zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replace `FieldExt::from_u64` with `PrimeField: From<u64>`

This commit is contained in:
Jack Grigg 2021-12-07 17:47:03 +00:00
parent e4f338e758
commit 6f0cab5ffd
28 changed files with 138 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/circuit.rs
View File

@ -8,10 +8,7 @@ use halo2::{
transcript::{Blake2bRead, Blake2bWrite},
};
use memuse::DynamicUsage;
use pasta_curves::{
arithmetic::{CurveAffine, FieldExt},
pallas, vesta,
};
use pasta_curves::{arithmetic::CurveAffine, pallas, vesta};
use crate::{
constants::{
@ -377,16 +374,14 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let v_old = self.load_private(
layouter.namespace(|| "witness v_old"),
config.advices[0],
self.v_old
.map(|v_old| pallas::Base::from_u64(v_old.inner())),
self.v_old.map(|v_old| pallas::Base::from(v_old.inner())),
)?;
// Witness v_new.
let v_new = self.load_private(
layouter.namespace(|| "witness v_new"),
config.advices[0],
self.v_new
.map(|v_new| pallas::Base::from_u64(v_new.inner())),
self.v_new.map(|v_new| pallas::Base::from(v_new.inner())),
)?;
(psi_old, rho_old, cm_old, g_d_old, ak, nk, v_old, v_new)
@ -415,12 +410,8 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let v_net = {
// v_old, v_new are guaranteed to be 64-bit values. Therefore, we can
// move them into the base field.
let v_old = self
.v_old
.map(|v_old| pallas::Base::from_u64(v_old.inner()));
let v_new = self
.v_new
.map(|v_new| pallas::Base::from_u64(v_new.inner()));
let v_old = self.v_old.map(|v_old| pallas::Base::from(v_old.inner()));
let v_new = self.v_new.map(|v_new| pallas::Base::from(v_new.inner()));
let magnitude_sign = v_old.zip(v_new).map(|(v_old, v_new)| {
let is_negative = v_old < v_new;
@ -814,8 +805,8 @@ impl Instance {
instance[RK_X] = *rk.x();
instance[RK_Y] = *rk.y();
instance[CMX] = self.cmx.inner();
instance[ENABLE_SPEND] = vesta::Scalar::from_u64(self.enable_spend.into());
instance[ENABLE_OUTPUT] = vesta::Scalar::from_u64(self.enable_output.into());
instance[ENABLE_SPEND] = vesta::Scalar::from(u64::from(self.enable_spend));
instance[ENABLE_OUTPUT] = vesta::Scalar::from(u64::from(self.enable_output));
[instance]
}

6
src/circuit/gadget/ecc/chip/add.rs
View File

@ -121,8 +121,8 @@ impl Config {
// Useful constants
let one = Expression::Constant(pallas::Base::one());
let two = Expression::Constant(pallas::Base::from_u64(2));
let three = Expression::Constant(pallas::Base::from_u64(3));
let two = Expression::Constant(pallas::Base::from(2));
let three = Expression::Constant(pallas::Base::from(3));
// (x_q x_p)⋅((x_q x_p)⋅λ (y_qy_p)) = 0
let poly1 = {
@ -302,7 +302,7 @@ impl Config {
} else {
if !y_p.is_zero_vartime() {
// 3(x_p)^2
let three_x_p_sq = pallas::Base::from_u64(3) * x_p.square();
let three_x_p_sq = pallas::Base::from(3) * x_p.square();
// 1 / 2(y_p)
let inv_two_y_p = y_p.invert().unwrap() * pallas::Base::TWO_INV;
// λ = 3(x_p)^2 / 2(y_p)

6
src/circuit/gadget/ecc/chip/mul.rs
View File

@ -143,7 +143,7 @@ impl Config {
// z_0 = 2 * z_1 + k_0
// => k_0 = z_0 - 2 * z_1
let lsb = z_0 - z_1 * pallas::Base::from_u64(2);
let lsb = z_0 - z_1 * pallas::Base::from(2);
let bool_check = bool_check(lsb.clone());
@ -326,8 +326,8 @@ impl Config {
// Assign z_0 = 2⋅z_1 + k_0
let z_0 = {
let z_0_val = z_1.value().zip(lsb).map(|(z_1, lsb)| {
let lsb = pallas::Base::from_u64(lsb as u64);
z_1 * pallas::Base::from_u64(2) + lsb
let lsb = pallas::Base::from(lsb as u64);
z_1 * pallas::Base::from(2) + lsb
});
let z_0_cell = region.assign_advice(
|| "z_0",

6
src/circuit/gadget/ecc/chip/mul/complete.rs
View File

@ -8,7 +8,7 @@ use halo2::{
poly::Rotation,
};
use pasta_curves::{arithmetic::FieldExt, pallas};
use pasta_curves::pallas;
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
pub struct Config {
@ -59,7 +59,7 @@ impl Config {
let z_next = meta.query_advice(self.z_complete, Rotation::next());
// k_{i} = z_{i} - 2⋅z_{i+1}
let k = z_next - Expression::Constant(pallas::Base::from_u64(2)) * z_prev;
let k = z_next - Expression::Constant(pallas::Base::from(2)) * z_prev;
// (k_i) ⋅ (1 - k_i) = 0
let bool_check = bool_check(k.clone());
@ -137,7 +137,7 @@ impl Config {
z = {
// z_next = z_cur * 2 + k_next
let z_val = z.value().zip(k.as_ref()).map(|(z_val, k)| {
pallas::Base::from_u64(2) * z_val + pallas::Base::from_u64(*k as u64)
pallas::Base::from(2) * z_val + pallas::Base::from(*k as u64)
});
let z_cell = region.assign_advice(
|| "z",

