mirror of https://github.com/zcash/orchard.git
Extract a `ValueCommit^Orchard` gadget from the circuit
This commit is contained in:
parent
dafb357dc0
commit
3b922f8f48
|
@ -24,7 +24,7 @@ use self::{
|
|||
use crate::{
|
||||
constants::{
|
||||
OrchardCommitDomains, OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains,
|
||||
ValueCommitV, MERKLE_DEPTH_ORCHARD,
|
||||
MERKLE_DEPTH_ORCHARD,
|
||||
},
|
||||
keys::{
|
||||
CommitIvkRandomness, DiversifiedTransmissionKey, NullifierDerivingKey, SpendValidatingKey,
|
||||
|
@ -42,7 +42,7 @@ use crate::{
|
|||
use halo2_gadgets::{
|
||||
ecc::{
|
||||
chip::{EccChip, EccConfig},
|
||||
FixedPoint, FixedPointShort, NonIdentityPoint, Point,
|
||||
FixedPoint, NonIdentityPoint, Point,
|
||||
},
|
||||
poseidon::{Pow5Chip as PoseidonChip, Pow5Config as PoseidonConfig},
|
||||
primitives::poseidon,
|
||||
|
@ -436,25 +436,12 @@ impl plonk::Circuit<pallas::Base> for Circuit {
|
|||
(magnitude, sign)
|
||||
};
|
||||
|
||||
// commitment = [v_net] ValueCommitV
|
||||
let (commitment, _) = {
|
||||
let value_commit_v = ValueCommitV;
|
||||
let value_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), value_commit_v);
|
||||
value_commit_v.mul(layouter.namespace(|| "[v_net] ValueCommitV"), v_net.clone())?
|
||||
};
|
||||
|
||||
// blind = [rcv] ValueCommitR
|
||||
let (blind, _rcv) = {
|
||||
let rcv = self.rcv.as_ref().map(|rcv| rcv.inner());
|
||||
let value_commit_r = OrchardFixedBasesFull::ValueCommitR;
|
||||
let value_commit_r = FixedPoint::from_inner(ecc_chip.clone(), value_commit_r);
|
||||
|
||||
// [rcv] ValueCommitR
|
||||
value_commit_r.mul(layouter.namespace(|| "[rcv] ValueCommitR"), rcv)?
|
||||
};
|
||||
|
||||
// [v_net] ValueCommitV + [rcv] ValueCommitR
|
||||
let cv_net = commitment.add(layouter.namespace(|| "cv_net"), &blind)?;
|
||||
let cv_net = gadget::value_commit_orchard(
|
||||
layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"),
|
||||
ecc_chip.clone(),
|
||||
v_net.clone(),
|
||||
self.rcv.as_ref().map(|rcv| rcv.inner()),
|
||||
)?;
|
||||
|
||||
// Constrain cv_net to equal public input
|
||||
layouter.constrain_instance(cv_net.inner().x().cell(), config.primary, CV_NET_X)?;
|
||||
|
|
|
@ -2,9 +2,14 @@
|
|||
|
||||
use pasta_curves::pallas;
|
||||
|
||||
use crate::constants::{NullifierK, OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains};
|
||||
use crate::constants::{
|
||||
NullifierK, OrchardCommitDomains, OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains,
|
||||
ValueCommitV,
|
||||
};
|
||||
use halo2_gadgets::{
|
||||
ecc::{chip::EccChip, EccInstructions, FixedPointBaseField, Point, X},
|
||||
ecc::{
|
||||
chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point, X,
|
||||
},
|
||||
poseidon::{Hash as PoseidonHash, PoseidonSpongeInstructions, Pow5Chip as PoseidonChip},
|
||||
primitives::poseidon::{self, ConstantLength},
|
||||
sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
|
||||
|
@ -66,6 +71,44 @@ pub(in crate::circuit) trait AddInstruction<F: FieldExt>: Chip<F> {
|
|||
) -> Result<AssignedCell<F, F>, plonk::Error>;
|
||||
}
|
||||
|
||||
/// `ValueCommit^Orchard` from [Section 5.4.8.3 Homomorphic Pedersen commitments (Sapling and Orchard)].
|
||||
///
|
||||
/// [Section 5.4.8.3 Homomorphic Pedersen commitments (Sapling and Orchard)]: https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit
|
||||
pub(in crate::circuit) fn value_commit_orchard<
|
||||
EccChip: EccInstructions<
|
||||
pallas::Affine,
|
||||
FixedPoints = OrchardFixedBases,
|
||||
Var = AssignedCell<pallas::Base, pallas::Base>,
|
||||
>,
|
||||
>(
|
||||
mut layouter: impl Layouter<pallas::Base>,
|
||||
ecc_chip: EccChip,
|
||||
v: (
|
||||
AssignedCell<pallas::Base, pallas::Base>,
|
||||
AssignedCell<pallas::Base, pallas::Base>,
|
||||
),
|
||||
rcv: Option<pallas::Scalar>,
|
||||
) -> Result<Point<pallas::Affine, EccChip>, plonk::Error> {
|
||||
// commitment = [v] ValueCommitV
|
||||
let (commitment, _) = {
|
||||
let value_commit_v = ValueCommitV;
|
||||
let value_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), value_commit_v);
|
||||
value_commit_v.mul(layouter.namespace(|| "[v] ValueCommitV"), v)?
|
||||
};
|
||||
|
||||
// blind = [rcv] ValueCommitR
|
||||
let (blind, _rcv) = {
|
||||
let value_commit_r = OrchardFixedBasesFull::ValueCommitR;
|
||||
let value_commit_r = FixedPoint::from_inner(ecc_chip, value_commit_r);
|
||||
|
||||
// [rcv] ValueCommitR
|
||||
value_commit_r.mul(layouter.namespace(|| "[rcv] ValueCommitR"), rcv)?
|
||||
};
|
||||
|
||||
// [v] ValueCommitV + [rcv] ValueCommitR
|
||||
commitment.add(layouter.namespace(|| "cv"), &blind)
|
||||
}
|
||||
|
||||
/// `DeriveNullifier` from [Section 4.16: Note Commitments and Nullifiers].
|
||||
///
|
||||
/// [Section 4.16: Note Commitments and Nullifiers]: https://zips.z.cash/protocol/protocol.pdf#commitmentsandnullifiers
|
||||
|
|
Loading…
Reference in New Issue