zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,061 Commits 5 Branches 12 Tags 25 MiB
Commit Graph

748 Commits

Author SHA1 Message Date
Jack Grigg 6f0cab5ffd Replace `FieldExt::from_u64` with `PrimeField: From<u64>` 2021-12-09 15:38:36 +00:00
Jack Grigg a4135dde24 ecc::chip: Fix `print_ecc_chip` 
The ECC test chip performs various checks that assume the chip will only
be synthesized with witnesses. This assumption is broken by the chip
printer test, so we fix the assumption here.
 2021-12-09 00:49:01 +00:00
Jack Grigg 6b84d0955a Fix "complex type" clippy lints 2021-12-08 04:11:57 +00:00
Jack Grigg a44253acc7 ecc::chip: Define a `MagnitudeSign` type alias 
This fixes some "complex type" clippy lints, and also will make it
easier to change it to a better-typed struct later.
 2021-12-08 02:23:51 +00:00
Jack Grigg bacdf67428 Remove the `CellValue` type 
In order to make the changeover easier to review, we redefined
`CellValue<F>` to be `AssignedCell<F, F>`. Now we remove that type and
rename throughout the codebase.
 2021-12-08 02:10:17 +00:00
Jack Grigg 65a89f099b Replace `gadget::utilities::copy` with `AssignedCell::copy_advice` 
Also replaces other copy-advice implementations that weren't using
`copy`.
 2021-12-08 01:50:02 +00:00
Jack Grigg 3079800f42 Remove `Var::new` trait method 
As the underlying `Region` methods now return `AssignedCell` instead of
`Cell`, we can simplify all the places where we then constructed a
`CellValue` struct.
 2021-12-08 01:48:17 +00:00
Jack Grigg 9b41a06363 Migrate to halo2 version with `AssignedCell` 
We change `CellValue` into a typedef of `AssignedCell` to simplify the
migration in this commit.

The migration from `CellValue` to `AssignedCell` requires several other
changes:

- `<CellValue as Var>::value()` returned `Option<F>`, whereas
  `AssignedCell::<F, F>::value()` returns `Option<&F>`. This means we
  need to dereference, use `Option::cloned`, or alter functions to take
  `&F` arguments.
- `StateWord` in the Poseidon chip has been changed to a newtype around
  `AssignedCell` (the chip was written before `CellValue` existed).
 2021-12-08 01:45:00 +00:00
Jack Grigg 5cb838f1a2 circuit: Remove `Copy` impl from `poseidon::pow5::StateWord` 
We will be making it a newtype around `halo2::circuit::AssignedCell`,
which does not impl `Copy`.
 2021-12-08 01:44:09 +00:00
Jack Grigg e99fc92e4b circuit: Use `Field::is_zero_vartime` 2021-12-08 01:44:08 +00:00
Jack Grigg 50b4600a1a circuit: Remove `Copy` impl from `CellValue` 
We will be replacing it with `halo2::circuit::AssignedCell`, which does
not impl `Copy`.
 2021-12-08 01:43:00 +00:00
str4d 55567f31ed
Merge pull request #248 from zcash/ecc-config-refactor 
circuit: Refactor `EccConfig` away from `impl From<EccConfig>`.
 2021-12-08 01:40:14 +00:00
str4d a38e2ff728
Ensure lo and hi incomplete ranges line up 
The previous code assumed that `pallas::Scalar::NUM_BITS` was odd, which is true, but might not remain so after a future generalisation refactor.
 2021-12-08 01:00:18 +00:00
Jack Grigg fe7796b884 circuit: Ensure that the real proof length matches calculated length 2021-12-06 19:44:44 +00:00
Jack Grigg e2c300368b circuit: Pin the proof size 
This is to ensure that if any future circuit changes are made, their
effect on the proof size (if any) will be noticed.
 2021-12-06 18:01:55 +00:00
str4d 42ad193b58
Merge pull request #247 from zcash/ternary-expr 
circuit: Introduce ternary expression helper.
 2021-12-06 17:32:35 +00:00
therealyingtong a09173a331 ecc::chip: Remove chip-level permutation. 
We have now refactored away from the impl From<EccConfig> pattern
so that each sub-config can equality-enable the columns they need.
 2021-12-04 04:45:06 +00:00
therealyingtong c00ee1707e mul_fixed::base_field_elem: Refactor base_field_elem::Config. 
This commit does not result in circuit changes.
 2021-12-04 04:45:06 +00:00
therealyingtong 687e220c36 mul_fixed::short: Refactor short::Config. 
This commit does not result in circuit changes.
 2021-12-04 04:45:06 +00:00
therealyingtong 165c9b6941 mul_fixed::full_width: Refactor full_width::Config. 
This commit does not result in circuit changes.
 2021-12-04 04:45:06 +00:00
therealyingtong f472a16b32 chip::mul_fixed: Move running_sum_config into mul_fixed::Config. 2021-12-04 04:45:06 +00:00
therealyingtong 1a7e832ed4 chip::mul_fixed: Refactor mul_fixed::Config. 
This commit does not introduce circuit changes.
 2021-12-04 04:45:06 +00:00
therealyingtong a7dad1d611 chip::mul: Refactor mul::Config. 
This commit does not introduce additional circuit changes.
 2021-12-04 04:45:05 +00:00
therealyingtong 440cd14dbb mul::overflow: Refactor overflow::Config. 
This is only used in chip::mul::Config. In a subsequent commit,
this will be configured from mul::Config instead of from
ecc::chip::Config.

This commit does not result in circuit changes.
 2021-12-04 04:44:41 +00:00
therealyingtong 931d61a863 mul::complete: Refactor complete::Config. 
This is only used in chip::mul::Config. In a subsequent commit,
this will be configured from mul::Config instead of from
ecc::chip::Config.

This commit does not result in circuit changes.
 2021-12-04 04:41:52 +00:00
therealyingtong 22f57005a9 mul::incomplete: Refactor incomplete::Config. 
This is only used in chip::mul::Config. In a subsequent commit,
this will be configured from mul::Config instead of from
ecc::chip::Config.

This commit does not result in circuit changes.
 2021-12-04 04:39:41 +00:00
Jack Grigg 0ede6b2301 mul::Config: Reorder gate definitions 
We are about to extract the sub-configs from mul::Config and refactor
them. Doing so would have moved their gate definitions past the one gate
that isn't created in a sub-config. Reordering the definitions here will
make the subsequent refactor diffs simpler to review.
 2021-12-04 04:38:08 +00:00
therealyingtong 2ec480ef6b utilities::lookup_range_check: Derive Copy for LookupRangeCheckConfig. 2021-12-02 14:55:37 -05:00
therealyingtong 4fe6fb8bf2 chip::add: Refactor add::Config. 
This is also used in mul and mul_fixed.
 2021-12-02 14:55:36 -05:00
therealyingtong 13faedc7cc chip::add_incomplete: Refactor add_incomplete::Config. 
This is also used in mul_fixed.
 2021-12-02 14:54:13 -05:00
therealyingtong 9d8fee29c7 chip::witness_point: Refactor witness_point::Config. 2021-12-02 14:51:33 -05:00
str4d d8690b8985
Merge pull request #236 from zcash/bench-poseidon-2 
Benchmark Poseidon gadget for rates {2, 8, 11}
 2021-12-01 15:57:55 +00:00
ying tong b02628d263 Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-12-01 09:31:53 -05:00
therealyingtong 76c8bb9711 utilities::cond_swap: Use ternary helper in cond_swap. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-11-30 20:36:13 -05:00
Jack Grigg 37f1bba998 Remove `PartialEq, PartialOrd` impls from `{Extended}SpendingKey` 2021-11-30 23:25:35 +00:00
Jack Grigg 674ceb54c8 `impl ConstantTimeEq for {Extended}SpendingKey` 2021-11-30 23:24:50 +00:00
therealyingtong 1a7a1255c8 mul::complete.rs: Use ternary helper in complete addition part of variable-base scalar mul. 2021-11-30 13:02:25 -05:00
therealyingtong 9513efd6f3 ecc::chip::mul.rs: Use ternary helper in variable-base scalar mul. 2021-11-30 12:52:15 -05:00