13
src/circuit/gadget/ecc/chip/mul/incomplete.rs
View File

@ -103,13 +103,13 @@ impl<const NUM_BITS: usize> Config<NUM_BITS> {
// The current bit in the scalar decomposition, k_i = z_i - 2⋅z_{i+1}.
// Recall that we assigned the cumulative variable `z_i` in descending order,
// i from n down to 0. So z_{i+1} corresponds to the `z_prev` query.
let k = z_cur - z_prev * pallas::Base::from_u64(2);
let k = z_cur - z_prev * pallas::Base::from(2);
// Check booleanity of decomposition.
let bool_check = bool_check(k.clone());
// λ_{1,i}⋅(x_{A,i} x_{P,i}) y_{A,i} + (2k_i - 1) y_{P,i} = 0
let gradient_1 = lambda1_cur * (x_a_cur.clone() - x_p_cur) - y_a_cur.clone()
+ (k * pallas::Base::from_u64(2) - one) * y_p_cur;
+ (k * pallas::Base::from(2) - one) * y_p_cur;
// λ_{2,i}^2 x_{A,i-1} x_{R,i} x_{A,i} = 0
let secant_line = lambda2_cur.clone().square()
@ -245,9 +245,10 @@ impl<const NUM_BITS: usize> Config<NUM_BITS> {
// Incomplete addition
for (row, k) in bits.iter().enumerate() {
// z_{i} = 2 * z_{i+1} + k_i
let z_val = z.value().zip(k.as_ref()).map(|(z_val, k)| {
pallas::Base::from_u64(2) * z_val + pallas::Base::from_u64(*k as u64)
});
let z_val = z
.value()
.zip(k.as_ref())
.map(|(z_val, k)| pallas::Base::from(2) * z_val + pallas::Base::from(*k as u64));
z = region.assign_advice(
|| "z",
self.z,
@ -301,7 +302,7 @@ impl<const NUM_BITS: usize> Config<NUM_BITS> {
.zip(x_a.value())
.zip(x_r)
.map(|(((lambda1, y_a), x_a), x_r)| {
pallas::Base::from_u64(2) * y_a * (x_a - x_r).invert().unwrap() - lambda1
pallas::Base::from(2) * y_a * (x_a - x_r).invert().unwrap() - lambda1
});
region.assign_advice(
|| "lambda2",

8
src/circuit/gadget/ecc/chip/mul_fixed.rs
View File

@ -25,10 +25,10 @@ pub mod full_width;
pub mod short;
lazy_static! {
static ref TWO_SCALAR: pallas::Scalar = pallas::Scalar::from_u64(2);
static ref TWO_SCALAR: pallas::Scalar = pallas::Scalar::from(2);
// H = 2^3 (3-bit window)
static ref H_SCALAR: pallas::Scalar = pallas::Scalar::from_u64(constants::H as u64);
static ref H_BASE: pallas::Base = pallas::Base::from_u64(constants::H as u64);
static ref H_SCALAR: pallas::Scalar = pallas::Scalar::from(constants::H as u64);
static ref H_BASE: pallas::Base = pallas::Base::from(constants::H as u64);
}
// A sum type for both full-width and short bases. This enables us to use the
@ -182,7 +182,7 @@ impl Config {
// z_{i+1} = (z_i - a_i) / 2^3
// => a_i = z_i - z_{i+1} * 2^3
let word = z_cur - z_next * pallas::Base::from_u64(constants::H as u64);
let word = z_cur - z_next * pallas::Base::from(constants::H as u64);
self.coords_check(meta, q_mul_fixed_running_sum, word)
});

6
src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs
View File

@ -89,7 +89,7 @@ impl Config {
let alpha_2_range_check = range_check(alpha_2.clone(), 1 << 1);
// Check that α_1 + 2^2 α_2 = z_84_alpha
let z_84_alpha_check = z_84_alpha.clone()
- (alpha_1.clone() + alpha_2.clone() * pallas::Base::from_u64(1 << 2));
- (alpha_1.clone() + alpha_2.clone() * pallas::Base::from(1 << 2));
std::iter::empty()
.chain(Some(("alpha_1_range_check", alpha_1_range_check)))
@ -455,11 +455,11 @@ pub mod tests {
// (There is another *non-canonical* sequence
// 5333333333333333333333333333333333333333332711161673731021062440252244051273333333333 in octal.)
{
let h = pallas::Base::from_u64(constants::H as u64);
let h = pallas::Base::from(constants::H as u64);
let scalar_fixed = "1333333333333333333333333333333333333333333333333333333333333333333333333333333333334"
.chars()
.fold(pallas::Base::zero(), |acc, c| {
acc * &h + &pallas::Base::from_u64(c.to_digit(8).unwrap().into())
acc * &h + &pallas::Base::from(c.to_digit(8).unwrap() as u64)
});
let result = {
let scalar_fixed = chip.load_private(

8
src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs
View File

@ -10,7 +10,7 @@ use halo2::{
plonk::{ConstraintSystem, Error, Selector},
poly::Rotation,
};
use pasta_curves::{arithmetic::FieldExt, pallas};
use pasta_curves::pallas;
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub struct Config {
@ -99,7 +99,7 @@ impl Config {
assert_eq!(windows.len(), NUM_WINDOWS);
windows
.into_iter()
.map(|window| Some(pallas::Base::from_u64(window as u64)))
.map(|window| Some(pallas::Base::from(window as u64)))
.collect()
} else {
vec![None; NUM_WINDOWS]
@ -272,11 +272,11 @@ pub mod tests {
// (There is another *non-canonical* sequence
// 5333333333333333333333333333333333333333332711161673731021062440252244051273333333333 in octal.)
{
let h = pallas::Scalar::from_u64(constants::H as u64);
let h = pallas::Scalar::from(constants::H as u64);
let scalar_fixed = "1333333333333333333333333333333333333333333333333333333333333333333333333333333333334"
.chars()
.fold(pallas::Scalar::zero(), |acc, c| {
acc * &h + &pallas::Scalar::from_u64(c.to_digit(8).unwrap().into())
acc * &h + &pallas::Scalar::from(c.to_digit(8).unwrap() as u64)
});
let (result, _) =
base.mul(layouter.namespace(|| "mul with double"), Some(scalar_fixed))?;

