Jack Grigg
6f0cab5ffd
Replace `FieldExt::from_u64` with `PrimeField: From<u64>`
2021-12-09 15:38:36 +00:00
Jack Grigg
a4135dde24
ecc::chip: Fix `print_ecc_chip`
...
The ECC test chip performs various checks that assume the chip will only
be synthesized with witnesses. This assumption is broken by the chip
printer test, so we fix the assumption here.
2021-12-09 00:49:01 +00:00
Jack Grigg
6b84d0955a
Fix "complex type" clippy lints
2021-12-08 04:11:57 +00:00
Jack Grigg
a44253acc7
ecc::chip: Define a `MagnitudeSign` type alias
...
This fixes some "complex type" clippy lints, and also will make it
easier to change it to a better-typed struct later.
2021-12-08 02:23:51 +00:00
Jack Grigg
bacdf67428
Remove the `CellValue` type
...
In order to make the changeover easier to review, we redefined
`CellValue<F>` to be `AssignedCell<F, F>`. Now we remove that type and
rename throughout the codebase.
2021-12-08 02:10:17 +00:00
Jack Grigg
65a89f099b
Replace `gadget::utilities::copy` with `AssignedCell::copy_advice`
...
Also replaces other copy-advice implementations that weren't using
`copy`.
2021-12-08 01:50:02 +00:00
Jack Grigg
3079800f42
Remove `Var::new` trait method
...
As the underlying `Region` methods now return `AssignedCell` instead of
`Cell`, we can simplify all the places where we then constructed a
`CellValue` struct.
2021-12-08 01:48:17 +00:00
Jack Grigg
9b41a06363
Migrate to halo2 version with `AssignedCell`
...
We change `CellValue` into a typedef of `AssignedCell` to simplify the
migration in this commit.
The migration from `CellValue` to `AssignedCell` requires several other
changes:
- `<CellValue as Var>::value()` returned `Option<F>`, whereas
`AssignedCell::<F, F>::value()` returns `Option<&F>`. This means we
need to dereference, use `Option::cloned`, or alter functions to take
`&F` arguments.
- `StateWord` in the Poseidon chip has been changed to a newtype around
`AssignedCell` (the chip was written before `CellValue` existed).
2021-12-08 01:45:00 +00:00
Jack Grigg
5cb838f1a2
circuit: Remove `Copy` impl from `poseidon::pow5::StateWord`
...
We will be making it a newtype around `halo2::circuit::AssignedCell`,
which does not impl `Copy`.
2021-12-08 01:44:09 +00:00
Jack Grigg
e99fc92e4b
circuit: Use `Field::is_zero_vartime`
2021-12-08 01:44:08 +00:00
Jack Grigg
50b4600a1a
circuit: Remove `Copy` impl from `CellValue`
...
We will be replacing it with `halo2::circuit::AssignedCell`, which does
not impl `Copy`.
2021-12-08 01:43:00 +00:00
str4d
55567f31ed
Merge pull request #248 from zcash/ecc-config-refactor
...
circuit: Refactor `EccConfig` away from `impl From<EccConfig>`.
2021-12-08 01:40:14 +00:00
str4d
a38e2ff728
Ensure lo and hi incomplete ranges line up
...
The previous code assumed that `pallas::Scalar::NUM_BITS` was odd, which is true, but might not remain so after a future generalisation refactor.
2021-12-08 01:00:18 +00:00
Jack Grigg
fe7796b884
circuit: Ensure that the real proof length matches calculated length
2021-12-06 19:44:44 +00:00
Jack Grigg
e2c300368b
circuit: Pin the proof size
...
This is to ensure that if any future circuit changes are made, their
effect on the proof size (if any) will be noticed.
2021-12-06 18:01:55 +00:00
str4d
42ad193b58
Merge pull request #247 from zcash/ternary-expr
...
circuit: Introduce ternary expression helper.
2021-12-06 17:32:35 +00:00
therealyingtong
a09173a331
ecc::chip: Remove chip-level permutation.
...
We have now refactored away from the impl From<EccConfig> pattern
so that each sub-config can equality-enable the columns they need.
2021-12-04 04:45:06 +00:00
therealyingtong
c00ee1707e
mul_fixed::base_field_elem: Refactor base_field_elem::Config.
...
This commit does not result in circuit changes.
2021-12-04 04:45:06 +00:00
therealyingtong
687e220c36
mul_fixed::short: Refactor short::Config.
...
This commit does not result in circuit changes.
2021-12-04 04:45:06 +00:00
therealyingtong
165c9b6941
mul_fixed::full_width: Refactor full_width::Config.
...
This commit does not result in circuit changes.
2021-12-04 04:45:06 +00:00
therealyingtong
f472a16b32
chip::mul_fixed: Move running_sum_config into mul_fixed::Config.
