From 311190c2d6f067a32148261c603474696dc47ff6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 10 May 2022 20:53:49 +0000 Subject: [PATCH] Migrate to final `halo2_gadgets` pre-release revision Includes API changes made in zcash/halo2#573. --- Cargo.toml | 4 +- src/circuit.rs | 70 ++++++++++++++++------ src/circuit/commit_ivk.rs | 19 ++++-- src/circuit/gadget.rs | 16 ++--- src/circuit/note_commit.rs | 12 ++-- src/constants/fixed_bases/commit_ivk_r.rs | 2 +- src/constants/fixed_bases/note_commit_r.rs | 2 +- src/constants/sinsemilla.rs | 2 +- src/note/commitment.rs | 2 +- src/spec.rs | 2 +- src/tree.rs | 3 +- 11 files changed, 89 insertions(+), 45 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ea6e842d..e25f703b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -83,7 +83,7 @@ debug = true debug = true [patch.crates-io] -halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "30f92f3f4b785ea2a32392bf65c1b08f0411567c" } -halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "30f92f3f4b785ea2a32392bf65c1b08f0411567c" } +halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "50921f95f7d4edf48f79ffba3b892a983d91ed7f" } +halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "50921f95f7d4edf48f79ffba3b892a983d91ed7f" } incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "f23e3d89507849a24543121839eea6f40b141aff" } reddsa = { git = "https://github.com/ZcashFoundation/reddsa.git", rev = "0e912de3000fe165daf58ad98d1a22f1a66e7f18" } diff --git a/src/circuit.rs b/src/circuit.rs index 4bc1bc21..a64188fa 100644 --- a/src/circuit.rs +++ b/src/circuit.rs @@ -45,10 +45,9 @@ use crate::{ use halo2_gadgets::{ ecc::{ chip::{EccChip, EccConfig}, - FixedPoint, NonIdentityPoint, Point, ScalarVar, + FixedPoint, NonIdentityPoint, Point, ScalarFixed, ScalarFixedShort, ScalarVar, }, - poseidon::{Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig}, - primitives::poseidon, + poseidon::{primitives as poseidon, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig}, sinsemilla::{ chip::{SinsemillaChip, SinsemillaConfig}, merkle::{ @@ -396,8 +395,7 @@ impl plonk::Circuit for Circuit { .path .map(|typed_path| typed_path.map(|node| node.inner())); let merkle_inputs = MerklePath::construct( - config.merkle_chip_1(), - config.merkle_chip_2(), + [config.merkle_chip_1(), config.merkle_chip_2()], OrchardHashDomains::MerkleCrh, self.pos, path, @@ -407,9 +405,9 @@ impl plonk::Circuit for Circuit { }; // Value commitment integrity. - let v_net = { + let v_net_magnitude_sign = { // Witness the magnitude and sign of v_net = v_old - v_new - let v_net = { + let v_net_magnitude_sign = { let magnitude_sign = self.v_old.zip(self.v_new).map(|(v_old, v_new)| { let v_net = v_old - v_new; let (magnitude, sign) = v_net.magnitude_sign(); @@ -438,18 +436,30 @@ impl plonk::Circuit for Circuit { (magnitude, sign) }; + let v_net = ScalarFixedShort::new( + ecc_chip.clone(), + layouter.namespace(|| "v_net"), + v_net_magnitude_sign.clone(), + )?; + let rcv = ScalarFixed::new( + ecc_chip.clone(), + layouter.namespace(|| "rcv"), + self.rcv.as_ref().map(|rcv| rcv.inner()), + )?; + let cv_net = gadget::value_commit_orchard( layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"), ecc_chip.clone(), - v_net.clone(), - self.rcv.as_ref().map(|rcv| rcv.inner()), + v_net, + rcv, )?; // Constrain cv_net to equal public