zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

circuit::gadget: Remove Orchard-specific names from gadget consts. 

- L_ORCHARD_BASE -> pallas::Base::NUM_BITS,
- L_ORCHARD_SCALAR -> pallas::Scalar::NUM_BITS,
- L_VALUE -> L_SCALAR_SHORT,
- MERKLE_DEPTH_ORCHARD -> MERKLE_DEPTH.
This commit is contained in:
therealyingtong 2021-11-29 15:39:41 -05:00
parent 1a3cbeb896
commit a5cfd2cfc6
7 changed files with 35 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/circuit/gadget/ecc/chip.rs
View File

@ -6,6 +6,7 @@ use crate::{
primitives::sinsemilla, primitives::sinsemilla,
}; };
use arrayvec::ArrayVec; use arrayvec::ArrayVec;
use ff::PrimeField;
use ff::Field; use ff::Field;
use group::prime::PrimeCurveAffine; use group::prime::PrimeCurveAffine;
@ -31,23 +32,15 @@ pub const H: usize = 1 << FIXED_BASE_WINDOW_SIZE;
/// Number of windows for a full-width scalar /// Number of windows for a full-width scalar
pub const NUM_WINDOWS: usize = pub const NUM_WINDOWS: usize =
(L_ORCHARD_SCALAR + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE; (pallas::Scalar::NUM_BITS as usize + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE;
/// Number of windows for a short signed scalar /// Number of windows for a short signed scalar
pub const NUM_WINDOWS_SHORT: usize = pub const NUM_WINDOWS_SHORT: usize =
(L_VALUE + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE; (L_SCALAR_SHORT + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE;
/// $\ell_\mathsf{value}$ /// $\ell_\mathsf{value}$
/// Number of bits in an unsigned short scalar. /// Number of bits in an unsigned short scalar.
pub(crate) const L_VALUE: usize = 64; pub(crate) const L_SCALAR_SHORT: usize = 64;
/// $\ell^\mathsf{Orchard}_\mathsf{base}$
/// Number of bits in a Pallas base field element.
pub(crate) const L_ORCHARD_BASE: usize = 255;
/// $\ell^\mathsf{Orchard}_\mathsf{scalar}$
/// Number of bits in a Pallas scalar field element.
pub(crate) const L_ORCHARD_SCALAR: usize = 255;
/// The Pallas scalar field modulus is $q = 2^{254} + \mathsf{t_q}$. /// The Pallas scalar field modulus is $q = 2^{254} + \mathsf{t_q}$.
/// <https://github.com/zcash/pasta> /// <https://github.com/zcash/pasta>

13
src/circuit/gadget/ecc/chip/mul_fixed/base_field_elem.rs
View File

@ -1,6 +1,4 @@
use super::super::{ use super::super::{EccBaseFieldElemFixed, EccPoint, FixedPoints, NUM_WINDOWS, T_P};
EccBaseFieldElemFixed, EccPoint, FixedPoints, L_ORCHARD_BASE, NUM_WINDOWS, T_P,
};
use super::H_BASE; use super::H_BASE;
use crate::{ use crate::{
@ -9,9 +7,10 @@ use crate::{
}, },
primitives::sinsemilla, primitives::sinsemilla,
}; };
use halo2::circuit::AssignedCell;
use group::ff::PrimeField;
use halo2::{ use halo2::{
circuit::Layouter, circuit::{AssignedCell, Layouter},
plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector}, plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
poly::Rotation, poly::Rotation,
}; };
@ -179,7 +178,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
offset, offset,
scalar.clone(), scalar.clone(),
true, true,
L_ORCHARD_BASE, pallas::Base::NUM_BITS as usize,
NUM_WINDOWS, NUM_WINDOWS,
)?; )?;
EccBaseFieldElemFixed { EccBaseFieldElemFixed {
@ -217,7 +216,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
// Check that the correct multiple is obtained. // Check that the correct multiple is obtained.
{ {
use super::super::FixedPoint; use super::super::FixedPoint;
use group::{ff::PrimeField, Curve}; use group::Curve;
let scalar = &scalar let scalar = &scalar
.base_field_elem() .base_field_elem()