31
src/circuit/gadget/ecc/chip/mul_fixed/short.rs
View File

@ -191,8 +191,7 @@ impl Config {
use pasta_curves::arithmetic::FieldExt;
if let (Some(magnitude), Some(sign)) = (scalar.magnitude.value(), scalar.sign.value()) {
let magnitude_is_valid =
magnitude <= &pallas::Base::from_u64(0xFFFF_FFFF_FFFF_FFFFu64);
let magnitude_is_valid = magnitude <= &pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64);
let sign_is_valid = sign * sign == pallas::Base::one();
if magnitude_is_valid && sign_is_valid {
let base: super::OrchardFixedBases = base.clone().into();
@ -287,25 +286,21 @@ pub mod tests {
}
let magnitude_signs = [
(
"random [a]B",
pallas::Base::from_u64(rand::random::<u64>()),
{
let mut random_sign = pallas::Base::one();
if rand::random::<bool>() {
random_sign = -random_sign;
}
random_sign
},
),
("random [a]B", pallas::Base::from(rand::random::<u64>()), {
let mut random_sign = pallas::Base::one();
if rand::random::<bool>() {
random_sign = -random_sign;
}
random_sign
}),
(
"[2^64 - 1]B",
pallas::Base::from_u64(0xFFFF_FFFF_FFFF_FFFFu64),
pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64),
pallas::Base::one(),
),
(
"-[2^64 - 1]B",
pallas::Base::from_u64(0xFFFF_FFFF_FFFF_FFFFu64),
pallas::Base::from(0xFFFF_FFFF_FFFF_FFFFu64),
-pallas::Base::one(),
),
// There is a single canonical sequence of window values for which a doubling occurs on the last step:
@ -313,12 +308,12 @@ pub mod tests {
// [0xB6DB_6DB6_DB6D_B6DC] B
(
"mul_with_double",
pallas::Base::from_u64(0xB6DB_6DB6_DB6D_B6DCu64),
pallas::Base::from(0xB6DB_6DB6_DB6D_B6DCu64),
pallas::Base::one(),
),
(
"mul_with_double negative",
pallas::Base::from_u64(0xB6DB_6DB6_DB6D_B6DCu64),
pallas::Base::from(0xB6DB_6DB6_DB6D_B6DCu64),
-pallas::Base::one(),
),
];
@ -561,7 +556,7 @@ pub mod tests {
{
let magnitude_u64 = rand::random::<u64>();
let circuit = MyCircuit {
magnitude: Some(pallas::Base::from_u64(magnitude_u64)),
magnitude: Some(pallas::Base::from(magnitude_u64)),
sign: Some(pallas::Base::zero()),
magnitude_error: None,
};

2
src/circuit/gadget/poseidon/pow5.rs
View File

@ -671,7 +671,7 @@ mod tests {
// For the purpose of this test, compute the real final state inline.
let mut expected_final_state = (0..WIDTH)
.map(|idx| Fp::from_u64(idx as u64))
.map(|idx| Fp::from(idx as u64))
.collect::<Vec<_>>()
.try_into()
.unwrap();

4
src/circuit/gadget/sinsemilla/chip.rs
View File

@ -145,7 +145,7 @@ impl SinsemillaChip {
// Set up lookup argument
GeneratorTableConfig::configure(meta, config.clone());
let two = pallas::Base::from_u64(2);
let two = pallas::Base::from(2);
// Closures for expressions that are derived multiple times
// x_r = lambda_1^2 - x_a - x_p
@ -210,7 +210,7 @@ impl SinsemillaChip {
// - rhs = (2 * Y_A_cur + (2 - q_s3) * Y_A_next + 2 * q_s3 * y_a_final)
let y_check = {
// lhs = 4 * lambda_2_cur * (x_a_cur - x_a_next)
let lhs = lambda_2_cur * pallas::Base::from_u64(4) * (x_a_cur - x_a_next);
let lhs = lambda_2_cur * pallas::Base::from(4) * (x_a_cur - x_a_next);
// rhs = 2 * Y_A_cur + (2 - q_s3) * Y_A_next + 2 * q_s3 * y_a_final
let rhs = {

4
src/circuit/gadget/sinsemilla/chip/generator_table.rs
View File

@ -42,7 +42,7 @@ impl GeneratorTableConfig {
let word = {
let z_cur = meta.query_advice(config.bits, Rotation::cur());
let z_next = meta.query_advice(config.bits, Rotation::next());
z_cur - ((q_s2 - q_s3) * z_next * pallas::Base::from_u64(1 << sinsemilla::K))
z_cur - ((q_s2 - q_s3) * z_next * pallas::Base::from(1 << sinsemilla::K))
};
let x_p = meta.query_advice(config.x_p, Rotation::cur());
@ -84,7 +84,7 @@ impl GeneratorTableConfig {
|| "table_idx",
self.table_idx,
index,
|| Ok(pallas::Base::from_u64(index as u64)),
|| Ok(pallas::Base::from(index as u64)),
)?;
table.assign_cell(|| "table_x", self.table_x, index, || Ok(*x))?;
table.assign_cell(|| "table_y", self.table_y, index, || Ok(*y))?;

6
src/circuit/gadget/sinsemilla/chip/hash_to_point.rs
View File

@ -224,7 +224,7 @@ impl SinsemillaChip {
offset + piece.num_words() - 1,
|| {
Ok(if final_piece {
pallas::Base::from_u64(2)
pallas::Base::from(2)
} else {
pallas::Base::zero()
})
@ -291,7 +291,7 @@ impl SinsemillaChip {
// z_{i + 1} = (z_i - m_{i + 1}) / 2^K
z = z
.zip(*word)
.map(|(z, word)| (z - pallas::Base::from_u64(word as u64)) * inv_2_k);
.map(|(z, word)| (z - pallas::Base::from(word as u64)) * inv_2_k);
let cell = region.assign_advice(
|| format!("z_{:?}", idx + 1),
config.bits,
@ -356,7 +356,7 @@ impl SinsemillaChip {
let lambda_2 = {
let lambda_2 = x_a.value().zip(y_a.0).zip(x_r).zip(lambda_1).map(
|(((x_a, y_a), x_r), lambda_1)| {
pallas::Base::from_u64(2) * y_a * (x_a - x_r).invert().unwrap() - lambda_1
pallas::Base::from(2) * y_a * (x_a - x_r).invert().unwrap() - lambda_1
},
);

