From 0378898289c0cd9901fe7330c41b13ca31a998d6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 7 Dec 2021 18:02:03 +0000 Subject: [PATCH] Replace `FieldExt::{from, to}_bytes` with `PrimeField::{from, to}_repr` --- src/circuit/gadget/ecc/chip/mul.rs | 8 +++--- src/circuit/gadget/ecc/chip/mul_fixed.rs | 6 ++--- .../ecc/chip/mul_fixed/base_field_elem.rs | 8 +++--- .../gadget/ecc/chip/mul_fixed/short.rs | 10 +++----- src/circuit/gadget/sinsemilla.rs | 12 ++++++--- src/circuit/gadget/sinsemilla/chip.rs | 15 +++++------ .../gadget/sinsemilla/chip/hash_to_point.rs | 4 +-- src/circuit/gadget/sinsemilla/merkle.rs | 5 ++-- src/circuit/gadget/sinsemilla/merkle/chip.rs | 4 +-- src/circuit/gadget/utilities.rs | 12 ++++++--- .../gadget/utilities/lookup_range_check.rs | 4 ++- src/constants.rs | 4 ++- src/constants/commit_ivk_r.rs | 19 ++++++-------- src/constants/load.rs | 5 ++-- src/constants/note_commit_r.rs | 19 ++++++-------- src/constants/nullifier_k.rs | 19 ++++++-------- src/constants/spend_auth_g.rs | 16 ++++++------ src/constants/util.rs | 2 +- src/constants/value_commit_r.rs | 16 ++++++------ src/constants/value_commit_v.rs | 16 ++++++------ src/keys.rs | 25 +++++++++++-------- src/note/commitment.rs | 8 +++--- src/note/nullifier.rs | 8 +++--- src/note_encryption.rs | 4 +-- src/primitives/sinsemilla/constants.rs | 18 ++++++------- src/spec.rs | 6 ++--- src/tree.rs | 23 ++++++++--------- 27 files changed, 146 insertions(+), 150 deletions(-) diff --git a/src/circuit/gadget/ecc/chip/mul.rs b/src/circuit/gadget/ecc/chip/mul.rs index 863c8ca8..33746ac6 100644 --- a/src/circuit/gadget/ecc/chip/mul.rs +++ b/src/circuit/gadget/ecc/chip/mul.rs @@ -258,7 +258,7 @@ impl Config { let base = base.point(); let alpha = alpha .value() - .map(|alpha| pallas::Scalar::from_bytes(&alpha.to_bytes()).unwrap()); + .map(|alpha| pallas::Scalar::from_repr(alpha.to_repr()).unwrap()); let real_mul = base.zip(alpha).map(|(base, alpha)| base * alpha); let result = result.point(); @@ -431,7 +431,7 @@ fn decompose_for_scalar_mul(scalar: Option<&pallas::Base>) -> Vec> // the scalar field `F_q = 2^254 + t_q`. // Note that the addition `scalar + t_q` is not reduced. // - let scalar = U256::from_little_endian(&scalar.to_bytes()); + let scalar = U256::from_little_endian(&scalar.to_repr()); let t_q = U256::from_little_endian(&T_Q.to_le_bytes()); let k = scalar + t_q; @@ -463,7 +463,7 @@ fn decompose_for_scalar_mul(scalar: Option<&pallas::Base>) -> Vec> #[cfg(test)] pub mod tests { - use group::Curve; + use group::{ff::PrimeField, Curve}; use halo2::{ circuit::{Chip, Layouter}, plonk::Error, @@ -497,7 +497,7 @@ pub mod tests { ) -> Result<(), Error> { // Move scalar from base field into scalar field (which always fits // for Pallas). - let scalar = pallas::Scalar::from_bytes(&scalar_val.to_bytes()).unwrap(); + let scalar = pallas::Scalar::from_repr(scalar_val.to_repr()).unwrap(); let expected = NonIdentityPoint::new( chip, layouter.namespace(|| "expected point"), diff --git a/src/circuit/gadget/ecc/chip/mul_fixed.rs b/src/circuit/gadget/ecc/chip/mul_fixed.rs index 7e185000..b5e47338 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed.rs @@ -8,7 +8,7 @@ use crate::constants::{ load::{NullifierK, OrchardFixedBase, OrchardFixedBasesFull, ValueCommitV, WindowUs}, }; -use group::Curve; +use group::{ff::PrimeField, Curve}; use halo2::{ circuit::{AssignedCell, Region}, plonk::{Advice, Column, ConstraintSystem, Error, Expression, Fixed, Selector, VirtualCells}, @@ -531,7 +531,7 @@ impl ScalarFixed { let word = z_cur .zip(z_next) .map(|(z_cur, z_next)| z_cur - z_next * *H_BASE); - word.map(|word| pallas::Scalar::from_bytes(&word.to_bytes()).unwrap()) + word.map(|word| pallas::Scalar::from_repr(word.to_repr()).unwrap()) }) .collect::>() }; @@ -543,7 +543,7 @@ impl ScalarFixed { .iter() .map(|bits| { bits.value() - .map(|value| pallas::Scalar::from_bytes(&value.to_bytes()).unwrap()) + .map(|value| pallas::Scalar::from_repr(value.to_repr()).unwrap()) }) .collect::>(), } diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs b/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs index e72de865..99eefe39 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs @@ -214,13 +214,13 @@ impl Config { #[cfg(test)] // Check that the correct multiple is obtained. { - use group::Curve; + use