity constraints
were relying on.
2022-04-29 20:03:17 +00:00
Jack Grigg
70b6eb3623
Simplify witness synthesis for `v_net`
...
`NoteValue - NoteValue` is always guaranteed to produce a valid
`ValueSum`, so we make that infallible and introduce a new helper method
`ValueSum::magnitude_sign` that we use for circuit synthesis.
2022-04-29 20:03:17 +00:00
Jack Grigg
714f2e7159
Use `array::map` now that our MSRV supports it
2022-04-29 18:04:01 +00:00
Jack Grigg
ae6a50611a
Pass `g_d_new` and `pk_d_new` directly to `Circuit`
...
The initial Action circuit specification indicated that only the byte
encodings of `g_d_new` and `pk_d_new` would be witnessed, but we ended
up witnessing the points directly instead. This commit removes the
leftover (and now redundant) encoding-decoding round trip.
2022-04-29 18:04:01 +00:00
Jack Grigg
f08a2a35c4
Rename `ak` to `ak_P` in the circuit implementation
...
Closes zcash/orchard#260 .
2022-04-29 18:04:01 +00:00
Jack Grigg
200c366ea4
Rename `Bundle::{try_}authorize` to `Bundle::{try_}map_authorization`
...
Closes zcash/orchard#71 .
2022-04-29 00:16:16 +00:00
Jack Grigg
5c5c999439
Move `orchard::bundle::Action` to its own module
...
The `Bundle` struct is variable in size and requires allocations, but
`Action` is not. This split will make it cleaner to disable the bundle
logic for no-std support.
2022-04-28 22:59:07 +00:00
Jack Grigg
4ec036c851
Remove unnecessary usage of `Vec`
2022-04-28 21:26:23 +00:00
Jack Grigg
30f9452743
Replace unnecessary usage of `std::io`
2022-04-28 20:45:05 +00:00
Jack Grigg
b1ce38405a
Use `core` instead of `std` where possible
2022-04-28 20:20:23 +00:00
Jack Grigg
52449ef88f
Migrate to `halo2::plonk::Constraints` helper
2022-04-28 19:52:55 +00:00
Jack Grigg
4574d4793a
Migrate to 2021 edition
2022-04-28 17:23:30 +00:00
Daira Hopwood
3b52b2abec
Minor cleanup found while performing review for zcash/zcash#5024
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-14 08:29:00 -06:00
Jack Grigg
06995064d7
incrementalmerkletree 0.3.0-beta.2
2022-04-06 18:19:39 +00:00
str4d
2c0aed712a
Merge pull request #308 from zcash/improve-debug-impls
...
Improve `Debug` impls
2022-04-06 18:59:33 +01:00
str4d
7c2cc814de
Merge pull request #288 from rex4539/typos
...
Fix typos
2022-04-06 18:23:17 +01:00
Jack Grigg
01d70ec875
Hide `NonEmpty` in `Debug` impl of `Bundle`
...
It is an implementation detail that isn't useful to include in the debug
output.
2022-04-06 17:22:18 +00:00
Jack Grigg
caca664b20
Make `Debug` impl for `TransmittedNoteCiphertext` less verbose
...
We now print the ciphertexts as hex bytes, for which we unambiguously
encode them in RPC outputs (vs 32-byte values which are more complex).
2022-04-06 17:22:17 +00:00
Jack Grigg
6941fe1109
Make `Debug` impl for `Proof` much less verbose
...
For the default `{:?}` debug formatting we now only print the length of
the proof, while `{#?}` continues to print the full byte vector.
2022-04-06 17:21:48 +00:00
therealyingtong
eaa0cfdbf6
Check that the internal IVK can be derived from a spending key
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2022-03-30 20:49:38 +08:00
therealyingtong
e550c3d536
Check IVK derivations during FullViewingKey::from_bytes.
...
Closes zcash/orchard#303
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2022-03-30 20:49:38 +08:00
therealyingtong
a0424984c6
Add explicit scoping for viewing keys and addresses
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2022-03-30 20:49:37 +08:00
Jack Grigg
56a946dafc
halo2_proofs 0.1.0-beta.3
...
The change to the pinned circuit description is due to removing the
unnecessary `selector_map` pin in zcash/halo2#521 . This invalidates
previous proofs due to changing Fiat-Shamir transcript initialization).
