mirror of https://github.com/zcash/orchard.git
ff 0.11, group 0.11, pasta_curves 0.2 etc.
This commit is contained in:
parent
f1e95fabfa
commit
8c82ceecbf
10
Cargo.toml
10
Cargo.toml
|
@ -24,13 +24,13 @@ arrayvec = "0.7.0"
|
||||||
bigint = "4"
|
bigint = "4"
|
||||||
bitvec = "0.22"
|
bitvec = "0.22"
|
||||||
blake2b_simd = "0.5"
|
blake2b_simd = "0.5"
|
||||||
ff = "0.10"
|
ff = "0.11"
|
||||||
fpe = "0.4"
|
fpe = "0.4"
|
||||||
group = "0.10"
|
group = "0.11"
|
||||||
halo2 = "0.0"
|
halo2 = "0.0"
|
||||||
lazy_static = "1"
|
lazy_static = "1"
|
||||||
memuse = { version = "0.1", features = ["nonempty"] }
|
memuse = { version = "0.1", features = ["nonempty"] }
|
||||||
pasta_curves = "0.1.2"
|
pasta_curves = "0.2"
|
||||||
proptest = { version = "1.0.0", optional = true }
|
proptest = { version = "1.0.0", optional = true }
|
||||||
rand = "0.8"
|
rand = "0.8"
|
||||||
nonempty = "0.7"
|
nonempty = "0.7"
|
||||||
|
@ -44,7 +44,7 @@ plotters = { version = "0.3.0", optional = true }
|
||||||
|
|
||||||
[dependencies.reddsa]
|
[dependencies.reddsa]
|
||||||
git = "https://github.com/str4d/redjubjub.git"
|
git = "https://github.com/str4d/redjubjub.git"
|
||||||
rev = "d5d8c5f3bb704bad8ae88fe4a29ae1f744774cb2"
|
rev = "416a6a8ebf8bd42c114c938883016c04f338de72"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
criterion = "0.3"
|
criterion = "0.3"
|
||||||
|
@ -84,6 +84,6 @@ debug = true
|
||||||
debug = true
|
debug = true
|
||||||
|
|
||||||
[patch.crates-io]
|
[patch.crates-io]
|
||||||
halo2 = { git = "https://github.com/zcash/halo2.git", rev = "27c4187673a9c6ade13fbdbd4f20955530c22d7f" }
|
halo2 = { git = "https://github.com/zcash/halo2.git", rev = "26047eaf323929935fd1e6aa3ae100b1113706e0" }
|
||||||
zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "13b023387bafdc7b5712c933dc0e16ee94b96a6a" }
|
zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "13b023387bafdc7b5712c933dc0e16ee94b96a6a" }
|
||||||
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" }
|
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" }
|
||||||
|
|
|
@ -1588,7 +1588,7 @@ mod tests {
|
||||||
let g_d = self.gd_x.zip(self.gd_y_lsb).map(|(x, y_lsb)| {
|
let g_d = self.gd_x.zip(self.gd_y_lsb).map(|(x, y_lsb)| {
|
||||||
// Calculate y = (x^3 + 5).sqrt()
|
// Calculate y = (x^3 + 5).sqrt()
|
||||||
let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap();
|
let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap();
|
||||||
if y.is_odd() ^ y_lsb.is_odd() {
|
if bool::from(y.is_odd() ^ y_lsb.is_odd()) {
|
||||||
y = -y;
|
y = -y;
|
||||||
}
|
}
|
||||||
pallas::Affine::from_xy(x, y).unwrap()
|
pallas::Affine::from_xy(x, y).unwrap()
|
||||||
|
@ -1602,7 +1602,7 @@ mod tests {
|
||||||
let pk_d = self.pkd_x.zip(self.pkd_y_lsb).map(|(x, y_lsb)| {
|
let pk_d = self.pkd_x.zip(self.pkd_y_lsb).map(|(x, y_lsb)| {
|
||||||
// Calculate y = (x^3 + 5).sqrt()
|
// Calculate y = (x^3 + 5).sqrt()
|
||||||
let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap();
|
let mut y = (x.square() * x + pallas::Affine::b()).sqrt().unwrap();
|
||||||
if y.is_odd() ^ y_lsb.is_odd() {
|
if bool::from(y.is_odd() ^ y_lsb.is_odd()) {
|
||||||
y = -y;
|
y = -y;
|
||||||
}
|
}
|
||||||
pallas::Affine::from_xy(x, y).unwrap()
|
pallas::Affine::from_xy(x, y).unwrap()
|
||||||
|
|
|
@ -7,7 +7,7 @@ use std::mem;
|
||||||
use aes::Aes256;
|
use aes::Aes256;
|
||||||
use blake2b_simd::{Hash as Blake2bHash, Params};
|
use blake2b_simd::{Hash as Blake2bHash, Params};
|
||||||
use fpe::ff1::{BinaryNumeralString, FF1};
|
use fpe::ff1::{BinaryNumeralString, FF1};
|
||||||
use group::{prime::PrimeCurveAffine, Curve, GroupEncoding};
|
use group::{ff::Field, prime::PrimeCurveAffine, Curve, GroupEncoding};
|
||||||
use halo2::arithmetic::FieldExt;
|
use halo2::arithmetic::FieldExt;
|
||||||
use pasta_curves::pallas;
|
use pasta_curves::pallas;
|
||||||
use rand::RngCore;
|
use rand::RngCore;
|
||||||
|
@ -65,7 +65,7 @@ impl SpendingKey {
|
||||||
let ask = SpendAuthorizingKey::derive_inner(&sk);
|
let ask = SpendAuthorizingKey::derive_inner(&sk);
|
||||||
// If ivk = ⊥, discard this key.
