mirror of https://github.com/zcash/orchard.git
circuit::gadget: Remove Orchard-specific names from gadget consts.
- L_ORCHARD_BASE -> pallas::Base::NUM_BITS, - L_ORCHARD_SCALAR -> pallas::Scalar::NUM_BITS, - L_VALUE -> L_SCALAR_SHORT, - MERKLE_DEPTH_ORCHARD -> MERKLE_DEPTH.
This commit is contained in:
parent
1a3cbeb896
commit
a5cfd2cfc6
|
@ -6,6 +6,7 @@ use crate::{
|
|||
primitives::sinsemilla,
|
||||
};
|
||||
use arrayvec::ArrayVec;
|
||||
use ff::PrimeField;
|
||||
|
||||
use ff::Field;
|
||||
use group::prime::PrimeCurveAffine;
|
||||
|
@ -31,23 +32,15 @@ pub const H: usize = 1 << FIXED_BASE_WINDOW_SIZE;
|
|||
|
||||
/// Number of windows for a full-width scalar
|
||||
pub const NUM_WINDOWS: usize =
|
||||
(L_ORCHARD_SCALAR + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE;
|
||||
(pallas::Scalar::NUM_BITS as usize + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE;
|
||||
|
||||
/// Number of windows for a short signed scalar
|
||||
pub const NUM_WINDOWS_SHORT: usize =
|
||||
(L_VALUE + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE;
|
||||
(L_SCALAR_SHORT + FIXED_BASE_WINDOW_SIZE - 1) / FIXED_BASE_WINDOW_SIZE;
|
||||
|
||||
/// $\ell_\mathsf{value}$
|
||||
/// Number of bits in an unsigned short scalar.
|
||||
pub(crate) const L_VALUE: usize = 64;
|
||||
|
||||
/// $\ell^\mathsf{Orchard}_\mathsf{base}$
|
||||
/// Number of bits in a Pallas base field element.
|
||||
pub(crate) const L_ORCHARD_BASE: usize = 255;
|
||||
|
||||
/// $\ell^\mathsf{Orchard}_\mathsf{scalar}$
|
||||
/// Number of bits in a Pallas scalar field element.
|
||||
pub(crate) const L_ORCHARD_SCALAR: usize = 255;
|
||||
pub(crate) const L_SCALAR_SHORT: usize = 64;
|
||||
|
||||
/// The Pallas scalar field modulus is $q = 2^{254} + \mathsf{t_q}$.
|
||||
/// <https://github.com/zcash/pasta>
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
use super::super::{
|
||||
EccBaseFieldElemFixed, EccPoint, FixedPoints, L_ORCHARD_BASE, NUM_WINDOWS, T_P,
|
||||
};
|
||||
use super::super::{EccBaseFieldElemFixed, EccPoint, FixedPoints, NUM_WINDOWS, T_P};
|
||||
use super::H_BASE;
|
||||
|
||||
use crate::{
|
||||
|
@ -9,9 +7,10 @@ use crate::{
|
|||
},
|
||||
primitives::sinsemilla,
|
||||
};
|
||||
use halo2::circuit::AssignedCell;
|
||||
|
||||
use group::ff::PrimeField;
|
||||
use halo2::{
|
||||
circuit::Layouter,
|
||||
circuit::{AssignedCell, Layouter},
|
||||
plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
|
||||
poly::Rotation,
|
||||
};
|
||||
|
@ -179,7 +178,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
|
|||
offset,
|
||||
scalar.clone(),
|
||||
true,
|
||||
L_ORCHARD_BASE,
|
||||
pallas::Base::NUM_BITS as usize,
|
||||
NUM_WINDOWS,
|
||||
)?;
|
||||
EccBaseFieldElemFixed {
|
||||
|
@ -217,7 +216,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
|
|||
// Check that the correct multiple is obtained.