16
src/circuit/gadget/sinsemilla/commit_ivk.rs
View File

@ -67,8 +67,8 @@ impl CommitIvkConfig {
let q_commit_ivk = meta.query_selector(config.q_commit_ivk);
// Useful constants
let two_pow_4 = pallas::Base::from_u64(1 << 4);
let two_pow_5 = pallas::Base::from_u64(1 << 5);
let two_pow_4 = pallas::Base::from(1 << 4);
let two_pow_5 = pallas::Base::from(1 << 5);
let two_pow_9 = two_pow_4 * two_pow_5;
let two_pow_250 = pallas::Base::from_u128(1 << 125).square();
let two_pow_254 = two_pow_250 * two_pow_4;
@ -119,7 +119,7 @@ impl CommitIvkConfig {
// Check that nk = b_2 (5 bits) || c (240 bits) || d_0 (9 bits) || d_1 (1 bit)
let nk_decomposition_check = {
let two_pow_245 = pallas::Base::from_u64(1 << 49).pow(&[5, 0, 0, 0]);
let two_pow_245 = pallas::Base::from(1 << 49).pow(&[5, 0, 0, 0]);
b_2.clone()
+ c.clone() * two_pow_5
@ -181,7 +181,7 @@ impl CommitIvkConfig {
// Check that b2_c_prime = b_2 + c * 2^5 + 2^140 - t_P.
// This is checked regardless of the value of d_1.
let b2_c_prime_check = {
let two_pow_5 = pallas::Base::from_u64(1 << 5);
let two_pow_5 = pallas::Base::from(1 << 5);
let two_pow_140 =
Expression::Constant(pallas::Base::from_u128(1 << 70).square());
let t_p = Expression::Constant(pallas::Base::from_u128(T_P));
@ -257,8 +257,8 @@ impl CommitIvkConfig {
let b_2 = nk.value().map(|value| bitrange_subset(value, 0..5));
let b = b_0.zip(b_1).zip(b_2).map(|((b_0, b_1), b_2)| {
let b1_shifted = b_1 * pallas::Base::from_u64(1 << 4);
let b2_shifted = b_2 * pallas::Base::from_u64(1 << 5);
let b1_shifted = b_1 * pallas::Base::from(1 << 4);
let b2_shifted = b_2 * pallas::Base::from(1 << 5);
b_0 + b1_shifted + b2_shifted
});
@ -304,7 +304,7 @@ impl CommitIvkConfig {
let d = d_0
.zip(d_1)
.map(|(d_0, d_1)| d_0 + d_1 * pallas::Base::from_u64(1 << 9));
.map(|(d_0, d_1)| d_0 + d_1 * pallas::Base::from(1 << 9));
// Constrain d_0 to be 9 bits.
let d_0 = self.sinsemilla_config.lookup_config.witness_short_check(
@ -444,7 +444,7 @@ impl CommitIvkConfig {
// Decompose the low 140 bits of b2_c_prime = b_2 + c * 2^5 + 2^140 - t_P, and output
// the running sum at the end of it. If b2_c_prime < 2^140, the running sum will be 0.
let b2_c_prime = b_2.value().zip(c.value()).map(|(b_2, c)| {
let two_pow_5 = pallas::Base::from_u64(1 << 5);
let two_pow_5 = pallas::Base::from(1 << 5);
let two_pow_140 = pallas::Base::from_u128(1u128 << 70).square();
let t_p = pallas::Base::from_u128(T_P);
b_2 + c * two_pow_5 + two_pow_140 - t_p

13
src/circuit/gadget/sinsemilla/merkle/chip.rs
View File

@ -82,7 +82,7 @@ impl MerkleChip {
let q_decompose = meta.query_selector(q_decompose);
let l_whole = meta.query_advice(advices[4], Rotation::next());
let two_pow_5 = pallas::Base::from_u64(1 << 5);
let two_pow_5 = pallas::Base::from(1 << 5);
let two_pow_10 = two_pow_5.square();
// a_whole is constrained by Sinsemilla to be 250 bits.
@ -101,7 +101,7 @@ impl MerkleChip {
let z1_a = meta.query_advice(advices[0], Rotation::next());
let a_1 = z1_a;
// a_0 = a - (a_1 * 2^10)
let a_0 = a_whole - a_1.clone() * pallas::Base::from_u64(1 << 10);
let a_0 = a_whole - a_1.clone() * pallas::Base::from(1 << 10);
let l_check = a_0 - l_whole;
// b = b_0||b_1||b_2
@ -185,12 +185,12 @@ impl MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K },
let a = {
let a = {
// a_0 = l
let a_0 = bitrange_subset(&pallas::Base::from_u64(l as u64), 0..10);
let a_0 = bitrange_subset(&pallas::Base::from(l as u64), 0..10);
// a_1 = (bits 0..=239 of `left`)
let a_1 = left.value().map(|value| bitrange_subset(value, 0..240));
a_1.map(|a_1| a_0 + a_1 * pallas::Base::from_u64(1 << 10))
a_1.map(|a_1| a_0 + a_1 * pallas::Base::from(1 << 10))
};
self.witness_message_piece(layouter.namespace(|| "Witness a = a_0 || a_1"), a, 25)?
@ -233,8 +233,7 @@ impl MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K },
.zip(b_1.value())
.zip(b_2.value())
.map(|((b_0, b_1), b_2)| {
b_0 + b_1 * pallas::Base::from_u64(1 << 10)
+ b_2 * pallas::Base::from_u64(1 << 15)
b_0 + b_1 * pallas::Base::from(1 << 10) + b_2 * pallas::Base::from(1 << 15)
});
self.witness_message_piece(
layouter.namespace(|| "Witness b = b_0 || b_1 || b_2"),
@ -282,7 +281,7 @@ impl MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K },
|| format!("l {}", l),
config.advices[4],
1,
pallas::Base::from_u64(l as u64),
pallas::Base::from(l as u64),
)?;
// Offset 0

