therealyingtong
f7e150a81b
Create halo2-gadgets workspace.
2021-10-12 14:08:43 +02:00
therealyingtong
6c6b5e66f3
sinsemilla::merkle.rs: Implement i2lebsp locally.
...
Also include gen_const_array helper in gadget::utilities.
2021-10-12 12:51:41 +02:00
therealyingtong
5168c0c2bb
Refactor src/constants and primitives::sinsemilla::constants.
2021-10-12 12:49:52 +02:00
therealyingtong
f34b4ba51c
lookup_range_check: Introduce local lebs2ip method.
2021-10-12 12:28:38 +02:00
therealyingtong
76431eefad
Move decompose_word into from constants::util into gadget::utilities.
...
This helper is not used outside of the gadget.
2021-10-12 12:28:22 +02:00
therealyingtong
e3aad46785
ecc: Merge FixedPoints, FixedPointsBaseField, FixedPointsShort types.
...
This API change defines a FixedPoints trait that is implemented for
all OrchardFixedBases. This makes EccChip, SinsemillaChip, and
MerkleChip generic over the fixed bases used.
2021-10-12 12:26:18 +02:00
therealyingtong
951dd0a108
gadget::sinsemilla: Move Orchard-specific inputs into parent folder.
...
The sinsemilla submodules note_commit and commit_ivk are tailored
for input lengths specific to Orchard. They have been moved out of
the gadget folder and into the parent circuit folder.
2021-10-12 12:02:33 +02:00
therealyingtong
2c97e56da7
Add hash() and permute() test vectors for Poseidon over Fq.
2021-10-12 11:58:27 +02:00
therealyingtong
764c445a81
Rename poseidon::nullifier -> poseidon::p128pow5t3.
2021-10-12 11:58:27 +02:00
Jack Grigg
631182fb77
Update selector columns in expected-failure tests
...
The addition of the non-identity selector caused the layouter to reorder
some of the selectors in the ECC gadget test circuit.
2021-09-28 21:49:06 +01:00
Daira Hopwood
d77cb82c8d
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-09-28 21:09:39 +01:00
Jack Grigg
d0056d9050
Test that we can't witness the identity as a NonIdentityPoint
2021-09-28 21:00:29 +01:00
str4d
aec3b1d52d
Remove unnecessary clones in closure
2021-09-28 20:31:32 +01:00
therealyingtong
52f53f3425
Remove IsIdentity trait from public EccInstructions.
...
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
b0de6afd7c
Reintroduce Point::new() API and constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
Jack Grigg
751277cdb2
Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound
...
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
2021-09-28 13:13:25 -06:00
Jack Grigg
97c27e3d5a
Use complete addition in SinsemillaCommit
...
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
2021-09-28 13:13:25 -06:00
therealyingtong
8c8a12a8df
Minor fixes.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-28 13:13:25 -06:00
therealyingtong
fa560d3aee
Replace is_identity() instruction with IsIdentity trait.
2021-09-28 13:13:25 -06:00
therealyingtong
4a13ab4f6b
Docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
Daira Hopwood
6b6b515232
`hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>`
...
because any exceptional case is treated as an error, and therefore the identity cannot be returned.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
8ad3003e27
Remove Point::new() API and introduce is_identity() instruction.
...
Also remove the q_point selector and gate from the circuit.
2021-09-28 13:13:25 -06:00
therealyingtong
ec27989b9b
Clippy and formatting fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
cdcfcbc0c2
gadget::sinsemilla: Propagate changes to the Sinsemilla gadget.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
258fe5796b
ecc::chip: Propagate changes to sub-chips.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
df26a6c674
chip::witness_point.rs: Constraints for non-identity point.
...
The point_non_id() method returns an error if the given point is
the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
88eb762cf2
ecc::chip.rs: Introduce NonIdentityEccPoint struct.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
f5ed26790a
gadget::ecc: Introduce NonIdentityPoint associated type and gadget.
...
The add_incomplete() and mul() APIs have been removed from the
Point gadget, since we cannot perform incomplete addition or
variable-base scalar multiplication on the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
58de805a13
sinsemilla::merkle.rs: Use tree::MerklePath::root in tests.
2021-09-16 15:36:24 +02:00
str4d
3dd2a1872a
Merge pull request #169 from zcash/circuit-constraint-refinements
...
Circuit constraint refinements to reduce proof size
2021-09-14 02:05:41 +01:00
Daira Hopwood
ee44d2ccf0
Apply suggestions from code review
2021-09-07 02:45:10 +01:00
Daira Hopwood
97e18a8190
Apply suggestions from code review
2021-09-07 00:56:22 +01:00
Daira Hopwood
faddaf9e30
note_commit.rs: make two_pow_* definitions more consistent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-07 00:52:37 +01:00
Jack Grigg
8c82ceecbf
ff 0.11, group 0.11, pasta_curves 0.2 etc.
2021-09-06 20:39:43 +01:00
Daira Hopwood
c24c67d5f0
cargo fmt
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 14:11:08 +01:00
str4d
f2400baa01
Improve NoteCommit input value gate doc
...
Brings it in line with the other gate docs.
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-19 14:35:56 +01:00
str4d
bac22d9b19
clippy: Remove redundant clones
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-19 14:34:15 +01:00
str4d
ac900148ed
Fix typo in gate documentation
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-19 14:33:52 +01:00
therealyingtong
1f852544cf
poseidon::Domain: Remove Spec trait bound.
...
The methods in the Domain trait are not generic over Spec.
2021-08-13 14:47:02 +08:00
therealyingtong
995728caa6
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
2021-08-12 15:45:14 +08:00
Jack Grigg
9af22a8cbc
circuit: Add region layout diagrams for y_switch constraint
...
Helps to see why we can't optimise it to remove the `prev` query.
2021-07-29 20:57:33 +01:00
Jack Grigg
6aa85fcdfe
circuit: Refactor NoteCommit input processing into multiple regions
...
The new regions take up more cells overall, but across fewer columns,
and the gates now only query `cur` and `next` rows.
2021-07-29 20:13:27 +01:00
Jack Grigg
2198675f9d
circuit: Rotate `q_commit_ivk` selector up by one row
...
This ensures the Commit^ivk gate only queries `cur` and `next` rows.
2021-07-29 14:56:56 +01:00
Jack Grigg
0009070358
circuit: Rotate`q_mul_lsb` selector up by one row
...
This ensures the "LSB check" gate only queries `cur` and `next` rows.
2021-07-29 14:56:56 +01:00
Jack Grigg
16e9076080
Add names to some nameless constraints
2021-07-29 14:56:56 +01:00
Daira Hopwood
145da9c510
Update to assign_table API.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 18:32:32 +01:00
therealyingtong
d3a7e9ed39
lookup_range_check: Merge running sum and short lookup arguments.
...
The lookup running sum decomposition uses the same lookup table as
its short variant. These two lookup arguments have been merged.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 09:50:17 +01:00
str4d
620e227854
Fix y-coordinate recovery in NoteCommit tests
2021-07-27 09:27:33 +01:00
therealyingtong
664125f44f
commit_ivk::tests: Check value of output ivk against expected ivk.
2021-07-27 15:33:13 +08:00
therealyingtong
fa135fe62e
note_commit::tests: Constrain output of NoteCommit to expected point.
2021-07-27 15:23:00 +08:00