b9a8e1e415
zcash_primitives: Remove Jubjub implementation
...
We now use the jubjub crate for this.
2020-08-19 23:08:19 +01:00
fdf06032e3
s/{pairing::bls12_381, zcash_primitives::jubjub}/{bls12_381, jubjub}
...
FINALLY.
2020-08-19 23:08:19 +01:00
315f00d6d4
zcash_proofs: Define generator constants using new crates
...
Includes tests to ensure that the new generator constants match the
current zcash_primitives::JUBJUB generators.
2020-08-19 23:08:19 +01:00
e210a80350
zcash_proofs: directories 3
2020-08-14 17:44:17 +01:00
81c3b54b24
Merge pull request #258 from therealyingtong/zip212-esk-plaintext-impl
...
ZIP212 implementation
2020-08-12 10:19:08 +01:00
139fc09f10
bellman: add VerificationError ( #254 )
...
* bellman: add VerificationError
This adds a distinct VerificationError type to the crate and changes
`verify_proof` to return `Result<(), VerificationError>` rather than
`Result<bool, SynthesisError>`. This is significantly safer, because it avoids
the need to mix pattern-matching logic with boolean logic (the cause of
RUSTSEC-2019-0004).
* Rename VerificationError variants per review comments.
* Add missing Clone impl to VerificationError.
2020-08-05 22:26:31 +12:00
0a47a9dbea
Pass rseed to Prover
2020-08-04 16:40:53 +08:00
895e251793
Fix tests
2020-07-31 22:40:48 +08:00
65504d9ca7
Add enum Rseed<E::Fs> to Note struct
2020-07-31 22:28:40 +08:00
c921cfcf97
zcash_proofs: Add LocalProver::bundled
...
Requires the bundled-prover feature, which enables the
wagyu-zcash-parameters crate and adds around 50 MiB to the overall
binary size. That crate bundles the same Sapling parameter files we
normally obtain from disk, so we constrain them to match the same
hard-coded hashes.
2020-07-10 22:15:23 +12:00
bbc3ec54c7
CI: Fetch and cache Sapling parameters for tests
2020-06-27 00:46:05 +12:00
9012672164
zcash_proofs: Add API for downloading the Sapling parameters
...
Includes an example that exposes the API as a binary.
2020-06-27 00:45:12 +12:00
e910788e8e
zcash_proofs: Extract default params folder logic
2020-06-27 00:45:12 +12:00
0b2293bcc0
bellman: Replace E: ScalarEngine with Scalar: PrimeField
...
Instead of imposing the requirement that bellman users explicitly
specify an engine for every proving system, we allow the Rust type
system to figure it out for us. An engine is specifically useful in
places where we require defined relationships between several types;
ff::ScalarEngine only has one type, and thus any usage of it can be
trivially replaced by an explicit Scalar type. This is also more
readable :)
2020-05-31 02:00:10 +12:00
41d9f293d4
Merge pull request #229 from therealyingtong/106-hardcode-sapling-circuit-hashes
...
Hard-code Sapling circuit hashes in zcash_proofs crate
2020-05-14 17:06:07 +12:00
f446b45af5
cargo fmt
2020-05-14 16:06:58 +12:00
6845154d88
Update zcash_proofs/src/lib.rs
...
Co-authored-by: str4d <thestr4d@gmail.com>
2020-05-14 11:30:13 +08:00
d480a3840a
Hard-code Sapling circuit hashes in zcash_proofs crate
...
Define the spend_hash, output_hash, sprout_hash circuit hashes as constants in the load_parameters function, so we don't have to take them as function arguments.
2020-05-13 22:36:21 +08:00
c597db59a6
ff: Rename PrimeField::into_repr -> PrimeField::to_repr
2020-05-02 18:55:13 +12:00
49f119fb03
ff: Remove PrimeFieldRepr trait
...
The ff::PrimeField::Repr associated type now has the minimal necessary
bounds, which can be satisfied by a newtype around a byte array.
2020-04-23 18:15:14 +12:00
1fdca393bb
ff: PrimeField::{is_even, is_odd}
2020-04-23 16:23:24 +12:00
232f0a50b8
ff: Rework BitIterator to work with both u8 and u64 limb sizes
...
This enables BitIterator to be used with both the byte encoding and limb
representation of scalars.
2020-04-23 16:23:24 +12:00
fd79de5408
ff: Add PrimeField: From<u64> constraint
2020-04-23 16:23:24 +12:00
2df2a2b2f2
Merge branch 'develop'
2020-03-14 10:36:58 +13:00
100878cd14
Version bump of all crates (except librustzcash)
2020-03-12 15:59:19 -06:00
76e0f658c1
Rename CommitmentTreeWitness -> MerklePath
2020-02-08 00:36:40 +00:00
2064d1c801
Refactor zcash_primitives::merkle_tree::CommitmentTreeWitness
...
- The internal Option wrapper was an unnecessary leftover from when this
code was directly inside the prover, where Some(x) represents an
assigned variable.
