mirror of https://github.com/zcash/orchard.git
Migrate to final `halo2_gadgets` pre-release revision
Includes API changes made in zcash/halo2#573.
This commit is contained in:
parent
b1a5c1a635
commit
311190c2d6
|
@ -83,7 +83,7 @@ debug = true
|
|||
debug = true
|
||||
|
||||
[patch.crates-io]
|
||||
halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "30f92f3f4b785ea2a32392bf65c1b08f0411567c" }
|
||||
halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "30f92f3f4b785ea2a32392bf65c1b08f0411567c" }
|
||||
halo2_gadgets = { git = "https://github.com/zcash/halo2.git", rev = "50921f95f7d4edf48f79ffba3b892a983d91ed7f" }
|
||||
halo2_proofs = { git = "https://github.com/zcash/halo2.git", rev = "50921f95f7d4edf48f79ffba3b892a983d91ed7f" }
|
||||
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "f23e3d89507849a24543121839eea6f40b141aff" }
|
||||
reddsa = { git = "https://github.com/ZcashFoundation/reddsa.git", rev = "0e912de3000fe165daf58ad98d1a22f1a66e7f18" }
|
||||
|
|
|
@ -45,10 +45,9 @@ use crate::{
|
|||
use halo2_gadgets::{
|
||||
ecc::{
|
||||
chip::{EccChip, EccConfig},
|
||||
FixedPoint, NonIdentityPoint, Point, ScalarVar,
|
||||
FixedPoint, NonIdentityPoint, Point, ScalarFixed, ScalarFixedShort, ScalarVar,
|
||||
},
|
||||
poseidon::{Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
|
||||
primitives::poseidon,
|
||||
poseidon::{primitives as poseidon, Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
|
||||
sinsemilla::{
|
||||
chip::{SinsemillaChip, SinsemillaConfig},
|
||||
merkle::{
|
||||
|
@ -396,8 +395,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
.path
|
||||
.map(|typed_path| typed_path.map(|node| node.inner()));
|
||||
let merkle_inputs = MerklePath::construct(
|
||||
config.merkle_chip_1(),
|
||||
config.merkle_chip_2(),
|
||||
[config.merkle_chip_1(), config.merkle_chip_2()],
|
||||
OrchardHashDomains::MerkleCrh,
|
||||
self.pos,
|
||||
path,
|
||||
|
@ -407,9 +405,9 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
};
|
||||
|
||||
// Value commitment integrity.
|
||||
let v_net = {
|
||||
let v_net_magnitude_sign = {
|
||||
// Witness the magnitude and sign of v_net = v_old - v_new
|
||||
let v_net = {
|
||||
let v_net_magnitude_sign = {
|
||||
let magnitude_sign = self.v_old.zip(self.v_new).map(|(v_old, v_new)| {
|
||||
let v_net = v_old - v_new;
|
||||
let (magnitude, sign) = v_net.magnitude_sign();
|
||||
|
@ -438,18 +436,30 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
(magnitude, sign)
|
||||
};
|
||||
|
||||
let v_net = ScalarFixedShort::new(
|
||||
ecc_chip.clone(),
|
||||
layouter.namespace(|| "v_net"),
|
||||
v_net_magnitude_sign.clone(),
|
||||
)?;
|
||||
let rcv = ScalarFixed::new(
|
||||
ecc_chip.clone(),
|
||||
layouter.namespace(|| "rcv"),
|
||||
self.rcv.as_ref().map(|rcv| rcv.inner()),
|
||||
)?;
|
||||
|
||||
let cv_net = gadget::value_commit_orchard(
|
||||
layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"),
|
||||
ecc_chip.clone(),
|
||||
v_net.clone(),
|
||||
self.rcv.as_ref().map(|rcv| rcv.inner()),
|
||||
v_net,
|
||||
rcv,
|
||||
)?;
|
||||
|
||||
// Constrain cv_net to equal public input
|
||||
layouter.constrain_instance(cv_net.inner().x().cell(), config.primary, CV_NET_X)?;
|
||||
layouter.constrain_instance(cv_net.inner().y().cell(), config.primary, CV_NET_Y)?;
|
||||
|
||||
v_net
|
||||
// Return the magnitude and sign so we can use them in the Orchard gate.
|
||||
v_net_magnitude_sign
|
||||
};
|
||||
|
||||
// Nullifier integrity
|
||||
|
@ -473,11 +483,14 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
|
||||
// Spend authority
|
||||
{
|
||||
let alpha =
|
||||
ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "alpha"), self.alpha)?;
|
||||
|
||||
// alpha_commitment = [alpha] SpendAuthG
|
||||
let (alpha_commitment, _) = {
|
||||
let spend_auth_g = OrchardFixedBasesFull::SpendAuthG;
|
||||
let spend_auth_g = FixedPoint::from_inner(ecc_chip.clone(), spend_auth_g);
|
||||
spend_auth_g.mul(layouter.namespace(|| "[alpha] SpendAuthG"), self.alpha)?