9
src/circuit/gadget/ecc/chip/mul_fixed/full_width.rs
View File

@ -1,9 +1,8 @@
use super::super::{ use super::super::{EccPoint, EccScalarFixed, FixedPoints, FIXED_BASE_WINDOW_SIZE, H, NUM_WINDOWS};
EccPoint, EccScalarFixed, FixedPoints, FIXED_BASE_WINDOW_SIZE, H, L_ORCHARD_SCALAR, NUM_WINDOWS,
};
use crate::circuit::gadget::utilities::{decompose_word, range_check}; use crate::circuit::gadget::utilities::{decompose_word, range_check};
use arrayvec::ArrayVec; use arrayvec::ArrayVec;
use ff::PrimeField;
use halo2::{ use halo2::{
circuit::{AssignedCell, Layouter, Region}, circuit::{AssignedCell, Layouter, Region},
plonk::{ConstraintSystem, Error, Selector}, plonk::{ConstraintSystem, Error, Selector},
@ -59,7 +58,9 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
offset: usize, offset: usize,
scalar: Option<pallas::Scalar>, scalar: Option<pallas::Scalar>,
) -> Result<EccScalarFixed, Error> { ) -> Result<EccScalarFixed, Error> {
let windows = self.decompose_scalar_fixed::<L_ORCHARD_SCALAR>(scalar, offset, region)?; let windows = self.decompose_scalar_fixed::<{ pallas::Scalar::NUM_BITS as usize }>(
scalar, offset, region,
)?;
Ok(EccScalarFixed { Ok(EccScalarFixed {
value: scalar, value: scalar,

4
src/circuit/gadget/ecc/chip/mul_fixed/short.rs
View File

@ -1,6 +1,6 @@
use std::{array, convert::TryInto}; use std::{array, convert::TryInto};
use super::super::{EccPoint, EccScalarFixedShort, FixedPoints, L_VALUE, NUM_WINDOWS_SHORT}; use super::super::{EccPoint, EccScalarFixedShort, FixedPoints, L_SCALAR_SHORT, NUM_WINDOWS_SHORT};
use crate::circuit::gadget::{ecc::chip::MagnitudeSign, utilities::bool_check}; use crate::circuit::gadget::{ecc::chip::MagnitudeSign, utilities::bool_check};
use halo2::{ use halo2::{
@ -81,7 +81,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
offset, offset,
magnitude.clone(), magnitude.clone(),
true, true,
L_VALUE, L_SCALAR_SHORT,
NUM_WINDOWS_SHORT, NUM_WINDOWS_SHORT,
)?; )?;

2
src/circuit/gadget/sinsemilla.rs
View File

@ -546,7 +546,7 @@ mod tests {
&OrchardHashDomains::MerkleCrh, &OrchardHashDomains::MerkleCrh,
); );
// Layer 31, l = MERKLE_DEPTH_ORCHARD - 1 - layer = 0 // Layer 31, l = MERKLE_DEPTH - 1 - layer = 0
let l_bitstring = vec![Some(false); K]; let l_bitstring = vec![Some(false); K];
let l = MessagePiece::from_bitstring( let l = MessagePiece::from_bitstring(
chip1.clone(), chip1.clone(),

