zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ff 0.11, group 0.11, etc.

This commit is contained in:
Jack Grigg 2021-09-09 17:45:50 +01:00
parent 993925e049
commit 65e1d32774
23 changed files with 58 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.toml
View File

@ -19,11 +19,8 @@ codegen-units = 1
[patch.crates-io]
# In development.
halo2 = { git = "https://github.com/zcash/halo2.git", rev = "27c4187673a9c6ade13fbdbd4f20955530c22d7f" }
orchard = { git = "https://github.com/zcash/orchard.git", rev = "d0baa18fc6105df4a7847de2b6dc50c5919b3123" }
halo2 = { git = "https://github.com/zcash/halo2.git", rev = "26047eaf323929935fd1e6aa3ae100b1113706e0" }
orchard = { git = "https://github.com/zcash/orchard.git", rev = "52a19279dfad34dc3eb04c77082ee5b9664b017c" }
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" }
zcash_encoding = { path = "components/zcash_encoding" }
zcash_note_encryption = { path = "components/zcash_note_encryption" }
# Unreleased
jubjub = { git = "https://github.com/zkcrypto/jubjub.git", rev = "96ab4162b83303378eae32a326b54d88b75bffc2" }

6
components/zcash_note_encryption/Cargo.toml
View File

@ -16,14 +16,14 @@ blake2b_simd = "0.5"
byteorder = "1"
chacha20 = "0.8"
chacha20poly1305 = "0.9"
ff = "0.10"
group = "0.10"
ff = "0.11"
group = "0.11"
rand_core = "0.6"
subtle = "2.2.3"
[dev-dependencies]
zcash_primitives = { version = "0.5", path = "../../zcash_primitives" }
jubjub = "0.7"
jubjub = "0.8"
[lib]
bench = false

1
zcash_client_backend/CHANGELOG.md
View File

@ -8,6 +8,7 @@ and this library adheres to Rust's notion of
## [Unreleased]
### Changed
- MSRV is now 1.51.0.
- Bumped dependencies to `ff 0.11`, `group 0.11`, `bls12_381 0.6`, `jubjub 0.8`.
- `epk: jubjub::ExtendedPoint` has been replaced by
`ephemeral_key: zcash_note_encryption::EphemeralKeyBytes` in various places:
- `zcash_client_backend::wallet::WalletShieldedOutput`: the `epk` field has

8
zcash_client_backend/Cargo.toml
View File

@ -14,13 +14,13 @@ edition = "2018"
[dependencies]
bech32 = "0.8"
bls12_381 = "0.5"
bls12_381 = "0.6"
bs58 = { version = "0.4", features = ["check"] }
base64 = "0.13"
ff = "0.10"
group = "0.10"
ff = "0.11"
group = "0.11"
hex = "0.4"
jubjub = "0.7"
jubjub = "0.8"
nom = "7"
percent-encoding = "2.1.0"
proptest = { version = "1.0.0", optional = true }

2
zcash_client_backend/src/proto.rs
View File

@ -94,7 +94,7 @@ impl compact_formats::CompactOutput {
pub fn cmu(&self) -> Result<bls12_381::Scalar, ()> {
let mut repr = [0; 32];
repr.as_mut().copy_from_slice(&self.cmu[..]);
bls12_381::Scalar::from_repr(repr).ok_or(())
Option::from(bls12_381::Scalar::from_repr(repr)).ok_or(())
}
/// Returns the ephemeral public key for this output.

1
zcash_client_sqlite/CHANGELOG.md
View File

@ -8,6 +8,7 @@ and this library adheres to Rust's notion of
## [Unreleased]
### Changed
- MSRV is now 1.51.0.
- Bumped dependencies to `ff 0.11`, `group 0.11`, `jubjub 0.8`.
- Renamed the following to use lower-case abbreviations (matching Rust
naming conventions):
- `zcash_client_sqlite::BlockDB` to `BlockDb`

6
zcash_client_sqlite/Cargo.toml
View File

@ -15,9 +15,9 @@ edition = "2018"
[dependencies]
bech32 = "0.8"
bs58 = { version = "0.4", features = ["check"] }
ff = "0.10"
group = "0.10"
jubjub = "0.7"
ff = "0.11"
group = "0.11"
jubjub = "0.8"
protobuf = "2.20"
rand_core = "0.6"
rusqlite = { version = "0.24", features = ["bundled", "time"] }