- CommitmentTreeWitness::from_slice_with_depth is more idiomatic Rust.
2020-02-07 00:06:57 +00:00
865275e2a2
Correcting some trivial Rust option/iterator warts
2020-01-29 13:53:05 -08:00
3d2acf48ce
Constant-time field square root
...
WARNING: THIS IS NOT FULLY CONSTANT TIME YET!
This will be fixed once we migrate to the jubjub and bls12_381 crates.
2019-12-13 20:13:30 +00:00
40749da9a7
Constant-time field inversion
...
WARNING: THIS IS NOT ACTUALLY CONSTANT TIME YET!
The jubjub and bls12_381 crates will replace our constant-time usages,
but we NEED to fix ff_derive because other users will expect it to
implement the Field trait correctly.
2019-12-13 19:46:04 +00:00
cded08b0c5
Make Field::square take &self and return Self
2019-12-12 23:09:28 +00:00
9dac748224
Make Field::double take &self and return Self
2019-12-12 22:59:18 +00:00
91c32f1c7c
Move from Field::negate to Neg operator
2019-12-12 22:52:17 +00:00
27c8f34601
Move Field operations to operator-backed traits
...
The ff_derive, pairing, zcash_primitives::jubjub, and bellman dummy_engine
changes are minimally implemented on top of the existing *_assign()
functions.
2019-12-12 21:19:46 +00:00
eed7e8199f
Pass bellman's multicore feature flag through to zcash_proofs
...
This enables someone using zcash_proofs to disable multicore.
2019-12-11 18:46:47 +00:00
7eb4a6d1d9
rename bvk to cv_sum
...
Signed-off-by: Gregory Hill <gregorydhill@outlook.com>
2019-11-25 14:28:19 +00:00
d1bc61800c
Move Sprout proof logic into zcash_proofs
2019-11-06 08:58:42 +00:00
d6bc2fe0af
zcash_proofs 0.1.0
2019-10-08 17:43:33 +13:00
2399d9f3e3
Merge pull request #93 from defuse/qed-it-lrz
...
Bring in QED-it Tests
2019-10-08 13:47:36 +13:00
93563c3c65
Specify rand_core >= 0.5.1 for OsRng import.
2019-10-05 12:16:10 +02:00
524055bbb4
Merge pull request #134 from NikVolf/z-rng
...
Avoid using rand_os crate (fixes warnings)
2019-10-02 17:35:56 -06:00
7476e4ea28
alphabetical order
2019-09-28 12:49:37 +03:00
b42477a0bf
update from rand_os to fix warnings
2019-09-28 10:48:43 +03:00
4ad3988e43
Crate docs
2019-09-24 14:23:59 +01:00
7f3036d2c8
Update READMEs
2019-09-24 14:23:55 +01:00
d9a0b9c83f
CI: Check intra-doc links
...
Credit: https://twitter.com/tomaka17/status/1176017851410526208
2019-09-24 10:35:12 +01:00
1d02363752
Add READMEs to Cargo.toml files
...
This will cause crates.io to render each crate's README as its
information page.
2019-09-23 14:42:38 +01:00
caab37c336
Fix build warnings
2019-09-16 23:06:48 +01:00
3efb7f9146
Test PH circuit for the size used in the Merkle tree
2019-09-16 22:20:51 +01:00
d56758d426
Calculate number of constraints and more comprehensive test
2019-09-16 22:14:14 +01:00
e0c5ef22bc
ecc: makes assert_not_small_order tests deeper
2019-09-16 22:08:27 +01:00
ace929c5ba
ecc: test_assert_not_small_order also tests for the generators
2019-09-16 22:03:22 +01:00
bb0a769162
ecc: tests for assert_not_small_order
2019-09-16 22:01:00 +01:00
2b92493a45
input circuit: removes debug prints
2019-09-16 20:28:23 +01:00
abd03928b4
adds test vectors for NoteCommit
2019-09-16 20:28:10 +01:00
7ee61c4f94
pedersen_hash: adds test vectors for the circuit implementation
2019-09-16 20:23:07 +01:00
43496857c9
pedersen_hash: removes debug prints
2019-09-16 20:20:03 +01:00
4835be05b0
pedersen_hash: show a tighter limit for hash sizes
2019-09-16 20:17:52 +01:00
15633ad434
pedersen hashes: example of size limit bug
2019-09-16 20:17:50 +01:00
414d651c9c
pedersen_hash: adds tests for Daniel's vector
2019-09-16 20:12:38 +01:00
8541b2bde4
pedersen_hash: prints hashes, adds comments
2019-09-16 20:12:33 +01:00
abbd43ff57
Make pk_d validity an invariant of PaymentAddress
...
Introduces a PaymentAddress::from_parts constructor, and getters for
the diversifier and pk_d fields (which are now private).
2019-09-04 19:48:35 -04:00
b19b40ccf0
Merge pull request #110 from str4d/crate-cleanups
...