|
||||
spend_auth_g.mul(layouter.namespace(|| "[alpha] SpendAuthG"), alpha)?
|
||||
};
|
||||
|
||||
// [alpha] SpendAuthG + ak_P
|
||||
|
@ -492,7 +505,11 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
let pk_d_old = {
|
||||
let ivk = {
|
||||
let ak = ak_P.extract_p().inner().clone();
|
||||
let rivk = self.rivk.map(|rivk| rivk.inner());
|
||||
let rivk = ScalarFixed::new(
|
||||
ecc_chip.clone(),
|
||||
layouter.namespace(|| "rcv"),
|
||||
self.rivk.map(|rivk| rivk.inner()),
|
||||
)?;
|
||||
|
||||
gadget::commit_ivk(
|
||||
config.sinsemilla_chip_1(),
|
||||
|
@ -532,7 +549,11 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
|
||||
// Old note commitment integrity.
|
||||
{
|
||||
let rcm_old = self.rcm_old.as_ref().map(|rcm_old| rcm_old.inner());
|
||||
let rcm_old = ScalarFixed::new(
|
||||
ecc_chip.clone(),
|
||||
layouter.namespace(|| "rcm_old"),
|
||||
self.rcm_old.as_ref().map(|rcm_old| rcm_old.inner()),
|
||||
)?;
|
||||
|
||||
// g★_d || pk★_d || i2lebsp_{64}(v) || i2lebsp_{255}(rho) || i2lebsp_{255}(psi)
|
||||
let derived_cm_old = gadget::note_commit(
|
||||
|
@ -570,7 +591,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
let pk_d_new = {
|
||||
let pk_d_new = self.pk_d_new.map(|pk_d_new| pk_d_new.inner().to_affine());
|
||||
NonIdentityPoint::new(
|
||||
ecc_chip,
|
||||
ecc_chip.clone(),
|
||||
layouter.namespace(|| "witness pk_d_new"),
|
||||
pk_d_new,
|
||||
)?
|
||||
|
@ -586,7 +607,11 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
self.psi_new,
|
||||
)?;
|
||||
|
||||
let rcm_new = self.rcm_new.as_ref().map(|rcm_new| rcm_new.inner());
|
||||
let rcm_new = ScalarFixed::new(
|
||||
ecc_chip,
|
||||
layouter.namespace(|| "rcm_old"),
|
||||
self.rcm_new.as_ref().map(|rcm_new| rcm_new.inner()),
|
||||
)?;
|
||||
|
||||
// g★_d || pk★_d || i2lebsp_{64}(v) || i2lebsp_{255}(rho) || i2lebsp_{255}(psi)
|
||||
let cm_new = gadget::note_commit(
|
||||
|
@ -616,9 +641,18 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
|mut region| {
|
||||
v_old.copy_advice(|| "v_old", &mut region, config.advices[0], 0)?;
|
||||
v_new.copy_advice(|| "v_new", &mut region, config.advices[1], 0)?;
|
||||
let (magnitude, sign) = v_net.clone();
|
||||
magnitude.copy_advice(|| "v_net magnitude", &mut region, config.advices[2], 0)?;
|
||||
sign.copy_advice(|| "v_net sign", &mut region, config.advices[3], 0)?;
|
||||
v_net_magnitude_sign.0.copy_advice(
|
||||
|| "v_net magnitude",
|
||||
&mut region,
|
||||
config.advices[2],
|
||||
0,
|
||||
)?;
|
||||
v_net_magnitude_sign.1.copy_advice(
|
||||
|| "v_net sign",
|
||||
&mut region,
|
||||
config.advices[3],
|
||||
0,
|
||||
)?;
|
||||
|
||||
root.copy_advice(|| "calculated root", &mut region, config.advices[4], 0)?;
|
||||
region.assign_advice_from_instance(
|
||||
|
|
|
@ -9,7 +9,7 @@ use pasta_curves::{arithmetic::FieldExt, pallas};
|
|||
|
||||
use crate::constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains, T_P};
|
||||
use halo2_gadgets::{
|
||||
ecc::{chip::EccChip, X},
|
||||
ecc::{chip::EccChip, ScalarFixed, X},
|
||||
sinsemilla::{chip::SinsemillaChip, CommitDomain, Message, MessagePiece},
|
||||
utilities::{bool_check, RangeConstrained},
|
||||
};
|
||||
|
@ -243,7 +243,7 @@ pub(in crate::circuit) mod gadgets {
|
|||
mut layouter: impl Layouter<pallas::Base>,
|
||||
ak: AssignedCell<pallas::Base, pallas::Base>,
|
||||
nk: AssignedCell<pallas::Base, pallas::Base>,