4
zcash_client_sqlite/src/wallet/transact.rs
View File

@ -37,11 +37,11 @@ fn to_spendable_note(row: &Row) -> Result<SpendableNote, SqliteClientError> {
// We store rcm directly in the data DB, regardless of whether the note
// used a v1 or v2 note plaintext, so for the purposes of spending let's
// pretend this is a pre-ZIP 212 note.
let rcm = jubjub::Fr::from_repr(
let rcm = Option::from(jubjub::Fr::from_repr(
rcm_bytes[..]
.try_into()
.map_err(|_| SqliteClientError::InvalidNote)?,
)
))
.ok_or(SqliteClientError::InvalidNote)?;
Rseed::BeforeZip212(rcm)
};

4
zcash_extensions/Cargo.toml
View File

@ -13,8 +13,8 @@ blake2b_simd = "0.5"
zcash_primitives = { version = "0.5", path = "../zcash_primitives", features = ["zfuture" ] }
[dev-dependencies]
ff = "0.10"
jubjub = "0.7"
ff = "0.11"
jubjub = "0.8"
orchard = "0.0"
rand_core = "0.6"
zcash_proofs = { version = "0.5", path = "../zcash_proofs" }

1
zcash_primitives/CHANGELOG.md
View File

@ -54,6 +54,7 @@ and this library adheres to Rust's notion of
### Changed
- MSRV is now 1.51.0.
- Bumped dependencies to `ff 0.11`, `group 0.11`, `bls12_381 0.6`, `jubjub 0.8`.
- The following modules and helpers have been moved into
`zcash_primitives::sapling`:
- `zcash_primitives::group_hash`

10
zcash_primitives/Cargo.toml
View File

@ -21,21 +21,21 @@ bitvec = "0.22"
bip0039 = { version = "0.8.0", features = ["std", "all-languages"] }
blake2b_simd = "0.5"
blake2s_simd = "0.5"
bls12_381 = "0.5"
bls12_381 = "0.6"
byteorder = "1"
chacha20poly1305 = "0.9"
equihash = { version = "0.1", path = "../components/equihash" }
ff = "0.10"
ff = "0.11"
fpe = "0.5"
group = "0.10"
group = "0.11"
hex = "0.4"
incrementalmerkletree = "0.1"
jubjub = "0.7"
jubjub = "0.8"
lazy_static = "1"
log = "0.4"
nonempty = "0.7"
orchard = "0.0"
pasta_curves = "0.1"
pasta_curves = "0.2"
proptest = { version = "1.0.0", optional = true }
rand = "0.8"
rand_core = "0.6"

5
zcash_primitives/src/sapling.rs
View File

@ -115,7 +115,8 @@ impl HashSer for Node {
impl From<Node> for bls12_381::Scalar {
fn from(node: Node) -> Self {
bls12_381::Scalar::from_repr(node.repr).expect("Tree nodes should be in the prime field")
// Tree nodes should be in the prime field.
bls12_381::Scalar::from_repr(node.repr).unwrap()
}
}
@ -216,7 +217,7 @@ impl ViewingKey {
// Drop the most significant five bits, so it can be interpreted as a scalar.
h[31] &= 0b0000_0111;
SaplingIvk(jubjub::Fr::from_repr(h).expect("should be a valid scalar"))
SaplingIvk(jubjub::Fr::from_repr(h).unwrap())
}
pub fn to_payment_address(&self, diversifier: Diversifier) -> Option<PaymentAddress> {

4
zcash_primitives/src/sapling/keys.rs
View File

@ -72,12 +72,12 @@ impl ExpandedSpendingKey {
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
let mut ask_repr = [0u8; 32];
reader.read_exact(ask_repr.as_mut())?;
let ask = jubjub::Fr::from_repr(ask_repr)
let ask = Option::from(jubjub::Fr::from_repr(ask_repr))
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "ask not in field"))?;
let mut nsk_repr = [0u8; 32];
reader.read_exact(nsk_repr.as_mut())?;
let nsk = jubjub::Fr::from_repr(nsk_repr)
let nsk = Option::from(jubjub::Fr::from_repr(nsk_repr))
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nsk not in field"))?;
let mut ovk = [0u8; 32];