|
// If ivk = ⊥, discard this key.
|
||||||
let ivk = KeyAgreementPrivateKey::derive_inner(&(&sk).into());
|
let ivk = KeyAgreementPrivateKey::derive_inner(&(&sk).into());
|
||||||
CtOption::new(sk, !(ask.ct_is_zero() | ivk.is_none()))
|
CtOption::new(sk, !(ask.is_zero() | ivk.is_none()))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returns the raw bytes of the spending key.
|
/// Returns the raw bytes of the spending key.
|
||||||
|
@ -116,7 +116,7 @@ impl From<&SpendingKey> for SpendAuthorizingKey {
|
||||||
fn from(sk: &SpendingKey) -> Self {
|
fn from(sk: &SpendingKey) -> Self {
|
||||||
let ask = Self::derive_inner(sk);
|
let ask = Self::derive_inner(sk);
|
||||||
// SpendingKey cannot be constructed such that this assertion would fail.
|
// SpendingKey cannot be constructed such that this assertion would fail.
|
||||||
assert!(!bool::from(ask.ct_is_zero()));
|
assert!(!bool::from(ask.is_zero()));
|
||||||
// TODO: Add TryFrom<S::Scalar> for SpendAuthorizingKey.
|
// TODO: Add TryFrom<S::Scalar> for SpendAuthorizingKey.
|
||||||
let ret = SpendAuthorizingKey(ask.to_bytes().try_into().unwrap());
|
let ret = SpendAuthorizingKey(ask.to_bytes().try_into().unwrap());
|
||||||
// If the last bit of repr_P(ak) is 1, negate ask.
|
// If the last bit of repr_P(ak) is 1, negate ask.
|
||||||
|
|
|
@ -130,7 +130,7 @@ impl<F: FieldExt> Grain<F> {
|
||||||
view[i / 8] |= if bit { 1 << (i % 8) } else { 0 };
|
view[i / 8] |= if bit { 1 << (i % 8) } else { 0 };
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(f) = F::from_repr(bytes) {
|
if let Some(f) = F::from_repr_vartime(bytes) {
|
||||||
break f;
|
break f;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,7 +54,7 @@ pub(super) fn generate_mds<F: FieldExt, const T: usize>(
|
||||||
for j in 0..T {
|
for j in 0..T {
|
||||||
let sum = xs[i] + ys[j];
|
let sum = xs[i] + ys[j];
|
||||||
// We leverage the secure MDS selection counter to also check this.
|
// We leverage the secure MDS selection counter to also check this.
|
||||||
assert!(!sum.is_zero());
|
assert!(!sum.is_zero_vartime());
|
||||||
mds[i][j] = sum.invert().unwrap();
|
mds[i][j] = sum.invert().unwrap();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,7 +78,7 @@ impl NonZeroPallasBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn from_base(b: pallas::Base) -> CtOption<Self> {
|
pub(crate) fn from_base(b: pallas::Base) -> CtOption<Self> {
|
||||||
CtOption::new(NonZeroPallasBase(b), !b.ct_is_zero())
|
CtOption::new(NonZeroPallasBase(b), !b.is_zero())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Constructs a wrapper for a base field element that is guaranteed to be non-zero.
|
/// Constructs a wrapper for a base field element that is guaranteed to be non-zero.
|
||||||
|
@ -87,7 +87,7 @@ impl NonZeroPallasBase {
|
||||||
///
|
///
|
||||||
/// Panics if `s.is_zero()`.
|
/// Panics if `s.is_zero()`.
|
||||||
fn guaranteed(s: pallas::Base) -> Self {
|
fn guaranteed(s: pallas::Base) -> Self {
|
||||||
assert!(!s.is_zero());
|
assert!(!bool::from(s.is_zero()));
|
||||||
NonZeroPallasBase(s)
|
NonZeroPallasBase(s)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -120,7 +120,7 @@ impl NonZeroPallasScalar {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn from_scalar(s: pallas::Scalar) -> CtOption<Self> {
|
pub(crate) fn from_scalar(s: pallas::Scalar) -> CtOption<Self> {
|
||||||
CtOption::new(NonZeroPallasScalar(s), !s.ct_is_zero())
|
CtOption::new(NonZeroPallasScalar(s), !s.is_zero())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Constructs a wrapper for a scalar field element that is guaranteed to be non-zero.
|
/// Constructs a wrapper for a scalar field element that is guaranteed to be non-zero.
|
||||||
|
@ -129,7 +129,7 @@ impl NonZeroPallasScalar {
|
||||||
///
|
///
|
||||||
/// Panics if `s.is_zero()`.
|
/// Panics if `s.is_zero()`.
|
||||||
fn guaranteed(s: pallas::Scalar) -> Self {
|
fn guaranteed(s: pallas::Scalar) -> Self {
|
||||||
assert!(!s.is_zero());
|
assert!(!bool::from(s.is_zero()));
|
||||||
NonZeroPallasScalar(s)
|
NonZeroPallasScalar(s)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -61,7 +61,7 @@ impl Anchor {
|
||||||
|
|
||||||
impl Anchor {
|
impl Anchor {
|
||||||
/// Parses an Orchard anchor from a byte encoding.
|
/// Parses an Orchard anchor from a byte encoding.
|
||||||
pub fn from_bytes(bytes: [u8; 32]) -> Option<Anchor> {
|
pub fn from_bytes(bytes: [u8; 32]) -> CtOption<Anchor> {
|
||||||
pallas::Base::from_repr(bytes).map(Anchor)
|
pallas::Base::from_repr(bytes).map(Anchor)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue