Daira Hopwood
9adeead975
[book] Make the order of advice columns for Sinsemilla the same as in the code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 15:35:34 +01:00
Daira Hopwood
9dc909e842
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:37:07 +01:00
Daira Hopwood
2a8fe30fa8
[book] Clarify that x_Q, z_0, z'_0, etc. are copied in using equality constraints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:32:11 +01:00
therealyingtong
158ab865f8
gadget::sinsemilla.rs: Add Sinsemilla test.
2021-06-19 18:17:11 +08:00
therealyingtong
eba2172f4f
chip::hash_to_point.rs: Implement hash_to_point instruction.
2021-06-19 18:17:10 +08:00
therealyingtong
f122e481a7
sinsemilla::chip.rs: Configure Sinsemilla gates.
2021-06-19 18:17:09 +08:00
therealyingtong
7cddc9b587
sinsemilla::chip.rs: Implement witness_message_* APIs.
...
witness_message() witnesses a full message given a bitstring.
The other two APIs, witness_message_piece_bitstring() and
witness_message_piece_field(), both witness a message piece, i.e.
part of a message that fits within a single base field element.
witness_message_piece_bitstring() takes in a bitstring, while
witness_message_piece_field() takes in a field element. In the
latter case, the number of words encoded must be specified.
2021-06-19 18:14:22 +08:00
therealyingtong
74e617b46d
chip::generator_table.rs: Load Sinsemilla generator lookup table.
...
The 2^K table of generators used in the Sinsemilla hash. These
are loaded into a lookup table.
2021-06-19 18:14:22 +08:00
therealyingtong
ebb7dae063
sinsemilla::chip.rs: Add Sinsemilla chip.
...
The chip that will implement SinsemillaInstructions.
2021-06-19 18:14:22 +08:00
therealyingtong
e2859df4eb
sinsemilla::message.rs: Add message module.
...
This defines a Sinsemilla message in terms of pieces and subpieces.
This is useful when decomposing field elements and packing them
into K-bit messages.
2021-06-19 18:14:22 +08:00
therealyingtong
af2ac762f4
gadget::sinsemilla.rs: Add Sinsemilla instructions.
...
SinsemillaInstructions has two const generic parameters: K, which
is the number of bits in each word of the hash, and MAX_WORDS,
which is the maximum number of words the hash can process.
For Orchard, K = 10, MAX_WORDS = 253.
2021-06-19 18:14:22 +08:00
therealyingtong
83eddd8857
ecc::chip.rs: Add Point::from_coordinates_unchecked() API
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-19 18:14:22 +08:00
Daira Hopwood
48573705dc
[book] Adjust the definition of m_{i+1} so that the last z_n does not need to be constrained to 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 08:53:41 +01:00
Daira Hopwood
22036e9f41
[book] More formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:49:46 +01:00
Daira Hopwood
aac10b816f
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:45:50 +01:00
Daira Hopwood
dc021a2ef1
[book] Merge two similar paragraphs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:20:09 +01:00
Daira Hopwood
82316b607b
[book] Update the Sinsemilla constraints to handle the gap between field elements correctly.
...
This also changes i to be zero-based, which is more consistent with the spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:12:48 +01:00
Daira Hopwood
4cd0082294
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-18 21:27:55 +01:00
str4d
0b6bd66714
Merge pull request #120 from daira/fix-clippy-lints
...
Fix clippy lints
2021-06-16 20:24:02 +01:00
Daira Hopwood
1c19bea842
Fix clippy lints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-16 19:13:40 +01:00
str4d
37b1b7f357
Merge pull request #119 from zcash/anchor-serialization
...
Anchor serialization APIs
2021-06-15 16:25:36 +01:00
Jack Grigg
5264d53498
impl Copy for Anchor
2021-06-15 15:42:06 +01:00
Jack Grigg
019ae7da8e
Anchor::{from_bytes, to_bytes}
2021-06-15 15:41:57 +01:00
Daira Hopwood
e412a5a25b
Merge pull request #115 from zcash/anchor-type
...
Store anchors as pallas::Base instead of [u8; 32]
2021-06-15 14:18:48 +01:00
str4d
f7c64e0437
Merge pull request #117 from zcash/change-dep-patching
...
Use patches for halo2 and zcash_note_encryption dependencies
2021-06-15 01:09:18 +01:00
Jack Grigg
5759d66470
Use patches for halo2 and zcash_note_encryption dependencies
...
