mirror of https://github.com/zcash/orchard.git
Extract a `ValueCommit^Orchard` gadget from the circuit
This commit is contained in:
parent
dafb357dc0
commit
3b922f8f48
|
@ -24,7 +24,7 @@ use self::{
|
||||||
use crate::{
|
use crate::{
|
||||||
constants::{
|
constants::{
|
||||||
OrchardCommitDomains, OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains,
|
OrchardCommitDomains, OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains,
|
||||||
ValueCommitV, MERKLE_DEPTH_ORCHARD,
|
MERKLE_DEPTH_ORCHARD,
|
||||||
},
|
},
|
||||||
keys::{
|
keys::{
|
||||||
CommitIvkRandomness, DiversifiedTransmissionKey, NullifierDerivingKey, SpendValidatingKey,
|
CommitIvkRandomness, DiversifiedTransmissionKey, NullifierDerivingKey, SpendValidatingKey,
|
||||||
|
@ -42,7 +42,7 @@ use crate::{
|
||||||
use halo2_gadgets::{
|
use halo2_gadgets::{
|
||||||
ecc::{
|
ecc::{
|
||||||
chip::{EccChip, EccConfig},
|
chip::{EccChip, EccConfig},
|
||||||
FixedPoint, FixedPointShort, NonIdentityPoint, Point,
|
FixedPoint, NonIdentityPoint, Point,
|
||||||
},
|
},
|
||||||
poseidon::{Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
|
poseidon::{Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
|
||||||
primitives::poseidon,
|
primitives::poseidon,
|
||||||
|
@ -436,25 +436,12 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
||||||
(magnitude, sign)
|
(magnitude, sign)
|
||||||
};
|
};
|
||||||
|
|
||||||
// commitment = [v_net] ValueCommitV
|
let cv_net = gadget::value_commit_orchard(
|
||||||
let (commitment, _) = {
|
layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"),
|
||||||
let value_commit_v = ValueCommitV;
|
ecc_chip.clone(),
|
||||||
let value_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), value_commit_v);
|
v_net.clone(),
|
||||||
value_commit_v.mul(layouter.namespace(|| "[v_net] ValueCommitV"), v_net.clone())?
|
self.rcv.as_ref().map(|rcv| rcv.inner()),
|
||||||
};
|
)?;
|
||||||
|
|
||||||
// blind = [rcv] ValueCommitR
|
|
||||||
let (blind, _rcv) = {
|
|
||||||
let rcv = self.rcv.as_ref().map(|rcv| rcv.inner());
|
|
||||||
let value_commit_r = OrchardFixedBasesFull::ValueCommitR;
|
|
||||||
let value_commit_r = FixedPoint::from_inner(ecc_chip.clone(), value_commit_r);
|
|
||||||
|
|
||||||
// [rcv] ValueCommitR
|
|
||||||
value_commit_r.mul(layouter.namespace(|| "[rcv] ValueCommitR"), rcv)?
|
|
||||||
};
|
|
||||||
|
|
||||||
// [v_net] ValueCommitV + [rcv] ValueCommitR
|
|
||||||
let cv_net = commitment.add(layouter.namespace(|| "cv_net"), &blind)?;
|
|
||||||
|
|
||||||
// Constrain cv_net to equal public input
|
// Constrain cv_net to equal public input
|
||||||
layouter.constrain_instance(cv_net.inner().x().cell(), config.primary, CV_NET_X)?;
|
layouter.constrain_instance(cv_net.inner().x().cell(), config.primary, CV_NET_X)?;
|
||||||
|
|
|
@ -2,9 +2,14 @@
|
||||||
|
|
||||||
use pasta_curves::pallas;
|
use pasta_curves::pallas;
|
||||||
|
|
||||||
use crate::constants::{NullifierK, OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains};
|
use crate::constants::{
|
||||||
|
NullifierK, OrchardCommitDomains, OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains,
|
||||||
|
ValueCommitV,
|
||||||
|
};
|
||||||
use halo2_gadgets::{
|
use halo2_gadgets::{
|
||||||
ecc::{chip::EccChip, EccInstructions, FixedPointBaseField, Point, X},
|
ecc::{
|
||||||
|
chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point, X,
|
||||||
|
},
|
||||||
poseidon::{Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip},
|
poseidon::{Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip},
|
||||||
primitives::poseidon::{self, ConstantLength},
|
primitives::poseidon::{self, ConstantLength},
|
||||||
sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
|
sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
|
||||||
|
@ -66,6 +71,44 @@ pub(in crate::circuit) trait AddInstruction<F: FieldExt>: Chip<F> {
|
||||||
) -> Result<AssignedCell<F, F>, plonk::Error>;
|
) -> Result<AssignedCell<F, F>, plonk::Error>;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// `ValueCommit^Orchard` from [Section 5.4.8.3 Homomorphic Pedersen commitments (Sapling and Orchard)].
|
||||||
|
///
|
||||||
|
/// [Section 5.4.8.3 Homomorphic Pedersen commitments (Sapling and Orchard)]: https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit
|
||||||
|
pub(in crate::circuit) fn value_commit_orchard<
|
||||||
|
EccChip: EccInstructions<
|
||||||
|
pallas::Affine,
|
||||||
|
FixedPoints = OrchardFixedBases,
|
||||||
|
Var = AssignedCell<pallas::Base, pallas::Base>,
|
||||||
|
>,
|
||||||
|
>(
|
||||||
|
mut layouter: impl Layouter<pallas::Base>,
|
||||||
|
ecc_chip: EccChip,
|
||||||
|
v: (
|
||||||
|
AssignedCell<pallas::Base, pallas::Base>,
|
||||||
|
AssignedCell<pallas::Base, pallas::Base>,
|
||||||
|
),
|
||||||
|
rcv: Option<pallas::Scalar>,
|
||||||
|
) -> Result<Point<pallas::Affine, EccChip>, plonk::Error> {
|
||||||
|
// commitment = [v] ValueCommitV
|
||||||
|
let (commitment, _) = {
|
||||||
|
let value_commit_v = ValueCommitV;
|
||||||
|
let value_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), value_commit_v);
|
||||||
|
value_commit_v.mul(layouter.namespace(|| "[v] ValueCommitV"), v)?
|
||||||
|
};
|
||||||
|
|
||||||
|
// blind = [rcv] ValueCommitR
|
||||||
|
let (blind, _rcv) = {
|
||||||
|
let value_commit_r = OrchardFixedBasesFull::ValueCommitR;
|
||||||
|
let value_commit_r = FixedPoint::from_inner(ecc_chip, value_commit_r);
|
||||||
|
|
||||||
|
// [rcv] ValueCommitR
|
||||||
|
value_commit_r.mul(layouter.namespace(|| "[rcv] ValueCommitR"), rcv)?
|
||||||
|
};
|
||||||
|
|
||||||
|
// [v] ValueCommitV + [rcv] ValueCommitR
|
||||||
|
commitment.add(layouter.namespace(|| "cv"), &blind)
|
||||||
|
}
|
||||||
|
|
||||||
/// `DeriveNullifier` from [Section 4.16: Note Commitments and Nullifiers].
|
/// `DeriveNullifier` from [Section 4.16: Note Commitments and Nullifiers].
|
||||||
///
|
///
|
||||||
/// [Section 4.16: Note Commitments and Nullifiers]: https://zips.z.cash/protocol/protocol.pdf#commitmentsandnullifiers
|
/// [Section 4.16: Note Commitments and Nullifiers]: https://zips.z.cash/protocol/protocol.pdf#commitmentsandnullifiers
|
||||||
|
|
Loading…
Reference in New Issue