zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Migrate to final `halo2_gadgets` pre-release revision 

Includes API changes made in zcash/halo2#573.
This commit is contained in:
Jack Grigg 2022-05-10 20:53:49 +00:00
parent b1a5c1a635
commit 311190c2d6
11 changed files with 89 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.toml
View File

@ -83,7 +83,7 @@ debug = true
debug = true
[patch.crates-io]
halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "30f92f3f4b785ea2a32392bf65c1b08f0411567c" }
halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "30f92f3f4b785ea2a32392bf65c1b08f0411567c" }
halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "50921f95f7d4edf48f79ffba3b892a983d91ed7f" }
halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "50921f95f7d4edf48f79ffba3b892a983d91ed7f" }
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "f23e3d89507849a24543121839eea6f40b141aff" }
reddsa = { git = "https://github.com/ZcashFoundation/reddsa.git", rev = "0e912de3000fe165daf58ad98d1a22f1a66e7f18" }

70
src/circuit.rs
View File

@ -45,10 +45,9 @@ use crate::{
use halo2_gadgets::{
ecc::{
chip::{EccChip, EccConfig},
FixedPoint, NonIdentityPoint, Point, ScalarVar,
FixedPoint, NonIdentityPoint, Point, ScalarFixed, ScalarFixedShort, ScalarVar,
},
poseidon::{Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
primitives::poseidon,
poseidon::{primitives as poseidon, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
sinsemilla::{
chip::{SinsemillaChip, SinsemillaConfig},
merkle::{
@ -396,8 +395,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
.path
.map(|typed_path| typed_path.map(|node| node.inner()));
let merkle_inputs = MerklePath::construct(
config.merkle_chip_1(),
config.merkle_chip_2(),
[config.merkle_chip_1(), config.merkle_chip_2()],
OrchardHashDomains::MerkleCrh,
self.pos,
path,
@ -407,9 +405,9 @@ impl plonk::Circuit<pallas::Base> for Circuit {
};
// Value commitment integrity.
let v_net = {
let v_net_magnitude_sign = {
// Witness the magnitude and sign of v_net = v_old - v_new
let v_net = {
let v_net_magnitude_sign = {
let magnitude_sign = self.v_old.zip(self.v_new).map(|(v_old, v_new)| {
let v_net = v_old - v_new;
let (magnitude, sign) = v_net.magnitude_sign();
@ -438,18 +436,30 @@ impl plonk::Circuit<pallas::Base> for Circuit {
(magnitude, sign)
};
let v_net = ScalarFixedShort::new(
ecc_chip.clone(),
layouter.namespace(|| "v_net"),
v_net_magnitude_sign.clone(),
)?;
let rcv = ScalarFixed::new(
ecc_chip.clone(),
layouter.namespace(|| "rcv"),
self.rcv.as_ref().map(|rcv| rcv.inner()),
)?;
let cv_net = gadget::value_commit_orchard(
layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"),
ecc_chip.clone(),
v_net.clone(),
self.rcv.as_ref().map(|rcv| rcv.inner()),
v_net,
rcv,
)?;
// Constrain cv_net to equal public input
layouter.constrain_instance(cv_net.inner().x().cell(), config.primary, CV_NET_X)?;
layouter.constrain_instance(cv_net.inner().y().cell(), config.primary, CV_NET_Y)?;
v_net
// Return the magnitude and sign so we can use them in the Orchard gate.
v_net_magnitude_sign
};
// Nullifier integrity
@ -473,11 +483,14 @@ impl plonk::Circuit<pallas::Base> for Circuit {
// Spend authority
{
let alpha =
ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "alpha"), self.alpha)?;
// alpha_commitment = [alpha] SpendAuthG
let (alpha_commitment, _) = {
let spend_auth_g = OrchardFixedBasesFull::SpendAuthG;
let spend_auth_g = FixedPoint::from_inner(ecc_chip.clone(), spend_auth_g);
spend_auth_g.mul(layouter.namespace(|| "[alpha] SpendAuthG"), self.alpha)?
spend_auth_g.mul(layouter.namespace(|| "[alpha] SpendAuthG"), alpha)?
};
// [alpha] SpendAuthG + ak_P
@ -492,7 +505,11 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let pk_d_old = {
let ivk = {
let ak = ak_P.extract_p().inner().clone();
let rivk = self.rivk.map(|rivk| rivk.inner());
let rivk = ScalarFixed::new(
ecc_chip.clone(),
layouter.namespace(|| "rcv"),
self.rivk.map(|rivk| rivk.inner()),
)?;
gadget::commit_ivk(
config.sinsemilla_chip_1(),
@ -532,7 +549,11 @@ impl plonk::Circuit<pallas::Base> for Circuit {
// Old note commitment integrity.
{
let rcm_old = self.rcm_old.as_ref().map(|rcm_old| rcm_old.inner());
let rcm_old = ScalarFixed::new(
ecc_chip.clone(),
layouter.namespace(|| "rcm_old"),
self.rcm_old.as_ref().map(|rcm_old| rcm_old.inner()),
)?;
// g★_d || pk★_d || i2lebsp_{64}(v) || i2lebsp_{255}(rho) || i2lebsp_{255}(psi)
let derived_cm_old = gadget::note_commit(
@ -570,7 +591,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let pk_d_new = {
let pk_d_new = self.pk_d_new.map(|pk_d_new| pk_d_new.inner().to_affine());
NonIdentityPoint::new(
ecc_chip,
ecc_chip.clone(),
layouter.namespace(|| "witness pk_d_new"),
pk_d_new,
)?
@ -586,7 +607,11 @@ impl plonk::Circuit<pallas::Base> for Circuit {
self.psi_new,
)?;
let rcm_new = self.rcm_new.as_ref().map(|rcm_new| rcm_new.inner());
let rcm_new = ScalarFixed::new(
ecc_chip,
layouter.namespace(|| "rcm_old"),
self.rcm_new.as_ref().map(|rcm_new| rcm_new.inner()),
)?;
// g★_d || pk★_d || i2lebsp_{64}(v) || i2lebsp_{255}(rho) || i2lebsp_{255}(psi)
let cm_new = gadget::note_commit(
@ -616,9 +641,18 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|mut region| {
v_old.copy_advice(|| "v_old", &mut region, config.advices[0], 0)?;
v_new.copy_advice(|| "v_new", &mut region, config.advices[1], 0)?;
let (magnitude, sign) = v_net.clone();
magnitude.copy_advice(|| "v_net magnitude", &mut region, config.advices[2], 0)?;
sign.copy_advice(|| "v_net sign", &mut region, config.advices[3], 0)?;
v_net_magnitude_sign.0.copy_advice(
|| "v_net magnitude",
&mut region,
config.advices[2],
0,
)?;
v_net_magnitude_sign.1.copy_advice(
|| "v_net sign",
&mut region,
config.advices[3],
0,
)?;
root.copy_advice(|| "calculated root", &mut region, config.advices[4], 0)?;
region.assign_advice_from_instance(