input layouter.constrain_instance(cv_net.inner().x().cell(), config.primary, CV_NET_X)?; layouter.constrain_instance(cv_net.inner().y().cell(), config.primary, CV_NET_Y)?; - v_net + // Return the magnitude and sign so we can use them in the Orchard gate. + v_net_magnitude_sign }; // Nullifier integrity @@ -473,11 +483,14 @@ impl plonk::Circuit for Circuit { // Spend authority { + let alpha = + ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "alpha"), self.alpha)?; + // alpha_commitment = [alpha] SpendAuthG let (alpha_commitment, _) = { let spend_auth_g = OrchardFixedBasesFull::SpendAuthG; let spend_auth_g = FixedPoint::from_inner(ecc_chip.clone(), spend_auth_g); - spend_auth_g.mul(layouter.namespace(|| "[alpha] SpendAuthG"), self.alpha)? + spend_auth_g.mul(layouter.namespace(|| "[alpha] SpendAuthG"), alpha)? }; // [alpha] SpendAuthG + ak_P @@ -492,7 +505,11 @@ impl plonk::Circuit for Circuit { let pk_d_old = { let ivk = { let ak = ak_P.extract_p().inner().clone(); - let rivk = self.rivk.map(|rivk| rivk.inner()); + let rivk = ScalarFixed::new( + ecc_chip.clone(), + layouter.namespace(|| "rcv"), + self.rivk.map(|rivk| rivk.inner()), + )?; gadget::commit_ivk( config.sinsemilla_chip_1(), @@ -532,7 +549,11 @@ impl plonk::Circuit for Circuit { // Old note commitment integrity. { - let rcm_old = self.rcm_old.as_ref().map(|rcm_old| rcm_old.inner()); + let rcm_old = ScalarFixed::new( + ecc_chip.clone(), + layouter.namespace(|| "rcm_old"), + self.rcm_old.as_ref().map(|rcm_old| rcm_old.inner()), + )?; // g★_d || pk★_d || i2lebsp_{64}(v) || i2lebsp_{255}(rho) || i2lebsp_{255}(psi) let derived_cm_old = gadget::note_commit( @@ -570,7 +591,7 @@ impl plonk::Circuit for Circuit { let pk_d_new = { let pk_d_new = self.pk_d_new.map(|pk_d_new| pk_d_new.inner().to_affine()); NonIdentityPoint::new( - ecc_chip, + ecc_chip.clone(), layouter.namespace(|| "witness pk_d_new"), pk_d_new, )? @@ -586,7 +607,11 @@ impl plonk::Circuit for Circuit { self.psi_new, )?; - let rcm_new = self.rcm_new.as_ref().map(|rcm_new| rcm_new.inner()); + let rcm_new = ScalarFixed::new( + ecc_chip, + layouter.namespace(|| "rcm_old"), + self.rcm_new.as_ref().map(|rcm_new| rcm_new.inner()), + )?; // g★_d || pk★_d || i2lebsp_{64}(v) || i2lebsp_{255}(rho) || i2lebsp_{255}(psi) let cm_new = gadget::note_commit( @@ -616,9 +641,18 @@ impl plonk::Circuit for Circuit { |mut region| { v_old.copy_advice(|| "v_old", &mut region, config.advices[0], 0)?; v_new.copy_advice(|| "v_new", &mut region, config.advices[1], 0)?; - let (magnitude, sign) = v_net.clone(); - magnitude.copy_advice(|| "v_net magnitude", &mut region, config.advices[2], 0)?; - sign.copy_advice(|| "v_net sign", &mut region, config.advices[3], 0)?; + v_net_magnitude_sign.0.copy_advice( + || "v_net magnitude", + &mut region, + config.advices[2], + 0, + )?; + v_net_magnitude_sign.1.copy_advice( + || "v_net sign", + &mut region, + config.advices[3], + 0, + )?; root.copy_advice(|| "calculated root", &mut region, config.advices[4], 0)?; region.assign_advice_from_instance( diff --git a/src/circuit/commit_ivk.rs b/src/circuit/commit_ivk.rs index dfa50df1..2bee762f 100644 --- a/src/circuit/commit_ivk.rs +++ b/src/circuit/commit_ivk.rs @@ -9,7 +9,7 @@ use pasta_curves::{arithmetic::FieldExt, pallas}; use crate::constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains, T_P}; use