group::{ff::PrimeField, Curve}; let base: super::OrchardFixedBases = base.into(); let scalar = &scalar .base_field_elem() .value() - .map(|scalar| pallas::Scalar::from_bytes(&scalar.to_bytes()).unwrap()); + .map(|scalar| pallas::Scalar::from_repr(scalar.to_repr()).unwrap()); let real_mul = scalar.map(|scalar| base.generator() * scalar); let result = result.point(); @@ -374,7 +374,7 @@ impl Config { #[cfg(test)] pub mod tests { - use group::Curve; + use group::{ff::PrimeField, Curve}; use halo2::{ circuit::{Chip, Layouter}, plonk::Error, @@ -421,7 +421,7 @@ pub mod tests { result: Point, ) -> Result<(), Error> { // Move scalar from base field into scalar field (which always fits for Pallas). - let scalar = pallas::Scalar::from_bytes(&scalar_val.to_bytes()).unwrap(); + let scalar = pallas::Scalar::from_repr(scalar_val.to_repr()).unwrap(); let expected = NonIdentityPoint::new( chip, layouter.namespace(|| "expected point"), diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/short.rs b/src/circuit/gadget/ecc/chip/mul_fixed/short.rs index 19894147..8292da8a 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/short.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/short.rs @@ -187,8 +187,7 @@ impl Config { // Invalid values result in constraint failures which are // tested at the circuit-level. { - use group::Curve; - use pasta_curves::arithmetic::FieldExt; + use group::{ff::PrimeField, Curve}; if let (Some(magnitude), Some(sign)) = (scalar.magnitude.value(), scalar.sign.value()) { let magnitude_is_valid = magnitude <= &pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64); @@ -200,8 +199,7 @@ impl Config { |(magnitude, sign)| { // Move magnitude from base field into scalar field (which always fits // for Pallas). - let magnitude = - pallas::Scalar::from_bytes(&magnitude.to_bytes()).unwrap(); + let magnitude = pallas::Scalar::from_repr(magnitude.to_repr()).unwrap(); let sign = if sign == &pallas::Base::one() { pallas::Scalar::one() @@ -229,7 +227,7 @@ impl Config { #[cfg(test)] pub mod tests { - use group::Curve; + use group::{ff::PrimeField, Curve}; use halo2::{ arithmetic::CurveAffine, circuit::{AssignedCell, Chip, Layouter}, @@ -330,7 +328,7 @@ pub mod tests { }; // Move from base field into scalar field let scalar = { - let magnitude = pallas::Scalar::from_bytes(&magnitude.to_bytes()).unwrap(); + let magnitude = pallas::Scalar::from_repr(magnitude.to_repr()).unwrap(); let sign = if *sign == pallas::Base::one() { pallas::Scalar::one() } else { diff --git a/src/circuit/gadget/sinsemilla.rs b/src/circuit/gadget/sinsemilla.rs index 20d8259a..5412c3ab 100644 --- a/src/circuit/gadget/sinsemilla.rs +++ b/src/circuit/gadget/sinsemilla.rs @@ -5,8 +5,8 @@ use crate::circuit::gadget::{ }; use ff::PrimeField; use halo2::{circuit::Layouter, plonk::Error}; -use pasta_curves::arithmetic::{CurveAffine, FieldExt}; -use std::{convert::TryInto, fmt::Debug}; +use pasta_curves::arithmetic::CurveAffine; +use std::fmt::Debug; pub mod chip; pub mod commit_ivk; @@ -207,7 +207,13 @@ where .map(|byte| byte.iter().rev().fold(0u8, |acc, bit| acc * 2 + *bit as u8)) .collect() }); - bytes.map(|bytes| C::Base::from_bytes(&bytes.try_into().unwrap()).unwrap()) + bytes.map(|bytes| { + let mut repr = ::Repr::default(); + // The above code assumes the byte representation is 256 bits. + assert_eq!(repr.as_ref().len(), 32); + repr.as_mut().copy_from_slice(&bytes); + C::Base::from_repr(repr).unwrap() + }) }; let piece_value = to_base_field(bitstring); diff --git a/src/circuit/gadget/sinsemilla/chip.rs b/src/circuit/gadget/sinsemilla/chip.rs index c3b5267a..f2a7ff1e 100644 --- a/src/circuit/gadget/sinsemilla/chip.rs +++ b/src/circuit/gadget/sinsemilla/chip.rs @@ -12,8 +12,9 @@ use crate::{ }, }; +use group::ff::PrimeField; use halo2::{ - arithmetic::{CurveAffine, FieldExt}, + arithmetic::CurveAffine, circuit::{AssignedCell, Chip, Layouter}, plonk::{ Advice, Column, ConstraintSystem, Error, Expression, Fixed, Selector, TableColumn, @@ -305,18 +306,18 @@ impl HashDomains for SinsemillaHashDomains { fn Q(&self) -> pallas::Affine { match self { SinsemillaHashDomains::CommitIvk => pallas::Affine::from_xy( - pallas::Base::from_bytes(&Q_COMMIT_IVK_M_GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&Q_COMMIT_IVK_M_GENERATOR.1).unwrap(), + pallas::Base::from_repr(Q_COMMIT_IVK_M_GENERATOR.0).unwrap(), + pallas::Base::from_repr(Q_COMMIT_IVK_M_GENERATOR.1).unwrap(), ) .unwrap(), SinsemillaHashDomains::NoteCommit => pallas::Affine::from_xy( - pallas::Base::from_bytes(&Q_NOTE_COMMITMENT_M_GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&Q_NOTE_COMMITMENT_M_GENERATOR.1).unwrap(), + pallas::Base::from_repr(Q_NOTE_COMMITMENT_M_GENERATOR.0).unwrap(), + pallas::Base::from_repr(Q_NOTE_COMMITMENT_M_GENERATOR.1).unwrap(), ) .unwrap(), SinsemillaHashDomains::MerkleCrh => pallas::Affine::from_xy( - pallas::Base::from_bytes(&Q_MERKLE_CRH.0).unwrap(), - pallas::Base::from_bytes(&Q_MERKLE_CRH.1).unwrap(), + pallas::Base::from_repr(Q_MERKLE_CRH.0).unwrap(), + pallas::Base::from_repr(Q_MERKLE_CRH.1).unwrap(), ) .unwrap(), } diff --git a/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs b/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs index dcfb3522..517e2202 100644 --- a/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs +++ b/src/circuit/gadget/sinsemilla/chip/hash_to_point.rs @@ -7,7 +7,7 @@ use halo2::{ plonk::Error, }; -use ff::{Field, PrimeFieldBits}; +use group::ff::{Field, PrimeField, PrimeFieldBits}; use pasta_curves::{ arithmetic::{CurveAffine, FieldExt}, pallas, @@ -284,7 +284,7 @@ impl SinsemillaChip { // We end up with z_n = 0. (z_n is not directly encoded as a cell value; // it is implicitly taken as 0 by adjusting the definition of m_{i+1}.) let mut z = piece.field_elem(); - let inv_2_k = pallas::Base::from_bytes(&INV_TWO_POW_K).unwrap(); + let inv_2_k = pallas::Base::from_repr(INV_TWO_POW_K).unwrap(); // We do not assign the final z_n as it is constrained to be zero. for (idx, word) in words[0..(words.len() - 1)].iter().enumerate() { diff --git a/src/circuit/gadget/sinsemilla/merkle.rs b/src/circuit/gadget/sinsemilla/merkle.rs index c28f83e4..d83484d7 100644 --- a/src/circuit/gadget/sinsemilla/merkle.rs +++ b/src/circuit/gadget/sinsemilla/merkle.rs @@ -146,6 +146,7 @@ pub mod tests { tree, }; + use group::ff::PrimeField; use halo2::{ arithmetic::FieldExt, circuit::{Layouter, SimpleFloorPlanner}, @@ -260,8 +261,8 @@ pub mod tests { // The expected final root let final_root = { let path = tree::MerklePath::new(leaf_pos, self.merkle_path.unwrap()); - let leaf = ExtractedNoteCommitment::from_bytes(&self.leaf.unwrap().to_bytes()) - .unwrap(); + let leaf = + ExtractedNoteCommitment::from_bytes(&self.leaf.unwrap().to_repr()).unwrap(); path.root(leaf) }; diff --git a/src/circuit/gadget/sinsemilla/merkle/chip.rs b/src/circuit/gadget/sinsemilla/merkle/chip.rs index 609eb75e..a4230668 100644 --- a/src/circuit/gadget/sinsemilla/merkle/chip.rs +++ b/src/circuit/gadget/sinsemilla/merkle/chip.rs @@ -323,7 +323,7 @@ impl MerkleInstructions(l as u64); @@ -347,7 +347,7 @@ impl MerkleInstructions(a: Expression, b: Expression, c: Expression /// Takes a specified subsequence of the little-endian bit representation of a field element. /// The bits are numbered from 0 for the LSB. -pub fn bitrange_subset(field_elem: &F, bitrange: Range) -> F { +pub fn bitrange_subset(field_elem: &F, bitrange: Range) -> F { assert!(bitrange.end <= F::NUM_BITS as usize); let bits: Vec = field_elem @@ -103,7 +103,11 @@ pub fn bitrange_subset(field_elem: &F, bitrange: R .map(|byte| byte.iter().rev().fold(0u8, |acc, bit| acc * 2 + *bit as u8)) .collect(); - F::from_bytes(&bytearray.try_into().unwrap()).unwrap() + let mut repr = F::Repr::default(); + // The above code assumes the byte representation is 256 bits. + assert_eq!(repr.as_ref().len(), 32); + repr.as_mut().copy_from_slice(&bytearray); + F::from_repr(repr).unwrap() } /// Check that an expression is in the small range [0..range), @@ -261,7 +265,7 @@ mod tests { .to_little_endian(&mut range_shift); range_shift }; - sum += subset * pallas::Base::from_bytes(&range_shift).unwrap(); + sum += subset * pallas::Base::from_repr(range_shift).unwrap(); } assert_eq!