38
src/circuit/gadget/sinsemilla/note_commit.rs
View File

@ -96,15 +96,15 @@ impl NoteCommitConfig {
};
// Useful constants
let two = pallas::Base::from_u64(2);
let two_pow_2 = pallas::Base::from_u64(1 << 2);
let two = pallas::Base::from(2);
let two_pow_2 = pallas::Base::from(1 << 2);
let two_pow_4 = two_pow_2.square();
let two_pow_5 = two_pow_4 * two;
let two_pow_6 = two_pow_5 * two;
let two_pow_8 = two_pow_4.square();
let two_pow_9 = two_pow_8 * two;
let two_pow_10 = two_pow_9 * two;
let two_pow_58 = pallas::Base::from_u64(1 << 58);
let two_pow_58 = pallas::Base::from(1 << 58);
let two_pow_130 = Expression::Constant(pallas::Base::from_u128(1 << 65).square());
let two_pow_140 = Expression::Constant(pallas::Base::from_u128(1 << 70).square());
let two_pow_249 = pallas::Base::from_u128(1 << 124).square() * two;
@ -579,9 +579,9 @@ impl NoteCommitConfig {
let b = b_0.value().zip(b_1).zip(b_2).zip(b_3.value()).map(
|(((b_0, b_1), b_2), b_3)| {
let b1_shifted = b_1 * pallas::Base::from_u64(1 << 4);
let b2_shifted = b_2 * pallas::Base::from_u64(1 << 5);
let b3_shifted = b_3 * pallas::Base::from_u64(1 << 6);
let b1_shifted = b_1 * pallas::Base::from(1 << 4);
let b2_shifted = b_2 * pallas::Base::from(1 << 5);
let b3_shifted = b_3 * pallas::Base::from(1 << 6);
b_0 + b1_shifted + b2_shifted + b3_shifted
},
);
@ -621,9 +621,9 @@ impl NoteCommitConfig {
.zip(d_2.value())
.zip(d_3)
.map(|(((d_0, d_1), d_2), d_3)| {
let d1_shifted = d_1 * pallas::Base::from_u64(2);
let d2_shifted = d_2 * pallas::Base::from_u64(1 << 2);
let d3_shifted = d_3 * pallas::Base::from_u64(1 << 10);
let d1_shifted = d_1 * pallas::Base::from(2);
let d2_shifted = d_2 * pallas::Base::from(1 << 2);
let d3_shifted = d_3 * pallas::Base::from(1 << 10);
d_0 + d1_shifted + d2_shifted + d3_shifted
});
@ -654,7 +654,7 @@ impl NoteCommitConfig {
let e = e_0
.value()
.zip(e_1.value())
.map(|(e_0, e_1)| e_0 + e_1 * pallas::Base::from_u64(1 << 6));
.map(|(e_0, e_1)| e_0 + e_1 * pallas::Base::from(1 << 6));
let e = MessagePiece::from_field_elem(chip.clone(), layouter.namespace(|| "e"), e, 1)?;
(e_0, e_1, e)
@ -684,8 +684,8 @@ impl NoteCommitConfig {
// g_2 = z1_g from the SinsemillaHash(g) running sum output.
let g = g_0.zip(g_1.value()).zip(g_2).map(|((g_0, g_1), g_2)| {
let g1_shifted = g_1 * pallas::Base::from_u64(2);
let g2_shifted = g_2 * pallas::Base::from_u64(1 << 10);
let g1_shifted = g_1 * pallas::Base::from(2);
let g2_shifted = g_2 * pallas::Base::from(1 << 10);
g_0 + g1_shifted + g2_shifted
});
let g = MessagePiece::from_field_elem(chip.clone(), layouter.namespace(|| "g"), g, 25)?;
@ -711,7 +711,7 @@ impl NoteCommitConfig {
let h = h_0
.value()
.zip(h_1)
.map(|(h_0, h_1)| h_0 + h_1 * pallas::Base::from_u64(1 << 5));
.map(|(h_0, h_1)| h_0 + h_1 * pallas::Base::from(1 << 5));
let h = MessagePiece::from_field_elem(chip.clone(), layouter.namespace(|| "h"), h, 1)?;
(h_0, h_1, h)
@ -877,7 +877,7 @@ impl NoteCommitConfig {
// and output the running sum at the end of it.
// If b3_c_prime < 2^140, the running sum will be 0.
let b3_c_prime = b_3.value().zip(c.value()).map(|(b_3, c)| {
let two_pow_4 = pallas::Base::from_u64(1u64 << 4);
let two_pow_4 = pallas::Base::from(1u64 << 4);
let two_pow_140 = pallas::Base::from_u128(1u128 << 70).square();
let t_p = pallas::Base::from_u128(T_P);
b_3 + (two_pow_4 * c) + two_pow_140 - t_p
@ -913,7 +913,7 @@ impl NoteCommitConfig {
// - 0 ≤ e_1 + 2^4 f + 2^140 - t_P < 2^140 (14 ten-bit lookups)
let e1_f_prime = e_1.value().zip(f.value()).map(|(e_1, f)| {
let two_pow_4 = pallas::Base::from_u64(1u64 << 4);
let two_pow_4 = pallas::Base::from(1u64 << 4);
let two_pow_140 = pallas::Base::from_u128(1u128 << 70).square();
let t_p = pallas::Base::from_u128(T_P);
e_1 + (two_pow_4 * f) + two_pow_140 - t_p
@ -953,7 +953,7 @@ impl NoteCommitConfig {
// and output the running sum at the end of it.
// If g1_g2_prime < 2^130, the running sum will be 0.
let g1_g2_prime = g_1.value().zip(g_2.value()).map(|(g_1, g_2)| {
let two_pow_9 = pallas::Base::from_u64(1u64 << 9);
let two_pow_9 = pallas::Base::from(1u64 << 9);
let two_pow_130 = pallas::Base::from_u128(1u128 << 65).square();
let t_p = pallas::Base::from_u128(T_P);
g_1 + (two_pow_9 * g_2) + two_pow_130 - t_p
@ -1008,8 +1008,8 @@ impl NoteCommitConfig {
// Decompose j = LSB + (2)k_0 + (2^10)k_1 using 25 ten-bit lookups.
let (j, z1_j, z13_j) = {
let j = lsb.zip(k_0.value()).zip(k_1).map(|((lsb, k_0), k_1)| {
let two = pallas::Base::from_u64(2);
let two_pow_10 = pallas::Base::from_u64(1 << 10);
let two = pallas::Base::from(2);
let two_pow_10 = pallas::Base::from(1 << 10);
lsb + two * k_0 + two_pow_10 * k_1
});
let zs = self.sinsemilla_config.lookup_config.witness_check(
@ -1616,7 +1616,7 @@ mod tests {
// A note value cannot be negative.
let value = {
let mut rng = OsRng;
pallas::Base::from_u64(rng.next_u64())
pallas::Base::from(rng.next_u64())
};
let value_var = {
self.load_private(