|
||||
{
|
||||
use super::super::FixedPoint;
|
||||
use group::{ff::PrimeField, Curve};
|
||||
use group::Curve;
|
||||
|
||||
let scalar = &scalar
|
||||
.base_field_elem()
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
use super::super::{
|
||||
EccPoint, EccScalarFixed, FixedPoints, FIXED_BASE_WINDOW_SIZE, H, L_ORCHARD_SCALAR, NUM_WINDOWS,
|
||||
};
|
||||
use super::super::{EccPoint, EccScalarFixed, FixedPoints, FIXED_BASE_WINDOW_SIZE, H, NUM_WINDOWS};
|
||||
|
||||
use crate::circuit::gadget::utilities::{decompose_word, range_check};
|
||||
use arrayvec::ArrayVec;
|
||||
use ff::PrimeField;
|
||||
use halo2::{
|
||||
circuit::{AssignedCell, Layouter, Region},
|
||||
plonk::{ConstraintSystem, Error, Selector},
|
||||
|
@ -59,7 +58,9 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
|
|||
offset: usize,
|
||||
scalar: Option<pallas::Scalar>,
|
||||
) -> Result<EccScalarFixed, Error> {
|
||||
let windows = self.decompose_scalar_fixed::<L_ORCHARD_SCALAR>(scalar, offset, region)?;
|
||||
let windows = self.decompose_scalar_fixed::<{ pallas::Scalar::NUM_BITS as usize }>(
|
||||
scalar, offset, region,
|
||||
)?;
|
||||
|
||||
Ok(EccScalarFixed {
|
||||
value: scalar,
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use std::{array, convert::TryInto};
|
||||
|
||||
use super::super::{EccPoint, EccScalarFixedShort, FixedPoints, L_VALUE, NUM_WINDOWS_SHORT};
|
||||
use super::super::{EccPoint, EccScalarFixedShort, FixedPoints, L_SCALAR_SHORT, NUM_WINDOWS_SHORT};
|
||||
use crate::circuit::gadget::{ecc::chip::MagnitudeSign, utilities::bool_check};
|
||||
|
||||
use halo2::{
|
||||
|
@ -81,7 +81,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
|
|||
offset,
|
||||
magnitude.clone(),
|
||||
true,
|
||||
L_VALUE,
|
||||
L_SCALAR_SHORT,
|
||||
NUM_WINDOWS_SHORT,
|
||||
)?;
|
||||
|
||||
|
|
|
@ -546,7 +546,7 @@ mod tests {
|
|||
&OrchardHashDomains::MerkleCrh,
|
||||
);
|
||||
|
||||
// Layer 31, l = MERKLE_DEPTH_ORCHARD - 1 - layer = 0
|
||||
// Layer 31, l = MERKLE_DEPTH - 1 - layer = 0
|
||||
let l_bitstring = vec![Some(false); K];
|
||||
let l = MessagePiece::from_bitstring(
|
||||
chip1.clone(),
|
||||
|
|
|
@ -16,12 +16,8 @@ pub(in crate::circuit) mod chip;
|
|||
/// SWU hash-to-curve personalization for the Merkle CRH generator
|
||||
pub const MERKLE_CRH_PERSONALIZATION: &str = "z.cash:Orchard-MerkleCRH";
|
||||
|
||||
/// $\mathsf{MerkleDepth^{Orchard}}$
|
||||
pub(crate) const MERKLE_DEPTH_ORCHARD: usize = 32;
|
||||
|
||||
/// $\ell^\mathsf{Orchard}_\mathsf{base}$
|
||||
/// Number of bits in a Pallas base field element.
|
||||
pub(crate) const L_ORCHARD_BASE: usize = 255;
|
||||
/// Depth of Merkle tree
|
||||
pub(crate) const MERKLE_DEPTH: usize = 32;
|
||||
|
||||
/// Instructions to check the validity of a Merkle path of a given `PATH_LENGTH`.
|
||||
/// The hash function used is a Sinsemilla instance with `K`-bit words.
|
||||
|
@ -39,7 +35,7 @@ pub trait MerkleInstructions<
|
|||
{
|
||||
/// Compute MerkleCRH for a given `layer`. The hash that computes the root
|
||||
/// is at layer 0, and the hashes that are applied to two leaves are at
|
||||
/// layer `MERKLE_DEPTH_ORCHARD - 1` = layer 31.
|
||||
/// layer `MERKLE_DEPTH - 1` = layer 31.
|
||||
#[allow(non_snake_case)]
|
||||
fn hash_layer(
|
||||
&self,
|
||||
|
@ -107,7 +103,7 @@ where
|
|||
|
||||
let mut node = leaf;
|
||||
for (l, ((sibling, pos), chip)) in path.iter().zip(pos.iter()).zip(chips).enumerate() {
|
||||
// `l` = MERKLE_DEPTH_ORCHARD - layer - 1, which is the index obtained from
|
||||
// `l` = MERKLE_DEPTH - layer - 1, which is the index obtained from
|
||||
// enumerating this Merkle path (going from leaf to root).
|
||||
// For example, when `layer = 31` (the first sibling on the Merkle path),
|
||||
// we have `l` = 32 - 31 - 1 = 0.