18
src/circuit/gadget/sinsemilla/merkle.rs
View File

@ -16,12 +16,8 @@ pub(in crate::circuit) mod chip;
/// SWU hash-to-curve personalization for the Merkle CRH generator /// SWU hash-to-curve personalization for the Merkle CRH generator
pub const MERKLE_CRH_PERSONALIZATION: &str = "z.cash:Orchard-MerkleCRH"; pub const MERKLE_CRH_PERSONALIZATION: &str = "z.cash:Orchard-MerkleCRH";
/// $\mathsf{MerkleDepth^{Orchard}}$ /// Depth of Merkle tree
pub(crate) const MERKLE_DEPTH_ORCHARD: usize = 32; pub(crate) const MERKLE_DEPTH: usize = 32;
/// $\ell^\mathsf{Orchard}_\mathsf{base}$
/// Number of bits in a Pallas base field element.
pub(crate) const L_ORCHARD_BASE: usize = 255;
/// Instructions to check the validity of a Merkle path of a given `PATH_LENGTH`. /// Instructions to check the validity of a Merkle path of a given `PATH_LENGTH`.
/// The hash function used is a Sinsemilla instance with `K`-bit words. /// The hash function used is a Sinsemilla instance with `K`-bit words.
@ -39,7 +35,7 @@ pub trait MerkleInstructions<
{ {
/// Compute MerkleCRH for a given `layer`. The hash that computes the root /// Compute MerkleCRH for a given `layer`. The hash that computes the root
/// is at layer 0, and the hashes that are applied to two leaves are at /// is at layer 0, and the hashes that are applied to two leaves are at
/// layer `MERKLE_DEPTH_ORCHARD - 1` = layer 31. /// layer `MERKLE_DEPTH - 1` = layer 31.
#[allow(non_snake_case)] #[allow(non_snake_case)]
fn hash_layer( fn hash_layer(
&self, &self,
@ -107,7 +103,7 @@ where
let mut node = leaf; let mut node = leaf;
for (l, ((sibling, pos), chip)) in path.iter().zip(pos.iter()).zip(chips).enumerate() { for (l, ((sibling, pos), chip)) in path.iter().zip(pos.iter()).zip(chips).enumerate() {
// `l` = MERKLE_DEPTH_ORCHARD - layer - 1, which is the index obtained from // `l` = MERKLE_DEPTH - layer - 1, which is the index obtained from
// enumerating this Merkle path (going from leaf to root). // enumerating this Merkle path (going from leaf to root).
// For example, when `layer = 31` (the first sibling on the Merkle path), // For example, when `layer = 31` (the first sibling on the Merkle path),
// we have `l` = 32 - 31 - 1 = 0. // we have `l` = 32 - 31 - 1 = 0.
@ -140,7 +136,7 @@ where
pub mod tests { pub mod tests {
use super::{ use super::{
chip::{MerkleChip, MerkleConfig}, chip::{MerkleChip, MerkleConfig},
MerklePath, MERKLE_DEPTH_ORCHARD, MerklePath, MERKLE_DEPTH,
}; };
use crate::{ use crate::{
@ -168,7 +164,7 @@ pub mod tests {
struct MyCircuit { struct MyCircuit {
leaf: Option<pallas::Base>, leaf: Option<pallas::Base>,
leaf_pos: Option<u32>, leaf_pos: Option<u32>,
merkle_path: Option<[pallas::Base; MERKLE_DEPTH_ORCHARD]>, merkle_path: Option<[pallas::Base; MERKLE_DEPTH]>,
} }
impl Circuit<pallas::Base> for MyCircuit { impl Circuit<pallas::Base> for MyCircuit {
@ -295,7 +291,7 @@ pub mod tests {
let pos = rng.next_u32(); let pos = rng.next_u32();
// Choose a path of random inner nodes // Choose a path of random inner nodes
let path: Vec<_> = (0..(MERKLE_DEPTH_ORCHARD)) let path: Vec<_> = (0..(MERKLE_DEPTH))
.map(|_| pallas::Base::random(rng)) .map(|_| pallas::Base::random(rng))
.collect(); .collect();

