zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,280 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

158 Commits

Author SHA1 Message Date
Jack Grigg bd104360a7 Migrate to `halo2_gadgets::utilities::RangeConstrained` newtype 2022-05-03 23:24:48 +00:00
Jack Grigg 52449ef88f Migrate to `halo2::plonk::Constraints` helper 2022-04-28 19:52:55 +00:00
Jack Grigg 4574d4793a Migrate to 2021 edition 2022-04-28 17:23:30 +00:00
Jack Grigg 6339fca4cb pprof 0.8 2022-04-28 17:13:37 +00:00
Jack Grigg b08d6fc284 Set `rust-version = "1.56.1"` in `Cargo.toml` 2022-04-28 17:13:37 +00:00
Jack Grigg c39b6a5b7d orchard 0.1.0-beta.3 2022-04-06 20:29:56 +00:00
Jack Grigg 06995064d7 incrementalmerkletree 0.3.0-beta.2 2022-04-06 18:19:39 +00:00
Jack Grigg caca664b20 Make `Debug` impl for `TransmittedNoteCiphertext` less verbose 
We now print the ciphertexts as hex bytes, for which we unambiguously
encode them in RPC outputs (vs 32-byte values which are more complex).
 2022-04-06 17:22:17 +00:00
Jack Grigg 6873782a48 Remove unused dependencies 
Closes zcash/orchard#307.
 2022-04-06 11:35:57 +00:00
Jack Grigg 3b5fb01218 Migrate to `halo2_proofs 0.1.0-beta.4` 2022-04-06 11:30:39 +00:00
Jack Grigg 75aef252d2 orchard 0.1.0-beta.2 2022-03-22 21:29:36 +00:00
Jack Grigg 56a946dafc halo2_proofs 0.1.0-beta.3 
The change to the pinned circuit description is due to removing the
unnecessary `selector_map` pin in zcash/halo2#521. This invalidates
previous proofs due to changing Fiat-Shamir transcript initialization).
 2022-03-22 21:29:36 +00:00
Jack Grigg f9ddb46687 incrementalmerkletree 0.3.0-beta.1 2022-03-22 20:42:30 +00:00
Jack Grigg eb7a9668aa Merge branch 'non-consensus-changes-on-branchid-c4cd541e' into merge-non-consensus-changes-2 2022-02-28 20:46:55 +00:00
Kris Nuttycombe 8449fd133c Merge branch 'update_incrementalmerkletree' into non-consensus-changes-on-branchid-c4cd541e 2022-02-24 13:15:31 -07:00
Kris Nuttycombe e32a075ef0 Update the incremental merkle tree version and the Rust toolchain. 
Use derived equality and ordering (which delegate to constant-time
versions) for note::nullifier::Nullifier and tree::MerkleHashOrchard
so that these types can be used as map keys in wallets.
 2022-02-24 09:12:12 -07:00
Kris Nuttycombe 1cf828fe7b Update the incremental merkle tree version and the Rust toolchain. 
Use derived equality and ordering (which delegate to constant-time
versions) for note::nullifier::Nullifier and tree::MerkleHashOrchard
so that these types can be used as map keys in wallets.
 2022-02-23 20:43:02 -07:00
Kris Nuttycombe 00deb330e6 Fix pprof version. 2022-02-15 14:39:32 -07:00
Jack Grigg bfda06a3af Migrate to `halo2_proofs 0.1.0-beta.2` 2022-02-15 02:01:39 +00:00
therealyingtong 942f0846b6 Only enable halo2_gadgets test-dependencies in dev. 2022-01-29 02:07:55 +08:00
therealyingtong f74cb9e4d3 Delete gadgets and their primitives; add `halo2_gadgets` dependency. 2022-01-29 01:57:01 +08:00
Jack Grigg 2b333d642c pasta_curves 0.3 
The MSRV is now 1.54.0, because reddsa 0.2.0 included a fix to its
nightly CI that inadvertently bumped its MSRV.

The `halo2` crate is now the `halo2_proofs` crate, but we're avoiding
the cross-repo crate rename until after `halo2_gadgets` is extracted.