|
||||
rivk: Option<pallas::Scalar>,
|
||||
rivk: ScalarFixed<pallas::Affine, EccChip<OrchardFixedBases>>,
|
||||
) -> Result<X<pallas::Affine, EccChip<OrchardFixedBases>>, Error> {
|
||||
let lookup_config = sinsemilla_chip.config().lookup_config();
|
||||
|
||||
|
@ -654,9 +654,14 @@ mod tests {
|
|||
};
|
||||
use group::ff::{Field, PrimeFieldBits};
|
||||
use halo2_gadgets::{
|
||||
ecc::chip::{EccChip, EccConfig},
|
||||
primitives::sinsemilla::CommitDomain,
|
||||
sinsemilla::chip::{SinsemillaChip, SinsemillaConfig},
|
||||
ecc::{
|
||||
chip::{EccChip, EccConfig},
|
||||
ScalarFixed,
|
||||
},
|
||||
sinsemilla::{
|
||||
chip::{SinsemillaChip, SinsemillaConfig},
|
||||
primitives::CommitDomain,
|
||||
},
|
||||
utilities::{lookup_range_check::LookupRangeCheckConfig, UtilitiesInstructions},
|
||||
};
|
||||
use halo2_proofs::{
|
||||
|
@ -789,6 +794,8 @@ mod tests {
|
|||
|
||||
// Use a random scalar for rivk
|
||||
let rivk = pallas::Scalar::random(OsRng);
|
||||
let rivk_gadget =
|
||||
ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "rivk"), Some(rivk))?;
|
||||
|
||||
let ivk = gadgets::commit_ivk(
|
||||
sinsemilla_chip,
|
||||
|
@ -797,7 +804,7 @@ mod tests {
|
|||
layouter.namespace(|| "CommitIvk"),
|
||||
ak,
|
||||
nk,
|
||||
Some(rivk),
|
||||
rivk_gadget,
|
||||
)?;
|
||||
|
||||
let expected_ivk = {
|
||||
|
|
|
@ -10,10 +10,13 @@ use crate::constants::{
|
|||
};
|
||||
use halo2_gadgets::{
|
||||
ecc::{
|
||||
chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point, X,
|
||||
chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point,
|
||||
ScalarFixed, ScalarFixedShort, X,
|
||||
},
|
||||
poseidon::{
|
||||
primitives::{self as poseidon, ConstantLength},
|
||||
Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip,
|
||||
},
|
||||
poseidon::{Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip},
|
||||
primitives::poseidon::{self, ConstantLength},
|
||||
sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
|
||||
};
|
||||
use halo2_proofs::{
|
||||
|
@ -123,11 +126,8 @@ pub(in crate::circuit) fn value_commit_orchard<
|
|||
>(
|
||||
mut layouter: impl Layouter<pallas::Base>,
|
||||
ecc_chip: EccChip,
|
||||
v: (
|
||||
AssignedCell<pallas::Base, pallas::Base>,
|
||||
AssignedCell<pallas::Base, pallas::Base>,
|
||||
),
|
||||
rcv: Option<pallas::Scalar>,
|
||||
v: ScalarFixedShort<pallas::Affine, EccChip>,
|
||||
rcv: ScalarFixed<pallas::Affine, EccChip>,
|
||||
) -> Result<Point<pallas::Affine, EccChip>, plonk::Error> {
|
||||
// commitment = [v] ValueCommitV
|
||||
let (commitment, _) = {
|
||||
|
|
|
@ -14,7 +14,7 @@ use crate::{
|
|||
use halo2_gadgets::{
|
||||
ecc::{
|
||||
chip::{EccChip, NonIdentityEccPoint},
|
||||
Point,
|
||||
Point, ScalarFixed,
|
||||
},
|
||||
sinsemilla::{
|
||||
chip::{SinsemillaChip, SinsemillaConfig},
|
||||
|
@ -1581,7 +1581,7 @@ pub(in crate::circuit) mod gadgets {
|
|||
value: AssignedCell<NoteValue, pallas::Base>,
|
||||
rho: AssignedCell<pallas::Base, pallas::Base>,
|
||||
psi: AssignedCell<pallas::Base, pallas::Base>,
|
||||
rcm: Option<pallas::Scalar>,
|
||||
rcm: ScalarFixed<pallas::Affine, EccChip<OrchardFixedBases>>,
|
||||
) -> Result<Point<pallas::Affine, EccChip<OrchardFixedBases>>, Error> {
|
||||
let lookup_config = chip.config().lookup_config();
|
||||
|
||||
|
@ -2020,10 +2020,10 @@ mod tests {
|
|||
use halo2_gadgets::{