19
src/circuit/gadget/sinsemilla/merkle/chip.rs
View File

@ -5,7 +5,7 @@ use halo2::{
}; };
use pasta_curves::{arithmetic::FieldExt, pallas}; use pasta_curves::{arithmetic::FieldExt, pallas};
use super::{MerkleInstructions, L_ORCHARD_BASE, MERKLE_DEPTH_ORCHARD}; use super::{MerkleInstructions, MERKLE_DEPTH};
use crate::{ use crate::{
circuit::gadget::{ circuit::gadget::{
@ -22,6 +22,7 @@ use crate::{
}, },
primitives::sinsemilla, primitives::sinsemilla,
}; };
use group::ff::PrimeField;
use std::array; use std::array;
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
@ -180,7 +181,7 @@ where
} }
impl<Hash, Commit, F> impl<Hash, Commit, F>
MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K }, { sinsemilla::C }> MerkleInstructions<pallas::Affine, MERKLE_DEPTH, { sinsemilla::K }, { sinsemilla::C }>
for MerkleChip<Hash, Commit, F> for MerkleChip<Hash, Commit, F>
where where
Hash: HashDomains<pallas::Affine>, Hash: HashDomains<pallas::Affine>,
@ -192,7 +193,7 @@ where
&self, &self,
mut layouter: impl Layouter<pallas::Base>, mut layouter: impl Layouter<pallas::Base>,
Q: pallas::Affine, Q: pallas::Affine,
// l = MERKLE_DEPTH_ORCHARD - layer - 1 // l = MERKLE_DEPTH - layer - 1
l: usize, l: usize,
left: Self::Var, left: Self::Var,
right: Self::Var, right: Self::Var,
@ -234,7 +235,7 @@ where
let b_1 = { let b_1 = {
let b_1 = left let b_1 = left
.value() .value()
.map(|value| bitrange_subset(value, 250..L_ORCHARD_BASE)); .map(|value| bitrange_subset(value, 250..(pallas::Base::NUM_BITS as usize)));
config config
.sinsemilla_config .sinsemilla_config
@ -274,7 +275,7 @@ where
// `c = bits 5..=254 of `right` // `c = bits 5..=254 of `right`
let c = right let c = right
.value() .value()
.map(|value| bitrange_subset(value, 5..L_ORCHARD_BASE)); .map(|value| bitrange_subset(value, 5..(pallas::Base::NUM_BITS as usize)));
self.witness_message_piece(layouter.namespace(|| "Witness c"), c, 25)? self.witness_message_piece(layouter.namespace(|| "Witness c"), c, 25)?
}; };
@ -299,7 +300,7 @@ where
|| "Check piece decomposition", || "Check piece decomposition",
|mut region| { |mut region| {
// Set the fixed column `l` to the current l. // Set the fixed column `l` to the current l.
// Recall that l = MERKLE_DEPTH_ORCHARD - layer - 1. // Recall that l = MERKLE_DEPTH - layer - 1.
// The layer with 2^n nodes is called "layer n". // The layer with 2^n nodes is called "layer n".
config.q_decompose.enable(&mut region, 0)?; config.q_decompose.enable(&mut region, 0)?;
region.assign_advice_from_constant( region.assign_advice_from_constant(
@ -346,7 +347,7 @@ where
{ {
use super::MERKLE_CRH_PERSONALIZATION; use super::MERKLE_CRH_PERSONALIZATION;
use crate::{primitives::sinsemilla::HashDomain, spec::i2lebsp}; use crate::{primitives::sinsemilla::HashDomain, spec::i2lebsp};
use group::ff::{PrimeField, PrimeFieldBits}; use group::ff::PrimeFieldBits;
if let (Some(left), Some(right)) = (left.value(), right.value()) { if let (Some(left), Some(right)) = (left.value(), right.value()) {
let l = i2lebsp::<10>(l as u64); let l = i2lebsp::<10>(l as u64);
@ -354,13 +355,13 @@ where
.to_le_bits() .to_le_bits()
.iter() .iter()
.by_val() .by_val()
.take(L_ORCHARD_BASE) .take(pallas::Base::NUM_BITS as usize)
.collect(); .collect();
let right: Vec<_> = right let right: Vec<_> = right
.to_le_bits() .to_le_bits()
.iter() .iter()
.by_val() .by_val()
.take(L_ORCHARD_BASE) .take(pallas::Base::NUM_BITS as usize)
.collect(); .collect();
let merkle_crh = HashDomain::new(MERKLE_CRH_PERSONALIZATION); let merkle_crh = HashDomain::new(MERKLE_CRH_PERSONALIZATION);