4
src/circuit/gadget/utilities.rs
View File

@ -110,7 +110,7 @@ pub fn bitrange_subset<F: FieldExt + PrimeFieldBits>(field_elem: &F, bitrange: R
/// i.e. 0 ≤ word < range.
pub fn range_check<F: FieldExt>(word: Expression<F>, range: usize) -> Expression<F> {
(1..range).fold(word.clone(), |acc, i| {
acc * (Expression::Constant(F::from_u64(i as u64)) - word.clone())
acc * (Expression::Constant(F::from(i as u64)) - word.clone())
})
}
@ -176,7 +176,7 @@ mod tests {
|| format!("witness {}", self.0),
config.advice,
0,
|| Ok(pallas::Base::from_u64(self.0.into())),
|| Ok(pallas::Base::from(self.0 as u64)),
)?;
Ok(())

2
src/circuit/gadget/utilities/cond_swap.rs
View File

@ -84,7 +84,7 @@ impl<F: FieldExt> CondSwapInstructions<F> for CondSwapChip<F> {
)?;
// Witness `swap` value
let swap_val = swap.map(|swap| F::from_u64(swap as u64));
let swap_val = swap.map(|swap| F::from(swap as u64));
region.assign_advice(
|| "swap",
config.swap,

8
src/circuit/gadget/utilities/decompose_running_sum.rs
View File

@ -84,7 +84,7 @@ impl<F: FieldExt + PrimeFieldBits, const WINDOW_NUM_BITS: usize>
let z_next = meta.query_advice(config.z, Rotation::next());
// z_i = 2^{K}⋅z_{i + 1} + k_i
// => k_i = z_i - 2^{K}⋅z_{i + 1}
let word = z_cur - z_next * F::from_u64(1 << WINDOW_NUM_BITS);
let word = z_cur - z_next * F::from(1 << WINDOW_NUM_BITS);
vec![q_range_check * range_check(word, 1 << WINDOW_NUM_BITS)]
});
@ -182,11 +182,11 @@ impl<F: FieldExt + PrimeFieldBits, const WINDOW_NUM_BITS: usize>
// Assign running sum `z_{i+1}` = (z_i - k_i) / (2^K) for i = 0..=n-1.
// Outside of this helper, z_0 = alpha must have already been loaded into the
// `z` column at `offset`.
let two_pow_k_inv = F::from_u64(1 << WINDOW_NUM_BITS as u64).invert().unwrap();
let two_pow_k_inv = F::from(1 << WINDOW_NUM_BITS as u64).invert().unwrap();
for (i, word) in words.iter().enumerate() {
// z_next = (z_cur - word) / (2^K)
let z_next = {
let word = word.map(|word| F::from_u64(word as u64));
let word = word.map(|word| F::from(word as u64));
let z_next_val = z
.value()
.zip(word)
@ -319,7 +319,7 @@ mod tests {
// Random 64-bit word
{
let alpha = pallas::Base::from_u64(rand::random());
let alpha = pallas::Base::from(rand::random::<u64>());
// Strict full decomposition should pass.
let circuit: MyCircuit<