19
src/circuit/commit_ivk.rs
View File

@ -9,7 +9,7 @@ use pasta_curves::{arithmetic::FieldExt, pallas};
use crate::constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains, T_P};
use halo2_gadgets::{
ecc::{chip::EccChip, X},
ecc::{chip::EccChip, ScalarFixed, X},
sinsemilla::{chip::SinsemillaChip, CommitDomain, Message, MessagePiece},
utilities::{bool_check, RangeConstrained},
};
@ -243,7 +243,7 @@ pub(in crate::circuit) mod gadgets {
mut layouter: impl Layouter<pallas::Base>,
ak: AssignedCell<pallas::Base, pallas::Base>,
nk: AssignedCell<pallas::Base, pallas::Base>,
rivk: Option<pallas::Scalar>,
rivk: ScalarFixed<pallas::Affine, EccChip<OrchardFixedBases>>,
) -> Result<X<pallas::Affine, EccChip<OrchardFixedBases>>, Error> {
let lookup_config = sinsemilla_chip.config().lookup_config();
@ -654,9 +654,14 @@ mod tests {
};
use group::ff::{Field, PrimeFieldBits};
use halo2_gadgets::{
ecc::chip::{EccChip, EccConfig},
primitives::sinsemilla::CommitDomain,
sinsemilla::chip::{SinsemillaChip, SinsemillaConfig},
ecc::{
chip::{EccChip, EccConfig},
ScalarFixed,
},
sinsemilla::{
chip::{SinsemillaChip, SinsemillaConfig},
primitives::CommitDomain,
},
utilities::{lookup_range_check::LookupRangeCheckConfig, UtilitiesInstructions},
};
use halo2_proofs::{
@ -789,6 +794,8 @@ mod tests {
// Use a random scalar for rivk
let rivk = pallas::Scalar::random(OsRng);
let rivk_gadget =
ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "rivk"), Some(rivk))?;
let ivk = gadgets::commit_ivk(
sinsemilla_chip,
@ -797,7 +804,7 @@ mod tests {
layouter.namespace(|| "CommitIvk"),
ak,
nk,
Some(rivk),
rivk_gadget,
)?;
let expected_ivk = {

16
src/circuit/gadget.rs
View File

@ -10,10 +10,13 @@ use crate::constants::{
};
use halo2_gadgets::{
ecc::{
chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point, X,
chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point,
ScalarFixed, ScalarFixedShort, X,
},
poseidon::{
primitives::{self as poseidon, ConstantLength},
Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip,
},
poseidon::{Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip},
primitives::poseidon::{self, ConstantLength},
sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
};
use halo2_proofs::{
@ -123,11 +126,8 @@ pub(in crate::circuit) fn value_commit_orchard<
>(
mut layouter: impl Layouter<pallas::Base>,
ecc_chip: EccChip,
v: (
AssignedCell<pallas::Base, pallas::Base>,
AssignedCell<pallas::Base, pallas::Base>,
),
rcv: Option<pallas::Scalar>,
v: ScalarFixedShort<pallas::Affine, EccChip>,
rcv: ScalarFixed<pallas::Affine, EccChip>,
) -> Result<Point<pallas::Affine, EccChip>, plonk::Error> {
// commitment = [v] ValueCommitV
let (commitment, _) = {