3
zcash_primitives/src/sapling/note_encryption.rs
View File

@ -102,7 +102,7 @@ where
let r: [u8; 32] = plaintext[20..COMPACT_NOTE_SIZE].try_into().unwrap();
let rseed = if plaintext[0] == 0x01 {
let rcm = jubjub::Fr::from_repr(r)?;
let rcm = Option::from(jubjub::Fr::from_repr(r))?;
Rseed::BeforeZip212(rcm)
} else {
Rseed::AfterZip212(r)
@ -351,6 +351,7 @@ impl<P: consensus::Parameters> Domain for SaplingDomain<P> {
.try_into()
.expect("slice is the correct length"),
)
.into()
}
fn extract_memo(&self, plaintext: &[u8]) -> Self::Memo {

2
zcash_primitives/src/sapling/redjubjub.rs
View File

@ -16,7 +16,7 @@ fn read_scalar<R: Read>(mut reader: R) -> io::Result<jubjub::Fr> {
let mut s_repr = [0u8; 32];
reader.read_exact(s_repr.as_mut())?;
jubjub::Fr::from_repr(s_repr)
Option::from(jubjub::Fr::from_repr(s_repr))
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidInput, "scalar is not in field"))
}

2
zcash_primitives/src/transaction/components/orchard.rs
View File

@ -157,7 +157,7 @@ pub fn read_flags<R: Read>(mut reader: R) -> io::Result<Flags> {
pub fn read_anchor<R: Read>(mut reader: R) -> io::Result<Anchor> {
let mut bytes = [0u8; 32];
reader.read_exact(&mut bytes)?;
Anchor::from_bytes(bytes).ok_or_else(|| {
Option::from(Anchor::from_bytes(bytes)).ok_or_else(|| {
io::Error::new(
io::ErrorKind::InvalidInput,
"invalid Orchard anchor".to_owned(),

2
zcash_primitives/src/transaction/components/sapling.rs
View File

@ -95,7 +95,7 @@ pub fn read_point<R: Read>(mut reader: R, field: &str) -> io::Result<jubjub::Ext
pub fn read_base<R: Read>(mut reader: R, field: &str) -> io::Result<bls12_381::Scalar> {
let mut f = [0u8; 32];
reader.read_exact(&mut f)?;
bls12_381::Scalar::from_repr(f).ok_or_else(|| {
Option::from(bls12_381::Scalar::from_repr(f)).ok_or_else(|| {
io::Error::new(
io::ErrorKind::InvalidInput,
format!("{} not in field", field),

2
zcash_proofs/CHANGELOG.md
View File

@ -8,6 +8,8 @@ and this library adheres to Rust's notion of
## [Unreleased]
### Changed
- MSRV is now 1.51.0.
- Bumped dependencies to `ff 0.11`, `group 0.11`, `bellman 0.11`,
`bls12_381 0.6`, `jubjub 0.8`.
- `zcash_proofs::sapling::SaplingVerificationContext::new` now takes a
`zip216_enabled` boolean; this is used to control how RedJubjub signatures are
validated.

10
zcash_proofs/Cargo.toml
View File

@ -15,14 +15,14 @@ edition = "2018"
all-features = true
[dependencies]
bellman = { version = "0.10", default-features = false, features = ["groth16"] }
bellman = { version = "0.11", default-features = false, features = ["groth16"] }
blake2b_simd = "0.5"
bls12_381 = "0.5"
bls12_381 = "0.6"
byteorder = "1"
directories = { version = "3", optional = true }
ff = "0.10"
group = "0.10"
jubjub = "0.7"
ff = "0.11"
group = "0.11"
jubjub = "0.8"
lazy_static = "1"
minreq = { version = "2", features = ["https"], optional = true }
rand_core = "0.6"