(field_elem, sum); }; diff --git a/src/circuit/gadget/utilities/lookup_range_check.rs b/src/circuit/gadget/utilities/lookup_range_check.rs index 4d1ad033..65f0eb81 100644 --- a/src/circuit/gadget/utilities/lookup_range_check.rs +++ b/src/circuit/gadget/utilities/lookup_range_check.rs @@ -431,7 +431,9 @@ mod tests { .collect::>() }; let expected_zs = { - let inv_two_pow_k = F::from_bytes(&INV_TWO_POW_K).unwrap(); + let mut repr = F::Repr::default(); + repr.as_mut().copy_from_slice(&INV_TWO_POW_K); + let inv_two_pow_k = F::from_repr(repr).unwrap(); chunks.iter().fold(vec![element], |mut zs, a_i| { // z_{i + 1} = (z_i - a_i) / 2^{K} let z = (zs[zs.len() - 1] - a_i) * inv_two_pow_k; diff --git a/src/constants.rs b/src/constants.rs index c417a078..0368e6ed 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -254,7 +254,9 @@ fn test_zs_and_us(base: C, z: &[u64], u: &[[[u8; 32]; H]], num_w for ((u, z), window_points) in u.iter().zip(z.iter()).zip(window_table) { for (u, point) in u.iter().zip(window_points.iter()) { let y = *point.coordinates().unwrap().y(); - let u = C::Base::from_bytes(u).unwrap(); + let mut u_repr = ::Repr::default(); + u_repr.as_mut().copy_from_slice(u); + let u = C::Base::from_repr(u_repr).unwrap(); assert_eq!(C::Base::from(*z) + y, u * u); // allow either square root assert!(bool::from((C::Base::from(*z) - y).sqrt().is_none())); } diff --git a/src/constants/commit_ivk_r.rs b/src/constants/commit_ivk_r.rs index c0e0b508..976ed22e 100644 --- a/src/constants/commit_ivk_r.rs +++ b/src/constants/commit_ivk_r.rs @@ -1,7 +1,5 @@ -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, -}; +use group::ff::PrimeField; +use pasta_curves::{arithmetic::CurveAffine, pallas}; /// Generator used in SinsemillaCommit randomness for IVK commitment pub const GENERATOR: ([u8; 32], [u8; 32]) = ( @@ -2922,8 +2920,8 @@ pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [ pub fn generator() -> pallas::Affine { pallas::Affine::from_xy( - pallas::Base::from_bytes(&GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&GENERATOR.1).unwrap(), + pallas::Base::from_repr(GENERATOR.0).unwrap(), + pallas::Base::from_repr(GENERATOR.1).unwrap(), ) .unwrap() } @@ -2936,10 +2934,7 @@ mod tests { use super::*; use crate::primitives::sinsemilla::CommitDomain; use group::Curve; - use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, - }; + use pasta_curves::{arithmetic::CurveAffine, pallas}; #[test] fn generator() { @@ -2947,8 +2942,8 @@ mod tests { let point = domain.R(); let coords = point.to_affine().coordinates().unwrap(); - assert_eq!(*coords.x(), pallas::Base::from_bytes(&GENERATOR.0).unwrap()); - assert_eq!(*coords.y(), pallas::Base::from_bytes(&GENERATOR.1).unwrap()); + assert_eq!(*coords.x(), pallas::Base::from_repr(GENERATOR.0).unwrap()); + assert_eq!(*coords.y(), pallas::Base::from_repr(GENERATOR.1).unwrap()); } #[test] diff --git a/src/constants/load.rs b/src/constants/load.rs index 22b2d80c..5368a962 100644 --- a/src/constants/load.rs +++ b/src/constants/load.rs @@ -1,7 +1,8 @@ use std::convert::TryInto; use crate::constants::{self, compute_lagrange_coeffs, H, NUM_WINDOWS, NUM_WINDOWS_SHORT}; -use pasta_curves::{arithmetic::FieldExt, pallas}; +use group::ff::PrimeField; +use pasta_curves::pallas; #[derive(Copy, Clone, Debug, Eq, PartialEq)] pub enum OrchardFixedBasesFull { @@ -212,7 +213,7 @@ impl From<&[[u8; 32]; H]> for WindowUs { Self( window_us .iter() - .map(|u| pallas::Base::from_bytes(u).unwrap()) + .map(|u| pallas::Base::from_repr(*u).unwrap()) .collect::>() .into_boxed_slice() .try_into() diff --git a/src/constants/note_commit_r.rs b/src/constants/note_commit_r.rs index 4a12734d..d2dde504 100644 --- a/src/constants/note_commit_r.rs +++ b/src/constants/note_commit_r.rs @@ -1,7 +1,5 @@ -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, -}; +use group::ff::PrimeField; +use pasta_curves::{arithmetic::CurveAffine, pallas}; /// Generator used in SinsemillaCommit randomness for note commitment pub const GENERATOR: ([u8; 32], [u8; 32]) = ( @@ -2922,8 +2920,8 @@ pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [ pub fn generator() -> pallas::Affine { pallas::Affine::from_xy( - pallas::Base::from_bytes(&GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&GENERATOR.1).unwrap(), + pallas::Base::from_repr(GENERATOR.0).unwrap(), + pallas::Base::from_repr(GENERATOR.1).unwrap(), ) .unwrap() } @@ -2936,10 +2934,7 @@ mod tests { use super::*; use crate::primitives::sinsemilla::CommitDomain; use group::Curve; - use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, - }; + use pasta_curves::{arithmetic::CurveAffine, pallas}; #[test] fn generator() { @@ -2947,8 +2942,8 @@ mod tests { let point = domain.R(); let coords = point.to_affine().coordinates().unwrap(); - assert_eq!