halo2_gadgets::{ - ecc::{chip::EccChip, X}, + ecc::{chip::EccChip, ScalarFixed, X}, sinsemilla::{chip::SinsemillaChip, CommitDomain, Message, MessagePiece}, utilities::{bool_check, RangeConstrained}, }; @@ -243,7 +243,7 @@ pub(in crate::circuit) mod gadgets { mut layouter: impl Layouter, ak: AssignedCell, nk: AssignedCell, - rivk: Option, + rivk: ScalarFixed>, ) -> Result>, Error> { let lookup_config = sinsemilla_chip.config().lookup_config(); @@ -654,9 +654,14 @@ mod tests { }; use group::ff::{Field, PrimeFieldBits}; use halo2_gadgets::{ - ecc::chip::{EccChip, EccConfig}, - primitives::sinsemilla::CommitDomain, - sinsemilla::chip::{SinsemillaChip, SinsemillaConfig}, + ecc::{ + chip::{EccChip, EccConfig}, + ScalarFixed, + }, + sinsemilla::{ + chip::{SinsemillaChip, SinsemillaConfig}, + primitives::CommitDomain, + }, utilities::{lookup_range_check::LookupRangeCheckConfig, UtilitiesInstructions}, }; use halo2_proofs::{ @@ -789,6 +794,8 @@ mod tests { // Use a random scalar for rivk let rivk = pallas::Scalar::random(OsRng); + let rivk_gadget = + ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "rivk"), Some(rivk))?; let ivk = gadgets::commit_ivk( sinsemilla_chip, @@ -797,7 +804,7 @@ mod tests { layouter.namespace(|| "CommitIvk"), ak, nk, - Some(rivk), + rivk_gadget, )?; let expected_ivk = { diff --git a/src/circuit/gadget.rs b/src/circuit/gadget.rs index 522e2a65..7fa52ecd 100644 --- a/src/circuit/gadget.rs +++ b/src/circuit/gadget.rs @@ -10,10 +10,13 @@ use crate::constants::{ }; use halo2_gadgets::{ ecc::{ - chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point, X, + chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point, + ScalarFixed, ScalarFixedShort, X, + }, + poseidon::{ + primitives::{self as poseidon, ConstantLength}, + Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip, }, - poseidon::{Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip}, - primitives::poseidon::{self, ConstantLength}, sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip}, }; use halo2_proofs::{ @@ -123,11 +126,8 @@ pub(in crate::circuit) fn value_commit_orchard< >( mut layouter: impl Layouter, ecc_chip: EccChip, - v: ( - AssignedCell, - AssignedCell, - ), - rcv: Option, + v: ScalarFixedShort, + rcv: ScalarFixed, ) -> Result, plonk::Error> { // commitment = [v] ValueCommitV let (commitment, _) = { diff --git a/src/circuit/note_commit.rs b/src/circuit/note_commit.rs index 63b1fcd1..d2a27adf 100644 --- a/src/circuit/note_commit.rs +++ b/src/circuit/note_commit.rs @@ -14,7 +14,7 @@ use crate::{ use halo2_gadgets::{ ecc::{ chip::{EccChip, NonIdentityEccPoint}, - Point, + Point, ScalarFixed, }, sinsemilla::{ chip::{SinsemillaChip, SinsemillaConfig}, @@ -1581,7 +1581,7 @@ pub(in crate::circuit) mod gadgets { value: AssignedCell, rho: AssignedCell, psi: AssignedCell, - rcm: Option, + rcm: ScalarFixed>, ) -> Result>, Error> { let lookup_config = chip.config().lookup_config(); @@ -2020,10 +2020,10 @@ mod tests { use halo2_gadgets::{ ecc::{ chip::{EccChip, EccConfig}, - NonIdentityPoint, + NonIdentityPoint, ScalarFixed, }, - primitives::sinsemilla::CommitDomain, sinsemilla::chip::SinsemillaChip, + sinsemilla::primitives::CommitDomain, utilities::lookup_range_check::LookupRangeCheckConfig, }; @@ -2215,6 +2215,8 @@ mod tests { )?; let rcm = pallas::Scalar::random(OsRng); + let rcm_gadget = + ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "rcm"), Some(rcm))?; let cm = gadgets::note_commit( layouter.namespace(|| "Hash NoteCommit pieces"), @@ -2226,7 +2228,7 @@ mod tests { value_var, rho, psi, - Some(rcm), + rcm_gadget, )?; let expected_cm = { let domain = CommitDomain::new(NOTE_COMMITMENT_PERSONALIZATION); diff --git a/src/constants/fixed_bases/commit_ivk_r.rs b/src/constants/fixed_bases/commit_ivk_r.rs index 38a47b4c..27b3dcca 100644 --- a/src/constants/fixed_bases/commit_ivk_r.rs +++ b/src/constants/fixed_bases/commit_ivk_r.rs @@ -2933,7 +2933,7 @@ mod tests { use group::Curve; use halo2_gadgets::{ ecc::chip::constants::{test_lagrange_coeffs, test_zs_and_us}, - primitives::sinsemilla::CommitDomain, + sinsemilla::primitives::CommitDomain, }; use pasta_curves::{arithmetic::CurveAffine, pallas}; diff --git a/src/constants/fixed_bases/note_commit_r.rs b/src/constants/fixed_bases/note_commit_r.rs index a35a2a37..436a2623 100644 --- a/src/constants/fixed_bases/note_commit_r.rs +++ b/src/constants/fixed_bases/note_commit_r.rs @@ -2932,7 +2932,7 @@ mod tests { use super::*; use halo2_gadgets::{ ecc::chip::constants::{test_lagrange_coeffs, test_zs_and_us}, - primitives::sinsemilla::CommitDomain, + sinsemilla::primitives::CommitDomain, }; use group::Curve; diff --git a/src/constants/sinsemilla.rs b/src/constants/sinsemilla.rs index 59831e38..f6c6ffba 100644 --- a/src/constants/sinsemilla.rs +++ b/src/constants/sinsemilla.rs @@ -135,7 +135,7 @@ mod tests { sinsemilla::MERKLE_CRH_PERSONALIZATION, }; use group::{ff::PrimeField, Curve}; - use halo2_gadgets::primitives::sinsemilla::{CommitDomain, HashDomain}; + use halo2_gadgets::sinsemilla::primitives::{CommitDomain, HashDomain}; use halo2_proofs::arithmetic::CurveAffine; use halo2_proofs::pasta::pallas; use rand::{self, rngs::OsRng, Rng}; diff --git a/src/note/commitment.rs b/src/note/commitment.rs index f4133eba..9de51d28 100644 --- a/src/note/commitment.rs +++ b/src/note/commitment.rs @@ -2,6 +2,7 @@ use core::iter; use bitvec::{array::BitArray, order::Lsb0}; use group::ff::{PrimeField, PrimeFieldBits}; +use halo2_gadgets::sinsemilla::primitives as sinsemilla; use pasta_curves::pallas; use subtle::{ConstantTimeEq, CtOption}; @@ -10,7 +11,6 @@ use crate::{ spec::extract_p, value::NoteValue, }; -use halo2_gadgets::primitives::sinsemilla; #[derive(Clone, Debug)] pub(crate) struct NoteCommitTrapdoor(pub(super) pallas::Scalar); diff --git a/src/spec.rs b/src/spec.rs index 652d9d19..67f7a7c4 100644 --- a/src/spec.rs +++ b/src/spec.rs @@ -6,7 +6,7 @@ use core::ops::Deref; use ff::{Field, PrimeField, PrimeFieldBits}; use group::GroupEncoding; use group::{Curve, Group}; -use halo2_gadgets::primitives::{poseidon, sinsemilla}; +use halo2_gadgets::{poseidon::primitives as poseidon, sinsemilla::primitives as sinsemilla}; use halo2_proofs::arithmetic::{CurveAffine, CurveExt, FieldExt}; use pasta_curves::pallas; use subtle::{ConditionallySelectable, CtOption}; diff --git a/src/tree.rs b/src/tree.rs index 96cf1f54..c2854200 100644 --- a/src/tree.rs +++ b/src/tree.rs @@ -9,7 +9,8 @@ use crate::{ }, note::commitment::ExtractedNoteCommitment, }; -use halo2_gadgets::primitives::sinsemilla::HashDomain; + +use halo2_gadgets::sinsemilla::primitives::HashDomain; use incrementalmerkletree::{Altitude, Hashable}; use pasta_curves::pallas;