This also brings in the 20% prover performance improvement from
zcash/halo2#447.
 2022-01-28 22:59:59 +08:00
therealyingtong a5ffc3bb47 Update halo2 revision. 2022-01-05 21:30:45 +08:00
therealyingtong 1c11a424e5 Pin pprof to 0.6.1. 2022-01-05 19:44:52 +08:00
Jack Grigg 0e1220acc9 Merge branch 'main' into orchard-mainnet-circuit 2021-12-20 15:20:33 +00:00
Jack Grigg f98431175a orchard 0.1.0-beta.1 2021-12-17 22:10:35 +00:00
Jack Grigg 369b99ee3f Add `doc_cfg` annotations 2021-12-17 22:08:58 +00:00
Jack Grigg bb04300059 zcash_note_encryption 0.1 2021-12-17 22:08:23 +00:00
Jack Grigg af236a34ad blake2b_simd 1 2021-12-17 17:06:37 +00:00
Jack Grigg f468e604e3 pprof 0.6 2021-12-17 17:05:23 +00:00
Jack Grigg 4af28cb6d4 incrementalmerkletree 0.2 2021-12-17 16:39:48 +00:00
Jack Grigg 4b0b32275f Migrate to latest `zcash_note_encryption` API 2021-12-17 05:31:24 +00:00
Jack Grigg 9b41a06363 Migrate to halo2 version with `AssignedCell` 
We change `CellValue` into a typedef of `AssignedCell` to simplify the
migration in this commit.

The migration from `CellValue` to `AssignedCell` requires several other
changes:

- `<CellValue as Var>::value()` returned `Option<F>`, whereas
  `AssignedCell::<F, F>::value()` returns `Option<&F>`. This means we
  need to dereference, use `Option::cloned`, or alter functions to take
  `&F` arguments.
- `StateWord` in the Poseidon chip has been changed to a newtype around
  `AssignedCell` (the chip was written before `CellValue` existed).
 2021-12-08 01:45:00 +00:00
therealyingtong 421891f065 Benchmark proof creation and verification for RATE = 2, 8, 11. 2021-11-30 10:03:49 -05:00
Jack Grigg 99d03e0d25 Migrate to latest halo2 revision 2021-11-26 16:24:26 +00:00
Jack Grigg 1cd9e7d4d4 Use reddsa 0.1 instead of the git dependency 2021-11-19 23:10:46 +00:00
Jack Grigg 8c018eff7e Migrate to `zcash_note_encryption::BatchDomain` 2021-11-17 12:15:21 +00:00
Jack Grigg 608da3f686 Switch to halo2 0.1.0-beta.1 
This is equivalent to the git revision we were previously patching.
 2021-09-28 20:48:19 +01:00
Jack Grigg a11f9052ae Require pasta_curves 0.2.1 and bump halo2 revision 
- pasta_curves 0.2.1 is the first version that was relicensed as
  MIT OR Apache-2.0.
- The halo2 revision includes the new license text.
 2021-09-22 21:41:01 +01:00
Jack Grigg 414eef3ce5 memuse 0.2 2021-09-14 20:40:15 +01:00
Jack Grigg 5a346fa145 pprof 0.5 2021-09-13 17:55:30 +01:00
Jack Grigg 9fcab699ef fpe 0.5 2021-09-13 17:54:56 +01:00
Jack Grigg 8c82ceecbf ff 0.11, group 0.11, pasta_curves 0.2 etc. 2021-09-06 20:39:43 +01:00
Jack Grigg 7fad21e7d6 Switch to `memuse` crate for measuring heap allocations 2021-09-05 01:33:27 +01:00
str4d cb28e00ebd
Merge pull request #178 from zcash/batch-note-decryption 
Speed up batched note decryption
 2021-08-13 14:27:41 +01:00
Jack Grigg 8c15cc25be Benchmark batch trial decryption 2021-08-12 01:36:38 +01:00
Jack Grigg 08b279b900 Expose and benchmark Sinsemilla primitive 2021-08-10 13:39:14 +01:00
Jack Grigg f4a8c082a9 Use w-NAF in `ka_orchard` 
Improves the base-line cost of trial decryption by over 40%.
 2021-08-06 13:43:19 +01:00
Jack Grigg cad3c8a1b8 Add benchmark for note decryption 2021-08-06 01:03:03 +01:00
Kris Nuttycombe d8091dd575 Update incrementalmerkletree version. 2021-08-05 07:51:19 -06:00
Jack Grigg a33d1bd90f Add circuit benchmarks and (on Unix) flamegraphs 
- Benchmarks:  `cargo bench`
- Flamegraphs: `cargo bench -- --profile-time 100`
 2021-07-28 15:09:31 +01:00
Jack Grigg 6185d8e295 Bump halo2 revision to include `Layouter::assign_table` 2021-07-27 20:54:48 +01:00
therealyingtong b3ccd3f0dd Use halo2 selector optimizations. 2021-07-27 03:14:34 +08:00
therealyingtong 29f185014f merkle: Replace l_plus_1 fixed column with q_decompose selector. 
Previously, l_plus_1 was a non-binary fixed column, used to
1. provide the value of l + 1; and
2. toggle the decomposition gate.