2022-03-22 21:29:36 +00:00
Jack Grigg
d6d1dbea14
Update serialized proof test case for circuit changes
2022-03-22 17:59:56 +00:00
Jack Grigg
6c9ff19342
Merge branch 'main' into non-consensus-changes-on-branchid-c4cd541e
2022-03-22 17:55:59 +00:00
Jack Grigg
72b6febf7b
Move zero-handling from inside CommitIVK to outside it
...
This more closely matches the change to the protocol spec.
2022-03-17 18:51:33 +00:00
Jack Grigg
795fb78d2d
Add serialized proof test case
...
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
2022-03-16 19:47:00 +00:00
Jack Grigg
5356804bfe
Update comment in `spec::commit_ivk`
2022-03-15 23:26:57 +00:00
therealyingtong
72f1ca6b45
spec.rs: Check that commit_ivk returns a nonzero base.
2022-03-16 01:28:13 +08:00
Kris Nuttycombe
40efd57757
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2022-03-15 07:47:21 -06:00
Kris Nuttycombe
45a6a30b21
Add convenience methods on `Bundle` to decrypt actions with OVKs.
...
This renames `decrypt_outputs_for_keys` to `decrypt_outputs_with_keys`
for consistency with `decrypt_output_with_key` and tne newly added
`recover_output*_with_ovk*` methods.
2022-03-14 19:28:47 -06:00
Jack Grigg
eb7a9668aa
Merge branch 'non-consensus-changes-on-branchid-c4cd541e' into merge-non-consensus-changes-2
2022-02-28 20:46:55 +00:00
Jack Grigg
def4d4d9ae
Add missing `Debug` trait bounds for `Builder` components
...
All relevant types have `Debug` impls, but some of the trait and method
impls were lacking `Debug` bounds on their generic types. This prevented
`Debug` impls being used on the overall partially-constructed `Bundle`
types.
2022-02-28 20:09:30 +00:00
Kris Nuttycombe
273662c00b
Apply suggestions from code review
...
Co-authored-by: str4d <thestr4d@gmail.com>
2022-02-24 09:16:39 -07:00
Kris Nuttycombe
1cf828fe7b
Update the incremental merkle tree version and the Rust toolchain.
...
Use derived equality and ordering (which delegate to constant-time
versions) for note::nullifier::Nullifier and tree::MerkleHashOrchard
so that these types can be used as map keys in wallets.
2022-02-23 20:43:02 -07:00
Jack Grigg
65f3e6ec32
Add `FullViewingKey::derive_internal`
...
This is identical to the changes introduced in zcash/orchard#270 , except
that the output is non-optional (since the derivation is non-fallible).
2022-02-21 14:41:47 +00:00
Dimitris Apostolou
b96533a2b8
Fix typos
2022-02-18 23:31:27 +02:00
Jack Grigg
28c22718c0
Remove `hash_bundle_txid_data, hash_bundle_auth_data` from API
2022-02-15 23:03:02 +00:00
Jack Grigg
b1d7787ab6
Re-introduce `ValueSum::from_raw` as a `pub(crate)` method
...
We removed this in zcash/orchard#267 as it did not need to be part of
the public API, but we do still need a way to convert the user-defined
valueBalance type into a `ValueSum` when constructing `bvk`, and this
method is preferable to exposing the `ValueSum` internals.
2022-02-15 22:47:05 +00:00
Jack Grigg
17ad25ee35
Merge branch 'non-consensus-changes-on-branchid-c4cd541e' into merge-non-consensus-changes
2022-02-15 22:46:47 +00:00
Jack Grigg
62da82bd38
Add functional test for creating and verifying a shielded bundle
...
The text exposed some limitations of the current crate API, which have
been fixed.
2022-02-15 22:17:15 +00:00
Jack Grigg
0b6bd07904
Add functional test for creating and verifying a shielding bundle
...
The text exposed some limitations of the current crate API, which have
been fixed.
2022-02-15 22:17:15 +00:00
Daira Hopwood
e92d1167af
The address used to derive g_d_old and pk_d_old is the recipient address of the note being spent.
2022-02-15 14:39:32 -07:00
Kris Nuttycombe
5d5e289197
Remove default_diversifier and default_address methods.
2022-02-15 14:39:32 -07:00
Kris Nuttycombe
4c7ab377fb
Make the DiversifierKey type crate-private
2022-02-14 17:04:38 -07:00
Kris Nuttycombe
ae3cc78a56
Add decryption of the diversifier index for an address to the IVK.
...
Also correct a spelling error.
2022-02-14 17:04:38 -07:00