therealyingtong ba75da27bb gadget::utilities: Introduce ternary expression helper. 2021-11-30 10:39:01 -05:00
therealyingtong 421891f065 Benchmark proof creation and verification for RATE = 2, 8, 11. 2021-11-30 10:03:49 -05:00
therealyingtong 9b76556503 poseidon: Make gadget tests generic over WIDTH, RATE 2021-11-30 10:03:49 -05:00
therealyingtong b63c868591 poseidon: Make Spec trait methods not take (&self) parameter. 2021-11-30 10:02:16 -05:00
therealyingtong 409bbf36a0 mul::complete: Replace k_minus_one with one_minus_k. 2021-11-29 21:45:49 -05:00
therealyingtong 303bdc3f65 Replace local bool_check expressions with utilities::bool_check(). 2021-11-29 21:45:48 -05:00
therealyingtong 4fb434f88d gadget::utilities: Use range_check in bool_check. 2021-11-29 20:50:31 -05:00
therealyingtong 36f1d18705 gadget::utilities: Use N - x in range_check. 2021-11-29 20:50:31 -05:00
str4d 68b790c7da
Merge pull request #239 from nuttycom/di_from_bytes 
Add construction of DiversifierIndex directly from bytes.
 2021-11-29 17:46:44 +00:00
Jack Grigg 99d03e0d25 Migrate to latest halo2 revision 2021-11-26 16:24:26 +00:00
Kris Nuttycombe 14c4b40dfc Add construction of DiversifierIndex directly from bytes. 2021-11-24 18:09:25 -07:00
therealyingtong 9bb29018ac poseidon::pow5: Undo circuit change. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-11-23 15:38:55 -05:00
ying tong 79123629da
Docfixes and minor refactors. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-11-23 15:29:56 -05:00
therealyingtong fe1bc97ab4 Generalise Pow5T3 chip to be generic over WIDTH, RATE. 2021-11-19 00:50:04 -05:00
therealyingtong 0417e233c3 poseidon: Return CellValue from squeeze() 2021-11-19 00:04:27 -05:00
therealyingtong de37248749 Allow passing CellValue as input word to Poseidon gadget. 
Update circuit description.
 2021-11-18 23:47:57 -05:00
ying tong dfcea20569
Merge pull request #218 from zcash/zcash_note_encryption-batchdomain 
Migrate to `zcash_note_encryption::BatchDomain`
 2021-11-17 15:13:57 +01:00
str4d 465afd162e
Merge pull request #229 from zcash/228-fix-ivk-to_bytes 
Fix `IncomingViewingKey::to_bytes`
 2021-11-17 13:30:54 +00:00
Jack Grigg 8c018eff7e Migrate to `zcash_note_encryption::BatchDomain` 2021-11-17 12:15:21 +00:00
Jack Grigg 235cd791b4 Fix `IncomingViewingKey::to_bytes` 
`slice::copy_from_slice` panics if the source and destination slices are
not the same length.