|
||||
ecc::{
|
||||
chip::{EccChip, EccConfig},
|
||||
NonIdentityPoint,
|
||||
NonIdentityPoint, ScalarFixed,
|
||||
},
|
||||
primitives::sinsemilla::CommitDomain,
|
||||
sinsemilla::chip::SinsemillaChip,
|
||||
sinsemilla::primitives::CommitDomain,
|
||||
utilities::lookup_range_check::LookupRangeCheckConfig,
|
||||
};
|
||||
|
||||
|
@ -2215,6 +2215,8 @@ mod tests {
|
|||
)?;
|
||||
|
||||
let rcm = pallas::Scalar::random(OsRng);
|
||||
let rcm_gadget =
|
||||
ScalarFixed::new(ecc_chip.clone(), layouter.namespace(|| "rcm"), Some(rcm))?;
|
||||
|
||||
let cm = gadgets::note_commit(
|
||||
layouter.namespace(|| "Hash NoteCommit pieces"),
|
||||
|
@ -2226,7 +2228,7 @@ mod tests {
|
|||
value_var,
|
||||
rho,
|
||||
psi,
|
||||
Some(rcm),
|
||||
rcm_gadget,
|
||||
)?;
|
||||
let expected_cm = {
|
||||
let domain = CommitDomain::new(NOTE_COMMITMENT_PERSONALIZATION);
|
||||
|
|
|
@ -2933,7 +2933,7 @@ mod tests {
|
|||
use group::Curve;
|
||||
use halo2_gadgets::{
|
||||
ecc::chip::constants::{test_lagrange_coeffs, test_zs_and_us},
|
||||
primitives::sinsemilla::CommitDomain,
|
||||
sinsemilla::primitives::CommitDomain,
|
||||
};
|
||||
use pasta_curves::{arithmetic::CurveAffine, pallas};
|
||||
|
||||
|
|
|
@ -2932,7 +2932,7 @@ mod tests {
|
|||
use super::*;
|
||||
use halo2_gadgets::{
|
||||
ecc::chip::constants::{test_lagrange_coeffs, test_zs_and_us},
|
||||
primitives::sinsemilla::CommitDomain,
|
||||
sinsemilla::primitives::CommitDomain,
|
||||
};
|
||||
|
||||
use group::Curve;
|
||||
|
|
|
@ -135,7 +135,7 @@ mod tests {
|
|||
sinsemilla::MERKLE_CRH_PERSONALIZATION,
|
||||
};
|
||||
use group::{ff::PrimeField, Curve};
|
||||
use halo2_gadgets::primitives::sinsemilla::{CommitDomain, HashDomain};
|
||||
use halo2_gadgets::sinsemilla::primitives::{CommitDomain, HashDomain};
|
||||
use halo2_proofs::arithmetic::CurveAffine;
|
||||
use halo2_proofs::pasta::pallas;
|
||||
use rand::{self, rngs::OsRng, Rng};
|
||||
|
|
|
@ -2,6 +2,7 @@ use core::iter;
|
|||
|
||||
use bitvec::{array::BitArray, order::Lsb0};
|
||||
use group::ff::{PrimeField, PrimeFieldBits};
|
||||
use halo2_gadgets::sinsemilla::primitives as sinsemilla;
|
||||
use pasta_curves::pallas;
|
||||
use subtle::{ConstantTimeEq, CtOption};
|
||||
|
||||
|
@ -10,7 +11,6 @@ use crate::{
|
|||
spec::extract_p,
|
||||
value::NoteValue,
|
||||
};
|
||||
use halo2_gadgets::primitives::sinsemilla;
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
pub(crate) struct NoteCommitTrapdoor(pub(super) pallas::Scalar);
|
||||
|
|
|
@ -6,7 +6,7 @@ use core::ops::Deref;
|
|||
use ff::{Field, PrimeField, PrimeFieldBits};
|
||||
use group::GroupEncoding;
|
||||
use group::{Curve, Group};
|
||||
use halo2_gadgets::primitives::{poseidon, sinsemilla};
|
||||
use halo2_gadgets::{poseidon::primitives as poseidon, sinsemilla::primitives as sinsemilla};
|
||||
use halo2_proofs::arithmetic::{CurveAffine, CurveExt, FieldExt};
|
||||
use pasta_curves::pallas;
|
||||
use subtle::{ConditionallySelectable, CtOption};
|
||||
|
|
|
@ -9,7 +9,8 @@ use crate::{
|
|||
},
|
||||
note::commitment::ExtractedNoteCommitment,
|
||||
};
|
||||
use halo2_gadgets::primitives::sinsemilla::HashDomain;
|
||||
|
||||
use halo2_gadgets::sinsemilla::primitives::HashDomain;
|
||||
use incrementalmerkletree::{Altitude, Hashable};
|
||||
use pasta_curves::pallas;
|
||||
|
||||
|
|
Loading…
Reference in New Issue