|
||||
|
@ -140,7 +136,7 @@ where
|
|||
pub mod tests {
|
||||
use super::{
|
||||
chip::{MerkleChip, MerkleConfig},
|
||||
MerklePath, MERKLE_DEPTH_ORCHARD,
|
||||
MerklePath, MERKLE_DEPTH,
|
||||
};
|
||||
|
||||
use crate::{
|
||||
|
@ -168,7 +164,7 @@ pub mod tests {
|
|||
struct MyCircuit {
|
||||
leaf: Option<pallas::Base>,
|
||||
leaf_pos: Option<u32>,
|
||||
merkle_path: Option<[pallas::Base; MERKLE_DEPTH_ORCHARD]>,
|
||||
merkle_path: Option<[pallas::Base; MERKLE_DEPTH]>,
|
||||
}
|
||||
|
||||
impl Circuit<pallas::Base> for MyCircuit {
|
||||
|
@ -295,7 +291,7 @@ pub mod tests {
|
|||
let pos = rng.next_u32();
|
||||
|
||||
// Choose a path of random inner nodes
|
||||
let path: Vec<_> = (0..(MERKLE_DEPTH_ORCHARD))
|
||||
let path: Vec<_> = (0..(MERKLE_DEPTH))
|
||||
.map(|_| pallas::Base::random(rng))
|
||||
.collect();
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ use halo2::{
|
|||
};
|
||||
use pasta_curves::{arithmetic::FieldExt, pallas};
|
||||
|
||||
use super::{MerkleInstructions, L_ORCHARD_BASE, MERKLE_DEPTH_ORCHARD};
|
||||
use super::{MerkleInstructions, MERKLE_DEPTH};
|
||||
|
||||
use crate::{
|
||||
circuit::gadget::{
|
||||
|
@ -22,6 +22,7 @@ use crate::{
|
|||
},
|
||||
primitives::sinsemilla,
|
||||
};
|
||||
use group::ff::PrimeField;
|
||||
use std::array;
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
|
@ -180,7 +181,7 @@ where
|
|||
}
|
||||
|
||||
impl<Hash, Commit, F>
|
||||
MerkleInstructions<pallas::Affine, MERKLE_DEPTH_ORCHARD, { sinsemilla::K }, { sinsemilla::C }>
|
||||
MerkleInstructions<pallas::Affine, MERKLE_DEPTH, { sinsemilla::K }, { sinsemilla::C }>
|
||||
for MerkleChip<Hash, Commit, F>
|
||||
where
|
||||
Hash: HashDomains<pallas::Affine>,
|
||||
|
@ -192,7 +193,7 @@ where
|
|||
&self,
|
||||
mut layouter: impl Layouter<pallas::Base>,
|
||||
Q: pallas::Affine,
|
||||
// l = MERKLE_DEPTH_ORCHARD - layer - 1
|
||||
// l = MERKLE_DEPTH - layer - 1
|
||||
l: usize,
|
||||
left: Self::Var,
|
||||
right: Self::Var,
|
||||
|
@ -234,7 +235,7 @@ where
|
|||
let b_1 = {
|
||||
let b_1 = left
|
||||
.value()
|
||||
.map(|value| bitrange_subset(value, 250..L_ORCHARD_BASE));
|
||||
.map(|value| bitrange_subset(value, 250..(pallas::Base::NUM_BITS as usize)));
|
||||
|
||||
config
|
||||
.sinsemilla_config
|
||||
|
@ -274,7 +275,7 @@ where
|
|||
// `c = bits 5..=254 of `right`
|
||||
let c = right
|
||||
.value()
|
||||
.map(|value| bitrange_subset(value, 5..L_ORCHARD_BASE));
|
||||
.map(|value| bitrange_subset(value, 5..(pallas::Base::NUM_BITS as usize)));
|
||||
self.witness_message_piece(layouter.namespace(|| "Witness c"), c, 25)?
|
||||
};
|
||||
|
||||
|
@ -299,7 +300,7 @@ where
|
|||
|| "Check piece decomposition",
|
||||
|mut region| {
|
||||
// Set the fixed column `l` to the current l.
|
||||
// Recall that l = MERKLE_DEPTH_ORCHARD - layer - 1.
|
||||
// Recall that l = MERKLE_DEPTH - layer - 1.
|
||||
// The layer with 2^n nodes is called "layer n".
|
||||
config.q_decompose.enable(&mut region, 0)?;
|
||||
region.assign_advice_from_constant(
|
||||
|
@ -346,7 +347,7 @@ where
|
|||
{
|
||||
use super::MERKLE_CRH_PERSONALIZATION;
|
||||
use crate::{primitives::sinsemilla::HashDomain, spec::i2lebsp};
|
||||
use group::ff::{PrimeField, PrimeFieldBits};
|
||||
use group::ff::PrimeFieldBits;
|
||||
|
||||
if let (Some(left), Some(right)) = (left.value(), right.value()) {
|
||||
let l = i2lebsp::<10>(l as u64);
|
||||
|
@ -354,13 +355,13 @@ where
|
|||
.to_le_bits()
|
||||
.iter()
|
||||
.by_val()
|
||||
.take(L_ORCHARD_BASE)
|
||||
.take(pallas::Base::NUM_BITS as usize)
|
||||
.collect();
|
||||
let right: Vec<_> = right
|
||||
.to_le_bits()
|
||||
.iter()
|
||||
.by_val()
|
||||
.take(L_ORCHARD_BASE)
|
||||
.take(pallas::Base::NUM_BITS as usize)
|
||||
.collect();
|
||||
let merkle_crh = HashDomain::new(MERKLE_CRH_PERSONALIZATION);
|
||||
|
||||
|
|
Loading…
Reference in New Issue