36
src/circuit/gadget/utilities/lookup_range_check.rs
View File

@ -76,7 +76,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
let running_sum_lookup = {
let running_sum_word = {
let z_next = meta.query_advice(config.running_sum, Rotation::next());
z_cur.clone() - z_next * F::from_u64(1 << K)
z_cur.clone() - z_next * F::from(1 << K)
};
q_running.clone() * running_sum_word
@ -104,7 +104,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
let shifted_word = meta.query_advice(config.running_sum, Rotation::cur());
let inv_two_pow_s = meta.query_advice(config.running_sum, Rotation::next());
let two_pow_k = F::from_u64(1 << K);
let two_pow_k = F::from(1 << K);
// shifted_word = word * 2^{K-s}
// = word * 2^K * inv_two_pow_s
@ -128,7 +128,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
|| "table_idx",
self.table_idx,
index,
|| Ok(F::from_u64(index as u64)),
|| Ok(F::from(index as u64)),
)?;
}
Ok(())
@ -210,7 +210,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
let words: Option<Vec<F>> = bits.map(|bits| {
bits.chunks_exact(K)
.map(|word| F::from_u64(lebs2ip::<K>(&(word.try_into().unwrap()))))
.map(|word| F::from(lebs2ip::<K>(&(word.try_into().unwrap()))))
.collect::<Vec<_>>()
});
if let Some(words) = words {
@ -229,7 +229,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
// For `element` = a_0 + 2^10 a_1 + ... + 2^{120} a_{12}}, initialize z_0 = `element`.
// If `element` fits in 130 bits, we end up with z_{13} = 0.
let mut z = element;
let inv_two_pow_k = F::from_u64(1u64 << K).invert().unwrap();
let inv_two_pow_k = F::from(1u64 << K).invert().unwrap();
for (idx, word) in words.iter().enumerate() {
// Enable q_lookup on this row
self.q_lookup.enable(region, idx)?;
@ -336,7 +336,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
// Assign shifted `element * 2^{K - num_bits}`
let shifted = element.value().map(|element| {
let shift = F::from_u64(1 << (K - num_bits));
let shift = F::from(1 << (K - num_bits));
*element * shift
});
@ -348,7 +348,7 @@ impl<F: FieldExt + PrimeFieldBits, const K: usize> LookupRangeCheckConfig<F, K>
)?;
// Assign 2^{-num_bits} from a fixed column.
let inv_two_pow_s = F::from_u64(1 << num_bits).invert().unwrap();
let inv_two_pow_s = F::from(1 << num_bits).invert().unwrap();
region.assign_advice_from_constant(
|| format!("2^(-{})", num_bits),
self.running_sum,
@ -411,12 +411,8 @@ mod tests {
// Lookup constraining element to be no longer than num_words * K bits.
let elements_and_expected_final_zs = [
(
F::from_u64((1 << (self.num_words * K)) - 1),
F::zero(),
true,
), // a word that is within self.num_words * K bits long
(F::from_u64(1 << (self.num_words * K)), F::one(), false), // a word that is just over self.num_words * K bits long
(F::from((1 << (self.num_words * K)) - 1), F::zero(), true), // a word that is within self.num_words * K bits long
(F::from(1 << (self.num_words * K)), F::one(), false), // a word that is just over self.num_words * K bits long
];
fn expected_zs<F: FieldExt + PrimeFieldBits, const K: usize>(
@ -431,7 +427,7 @@ mod tests {
.take(num_words * K)
.collect::<Vec<_>>()
.chunks_exact(K)
.map(|chunk| F::from_u64(lebs2ip::<K>(chunk.try_into().unwrap())))
.map(|chunk| F::from(lebs2ip::<K>(chunk.try_into().unwrap())))
.collect::<Vec<_>>()
};
let expected_zs = {
@ -538,7 +534,7 @@ mod tests {
// Edge case: K bits
{
let circuit: MyCircuit<pallas::Base> = MyCircuit {
element: Some(pallas::Base::from_u64((1 << K) - 1)),
element: Some(pallas::Base::from((1 << K) - 1)),
num_bits: K,
};
let prover = MockProver::<pallas::Base>::run(11, &circuit, vec![]).unwrap();
@ -548,7 +544,7 @@ mod tests {
// Element within `num_bits`
{
let circuit: MyCircuit<pallas::Base> = MyCircuit {
element: Some(pallas::Base::from_u64((1 << 6) - 1)),
element: Some(pallas::Base::from((1 << 6) - 1)),
num_bits: 6,
};
let prover = MockProver::<pallas::Base>::run(11, &circuit, vec![]).unwrap();
@ -558,7 +554,7 @@ mod tests {
// Element larger than `num_bits` but within K bits
{
let circuit: MyCircuit<pallas::Base> = MyCircuit {
element: Some(pallas::Base::from_u64(1 << 6)),
element: Some(pallas::Base::from(1 << 6)),
num_bits: 6,
};
let prover = MockProver::<pallas::Base>::run(11, &circuit, vec![]).unwrap();
@ -574,7 +570,7 @@ mod tests {
// Element larger than K bits
{
let circuit: MyCircuit<pallas::Base> = MyCircuit {
element: Some(pallas::Base::from_u64(1 << K)),
element: Some(pallas::Base::from(1 << K)),
num_bits: 6,
};
let prover = MockProver::<pallas::Base>::run(11, &circuit, vec![]).unwrap();
@ -597,11 +593,11 @@ mod tests {
// num_bits
{
let num_bits = 6;
let shifted = pallas::Base::from_u64((1 << num_bits) - 1);
let shifted = pallas::Base::from((1 << num_bits) - 1);
// Recall that shifted = element * 2^{K-s}
// => element = shifted * 2^{s-K}
let element = shifted
* pallas::Base::from_u64(1 << (K as u64 - num_bits))
* pallas::Base::from(1 << (K as u64 - num_bits))
.invert()
.unwrap();
let circuit: MyCircuit<pallas::Base> = MyCircuit {

40
src/constants.rs
View File

@ -100,8 +100,8 @@ fn compute_window_table<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C;
(0..H)
.map(|k| {
// scalar = (k+2)*(8^w)
let scalar = C::ScalarExt::from_u64(k as u64 + 2)
* C::ScalarExt::from_u64(H as u64).pow(&[w as u64, 0, 0, 0]);
let scalar = C::Scalar::from(k as u64 + 2)
* C::Scalar::from(H as u64).pow(&[w as u64, 0, 0, 0]);
(base * scalar).to_affine()
})
.collect::<ArrayVec<C, H>>()
@ -114,19 +114,14 @@ fn compute_window_table<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C;
// For the last window, we compute [k * (2^3)^w - sum]B, where sum is defined
// as sum = \sum_{j = 0}^{`num_windows - 2`} 2^{3j+1}
let sum = (0..(num_windows - 1)).fold(C::ScalarExt::zero(), |acc, j| {
acc + C::ScalarExt::from_u64(2).pow(&[
FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1,
0,
0,
0,
])
acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1, 0, 0, 0])
});
window_table.push(
(0..H)
.map(|k| {
// scalar = k * (2^3)^w - sum, where w = `num_windows - 1`
let scalar = C::ScalarExt::from_u64(k as u64)
* C::ScalarExt::from_u64(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0])
let scalar = C::Scalar::from(k as u64)
* C::Scalar::from(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0])
- sum;
(base * scalar).to_affine()
})
@ -142,7 +137,7 @@ fn compute_window_table<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C;
/// Here, we pre-compute and store the coefficients of the interpolation polynomial.
fn compute_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C::Base; H]> {
// We are interpolating over the 3-bit window, k \in [0..8)
let points: Vec<_> = (0..H).map(|i| C::Base::from_u64(i as u64)).collect();
let points: Vec<_> = (0..H).map(|i| C::Base::from(i as u64)).collect();
let window_table = compute_window_table(base, num_windows);
@ -183,8 +178,8 @@ fn find_zs_and_us<C: CurveAffine>(base: C, num_windows: usize) -> Option<Vec<(u6
(0..(1000 * (1 << (2 * H)))).find_map(|z| {
ys.iter()
.map(|&y| {
if (-y + C::Base::from_u64(z)).sqrt().is_none().into() {
(y + C::Base::from_u64(z)).sqrt().into()
if (-y + C::Base::from(z)).sqrt().is_none().into() {
(y + C::Base::from(z)).sqrt().into()
} else {
None
}
@ -217,8 +212,8 @@ fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
// Compute the actual x-coordinate of the multiple [(k+2)*(8^w)]B.
let point = base
* C::Scalar::from_u64(bits as u64 + 2)
* C::Scalar::from_u64(H as u64).pow(&[idx as u64, 0, 0, 0]);
* C::Scalar::from(bits as u64 + 2)
* C::Scalar::from(H as u64).pow(&[idx as u64, 0, 0, 0]);
let x = *point.to_affine().coordinates().unwrap().x();
// Check that the interpolated x-coordinate matches the actual one.
@ -235,15 +230,10 @@ fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
// Compute the actual x-coordinate of the multiple [k * (8^84) - offset]B,
// where offset = \sum_{j = 0}^{83} 2^{3j+1}
let offset = (0..(num_windows - 1)).fold(C::Scalar::zero(), |acc, w| {
acc + C::Scalar::from_u64(2).pow(&[
FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1,
0,
0,
0,
])
acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0])
});
let scalar = C::Scalar::from_u64(bits as u64)
* C::Scalar::from_u64(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0])
let scalar = C::Scalar::from(bits as u64)
* C::Scalar::from(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0])
- offset;
let point = base * scalar;
let x = *point.to_affine().coordinates().unwrap().x();
@ -265,8 +255,8 @@ fn test_zs_and_us<C: CurveAffine>(base: C, z: &[u64], u: &[[[u8; 32]; H]], num_w
for (u, point) in u.iter().zip(window_points.iter()) {
let y = *point.coordinates().unwrap().y();
let u = C::Base::from_bytes(u).unwrap();
assert_eq!(C::Base::from_u64(*z) + y, u * u); // allow either square root
assert!(bool::from((C::Base::from_u64(*z) - y).sqrt().is_none()));
assert_eq!(C::Base::from(*z) + y, u * u); // allow either square root
assert!(bool::from((C::Base::from(*z) - y).sqrt().is_none()));
}
}
}