Closes zcash/orchard#228.
 2021-11-17 12:12:20 +00:00
Deirdre Connolly 568e24cd5f Derive Clone for circuit::Instance 2021-11-04 23:30:57 -04:00
Deirdre Connolly 7412dfe79a
Update src/circuit.rs 
Co-authored-by: str4d <thestr4d@gmail.com>
 2021-11-04 17:54:30 -04:00
Deirdre Connolly e51e92e848 Add `orchard::circuit::Instance::from_parts()` 2021-11-03 23:24:54 -04:00
therealyingtong c61524ea29 p128pow5t3::tests: Extract verify_constants_helper. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-10-12 11:58:27 +02:00
therealyingtong 2c97e56da7 Add hash() and permute() test vectors for Poseidon over Fq. 2021-10-12 11:58:27 +02:00
therealyingtong f5775b6c6d p128pow5t3.rs: Test against reference input for Fq field modulus. 2021-10-12 11:58:27 +02:00
therealyingtong 4eb4c57827 Impl Spec for P128Pow5T3 over Fq. 2021-10-12 11:58:27 +02:00
therealyingtong 764c445a81 Rename poseidon::nullifier -> poseidon::p128pow5t3. 2021-10-12 11:58:27 +02:00
therealyingtong 8e00f69d63 primitives::poseidon: Add constants for Fq field modulus. 2021-10-12 11:58:27 +02:00
str4d 2c8241f25b
Merge pull request #209 from zcash/circuit-bugfixes 
Circuit bugfixes
 2021-09-29 10:06:25 +13:00
Jack Grigg 631182fb77 Update selector columns in expected-failure tests 
The addition of the non-identity selector caused the layouter to reorder
some of the selectors in the ECC gadget test circuit.
 2021-09-28 21:49:06 +01:00
Daira Hopwood d77cb82c8d
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-09-28 21:09:39 +01:00
Jack Grigg d0056d9050 Test that we can't witness the identity as a NonIdentityPoint 2021-09-28 21:00:29 +01:00
Sean Bowe ebfd919abc Update circuit description. 2021-09-28 20:31:32 +01:00
str4d aec3b1d52d Remove unnecessary clones in closure 2021-09-28 20:31:32 +01:00
therealyingtong 52f53f3425 Remove IsIdentity trait from public EccInstructions. 
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
therealyingtong c80ccba801 Witness cm_old using Point::new(). 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
therealyingtong b0de6afd7c Reintroduce Point::new() API and constraints. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 20:31:32 +01:00
Jack Grigg 751277cdb2 Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound 
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
 2021-09-28 13:13:25 -06:00
Jack Grigg 97c27e3d5a Use complete addition in SinsemillaCommit 
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
 2021-09-28 13:13:25 -06:00
therealyingtong 8c8a12a8df Minor fixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-28 13:13:25 -06:00
therealyingtong fa560d3aee Replace is_identity() instruction with IsIdentity trait. 2021-09-28 13:13:25 -06:00
therealyingtong 4a13ab4f6b Docfixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
Daira Hopwood 6b6b515232 `hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>` 
because any exceptional case is treated as an error, and therefore the identity cannot be returned.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 8ad3003e27 Remove Point::new() API and introduce is_identity() instruction. 
Also remove the q_point selector and gate from the circuit.
 2021-09-28 13:13:25 -06:00
therealyingtong ec27989b9b Clippy and formatting fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong a5a6e78d42 src/circuit.rs: Use NonIdentityPoint for all witnessed points. 
The witnessed points are cm_old, g_d_old, pk_d_old, ak.