12
src/circuit/note_commit.rs
View File

@ -14,7 +14,7 @@ use crate::{
use halo2_gadgets::{
ecc::{
chip::{EccChip, NonIdentityEccPoint},
Point,
Point, ScalarFixed,
},
sinsemilla::{
chip::{SinsemillaChip, SinsemillaConfig},
@ -1581,7 +1581,7 @@ pub(in crate::circuit) mod gadgets {
value: AssignedCell<NoteValue, pallas::Base>,
rho: AssignedCell<pallas::Base, pallas::Base>,
psi: AssignedCell<pallas::Base, pallas::Base>,
rcm: Option<pallas::Scalar>,
rcm: ScalarFixed<pallas::Affine, EccChip<OrchardFixedBases>>,
) -> Result<Point<pallas::Affine, EccChip<OrchardFixedBases>>, Error> {
let lookup_config = chip.config().lookup_config();
@ -2020,10 +2020,10 @@ mod tests {
use halo2_gadgets::{
ecc::{
chip::{EccChip, EccConfig},
NonIdentityPoint,
NonIdentityPoint, ScalarFixed,
},
primitives::sinsemilla::CommitDomain,
sinsemilla::chip::SinsemillaChip,
sinsemilla::primitives::CommitDomain,
utilities::lookup_range_check::LookupRangeCheckConfig,
};
@ -2215,6 +2215,8 @@ mod tests {
)?;
let rcm = pallas::Scalar::random(OsRng);
let rcm_gadget =
ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "rcm"), Some(rcm))?;
let cm = gadgets::note_commit(
layouter.namespace(|| "Hash NoteCommit pieces"),
@ -2226,7 +2228,7 @@ mod tests {
value_var,
rho,
psi,
Some(rcm),
rcm_gadget,
)?;
let expected_cm = {
let domain = CommitDomain::new(NOTE_COMMITMENT_PERSONALIZATION);

2
src/constants/fixed_bases/commit_ivk_r.rs
View File

@ -2933,7 +2933,7 @@ mod tests {
use group::Curve;
use halo2_gadgets::{
ecc::chip::constants::{test_lagrange_coeffs, test_zs_and_us},
primitives::sinsemilla::CommitDomain,
sinsemilla::primitives::CommitDomain,
};
use pasta_curves::{arithmetic::CurveAffine, pallas};

2
src/constants/fixed_bases/note_commit_r.rs
View File

@ -2932,7 +2932,7 @@ mod tests {
use super::*;
use halo2_gadgets::{
ecc::chip::constants::{test_lagrange_coeffs, test_zs_and_us},
primitives::sinsemilla::CommitDomain,
sinsemilla::primitives::CommitDomain,
};
use group::Curve;

2
src/constants/sinsemilla.rs
View File

@ -135,7 +135,7 @@ mod tests {
sinsemilla::MERKLE_CRH_PERSONALIZATION,
};
use group::{ff::PrimeField, Curve};
use halo2_gadgets::primitives::sinsemilla::{CommitDomain, HashDomain};
use halo2_gadgets::sinsemilla::primitives::{CommitDomain, HashDomain};
use halo2_proofs::arithmetic::CurveAffine;
use halo2_proofs::pasta::pallas;
use rand::{self, rngs::OsRng, Rng};

2
src/note/commitment.rs
View File

@ -2,6 +2,7 @@ use core::iter;
use bitvec::{array::BitArray, order::Lsb0};
use group::ff::{PrimeField, PrimeFieldBits};
use halo2_gadgets::sinsemilla::primitives as sinsemilla;
use pasta_curves::pallas;
use subtle::{ConstantTimeEq, CtOption};
@ -10,7 +11,6 @@ use crate::{
spec::extract_p,
value::NoteValue,
};
use halo2_gadgets::primitives::sinsemilla;
#[derive(Clone, Debug)]
pub(crate) struct NoteCommitTrapdoor(pub(super) pallas::Scalar);

2
src/spec.rs
View File

@ -6,7 +6,7 @@ use core::ops::Deref;
use ff::{Field, PrimeField, PrimeFieldBits};
use group::GroupEncoding;
use group::{Curve, Group};
use halo2_gadgets::primitives::{poseidon, sinsemilla};
use halo2_gadgets::{poseidon::primitives as poseidon, sinsemilla::primitives as sinsemilla};
use halo2_proofs::arithmetic::{CurveAffine, CurveExt, FieldExt};
use pasta_curves::pallas;
use subtle::{ConditionallySelectable, CtOption};

3
src/tree.rs
View File

@ -9,7 +9,8 @@ use crate::{
},
note::commitment::ExtractedNoteCommitment,
};
use halo2_gadgets::primitives::sinsemilla::HashDomain;
use halo2_gadgets::sinsemilla::primitives::HashDomain;
use incrementalmerkletree::{Altitude, Hashable};
use pasta_curves::pallas;