4
src/constants/load.rs
View File

@ -177,7 +177,7 @@ impl From<[u64; NUM_WINDOWS]> for Z {
fn from(zs: [u64; NUM_WINDOWS]) -> Self {
Self(
zs.iter()
.map(|z| pallas::Base::from_u64(*z))
.map(|z| pallas::Base::from(*z))
.collect::<Vec<_>>()
.into_boxed_slice()
.try_into()
@ -194,7 +194,7 @@ impl From<[u64; NUM_WINDOWS_SHORT]> for ZShort {
fn from(zs: [u64; NUM_WINDOWS_SHORT]) -> Self {
Self(
zs.iter()
.map(|z| pallas::Base::from_u64(*z))
.map(|z| pallas::Base::from(*z))
.collect::<Vec<_>>()
.into_boxed_slice()
.try_into()

4
src/constants/util.rs
View File

@ -1,5 +1,5 @@
use ff::{Field, PrimeFieldBits};
use halo2::arithmetic::{CurveAffine, FieldExt};
use halo2::arithmetic::CurveAffine;
/// Decompose a word `alpha` into `window_num_bits` bits (little-endian)
/// For a window size of `w`, this returns [k_0, ..., k_n] where each `k_i`
@ -33,7 +33,7 @@ pub fn decompose_word<F: PrimeFieldBits>(
/// Evaluate y = f(x) given the coefficients of f(x)
pub fn evaluate<C: CurveAffine>(x: u8, coeffs: &[C::Base]) -> C::Base {
let x = C::Base::from_u64(x as u64);
let x = C::Base::from(x as u64);
coeffs
.iter()
.rev()

2
src/primitives/poseidon.rs
View File

@ -370,7 +370,7 @@ mod tests {
#[test]
fn orchard_spec_equivalence() {
let message = [pallas::Base::from_u64(6), pallas::Base::from_u64(42)];
let message = [pallas::Base::from(6), pallas::Base::from(42)];
let (round_constants, mds, _) = OrchardNullifier::constants();

2
src/primitives/sinsemilla/constants.rs
View File

@ -135,7 +135,7 @@ mod tests {
#[test]
fn inv_two_pow_k() {
let two_pow_k = pallas::Base::from_u64(1u64 << K);
let two_pow_k = pallas::Base::from(1u64 << K);
let inv_two_pow_k = pallas::Base::from_bytes(&INV_TWO_POW_K).unwrap();
assert_eq!(two_pow_k * inv_two_pow_k, pallas::Base::one());

4
src/spec.rs
View File

@ -251,8 +251,8 @@ pub(crate) fn extract_p_bottom(point: CtOption<pallas::Point>) -> CtOption<palla
/// The field element representation of a u64 integer represented by
/// an L-bit little-endian bitstring.
pub fn lebs2ip_field<F: FieldExt, const L: usize>(bits: &[bool; L]) -> F {
F::from_u64(lebs2ip::<L>(bits))
pub fn lebs2ip_field<F: PrimeField, const L: usize>(bits: &[bool; L]) -> F {
F::from(lebs2ip::<L>(bits))
}
/// The u64 integer represented by an L-bit little-endian bitstring.

2
src/tree.rs
View File

@ -23,7 +23,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
// The uncommitted leaf is defined as pallas::Base(2).
// <https://zips.z.cash/protocol/protocol.pdf#thmuncommittedorchard>
lazy_static! {
static ref UNCOMMITTED_ORCHARD: pallas::Base = pallas::Base::from_u64(2);
static ref UNCOMMITTED_ORCHARD: pallas::Base = pallas::Base::from(2);
pub(crate) static ref EMPTY_ROOTS: Vec<MerkleHashOrchard> = {
iter::empty()
.chain(Some(MerkleHashOrchard::empty_leaf()))

6
src/value.rs
View File

@ -23,7 +23,7 @@ use bitvec::{array::BitArray, order::Lsb0};
use ff::{Field, PrimeField};
use group::{Curve, Group, GroupEncoding};
use pasta_curves::{
arithmetic::{CurveAffine, CurveExt, FieldExt},
arithmetic::{CurveAffine, CurveExt},
pallas,
};
use rand::RngCore;
@ -252,9 +252,9 @@ impl ValueCommitment {
let abs_value = u64::try_from(value.0.abs()).expect("value must be in valid range");
let value = if value.0.is_negative() {
-pallas::Scalar::from_u64(abs_value)
-pallas::Scalar::from(abs_value)
} else {
pallas::Scalar::from_u64(abs_value)
pallas::Scalar::from(abs_value)
};
ValueCommitment(V * value + R * rcv.0)