Now, the value is copied in from the global constants column, and
the toggle is handled by a binary q_decompose selector.
 2021-07-25 21:10:13 +08:00
therealyingtong 8cf7a6872c Minor refactors, text fixes, and docfixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-23 00:15:54 +08:00
therealyingtong d80333799d Combine constants fixed columns using assign_advice_from_constant. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-21 20:35:43 +08:00
Jack Grigg 1dca72a1cc Migrate to latest `halo2` test API 2021-07-19 12:58:05 +01:00
Jack Grigg 15f9d254d9 Migrate to latest `halo2` API 
- `halo2::plonk::{create_proof, verify_proof}` now take instance columns
  as slices of values.
- `halo2::plonk::Permutation` has been replaced by a global permutation,
  to which columns can be added with `ConstraintSystem::enable_equality`.
- The introduction of blinding rows means that various tests now require
  larger circuit parameters.
 2021-07-19 12:53:38 +01:00
Jack Grigg d47a7d2105 Migrate to latest halo2 Circuit APIs 
- The `Circuit` trait now has a `FloorPlanner` associated type.
- `circuit_layout` has been replaced by `CircuitLayout`.
 2021-07-15 11:22:25 +01:00
therealyingtong 5ae9890913 mul::overflow.rs: Overflow check in variable-base scalar mul 
Simplify the canonicity check for variable-base scalar multiplication,
by range-checking the low 130 bits rather than the low 127 bits.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-07-07 23:10:59 +08:00
Jack Grigg 3badd42d15 nonempty 0.7 
We can now correctly measure the heap-allocated memory used by a bundle.
 2021-06-28 20:57:49 +01:00
Kris Nuttycombe cc708a6b4a Update to released incrementalmerkletree version. 2021-06-28 09:43:18 -06:00
Kris Nuttycombe e3abbf9a42 Add serde support for OrchardIncrementalTreeDigest 2021-06-23 15:57:33 -06:00
Kris Nuttycombe 4bb252eb0c Add Orchard incremental merkle tree digests. 2021-06-22 18:14:27 -06:00
Jack Grigg 5759d66470 Use patches for halo2 and zcash_note_encryption dependencies 
While these two are in flux, it's hard to keep these revisions consistent
(e.g. https://github.com/zcash/zcash/pull/5217 currently depends on two
different versions of zcash_note_encryption). Using patches allows the
downstream users (i.e. zcashd) to define its own set of patches, and keep
everything in sync. This works fine now because we aren't actively making
changes to the public APIs, only additions.
 2021-06-14 23:17:15 +01:00
str4d 1182d8d5a7
Merge pull request #99 from zcash/note-encryption 
Note encryption
 2021-06-14 17:16:54 +01:00
therealyingtong a11c2066ef chip::add.rs: Use Expression::square() + other minor refactors 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-12 20:25:12 +08:00
Jack Grigg 6823272cfe Add zcash_note_encryption to dependencies 2021-06-11 23:54:35 +01:00
therealyingtong 8f8eff23d8 Update proptests to generate Merkle paths 2021-06-08 22:38:11 +08:00
Jack Grigg 94e730ad4c Migrate to latest version of halo2 
This brings in:
- Fixes and improvements to `MockProver`.
- Support for annotating constraints within gates.
- Removal of Selector rotations.
 2021-06-07 19:49:25 +01:00
Jack Grigg bea8a9b7ff Migrate to bitvec 0.22, ff 0.10, group 0.10, pasta_curves 0.1 2021-06-04 20:38:52 +01:00
Jack Grigg f1b8abfccb Arity-3 Poseidon chip 2021-06-01 18:36:11 +01:00
Jack Grigg dfa3fbb19b Migrate to latest revision of halo2 2021-06-01 17:37:44 +01:00