While these two are in flux, it's hard to keep these revisions consistent
(e.g. https://github.com/zcash/zcash/pull/5217 currently depends on two
different versions of zcash_note_encryption). Using patches allows the
downstream users (i.e. zcashd) to define its own set of patches, and keep
everything in sync. This works fine now because we aren't actively making
changes to the public APIs, only additions.
2021-06-14 23:17:15 +01:00
str4d
63ca1f8d3a
Merge pull request #116 from zcash/signature-validation
...
Signature validation APIs
2021-06-14 22:42:36 +01:00
Jack Grigg
e90a5972f1
redpallas: Expose batch validation API
2021-06-14 21:41:12 +01:00
Jack Grigg
eec17a9174
Add a `Bundle::binding_validating_key` method
...
This derives the `bvk` for validating `Authorized::binding_signature`.
2021-06-14 21:40:28 +01:00
ebfull
ee26116fcf
Merge pull request #114 from zcash/util-range-check
...
utilities::lookup_range_check: Add LookupRangeCheck helper
2021-06-14 10:56:52 -06:00
therealyingtong
f5bf0c1ef3
lookup_range_check.rs: Docfixes and minor refactors.
2021-06-15 00:18:38 +08:00
therealyingtong
60861b7245
sinsemilla::constants.rs: Add INV_TWO_POW_K = 1 / 2^K constant.
2021-06-15 00:18:38 +08:00
str4d
1182d8d5a7
Merge pull request #99 from zcash/note-encryption
...
Note encryption
2021-06-14 17:16:54 +01:00
ebfull
4a52d771b1
Merge pull request #113 from zcash/constants-concrete-type
...
`constants::load.rs`: Use concrete `pallas::Affine` type for generators
2021-06-14 09:25:17 -06:00
ebfull
83b76333d3
Merge pull request #107 from zcash/ecc-chip
...
[ECC chip] Incomplete and complete addition
2021-06-14 09:07:34 -06:00
therealyingtong
beaf4490f1
sinsemilla.md: Correct y_{A,i} and y_{P,i} formulas in gate specification
2021-06-14 21:30:51 +08:00
therealyingtong
c25526e216
lookup_range_check.rs: Delete wrong comment.
2021-06-14 19:55:51 +08:00
therealyingtong
8a8df98a50
add_incomplete::tests: Constrain output of `P + Q` test.
...
Also minor docfixes and refactors.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-14 00:19:21 +08:00
therealyingtong
70ec5755cf
lookup_range_check.rs: Add documentation and minor refactors.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 23:24:19 +08:00
therealyingtong
b7b8126ccf
spec.rs: Add lebs2ip function bounded on const generic L.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 23:20:59 +08:00
therealyingtong
7341996d2c
gadget::ecc.rs: Add EccInstructions::constrain_equal() instruction.
...
This allows us to constrain two points to be equal in value at the
gadget level.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-13 21:26:30 +08:00
therealyingtong
b299a51b31
lookup_range_check.rs: Downgrade from Chip to Config.
...
We need to be able to toggle the lookup on and off on specific
offsets. These offsets are often assigned outside the logic of
the decomposition.
2021-06-13 09:40:50 +08:00
therealyingtong
cdab5bf8c4
gadget::utilities.rs: Remove Chip bound on UtilitiesInstructions.
2021-06-13 09:40:20 +08:00
Jack Grigg
de78186503
Store anchors as pallas::Base instead of [u8; 32]
...
This matches what we store in `MerklePath`, and better enforces the
required type.
2021-06-12 21:35:37 +01:00
therealyingtong
e83880841a
utilities::lookup_range_check: Add LookupRangeCheck chip
...
This decomposes a field element into K-bit words and constrains each
word's range by looking it up in a K-bit lookup table.
The field element is broken down using a running sum. All interstitial
values of the running sum are returned.
2021-06-12 22:46:31 +08:00
therealyingtong
a11c2066ef
chip::add.rs: Use Expression::square() + other minor refactors
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-06-12 20:25:12 +08:00
therealyingtong
e259bb3846
ecc::chip.rs: Use concrete pallas::Affine for Chip impl.
...
The EccInstructions trait is still generic over C: CurveAffine;
however, the EccChip implementation is specific to the pasta
curves.
2021-06-12 20:25:09 +08:00
therealyingtong
aec7a7f850
ecc::chip.rs: Stub out scalar-mul-related structs and types.
...
These will be updated or restored in #111 .
2021-06-12 20:24:14 +08:00
ying tong
e1779dab70
Docfixes and minor refactors.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-06-12 12:41:27 +08:00
therealyingtong
6dabb16edc
chip::add.rs: Use batch inversion for alpha, beta, gamma, delta
2021-06-12 12:41:27 +08:00