g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong cdcfcbc0c2 gadget::sinsemilla: Propagate changes to the Sinsemilla gadget. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 258fe5796b ecc::chip: Propagate changes to sub-chips. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong df26a6c674 chip::witness_point.rs: Constraints for non-identity point. 
The point_non_id() method returns an error if the given point is
the identity.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong 88eb762cf2 ecc::chip.rs: Introduce NonIdentityEccPoint struct. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
therealyingtong f5ed26790a gadget::ecc: Introduce NonIdentityPoint associated type and gadget. 
The add_incomplete() and mul() APIs have been removed from the
Point gadget, since we cannot perform incomplete addition or
variable-base scalar multiplication on the identity.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-28 13:13:25 -06:00
str4d 05f3226314
Merge pull request #206 from defuse/comment-fixes 
Correct a couple comments
 2021-09-29 08:13:08 +13:00
Sean Bowe f9aa765787 Add test against hardcoded pinned verification key 2021-09-28 12:54:13 -06:00
Taylor Hornby 63a1c9d08e Correct a couple comments 2021-09-27 20:52:16 -06:00
therealyingtong 1f2132a8c0 Use correct MERKLE_DEPTH_ORCHARD in proptests. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-16 21:37:59 +02:00
therealyingtong d47c157ae0 Replace arb_tree proptest with incrementalmerkletree impl. 2021-09-16 20:50:27 +02:00
therealyingtong 2c551db32b Use gen_const_array_with_default where possible. 2021-09-16 18:20:51 +02:00
therealyingtong 291400ec33 Rename MerkleCrhOrchardOutput -> MerkleHashOrchard. 2021-09-16 15:38:01 +02:00
therealyingtong e9dc2f747f Move hash_with_l() logic into MerkleCrhOrchardOutput::combine(). 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-09-16 15:37:22 +02:00
therealyingtong 58de805a13 sinsemilla::merkle.rs: Use tree::MerklePath::root in tests. 2021-09-16 15:36:24 +02:00
therealyingtong f75f890a64 Update tree::MerklePath::root to be total. 2021-09-16 15:36:24 +02:00
Jack Grigg 414eef3ce5 memuse 0.2 2021-09-14 20:40:15 +01:00
Kris Nuttycombe 4488288ac0
Merge pull request #198 from zcash/merkle-path-test-vectors 
Add Merkle path test vectors
 2021-09-14 07:22:28 -06:00
str4d 3dd2a1872a
Merge pull request #169 from zcash/circuit-constraint-refinements 
Circuit constraint refinements to reduce proof size
 2021-09-14 02:05:41 +01:00
Jack Grigg 29a4bbcbc1 Add Merkle path test vectors 2021-09-14 00:15:39 +01:00
Daira Hopwood ee44d2ccf0
Apply suggestions from code review 2021-09-07 02:45:10 +01:00
Daira Hopwood 97e18a8190
Apply suggestions from code review 2021-09-07 00:56:22 +01:00
Daira Hopwood faddaf9e30 note_commit.rs: make two_pow_* definitions more consistent. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-07 00:52:37 +01:00
Jack Grigg 8c82ceecbf ff 0.11, group 0.11, pasta_curves 0.2 etc. 2021-09-06 20:39:43 +01:00
Jack Grigg 7fad21e7d6 Switch to `memuse` crate for measuring heap allocations 2021-09-05 01:33:27 +01:00
Daira Hopwood c24c67d5f0 cargo fmt 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 14:11:08 +01:00
Kris Nuttycombe e4a54cdf61 Improve error handling in zip32 APIs. 2021-08-31 16:49:58 -06:00
therealyingtong c3e24794f0 zip32.rs: master and child key derivation for ExtendedSpendingKey 2021-08-31 15:49:32 -06:00
Kris Nuttycombe 77be355912 Apply suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 0449edd5b8 Validate the sign of the y-coordinate for ak when deserializing. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 43abadfb55 Adds decryption for a specific index within a bundle. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe c406461f64 Expose inner representation of NoteValue 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 872f337811 Expose SpendingKey byte representation. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe c803114bf6 Go ahead and clone IVKs to limit borrowing hassles. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe d8bf892c72 Return key used to decrypt an output along with decrypted note contents. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 5d78ab3508 Add Eq and Ord implementations for Orchard keys. 2021-08-23 11:29:06 -06:00
Kris Nuttycombe 52f0f158ef Add serialization and parsing of full viewing keys. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe 1fd00e6236 Add raw address serialization and parsing. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe e33cd4ade4 Add trial decryption of actions to Bundle 2021-08-23 11:28:25 -06:00
Kris Nuttycombe 77cf4c9831 Implement IncomingViewingKey::to_bytes 2021-08-23 11:27:02 -06:00
str4d f2400baa01
Improve NoteCommit input value gate doc 
Brings it in line with the other gate docs.

Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-19 14:35:56 +01:00
str4d bac22d9b19
clippy: Remove redundant clones 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-19 14:34:15 +01:00
str4d ac900148ed
Fix typo in gate documentation 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-19 14:33:52 +01:00
str4d b4a82211ce
Merge pull request #184 from zcash/poseidon-domain-spec 
poseidon::Domain: Remove Spec trait bound.
 2021-08-17 12:55:01 +01:00
str4d cb28e00ebd
Merge pull request #178 from zcash/batch-note-decryption 
Speed up batched note decryption
 2021-08-13 14:27:41 +01:00
Jack Grigg 79988a5317 Move the interpolation logic into `SharedSecret::batch_to_affine` 
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
 2021-08-13 14:27:20 +01:00
therealyingtong 1f852544cf poseidon::Domain: Remove Spec trait bound. 
The methods in the Domain trait are not generic over Spec.
 2021-08-13 14:47:02 +08:00
str4d 4e33fe7aec Use correct symbol for incomplete addition 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-12 21:34:35 +01:00
str4d 459e68b71e
Fix clippy lint 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-12 21:32:14 +01:00
Jack Grigg 9f3c9a7e60 Use mixed addition for Sinsemilla bases 
Performance improvements:
- MerkleCRH:  ~5%
- Commit^ivk: ~1%
- NoteCommit: ~3%
 2021-08-12 15:45:00 +01:00
Jack Grigg 6197a0ef62 Use `group::Wnaf` to accelerate `sinsemilla::CommitDomain::commit` 
Performance improvements:
- Commit^ivk: ~31%
- NoteCommit: ~22%
 2021-08-12 15:45:00 +01:00
str4d 5f0c3b3585
Merge pull request #179 from zcash/sinsemilla-bases 
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
 2021-08-12 15:18:38 +01:00
therealyingtong 92a7e20d30 Remove sinsemilla_s_generators() function. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-08-12 20:54:51 +08:00
Jack Grigg c79acc0e08 Fix length of output Vec for `SharedSecret::batch_to_affine` 
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
 2021-08-12 13:40:56 +01:00
therealyingtong a9e96eb0a4 sinsemilla_s: Add documentation. 2021-08-12 16:15:24 +08:00
therealyingtong 995728caa6 primitives::sinsemilla: Use hard-coded generators in sinsemilla_s. 2021-08-12 15:45:14 +08:00
Jack Grigg 8e13986101 Implement `Domain::batch_epk` for note decryption 
Improves throughput of batched trial decryption by around 10%.
 2021-08-12 01:36:38 +01:00
Jack Grigg 8c15cc25be Benchmark batch trial decryption 2021-08-12 01:36:38 +01:00
Jack Grigg 0d306d18aa Expose and benchmark Poseidon 2021-08-10 13:44:04 +01:00
Jack Grigg 08b279b900 Expose and benchmark Sinsemilla primitive 2021-08-10 13:39:14 +01:00
therealyingtong e62cfaa398 ExtractedNoteCommitment::from_bytes: Document cmx canonicity. 2021-08-09 20:11:27 +08:00
Jack Grigg f4a8c082a9 Use w-NAF in `ka_orchard` 
Improves the base-line cost of trial decryption by over 40%.
 2021-08-06 13:43:19 +01:00
Jack Grigg 2283310236 Expose `orchard::note_encryption::{CompactAction, OrchardNoteEncryption}` 
This also removes the `orchard::OrchardDomain` re-export, which is now
available at `orchard::note_encryption::OrchardDomain`.
 2021-08-06 01:01:12 +01:00
Kris Nuttycombe d8091dd575 Update incrementalmerkletree version. 2021-08-05 07:51:19 -06:00
Daira Hopwood e4612f7f6c Update Poseidon instantiation from 58 to 56 partial rounds. fixes #166 
Test vectors are from https://github.com/zcash-hackworks/zcash-test-vectors/pull/45

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-04 13:04:13 +01:00
Jack Grigg 9af22a8cbc circuit: Add region layout diagrams for y_switch constraint 
Helps to see why we can't optimise it to remove the `prev` query.
 2021-07-29 20:57:33 +01:00