diff --git a/Cargo.toml b/Cargo.toml index eff05d37..a54e5749 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,13 +24,13 @@ arrayvec = "0.7.0" bigint = "4" bitvec = "0.22" blake2b_simd = "0.5" -ff = "0.10" +ff = "0.11" fpe = "0.4" -group = "0.10" +group = "0.11" halo2 = "0.0" lazy_static = "1" memuse = { version = "0.1", features = ["nonempty"] } -pasta_curves = "0.1.2" +pasta_curves = "0.2" proptest = { version = "1.0.0", optional = true } rand = "0.8" nonempty = "0.7" @@ -44,7 +44,7 @@ plotters = { version = "0.3.0", optional = true } [dependencies.reddsa] git = "https://github.com/str4d/redjubjub.git" -rev = "d5d8c5f3bb704bad8ae88fe4a29ae1f744774cb2" +rev = "416a6a8ebf8bd42c114c938883016c04f338de72" [dev-dependencies] criterion = "0.3" @@ -84,6 +84,6 @@ debug = true debug = true [patch.crates-io] -halo2 = { git = "https://github.com/zcash/halo2.git", rev = "27c4187673a9c6ade13fbdbd4f20955530c22d7f" } +halo2 = { git = "https://github.com/zcash/halo2.git", rev = "26047eaf323929935fd1e6aa3ae100b1113706e0" } zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "13b023387bafdc7b5712c933dc0e16ee94b96a6a" } incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" } diff --git a/src/circuit/gadget/sinsemilla/note_commit.rs b/src/circuit/gadget/sinsemilla/note_commit.rs index caf612cc..b3b7a532 100644 --- a/src/circuit/gadget/sinsemilla/note_commit.rs +++ b/src/circuit/gadget/sinsemilla/note_commit.rs @@ -1588,7 +1588,7 @@ mod tests { let g_d = self.gd_x.zip(self.gd_y_lsb).map(|(x, y_lsb)| { // Calculate y = (x^3 + 5).sqrt() let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap(); - if y.is_odd() ^ y_lsb.is_odd() { + if bool::from(y.is_odd() ^ y_lsb.is_odd()) { y = -y; } pallas::Affine::from_xy(x, y).unwrap() @@ -1602,7 +1602,7 @@ mod tests { let pk_d = self.pkd_x.zip(self.pkd_y_lsb).map(|(x, y_lsb)| { // Calculate y = (x^3 + 5).sqrt() let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap(); - if y.is_odd() ^ y_lsb.is_odd() { + if bool::from(y.is_odd() ^ y_lsb.is_odd()) { y = -y; } pallas::Affine::from_xy(x, y).unwrap() diff --git a/src/keys.rs b/src/keys.rs index 223368f1..9434b6d0 100644 --- a/src/keys.rs +++ b/src/keys.rs @@ -7,7 +7,7 @@ use std::mem; use aes::Aes256; use blake2b_simd::{Hash as Blake2bHash, Params}; use fpe::ff1::{BinaryNumeralString, FF1}; -use group::{prime::PrimeCurveAffine, Curve, GroupEncoding}; +use group::{ff::Field, prime::PrimeCurveAffine, Curve, GroupEncoding}; use halo2::arithmetic::FieldExt; use pasta_curves::pallas; use rand::RngCore; @@ -65,7 +65,7 @@ impl SpendingKey { let ask = SpendAuthorizingKey::derive_inner(&sk); // If ivk = ⊥, discard this key. let ivk = KeyAgreementPrivateKey::derive_inner(&(&sk).into()); - CtOption::new(sk, !(ask.ct_is_zero() | ivk.is_none())) + CtOption::new(sk, !(ask.is_zero() | ivk.is_none())) } /// Returns the raw bytes of the spending key. @@ -116,7 +116,7 @@ impl From<&SpendingKey> for SpendAuthorizingKey { fn from(sk: &SpendingKey) -> Self { let ask = Self::derive_inner(sk); // SpendingKey cannot be constructed such that this assertion would fail. - assert!(!bool::from(ask.ct_is_zero())); + assert!(!bool::from(ask.is_zero())); // TODO: Add TryFrom for SpendAuthorizingKey. let ret = SpendAuthorizingKey(ask.to_bytes().try_into().unwrap()); // If the last bit of repr_P(ak) is 1, negate ask. diff --git a/src/primitives/poseidon/grain.rs b/src/primitives/poseidon/grain.rs index c2446c87..580f86d4 100644 --- a/src/primitives/poseidon/grain.rs +++ b/src/primitives/poseidon/grain.rs @@ -130,7 +130,7 @@ impl Grain { view[i / 8] |= if bit { 1 << (i % 8) } else { 0 }; } - if let Some(f) = F::from_repr(bytes) { + if let Some(f) = F::from_repr_vartime(bytes) { break f; } } diff --git a/src/primitives/poseidon/mds.rs b/src/primitives/poseidon/mds.rs index 62ecb312..7f9d1460 100644 --- a/src/primitives/poseidon/mds.rs +++ b/src/primitives/poseidon/mds.rs @@ -54,7 +54,7 @@ pub(super) fn generate_mds( for j in 0..T { let sum = xs[i] + ys[j]; // We leverage the secure MDS selection counter to also check this. - assert!(!sum.is_zero()); + assert!(!sum.is_zero_vartime()); mds[i][j] = sum.invert().unwrap(); } } diff --git a/src/spec.rs b/src/spec.rs index 0ffd4cb2..15fc1613 100644 --- a/src/spec.rs +++ b/src/spec.rs @@ -78,7 +78,7 @@ impl NonZeroPallasBase { } pub(crate) fn from_base(b: pallas::Base) -> CtOption { - CtOption::new(NonZeroPallasBase(b), !b.ct_is_zero()) + CtOption::new(NonZeroPallasBase(b), !b.is_zero()) } /// Constructs a wrapper for a base field element that is guaranteed to be non-zero. @@ -87,7 +87,7 @@ impl NonZeroPallasBase { /// /// Panics if `s.is_zero()`. fn guaranteed(s: pallas::Base) -> Self { - assert!(!s.is_zero()); + assert!(!bool::from(s.is_zero())); NonZeroPallasBase(s) } } @@ -120,7 +120,7 @@ impl NonZeroPallasScalar { } pub(crate) fn from_scalar(s: pallas::Scalar) -> CtOption { - CtOption::new(NonZeroPallasScalar(s), !s.ct_is_zero()) + CtOption::new(NonZeroPallasScalar(s), !s.is_zero()) } /// Constructs a wrapper for a scalar field element that is guaranteed to be non-zero. @@ -129,7 +129,7 @@ impl NonZeroPallasScalar { /// /// Panics if `s.is_zero()`. fn guaranteed(s: pallas::Scalar) -> Self { - assert!(!s.is_zero()); + assert!(!bool::from(s.is_zero())); NonZeroPallasScalar(s) } } diff --git a/src/tree.rs b/src/tree.rs index fa719667..a983a45a 100644 --- a/src/tree.rs +++ b/src/tree.rs @@ -61,7 +61,7 @@ impl Anchor { impl Anchor { /// Parses an Orchard anchor from a byte encoding. - pub fn from_bytes(bytes: [u8; 32]) -> Option { + pub fn from_bytes(bytes: [u8; 32]) -> CtOption { pallas::Base::from_repr(bytes).map(Anchor) }