From a5cfd2cfc6783c2931d0985c24fc6e55193d9072 Mon Sep 17 00:00:00 2001 From: therealyingtong Date: Mon, 29 Nov 2021 15:39:41 -0500 Subject: [PATCH] circuit::gadget: Remove Orchard-specific names from gadget consts. - L_ORCHARD_BASE -> pallas::Base::NUM_BITS, - L_ORCHARD_SCALAR -> pallas::Scalar::NUM_BITS, - L_VALUE -> L_SCALAR_SHORT, - MERKLE_DEPTH_ORCHARD -> MERKLE_DEPTH. --- src/circuit/gadget/ecc/chip.rs | 15 ++++----------- .../ecc/chip/mul_fixed/base_field_elem.rs | 13 ++++++------- .../gadget/ecc/chip/mul_fixed/full_width.rs | 9 +++++---- .../gadget/ecc/chip/mul_fixed/short.rs | 4 ++-- src/circuit/gadget/sinsemilla.rs | 2 +- src/circuit/gadget/sinsemilla/merkle.rs | 18 +++++++----------- src/circuit/gadget/sinsemilla/merkle/chip.rs | 19 ++++++++++--------- 7 files changed, 35 insertions(+), 45 deletions(-) diff --git a/src/circuit/gadget/ecc/chip.rs b/src/circuit/gadget/ecc/chip.rs index f45fcb11..386e031f 100644 --- a/src/circuit/gadget/ecc/chip.rs +++ b/src/circuit/gadget/ecc/chip.rs @@ -6,6 +6,7 @@ use crate::{ primitives::sinsemilla, }; use arrayvec::ArrayVec; +use ff::PrimeField; use ff::Field; use group::prime::PrimeCurveAffine; @@ -31,23 +32,15 @@ pub const H: usize = 1 << FIXED_BASE_WINDOW_SIZE; /// Number of windows for a full-width scalar pub const NUM_WINDOWS: usize = - (L_ORCHARD_SCALAR + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE; + (pallas::Scalar::NUM_BITS as usize + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE; /// Number of windows for a short signed scalar pub const NUM_WINDOWS_SHORT: usize = - (L_VALUE + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE; + (L_SCALAR_SHORT + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE; /// $\ell_\mathsf{value}$ /// Number of bits in an unsigned short scalar. -pub(crate) const L_VALUE: usize = 64; - -/// $\ell^\mathsf{Orchard}_\mathsf{base}$ -/// Number of bits in a Pallas base field element. -pub(crate) const L_ORCHARD_BASE: usize = 255; - -/// $\ell^\mathsf{Orchard}_\mathsf{scalar}$ -/// Number of bits in a Pallas scalar field element. -pub(crate) const L_ORCHARD_SCALAR: usize = 255; +pub(crate) const L_SCALAR_SHORT: usize = 64; /// The Pallas scalar field modulus is $q = 2^{254} + \mathsf{t_q}$. /// diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs b/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs index 8039edd6..15589bb9 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs @@ -1,6 +1,4 @@ -use super::super::{ - EccBaseFieldElemFixed, EccPoint, FixedPoints, L_ORCHARD_BASE, NUM_WINDOWS, T_P, -}; +use super::super::{EccBaseFieldElemFixed, EccPoint, FixedPoints, NUM_WINDOWS, T_P}; use super::H_BASE; use crate::{ @@ -9,9 +7,10 @@ use crate::{ }, primitives::sinsemilla, }; -use halo2::circuit::AssignedCell; + +use group::ff::PrimeField; use halo2::{ - circuit::Layouter, + circuit::{AssignedCell, Layouter}, plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector}, poly::Rotation, }; @@ -179,7 +178,7 @@ impl> Config { offset, scalar.clone(), true, - L_ORCHARD_BASE, + pallas::Base::NUM_BITS as usize, NUM_WINDOWS, )?; EccBaseFieldElemFixed { @@ -217,7 +216,7 @@ impl> Config { // Check that the correct multiple is obtained. { use super::super::FixedPoint; - use group::{ff::PrimeField, Curve}; + use group::Curve; let scalar = &scalar .base_field_elem() diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs b/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs index 0c7469ba..eca975bf 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs @@ -1,9 +1,8 @@ -use super::super::{ - EccPoint, EccScalarFixed, FixedPoints, FIXED_BASE_WINDOW_SIZE, H, L_ORCHARD_SCALAR, NUM_WINDOWS, -}; +use super::super::{EccPoint, EccScalarFixed, FixedPoints, FIXED_BASE_WINDOW_SIZE, H, NUM_WINDOWS}; use crate::circuit::gadget::utilities::{decompose_word, range_check}; use arrayvec::ArrayVec; +use ff::PrimeField; use halo2::{ circuit::{AssignedCell, Layouter, Region}, plonk::{ConstraintSystem, Error, Selector}, @@ -59,7 +58,9 @@ impl> Config { offset: usize, scalar: Option, ) -> Result { - let windows = self.decompose_scalar_fixed::(scalar, offset, region)?; + let windows = self.decompose_scalar_fixed::<{ pallas::Scalar::NUM_BITS as usize }>( + scalar, offset, region, + )?; Ok(EccScalarFixed { value: scalar, diff --git a/src/circuit/gadget/ecc/chip/mul_fixed/short.rs b/src/circuit/gadget/ecc/chip/mul_fixed/short.rs index 2d2d42cb..d8915b52 100644 --- a/src/circuit/gadget/ecc/chip/mul_fixed/short.rs +++ b/src/circuit/gadget/ecc/chip/mul_fixed/short.rs @@ -1,6 +1,6 @@ use std::{array, convert::TryInto}; -use super::super::{EccPoint, EccScalarFixedShort, FixedPoints, L_VALUE, NUM_WINDOWS_SHORT}; +use super::super::{EccPoint, EccScalarFixedShort, FixedPoints, L_SCALAR_SHORT, NUM_WINDOWS_SHORT}; use crate::circuit::gadget::{ecc::chip::MagnitudeSign, utilities::bool_check}; use halo2::{ @@ -81,7 +81,7 @@ impl> Config { offset, magnitude.clone(), true, - L_VALUE, + L_SCALAR_SHORT, NUM_WINDOWS_SHORT, )?; diff --git a/src/circuit/gadget/sinsemilla.rs b/src/circuit/gadget/sinsemilla.rs index a8f50fb4..5cbfe1e4 100644 --- a/src/circuit/gadget/sinsemilla.rs +++ b/src/circuit/gadget/sinsemilla.rs @@ -546,7 +546,7 @@ mod tests { &OrchardHashDomains::MerkleCrh, ); - // Layer 31, l = MERKLE_DEPTH_ORCHARD - 1 - layer = 0 + // Layer 31, l = MERKLE_DEPTH - 1 - layer = 0 let l_bitstring = vec![Some(false); K]; let l = MessagePiece::from_bitstring( chip1.clone(), diff --git a/src/circuit/gadget/sinsemilla/merkle.rs b/src/circuit/gadget/sinsemilla/merkle.rs index 531d9523..39c366b8 100644 --- a/src/circuit/gadget/sinsemilla/merkle.rs +++ b/src/circuit/gadget/sinsemilla/merkle.rs @@ -16,12 +16,8 @@ pub(in crate::circuit) mod chip; /// SWU hash-to-curve personalization for the Merkle CRH generator pub const MERKLE_CRH_PERSONALIZATION: &str = "z.cash:Orchard-MerkleCRH"; -/// $\mathsf{MerkleDepth^{Orchard}}$ -pub(crate) const MERKLE_DEPTH_ORCHARD: usize = 32; - -/// $\ell^\mathsf{Orchard}_\mathsf{base}$ -/// Number of bits in a Pallas base field element. -pub(crate) const L_ORCHARD_BASE: usize = 255; +/// Depth of Merkle tree +pub(crate) const MERKLE_DEPTH: usize = 32; /// Instructions to check the validity of a Merkle path of a given `PATH_LENGTH`. /// The hash function used is a Sinsemilla instance with `K`-bit words. @@ -39,7 +35,7 @@ pub trait MerkleInstructions< { /// Compute MerkleCRH for a given `layer`. The hash that computes the root /// is at layer 0, and the hashes that are applied to two leaves are at - /// layer `MERKLE_DEPTH_ORCHARD - 1` = layer 31. + /// layer `MERKLE_DEPTH - 1` = layer 31. #[allow(non_snake_case)] fn hash_layer( &self, @@ -107,7 +103,7 @@ where let mut node = leaf; for (l, ((sibling, pos), chip)) in path.iter().zip(pos.iter()).zip(chips).enumerate() { - // `l` = MERKLE_DEPTH_ORCHARD - layer - 1, which is the index obtained from + // `l` = MERKLE_DEPTH - layer - 1, which is the index obtained from // enumerating this Merkle path (going from leaf to root). // For example, when `layer = 31` (the first sibling on the Merkle path), // we have `l` = 32 - 31 - 1 = 0. @@ -140,7 +136,7 @@ where pub mod tests { use super::{ chip::{MerkleChip, MerkleConfig}, - MerklePath, MERKLE_DEPTH_ORCHARD, + MerklePath, MERKLE_DEPTH, }; use crate::{ @@ -168,7 +164,7 @@ pub mod tests { struct MyCircuit { leaf: Option, leaf_pos: Option, - merkle_path: Option<[pallas::Base; MERKLE_DEPTH_ORCHARD]>, + merkle_path: Option<[pallas::Base; MERKLE_DEPTH]>, } impl Circuit for MyCircuit { @@ -295,7 +291,7 @@ pub mod tests { let pos = rng.next_u32(); // Choose a path of random inner nodes - let path: Vec<_> = (0..(MERKLE_DEPTH_ORCHARD)) + let path: Vec<_> = (0..(MERKLE_DEPTH)) .map(|_| pallas::Base::random(rng)) .collect(); diff --git a/src/circuit/gadget/sinsemilla/merkle/chip.rs b/src/circuit/gadget/sinsemilla/merkle/chip.rs index e1773977..c313e8d0 100644 --- a/src/circuit/gadget/sinsemilla/merkle/chip.rs +++ b/src/circuit/gadget/sinsemilla/merkle/chip.rs @@ -5,7 +5,7 @@ use halo2::{ }; use pasta_curves::{arithmetic::FieldExt, pallas}; -use super::{MerkleInstructions, L_ORCHARD_BASE, MERKLE_DEPTH_ORCHARD}; +use super::{MerkleInstructions, MERKLE_DEPTH}; use crate::{ circuit::gadget::{ @@ -22,6 +22,7 @@ use crate::{ }, primitives::sinsemilla, }; +use group::ff::PrimeField; use std::array; #[derive(Clone, Debug)] @@ -180,7 +181,7 @@ where } impl - MerkleInstructions + MerkleInstructions for MerkleChip where Hash: HashDomains, @@ -192,7 +193,7 @@ where &self, mut layouter: impl Layouter, Q: pallas::Affine, - // l = MERKLE_DEPTH_ORCHARD - layer - 1 + // l = MERKLE_DEPTH - layer - 1 l: usize, left: Self::Var, right: Self::Var, @@ -234,7 +235,7 @@ where let b_1 = { let b_1 = left .value() - .map(|value| bitrange_subset(value, 250..L_ORCHARD_BASE)); + .map(|value| bitrange_subset(value, 250..(pallas::Base::NUM_BITS as usize))); config .sinsemilla_config @@ -274,7 +275,7 @@ where // `c = bits 5..=254 of `right` let c = right .value() - .map(|value| bitrange_subset(value, 5..L_ORCHARD_BASE)); + .map(|value| bitrange_subset(value, 5..(pallas::Base::NUM_BITS as usize))); self.witness_message_piece(layouter.namespace(|| "Witness c"), c, 25)? }; @@ -299,7 +300,7 @@ where || "Check piece decomposition", |mut region| { // Set the fixed column `l` to the current l. - // Recall that l = MERKLE_DEPTH_ORCHARD - layer - 1. + // Recall that l = MERKLE_DEPTH - layer - 1. // The layer with 2^n nodes is called "layer n". config.q_decompose.enable(&mut region, 0)?; region.assign_advice_from_constant( @@ -346,7 +347,7 @@ where { use super::MERKLE_CRH_PERSONALIZATION; use crate::{primitives::sinsemilla::HashDomain, spec::i2lebsp}; - use group::ff::{PrimeField, PrimeFieldBits}; + use group::ff::PrimeFieldBits; if let (Some(left), Some(right)) = (left.value(), right.value()) { let l = i2lebsp::<10>(l as u64); @@ -354,13 +355,13 @@ where .to_le_bits() .iter() .by_val() - .take(L_ORCHARD_BASE) + .take(pallas::Base::NUM_BITS as usize) .collect(); let right: Vec<_> = right .to_le_bits() .iter() .by_val() - .take(L_ORCHARD_BASE) + .take(pallas::Base::NUM_BITS as usize) .collect(); let merkle_crh = HashDomain::new(MERKLE_CRH_PERSONALIZATION);