(*coords.x(), pallas::Base::from_bytes(&GENERATOR.0).unwrap()); - assert_eq!(*coords.y(), pallas::Base::from_bytes(&GENERATOR.1).unwrap()); + assert_eq!(*coords.x(), pallas::Base::from_repr(GENERATOR.0).unwrap()); + assert_eq!(*coords.y(), pallas::Base::from_repr(GENERATOR.1).unwrap()); } #[test] diff --git a/src/constants/nullifier_k.rs b/src/constants/nullifier_k.rs index 37db6fda..47f69068 100644 --- a/src/constants/nullifier_k.rs +++ b/src/constants/nullifier_k.rs @@ -1,7 +1,5 @@ -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, -}; +use group::ff::PrimeField; +use pasta_curves::{arithmetic::CurveAffine, pallas}; pub const GENERATOR: ([u8; 32], [u8; 32]) = ( [ @@ -2921,8 +2919,8 @@ pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [ pub fn generator() -> pallas::Affine { pallas::Affine::from_xy( - pallas::Base::from_bytes(&GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&GENERATOR.1).unwrap(), + pallas::Base::from_repr(GENERATOR.0).unwrap(), + pallas::Base::from_repr(GENERATOR.1).unwrap(), ) .unwrap() } @@ -2934,10 +2932,7 @@ mod tests { }; use super::*; use group::Curve; - use pasta_curves::{ - arithmetic::{CurveExt, FieldExt}, - pallas, - }; + use pasta_curves::{arithmetic::CurveExt, pallas}; #[test] fn generator() { @@ -2945,8 +2940,8 @@ mod tests { let point = hasher(b"K"); let coords = point.to_affine().coordinates().unwrap(); - assert_eq!(*coords.x(), pallas::Base::from_bytes(&GENERATOR.0).unwrap()); - assert_eq!(*coords.y(), pallas::Base::from_bytes(&GENERATOR.1).unwrap()); + assert_eq!(*coords.x(), pallas::Base::from_repr(GENERATOR.0).unwrap()); + assert_eq!(*coords.y(), pallas::Base::from_repr(GENERATOR.1).unwrap()); } #[test] diff --git a/src/constants/spend_auth_g.rs b/src/constants/spend_auth_g.rs index 41b99c90..6deba8f6 100644 --- a/src/constants/spend_auth_g.rs +++ b/src/constants/spend_auth_g.rs @@ -1,7 +1,5 @@ -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, -}; +use group::ff::PrimeField; +use pasta_curves::{arithmetic::CurveAffine, pallas}; /// The value commitment is used to check balance between inputs and outputs. The value is /// placed over this generator. @@ -2923,8 +2921,8 @@ pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [ pub fn generator() -> pallas::Affine { pallas::Affine::from_xy( - pallas::Base::from_bytes(&GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&GENERATOR.1).unwrap(), + pallas::Base::from_repr(GENERATOR.0).unwrap(), + pallas::Base::from_repr(GENERATOR.1).unwrap(), ) .unwrap() } @@ -2937,7 +2935,7 @@ mod tests { use super::*; use group::Curve; use pasta_curves::{ - arithmetic::{CurveAffine, CurveExt, FieldExt}, + arithmetic::{CurveAffine, CurveExt}, pallas, }; @@ -2947,8 +2945,8 @@ mod tests { let point = hasher(b"G"); let coords = point.to_affine().coordinates().unwrap(); - assert_eq!(*coords.x(), pallas::Base::from_bytes(&GENERATOR.0).unwrap()); - assert_eq!(*coords.y(), pallas::Base::from_bytes(&GENERATOR.1).unwrap()); + assert_eq!(*coords.x(), pallas::Base::from_repr(GENERATOR.0).unwrap()); + assert_eq!(*coords.y(), pallas::Base::from_repr(GENERATOR.1).unwrap()); } #[test] diff --git a/src/constants/util.rs b/src/constants/util.rs index cc69c7dc..b68404e9 100644 --- a/src/constants/util.rs +++ b/src/constants/util.rs @@ -102,7 +102,7 @@ mod tests { let bytes: Vec = bits.chunks_exact(8).map(|chunk| chunk.iter().rev().fold(0, |acc, b| (acc << 1) + (*b as u8))).collect(); // Check that original scalar is recovered from decomposition - assert_eq!(scalar, pallas::Scalar::from_bytes(&bytes.try_into().unwrap()).unwrap()); + assert_eq!(scalar, pallas::Scalar::from_repr(bytes.try_into().unwrap()).unwrap()); } } } diff --git a/src/constants/value_commit_r.rs b/src/constants/value_commit_r.rs index 402df337..b12030f0 100644 --- a/src/constants/value_commit_r.rs +++ b/src/constants/value_commit_r.rs @@ -1,7 +1,5 @@ -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, -}; +use group::ff::PrimeField; +use pasta_curves::{arithmetic::CurveAffine, pallas}; /// The value commitment is used to check balance between inputs and outputs. The value is /// placed over this generator. @@ -2923,8 +2921,8 @@ pub const U: [[[u8; 32]; super::H]; super::NUM_WINDOWS] = [ pub fn generator() -> pallas::Affine { pallas::Affine::from_xy( - pallas::Base::from_bytes(&GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&GENERATOR.1).unwrap(), + pallas::Base::from_repr(GENERATOR.0).unwrap(), + pallas::Base::from_repr(GENERATOR.1).unwrap(), ) .unwrap() } @@ -2937,7 +2935,7 @@ mod tests { use super::*; use group::Curve; use pasta_curves::{ - arithmetic::{CurveAffine, CurveExt, FieldExt}, + arithmetic::{CurveAffine, CurveExt}, pallas, }; @@ -2947,8 +2945,8 @@ mod tests { let point = hasher(b"r"); let coords = point.to_affine().coordinates().unwrap(); - assert_eq!(*coords.x(), pallas::Base::from_bytes(&GENERATOR.0).unwrap()); - assert_eq!(*coords.y(), pallas::Base::from_bytes(&GENERATOR.1).unwrap()); + assert_eq!(*coords.x(), pallas::Base::from_repr(GENERATOR.0).unwrap()); + assert_eq!(*coords.y(), pallas::Base::from_repr(GENERATOR.1).unwrap()); } #[test] diff --git a/src/constants/value_commit_v.rs b/src/constants/value_commit_v.rs index 7ffc9899..c17bdaed 100644 --- a/src/constants/value_commit_v.rs +++ b/src/constants/value_commit_v.rs @@ -1,7 +1,5 @@ -use pasta_curves::{ - arithmetic::{CurveAffine, FieldExt}, - pallas, -}; +use group::ff::PrimeField; +use pasta_curves::{arithmetic::CurveAffine, pallas}; /// The value commitment is used to check balance between inputs and outputs. The value is /// placed over this generator. @@ -776,8 +774,8 @@ pub const U_SHORT: [[[u8; 32]; super::H]; super::NUM_WINDOWS_SHORT] = [ pub fn generator() -> pallas::Affine { pallas::Affine::from_xy( - pallas::Base::from_bytes(&GENERATOR.0).unwrap(), - pallas::Base::from_bytes(&GENERATOR.1).unwrap(), + pallas::Base::from_repr(GENERATOR.0).unwrap(), + pallas::Base::from_repr(GENERATOR.1).unwrap(), ) .unwrap() } @@ -790,7 +788,7 @@ mod tests { use super::*; use group::Curve; use pasta_curves::{ - arithmetic::{CurveAffine, CurveExt, FieldExt}, + arithmetic::{CurveAffine, CurveExt}, pallas, }; @@ -800,8 +798,8 @@ mod tests { let point = hasher(b"v"); let coords = point.to_affine().coordinates().unwrap(); - assert_eq!(*coords.x(), pallas::Base::from_bytes(&GENERATOR.0).unwrap()); - assert_eq!(*coords.y(), pallas::Base::from_bytes(&GENERATOR.1).unwrap()); + assert_eq!(*coords.x(), pallas::Base::from_repr(GENERATOR.0).unwrap()); + assert_eq!(*coords.y(), pallas::Base::from_repr(GENERATOR.1).unwrap()); } #[test] diff --git a/src/keys.rs b/src/keys.rs index 49e9153b..eaba70c1 100644 --- a/src/keys.rs +++ b/src/keys.rs @@ -7,8 +7,11 @@ use std::mem; use aes::Aes256; use blake2b_simd::{Hash as Blake2bHash, Params}; use fpe::ff1::{BinaryNumeralString, FF1}; -use group::{ff::Field, prime::PrimeCurveAffine, Curve, GroupEncoding}; -use halo2::arithmetic::FieldExt; +use group::{ + ff::{Field, PrimeField}, + prime::PrimeCurveAffine, + Curve, GroupEncoding, +}; use pasta_curves::pallas; use rand::RngCore; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; @@ -118,10 +121,10 @@ impl From<&SpendingKey> for SpendAuthorizingKey { // SpendingKey cannot be constructed such that this assertion would fail. assert!(!bool::from(ask.is_zero())); // TODO: Add TryFrom for SpendAuthorizingKey. - let ret = SpendAuthorizingKey(ask.to_bytes().try_into().unwrap()); + let ret = SpendAuthorizingKey(ask.to_repr().try_into().unwrap()); // If the last bit of repr_P(ak) is 1, negate ask. if (<[u8; 32]>::from(SpendValidatingKey::from(&ret).0)[31] >> 7) == 1 { - SpendAuthorizingKey((-ask).to_bytes().try_into().unwrap()) + SpendAuthorizingKey((-ask).to_repr().try_into().unwrap()) } else { ret } @@ -221,7 +224,7 @@ impl NullifierDerivingKey { pub(crate) fn from_bytes(bytes: &[u8]) -> Option { let nk_bytes = <[u8; 32]>::try_from(bytes).ok()?; - let nk = pallas::Base::from_bytes(&nk_bytes).map(NullifierDerivingKey); + let nk = pallas::Base::from_repr(nk_bytes).map(NullifierDerivingKey); if nk.is_some().into() { Some(nk.unwrap()) } else { @@ -256,7 +259,7 @@ impl CommitIvkRandomness { pub(crate) fn from_bytes(bytes: &[u8]) -> Option { let rivk_bytes = <[u8; 32]>::try_from(bytes).ok()?; - let rivk = pallas::Scalar::from_bytes(&rivk_bytes).map(CommitIvkRandomness); + let rivk = pallas::Scalar::from_repr(rivk_bytes).map(CommitIvkRandomness); if rivk.is_some().into() { Some(rivk.unwrap()) } else { @@ -315,8 +318,8 @@ impl FullViewingKey { /// /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents fn derive_dk_ovk(&self) -> (DiversifierKey, OutgoingViewingKey) { - let k = self.rivk.0.to_bytes(); - let b = [(&self.ak.0).into(), self.nk.0.to_bytes()]; + let k = self.rivk.0.to_repr(); + let b = [(&self.ak.0).into(), self.nk.0.to_repr()]; let r = PrfExpand::OrchardDkOvk.with_ad_slices(&k, &[&b[0][..], &b[1][..]]); ( DiversifierKey(r[..32].try_into().unwrap()), @@ -346,8 +349,8 @@ impl FullViewingKey { pub fn write(&self, mut writer: W) -> io::Result<()> { let ak_raw: [u8; 32] = self.ak.0.clone().into(); writer.write_all(&ak_raw)?; - writer.write_all(&self.nk.0.to_bytes())?; - writer.write_all(&self.rivk.0.to_bytes())?; + writer.write_all(&self.nk.0.to_repr())?; + writer.write_all(&self.rivk.0.to_repr())?; Ok(()) } @@ -545,7 +548,7 @@ impl IncomingViewingKey { pub fn to_bytes(&self) -> [u8; 64] { let mut result = [0u8; 64]; result[..32].copy_from_slice(self.dk.to_bytes()); - result[32..].copy_from_slice(&self.ivk.0.to_bytes()); + result[32..].copy_from_slice(&self.ivk.0.to_repr()); result } diff --git a/src/note/commitment.rs b/src/note/commitment.rs index d3a7dff8..a8109efb 100644 --- a/src/note/commitment.rs +++ b/src/note/commitment.rs @@ -1,8 +1,8 @@ use std::iter; use bitvec::{array::BitArray, order::Lsb0}; -use ff::PrimeFieldBits; -use pasta_curves::{arithmetic::FieldExt, pallas}; +use group::ff::{PrimeField, PrimeFieldBits}; +use pasta_curves::pallas; use subtle::{ConstantTimeEq, CtOption}; use crate::{ @@ -72,12 +72,12 @@ impl ExtractedNoteCommitment { /// /// [cmxcanon]: https://zips.z.cash/protocol/protocol.pdf#actionencodingandconsensus pub fn from_bytes(bytes: &[u8; 32]) -> CtOption { - pallas::Base::from_bytes(bytes).map(ExtractedNoteCommitment) + pallas::Base::from_repr(*bytes).map(ExtractedNoteCommitment) } /// Serialize the value commitment to its canonical byte representation. pub fn to_bytes(self) -> [u8; 32] { - self.0.to_bytes() + self.0.to_repr() } } diff --git a/src/note/nullifier.rs b/src/note/nullifier.rs index 6090f335..88192781 100644 --- a/src/note/nullifier.rs +++ b/src/note/nullifier.rs @@ -1,6 +1,6 @@ -use group::Group; +use group::{ff::PrimeField, Group}; use halo2::arithmetic::CurveExt; -use pasta_curves::{arithmetic::FieldExt, pallas}; +use pasta_curves::pallas; use rand::RngCore; use subtle::CtOption; @@ -33,12 +33,12 @@ impl Nullifier { /// Deserialize the nullifier from a byte array. pub fn from_bytes(bytes: &[u8; 32]) -> CtOption { - pallas::Base::from_bytes(bytes).map(Nullifier) + pallas::Base::from_repr(*bytes).map(Nullifier) } /// Serialize the nullifier to its canonical byte representation. pub fn to_bytes(self) -> [u8; 32] { - self.0.to_bytes() + self.0.to_repr() } /// $DeriveNullifier$. diff --git a/src/note_encryption.rs b/src/note_encryption.rs index d6d51063..642f05e9 100644 --- a/src/note_encryption.rs +++ b/src/note_encryption.rs @@ -3,7 +3,7 @@ use std::{convert::TryInto, fmt}; use blake2b_simd::{Hash, Params}; -use halo2::arithmetic::FieldExt; +use group::ff::PrimeField; use zcash_note_encryption::{ BatchDomain, Domain, EphemeralKeyBytes, NotePlaintextBytes, NoteValidity, OutPlaintextBytes, OutgoingCipherKey, ShieldedOutput, COMPACT_NOTE_SIZE, NOTE_PLAINTEXT_SIZE, OUT_PLAINTEXT_SIZE, @@ -170,7 +170,7 @@ impl Domain for OrchardDomain { ) -> OutPlaintextBytes { let mut op = [0; OUT_PLAINTEXT_SIZE]; op[..32].copy_from_slice(¬e.recipient().pk_d().to_bytes()); - op[32..].copy_from_slice(&esk.0.to_bytes()); + op[32..].copy_from_slice(&esk.0.to_repr()); OutPlaintextBytes(op) } diff --git a/src/primitives/sinsemilla/constants.rs b/src/primitives/sinsemilla/constants.rs index 8c767ed2..d09c283b 100644 --- a/src/primitives/sinsemilla/constants.rs +++ b/src/primitives/sinsemilla/constants.rs @@ -66,8 +66,8 @@ mod tests { use crate::constants::{ COMMIT_IVK_PERSONALIZATION, MERKLE_CRH_PERSONALIZATION, NOTE_COMMITMENT_PERSONALIZATION, }; - use group::Curve; - use halo2::arithmetic::{CurveAffine, CurveExt, FieldExt}; + use group::{ff::PrimeField, Curve}; + use halo2::arithmetic::{CurveAffine, CurveExt}; use halo2::pasta::pallas; #[test] @@ -93,11 +93,11 @@ mod tests { assert_eq!( *coords.x(), - pallas::Base::from_bytes(&Q_NOTE_COMMITMENT_M_GENERATOR.0).unwrap() + pallas::Base::from_repr(Q_NOTE_COMMITMENT_M_GENERATOR.0).unwrap() ); assert_eq!( *coords.y(), - pallas::Base::from_bytes(&Q_NOTE_COMMITMENT_M_GENERATOR.1).unwrap() + pallas::Base::from_repr(Q_NOTE_COMMITMENT_M_GENERATOR.1).unwrap() ); } @@ -109,11 +109,11 @@ mod tests { assert_eq!( *coords.x(), - pallas::Base::from_bytes(&Q_COMMIT_IVK_M_GENERATOR.0).unwrap() + pallas::Base::from_repr(Q_COMMIT_IVK_M_GENERATOR.0).unwrap() ); assert_eq!( *coords.y(), - pallas::Base::from_bytes(&Q_COMMIT_IVK_M_GENERATOR.1).unwrap() + pallas::Base::from_repr(Q_COMMIT_IVK_M_GENERATOR.1).unwrap() ); } @@ -125,18 +125,18 @@ mod tests { assert_eq!( *coords.x(), - pallas::Base::from_bytes(&Q_MERKLE_CRH.0).unwrap() + pallas::Base::from_repr(Q_MERKLE_CRH.0).unwrap() ); assert_eq!( *coords.y(), - pallas::Base::from_bytes(&Q_MERKLE_CRH.1).unwrap() + pallas::Base::from_repr(Q_MERKLE_CRH.1).unwrap() ); } #[test] fn inv_two_pow_k() { let two_pow_k = pallas::Base::from(1u64 << K); - let inv_two_pow_k = pallas::Base::from_bytes(&INV_TWO_POW_K).unwrap(); + let inv_two_pow_k = pallas::Base::from_repr(INV_TWO_POW_K).unwrap(); assert_eq!(two_pow_k * inv_two_pow_k, pallas::Base::one()); } diff --git a/src/spec.rs b/src/spec.rs index 264d2ffc..adb76bb2 100644 --- a/src/spec.rs +++ b/src/spec.rs @@ -70,11 +70,11 @@ impl ConditionallySelectable for NonZeroPallasBase { impl NonZeroPallasBase { pub(crate) fn from_bytes(bytes: &[u8; 32]) -> CtOption { - pallas::Base::from_bytes(bytes).and_then(NonZeroPallasBase::from_base) + pallas::Base::from_repr(*bytes).and_then(NonZeroPallasBase::from_base) } pub(crate) fn to_bytes(&self) -> [u8; 32] { - self.0.to_bytes() + self.0.to_repr() } pub(crate) fn from_base(b: pallas::Base) -> CtOption { @@ -116,7 +116,7 @@ impl ConditionallySelectable for NonZeroPallasScalar { impl NonZeroPallasScalar { pub(crate) fn from_bytes(bytes: &[u8; 32]) -> CtOption { - pallas::Scalar::from_bytes(bytes).and_then(NonZeroPallasScalar::from_scalar) + pallas::Scalar::from_repr(*bytes).and_then(NonZeroPallasScalar::from_scalar) } pub(crate) fn from_scalar(s: pallas::Scalar) -> CtOption { diff --git a/src/tree.rs b/src/tree.rs index 14948db3..e111ba26 100644 --- a/src/tree.rs +++ b/src/tree.rs @@ -9,7 +9,7 @@ use crate::{ primitives::sinsemilla::{i2lebsp_k, HashDomain}, }; use incrementalmerkletree::{Altitude, Hashable}; -use pasta_curves::{arithmetic::FieldExt, pallas}; +use pasta_curves::pallas; use ff::{Field, PrimeField, PrimeFieldBits}; use lazy_static::lazy_static; @@ -172,7 +172,7 @@ impl MerkleHashOrchard { /// Convert this digest to its canonical byte representation. pub fn to_bytes(&self) -> [u8; 32] { - self.0.to_bytes() + self.0.to_repr() } /// Parses a incremental tree leaf digest from the bytes of @@ -181,7 +181,7 @@ impl MerkleHashOrchard { /// Returns the empty `CtOption` if the provided bytes represent /// a non-canonical encoding. pub fn from_bytes(bytes: &[u8; 32]) -> CtOption { - pallas::Base::from_bytes(bytes).map(MerkleHashOrchard) + pallas::Base::from_repr(*bytes).map(MerkleHashOrchard) } } @@ -199,7 +199,7 @@ impl std::cmp::Eq for MerkleHashOrchard {} impl std::hash::Hash for MerkleHashOrchard { fn hash(&self, state: &mut H) { >::from(self.0) - .map(|b| b.to_bytes()) + .map(|b| b.to_repr()) .hash(state) } } @@ -275,7 +275,9 @@ pub mod testing { #[cfg(test)] use crate::tree::{MerkleHashOrchard, EMPTY_ROOTS}; #[cfg(test)] - use pasta_curves::{arithmetic::FieldExt, pallas}; + use group::ff::PrimeField; + #[cfg(test)] + use pasta_curves::pallas; #[cfg(test)] use std::convert::TryInto; @@ -296,7 +298,7 @@ pub mod testing { tree.append(&cmx); tree.witness(); - assert_eq!(tree.root().0, pallas::Base::from_bytes(&tv.root).unwrap()); + assert_eq!(tree.root().0, pallas::Base::from_repr(tv.root).unwrap()); // Check paths for all leaves up to this point. The test vectors include paths // for not-yet-appended leaves (using UNCOMMITTED_ORCHARD as the leaf value), @@ -327,7 +329,7 @@ pub mod testing { assert_eq!( MerkleHashOrchard::empty_root(Altitude::from(altitude as u8)) .0 - .to_bytes(), + .to_repr(), *tv_root, "Empty root mismatch at altitude {}", altitude @@ -378,12 +380,9 @@ pub mod testing { let mut frontier = BridgeFrontier::::empty(); for commitment in commitments.iter() { - let cmx = MerkleHashOrchard(pallas::Base::from_bytes(commitment).unwrap()); + let cmx = MerkleHashOrchard(pallas::Base::from_repr(*commitment).unwrap()); frontier.append(&cmx); } - assert_eq!( - frontier.root().0, - pallas::Base::from_bytes(&anchor).unwrap() - ); + assert_eq!(frontier.root().0, pallas::Base::from_repr(anchor).unwrap()); } }