17
zcash_proofs/src/circuit/ecc.rs
View File

@ -1043,35 +1043,32 @@ mod test {
assert!(p.assert_not_small_order(&mut cs).is_err() == is_small_order);
};
let check_small_order_from_strs = |u, v| {
let (u, v) = (
bls12_381::Scalar::from_str(u).unwrap(),
bls12_381::Scalar::from_str(v).unwrap(),
);
let check_small_order_from_u64s = |u, v| {
let (u, v) = (bls12_381::Scalar::from(u), bls12_381::Scalar::from(v));
let p = jubjub::AffinePoint::from_raw_unchecked(u, v);
check_small_order_from_p(p.into(), true);
};
// zero has low order
check_small_order_from_strs("0", "1");
check_small_order_from_u64s(0, 1);
// prime subgroup order
let prime_subgroup_order = jubjub::Fr::from_str(
let prime_subgroup_order = jubjub::Fr::from_str_vartime(
"6554484396890773809930967563523245729705921265872317281365359162392183254199",
)
.unwrap();
let largest_small_subgroup_order = jubjub::Fr::from_str("8").unwrap();
let largest_small_subgroup_order = jubjub::Fr::from(8);
let (zero_u, zero_v) = (bls12_381::Scalar::zero(), bls12_381::Scalar::one());
// generator for jubjub
let (u, v) = (
bls12_381::Scalar::from_str(
bls12_381::Scalar::from_str_vartime(
"11076627216317271660298050606127911965867021807910416450833192264015104452986",
)
.unwrap(),
bls12_381::Scalar::from_str(
bls12_381::Scalar::from_str_vartime(
"44412834903739585386157632289020980010620626017712148233229312325549216099227",
)
.unwrap(),

4
zcash_proofs/src/circuit/pedersen_hash.rs
View File

@ -292,11 +292,11 @@ mod test {
assert_eq!(
res.get_u().get_value().unwrap(),
bls12_381::Scalar::from_str(expected_us[length - 300]).unwrap()
bls12_381::Scalar::from_str_vartime(expected_us[length - 300]).unwrap()
);
assert_eq!(
res.get_v().get_value().unwrap(),
bls12_381::Scalar::from_str(expected_vs[length - 300]).unwrap()
bls12_381::Scalar::from_str_vartime(expected_vs[length - 300]).unwrap()
);
}
}

8
zcash_proofs/src/circuit/sapling.rs
View File

@ -464,7 +464,7 @@ impl Circuit<bls12_381::Scalar> for Output {
// Witness the sign bit
let sign_bit = boolean::Boolean::from(boolean::AllocatedBit::alloc(
cs.namespace(|| "pk_d bit of u"),
pk_d.map(|e| e.get_u().is_odd()),
pk_d.map(|e| e.get_u().is_odd().into()),
)?);
// Extend the note with pk_d representation
@ -703,7 +703,7 @@ fn test_input_circuit_with_bls12_381_external_test_vectors() {
for i in 0..10 {
let value_commitment = ValueCommitment {
value: i,
randomness: jubjub::Fr::from_str(&(1000 * (i + 1)).to_string()).unwrap(),
randomness: jubjub::Fr::from(1000 * (i + 1)),
};
let proof_generation_key = ProofGenerationKey {
@ -740,11 +740,11 @@ fn test_input_circuit_with_bls12_381_external_test_vectors() {
jubjub::ExtendedPoint::from(value_commitment.commitment()).to_affine();
assert_eq!(
expected_value_commitment.get_u(),
bls12_381::Scalar::from_str(&expected_commitment_us[i as usize]).unwrap()
bls12_381::Scalar::from_str_vartime(&expected_commitment_us[i as usize]).unwrap()
);
assert_eq!(
expected_value_commitment.get_v(),
bls12_381::Scalar::from_str(&expected_commitment_vs[i as usize]).unwrap()
bls12_381::Scalar::from_str_vartime(&expected_commitment_vs[i as usize]).unwrap()
);
let note = Note {
value: value_commitment.value,

9
zcash_proofs/src/constants.rs
View File

@ -109,7 +109,7 @@ pub(crate) fn to_montgomery_coords(g: ExtendedPoint) -> Option<(Scalar, Scalar)>
//
// We have that y != 1 above. If x = 0, the only
// solutions for y are 1 (contradiction) or -1.
if x.is_zero() {
if x.is_zero_vartime() {
// (0, -1) is the point of order two which is not
// the neutral element, so we map it to (0, 0) which is
// the only affine point of order 2.
@ -169,23 +169,20 @@ fn generate_pedersen_circuit_generators() -> Vec<Vec<Vec<(Scalar, Scalar)>>> {
#[cfg(test)]
mod tests {
use ff::PrimeField;
use super::*;
#[test]
fn edwards_d() {
// d = -(10240/10241)
assert_eq!(
-Scalar::from_str("10240").unwrap()
* Scalar::from_str("10241").unwrap().invert().unwrap(),
-Scalar::from(10240) * Scalar::from(10241).invert().unwrap(),
EDWARDS_D
);
}
#[test]
fn montgomery_a() {
assert_eq!(Scalar::from_str("40962").unwrap(), MONTGOMERY_A);
assert_eq!(Scalar::from(40962), MONTGOMERY_A);
}
#[test]