Crate cleanups
2019-09-04 19:44:47 -04:00
ee9c88ecb0
Exclude slow tests from code coverage
2019-08-28 20:46:23 +01:00
9016548698
Take self directly in into_* functions
2019-08-24 00:39:55 +01:00
fe93f2ff6b
Rename into_ -> to_ where &self is used.
2019-08-24 00:39:54 +01:00
91541675e2
Address various clippy warnings/errors in zcash_proofs
2019-08-24 00:39:53 +01:00
ad33798244
Merge pull request #113 from Eirik0/edition-2018-clean-up
...
Edition 2018 clean up
2019-08-24 00:34:57 +01:00
53182aa08e
cargo fix --edition-idioms for zcash_proofs
2019-08-21 16:13:10 -06:00
fec961777c
Add edition = 2018 to zcash_proofs
2019-08-21 16:11:29 -06:00
e12d315ab9
Warning cleanup
2019-08-20 16:45:10 -06:00
d4b6c0e1a2
Use expect to remove unreachable break.
2019-08-20 17:18:26 +02:00
40f768ed60
Fix off-by-one so pedersen_hash doesn't consume too many generators.
2019-08-17 12:01:11 +02:00
272be62212
cargo fmt zcash_proofs
2019-08-15 10:40:07 -06:00
5fb9b86ba0
Move Jubjub, Pedersen hash and primitives into zcash_primitives
2019-08-14 10:47:22 +01:00
b8af749b40
Move generic circuit gadgets into bellman
2019-08-14 10:45:58 +01:00
61c633db1e
Move Jubjub and Pedersen hash gadgets into zcash_proofs
...
These are currently too Zcash-specific to be generalized, and need some
targeted refactoring.
2019-08-14 10:45:57 +01:00
2ae5804a67
Move Sprout and Sapling circuits into zcash_proofs
2019-08-14 10:45:55 +01:00
7ea6d10480
Move redjubjub into zcash_primitives
2019-08-14 10:43:25 +01:00
59ed258c7f
Make Amount opaque, and use it more
...
This helps to ensure type-safety of values that are required to satisfy
zatoshi range bounds.
2019-07-27 00:35:29 +01:00
54ef63bace
Place zcash_proofs::prover::LocalTxProver behind a feature flag
...
This enables zcash_proofs to be compiled to WASM, which the directories
crate doesn't support.
2019-07-27 00:28:03 +01:00
01618038bf
TxProver trait to abstract over the circuit parameters
...
An implementation using local parameters is provided in the zcash_proofs
crate.
2019-07-26 23:56:00 +01:00
6f9083b5ab
Migrate to rand 0.7
2019-07-19 00:47:40 +02:00
b0913afdd7
Migrate remaining crates to rand_core 0.4
2019-07-19 00:46:37 +02:00
ccf75c39c1
Migrate remaining crates to rand 0.5
2019-07-19 00:35:06 +02:00
8361674efc
Merge branch 'master' into blake2_simd
2019-07-18 18:22:20 +02:00
b9cea33804
Move merkle_tree::Node into sapling module
...
This makes the merkle_tree module properly generic over the tree hash.
It still hard-codes a depth 32 tree, because Rust doesn't yet support
generic sizes, and we are unlikely to need to alter the tree depth in
future circuit changes.
2019-07-10 13:53:22 -04:00
bf74915053
Move CommitmentTreeWitness into zcash_primitives
2019-07-10 13:52:47 -04:00
999dcbfcab
Migrate to blake2b_simd and blake2s_simd crates
...
The primary reason for migrating is that these crates provide APIs for
setting the personalisation string. This enables us to depend solely on
published crates, and thus publish our own crates.
The SIMD implementations are ported from libsodium.
Closes #67 .
2019-07-10 13:12:14 -04:00
34f762cea2
Electric Coin Company
2019-05-09 20:32:39 +03:00
9ae5a9d624
Make loading of Sprout key optional in zcash_proofs API
2019-02-26 13:44:28 -07:00
2d43e3be7c
Move parameter-loading into zcash_proofs
2019-02-26 13:44:28 -07:00
482bef87f0
Add ff and group crates to Cargo workspace
2019-01-06 09:50:07 +00:00
00983c48cd
Update zcash_proofs crate to use ff crate
2019-01-06 09:32:50 +00:00
e378229bdd
Move Sapling proving and binding signature into zcash_proofs crate
2018-12-01 00:10:51 +00:00
e1841806c5
Move Sapling verification checks into zcash_proofs crate
2018-11-30 23:53:10 +00:00
ad16ba6a35
Empty crates as a base for code refactoring
2018-08-28 22:24:14 +01:00
Jack Grigg
Daira Hopwood
Henry de Valence
therealyingtong
ying tong
Sean Bowe
François Garillot
Gregory Hill
Jim Posen
NikVolf
Taylor Hornby
Aurélien Nicolas
Kobi Gurkan
Eirik Ogilvie-Wigley
Dimitris Apostolou