a6badba32f
[book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: we always do addition (possibly of the zero point) at the end of variable-base scalar mul.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 02:01:21 +01:00
7895a2a082
[book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: more formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 02:01:05 +01:00
3dfefe0e85
[book] src/design/circuit/gadgets/ecc/addition.md: correctness and clarity.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:51:37 +01:00
3ed388e6bb
[book] src/design/circuit/gadgets/ecc/addition.md: formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:51:28 +01:00
f1ccc58d9a
[book] note-commit.md: y-coordinate canonicity constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 01:56:17 +08:00
3833d665de
[book] Clarify upper bounds in canonicity shift constraints.
2021-07-26 12:05:25 +08:00
14b8d9b048
[book] note-commit.md: 2^140 -> 2^130 in psi check.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-26 11:12:42 +08:00
453681f309
[book] commit-ivk.md: Update region layout to use 9 advice columns.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-26 11:09:47 +08:00
0375c64801
[book] Update NoteCommit page to match Commit^ivk style
...
Constraint tables have been added along with the region layout. I also
fixed numerous bugs in the constraints (most of which appeared to be
copy-pasta bugs).
2021-07-26 02:05:35 +01:00
5aa05713e7
[book] Use \CommitIvk macro in page heading
...
We can't use KaTeX on the SUMMARY page that generates the sidebar, so
that continues to use a CamelCase approximation.
2021-07-26 02:05:35 +01:00
f376a61bb8
[book] Add macros, constraint tables, and region layout to Commit^ivk
...
I also merged in content from a page I wrote independently while
reviewing the Action circuit PR, and made various cleanups to the
Markdown source.
2021-07-26 02:05:35 +01:00
4a5a4cc437
[book] merkle-crh.md: formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-26 02:05:35 +01:00
ed20d539b2
[book] merkle-crh.md: corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-26 02:05:35 +01:00
47a29f10aa
[book] Document NoteCommit message decomposition & canonicity checks
2021-07-26 02:05:35 +01:00
2846593937
[book] Document CommitIvk message decomposition & canonicity checks
2021-07-26 02:05:35 +01:00
9708e296c8
[book] Document Merkle chip layout and message decomposition.
2021-07-26 02:05:35 +01:00
5dc5e6479a
[book] Recombine Sinsemilla q_S1, q_S2, q_S3 selectors.
...
Since q_S1, q_S2, q_S3 are not simple selectors, they cannot be
automatically combined. We manually combine them here.
2021-07-25 20:28:05 +08:00
a2ed3f1b52
Merge pull request #155 from zcash/book-selector-optimisations
...
[Book] Undo selector optimisations
2021-07-25 00:57:35 +08:00
3d56fb0716
Merge pull request #146 from zcash/book-short-scalar-mul
...
[book] Update constraints for short signed fixed-base mul.
2021-07-25 00:54:32 +08:00
782a70a786
[book] Minor fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-25 00:52:38 +08:00
ce881bc4fe
[book] Formatting fix.
2021-07-25 00:40:44 +08:00
78b0ec4e7b
[book] Sinsemilla: reintroduce fixed_y_q column.
...
Loading fixed_y_q into an advice column introduces an additional
row. Instead, we load it into a fixed column.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-24 23:15:17 +08:00
6c55e1a7e3
[book] Fix updates to Sinsemilla writeup.
2021-07-23 20:34:16 +08:00
7866623a1b
[book] Undo selector optimisation in variable-base scalar mul
...
Previously, we were using a non-binary selector q_mul = {1, 2, 3}
to switch between three cases. Now, we replace this with three
binary selectors.
2021-07-22 22:39:17 +08:00
c5cda9481d
[book] Undo selector optimisations in Sinsemilla
...
- Instead of defining a synthetic q_S3 based on a combination of
of q_S1, q_S2, we simply create another selector q_S3.
- Instead of using fixed_y_q as a nonbinary selector, replace it
with q_S4 and copy the fixed value into a row above.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-22 22:19:01 +08:00
c23897ea8d
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-19 19:01:06 +08:00
43ffa37740
[book] Nullifiers: the scalar is (...) mod p, not ... (mod p).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 20:24:18 +01:00
c76358769c
book/src/design/nullifiers.md: cosmetics (make the table fit).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-12 20:20:00 +01:00
2dd23f47b8
[book] Update constraints for short signed fixed-base mul.
...
Previously, we witnessed the magnitude of a short signed scalar
directly as three-bit windows. Now, we decompose and range-constrain
it using a running sum.
2021-07-12 11:58:32 +08:00
d9f134ac4b
[book] Details and formatting changes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-09 10:09:10 +08:00
2febafbdfe
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-08 16:40:44 +08:00
afc8d9a142
[book] Eliminate alpha_0 lookup decomposition when checking canonicity of base field element used in fixed-base mul.
2021-07-08 11:12:13 +08:00
091592e110
[book] Document canonicity check for fixed-base scalar mul when base field element is used as the scalar.
2021-07-07 17:10:18 +08:00
32f9622c23
[book] Document lookup range check and its use in overflow check.
2021-07-03 19:30:27 +08:00
6479598b27
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-07-03 18:37:35 +08:00
2b4d9fda49
[book] Correct q_mul = 3 case.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 22:44:01 +08:00
1a531cf619
[book] Correct hi and lo ranges in constraint table
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 21:41:31 +08:00
802334892d
[book] Constrain first and last rows in incomplete addition secton of variable-base scalar mul.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 17:28:33 +08:00
902dbbb700
[book] Fix window table sum expression in fixed-base scalar mul.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-02 16:43:29 +08:00
68acc33cae
[book] Document overflow check for variable-base scalar mul.
2021-07-02 00:18:27 +08:00
d5f3256785
Merge branch 'main' into book-ecc-gadget
2021-07-01 13:47:30 +01:00
6c34956c18
book: Remove superfluous checkmarks
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 13:46:48 +01:00
3543bab39d
Merge pull request #82 from zcash/book-sinsemilla-gadget
...
[book] Add Sinsemilla gadget description
2021-06-20 01:07:58 +01:00
9adeead975
[book] Make the order of advice columns for Sinsemilla the same as in the code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 15:35:34 +01:00
9dc909e842
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:37:07 +01:00
2a8fe30fa8
[book] Clarify that x_Q, z_0, z'_0, etc. are copied in using equality constraints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 13:32:11 +01:00
48573705dc
[book] Adjust the definition of m_{i+1} so that the last z_n does not need to be constrained to 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 08:53:41 +01:00
22036e9f41
[book] More formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:49:46 +01:00
aac10b816f
[book] Formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:45:50 +01:00
dc021a2ef1
[book] Merge two similar paragraphs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-18 22:20:09 +01:00
Daira Hopwood
therealyingtong
Jack Grigg