str4d f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7 
Remove rand 0.7 usage
 2021-05-21 21:25:34 +01:00
str4d 7109153e88
Merge pull request #43 from zcash/constants 
Add Orchard constants
 2021-05-18 20:44:59 +01:00
Jack Grigg 012d14073d Remove rand 0.7 usage 
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
 2021-05-09 07:51:55 +12:00
therealyingtong 4bf6202c35 Modify ECC gadget to work with chip refactor 2021-05-04 12:11:28 +08:00
therealyingtong 119d721ecd Use ArrayVec 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-03 23:58:41 +08:00
Kris Nuttycombe f91088d35b Use builder to generate "valid" bundles via proptest. 2021-04-28 18:21:12 -06:00
Kris Nuttycombe 4d89d45332 Add proptest generators for action and bundle types. 2021-04-28 18:04:17 -06:00
str4d e8f65a2158
Merge pull request #49 from zcash/builder 
Bundle builder
 2021-04-29 00:03:26 +01:00
therealyingtong e26b6c6123 Test every row in test_lagrange_coeffs() instead of using random scalar 2021-04-28 20:53:14 +08:00
therealyingtong 137ebf4a5a Add rand crate to dependencies 2021-04-28 20:53:14 +08:00
Jack Grigg 374391b217 Bring in reddsa fix that re-enables tests in debug mode 2021-04-28 14:19:58 +12:00
Jack Grigg 30f01d122c Bundle builder 2021-04-27 14:31:21 +12:00
Steven 5f4a56dc92
Merge pull request #61 from steven-ecc/change-tgppl-to-bosl 
Adding BOSL and changing TGPPL references to BOSL
 2021-04-26 16:42:00 -07:00
Steven 43d1bac11d
Update Cargo.toml 
Co-authored-by: ebfull <ewillbefull@gmail.com>
 2021-04-26 16:41:14 -07:00
str4d ea278aafcb
Merge pull request #63 from zcash/note-commitment-updates 
Note commitment updates
 2021-04-22 01:23:05 +01:00
Jack Grigg 3cadb7bb48 Update reddsa dependency 
Earlier in this PR we updated the pasta_crate with a small refactor. The
updated crate also had a separate bugfix to the GroupHash implementation
which caused generators to change. Rust happily pulled in both versions
of pasta_curves, causing the ValueCommit proptests to fail because bsk
was generated with different bases in this crate and reddsa.
 2021-04-22 11:12:34 +12:00
Jack Grigg 907ff46078 Simulate incomplete addition 
Sinsemilla will use incomplete addition inside the circuit for
efficiency, but the pasta_curves crate uses complete addition.
 2021-04-20 10:04:44 +12:00
Steven Smith 07accbc9ab Changing TGPPL references to BOSL 2021-04-16 09:24:18 -07:00
Jack Grigg badaf23f25 Implement ValueCommit^Orchard 2021-04-15 17:08:06 +12:00
str4d ee2bfa7f43
Merge pull request #41 from zcash/poseidon-primitive 
Poseidon primitive
 2021-03-26 07:36:45 +13:00
Jack Grigg f18ffa63d5 Add small key derivation benchmarks 2021-03-20 18:19:51 +13:00
Jack Grigg e1719c42bc Add test vectors from the reference implementation 
These are generated using v1.1 of the reference implementation.
 2021-03-18 16:38:06 +13:00
Jack Grigg 0f081c74e9 Bump halo2 dependency to include pasta_curves extraction 2021-03-18 15:04:07 +13:00
Jack Grigg 26701c33af Fix commit_ivk specification 
Commit^ivk takes ak as a point, and commits to its entire serialization
(not just the x coordinate).
 2021-03-09 08:28:53 +13:00
Jack Grigg ceac39d74e Implement ZIP 32 diversifier derivation 2021-03-05 23:36:38 +00:00
Jack Grigg f0779792bc Orchard key components 2021-03-05 23:28:16 +00:00
Jack Grigg a03ee8797d Implement Sinsemilla primitives 2021-02-27 17:10:28 +08:00