2021-12-04 04:45:06 +00:00
therealyingtong
1a7e832ed4
chip::mul_fixed: Refactor mul_fixed::Config.
...
This commit does not introduce circuit changes.
2021-12-04 04:45:06 +00:00
therealyingtong
a7dad1d611
chip::mul: Refactor mul::Config.
...
This commit does not introduce additional circuit changes.
2021-12-04 04:45:05 +00:00
therealyingtong
440cd14dbb
mul::overflow: Refactor overflow::Config.
...
This is only used in chip::mul::Config. In a subsequent commit,
this will be configured from mul::Config instead of from
ecc::chip::Config.
This commit does not result in circuit changes.
2021-12-04 04:44:41 +00:00
therealyingtong
931d61a863
mul::complete: Refactor complete::Config.
...
This is only used in chip::mul::Config. In a subsequent commit,
this will be configured from mul::Config instead of from
ecc::chip::Config.
This commit does not result in circuit changes.
2021-12-04 04:41:52 +00:00
therealyingtong
22f57005a9
mul::incomplete: Refactor incomplete::Config.
...
This is only used in chip::mul::Config. In a subsequent commit,
this will be configured from mul::Config instead of from
ecc::chip::Config.
This commit does not result in circuit changes.
2021-12-04 04:39:41 +00:00
Jack Grigg
0ede6b2301
mul::Config: Reorder gate definitions
...
We are about to extract the sub-configs from mul::Config and refactor
them. Doing so would have moved their gate definitions past the one gate
that isn't created in a sub-config. Reordering the definitions here will
make the subsequent refactor diffs simpler to review.
2021-12-04 04:38:08 +00:00
therealyingtong
2ec480ef6b
utilities::lookup_range_check: Derive Copy for LookupRangeCheckConfig.
2021-12-02 14:55:37 -05:00
therealyingtong
4fe6fb8bf2
chip::add: Refactor add::Config.
...
This is also used in mul and mul_fixed.
2021-12-02 14:55:36 -05:00
therealyingtong
13faedc7cc
chip::add_incomplete: Refactor add_incomplete::Config.
...
This is also used in mul_fixed.
2021-12-02 14:54:13 -05:00
therealyingtong
9d8fee29c7
chip::witness_point: Refactor witness_point::Config.
2021-12-02 14:51:33 -05:00
str4d
d8690b8985
Merge pull request #236 from zcash/bench-poseidon-2
...
Benchmark Poseidon gadget for rates {2, 8, 11}
2021-12-01 15:57:55 +00:00
ying tong
b02628d263
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-12-01 09:31:53 -05:00
therealyingtong
76c8bb9711
utilities::cond_swap: Use ternary helper in cond_swap.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-11-30 20:36:13 -05:00
Jack Grigg
37f1bba998
Remove `PartialEq, PartialOrd` impls from `{Extended}SpendingKey`
2021-11-30 23:25:35 +00:00
Jack Grigg
674ceb54c8
`impl ConstantTimeEq for {Extended}SpendingKey`
2021-11-30 23:24:50 +00:00
therealyingtong
1a7a1255c8
mul::complete.rs: Use ternary helper in complete addition part of variable-base scalar mul.
2021-11-30 13:02:25 -05:00
therealyingtong
9513efd6f3
ecc::chip::mul.rs: Use ternary helper in variable-base scalar mul.
2021-11-30 12:52:15 -05:00
therealyingtong
ba75da27bb
gadget::utilities: Introduce ternary expression helper.
2021-11-30 10:39:01 -05:00
therealyingtong
421891f065
Benchmark proof creation and verification for RATE = 2, 8, 11.
2021-11-30 10:03:49 -05:00
therealyingtong
9b76556503
poseidon: Make gadget tests generic over WIDTH, RATE
2021-11-30 10:03:49 -05:00
therealyingtong
b63c868591
poseidon: Make Spec trait methods not take (&self) parameter.
2021-11-30 10:02:16 -05:00
therealyingtong
409bbf36a0
mul::complete: Replace k_minus_one with one_minus_k.
2021-11-29 21:45:49 -05:00
therealyingtong
303bdc3f65
Replace local bool_check expressions with utilities::bool_check().
2021-11-29 21:45:48 -05:00
therealyingtong
4fb434f88d
gadget::utilities: Use range_check in bool_check.
2021-11-29 20:50:31 -05:00
therealyingtong
36f1d18705
gadget::utilities: Use N - x in range_check.
2021-11-29 20:50:31 -05:00
str4d
68b790c7da
Merge pull request #239 from nuttycom/di_from_bytes
...
Add construction of DiversifierIndex directly from bytes.
2021-11-29 17:46:44 +00:00
Jack Grigg
99d03e0d25
Migrate to latest halo2 revision
2021-11-26 16:24:26 +00:00
Kris Nuttycombe
14c4b40dfc
Add construction of DiversifierIndex directly from bytes.
2021-11-24 18:09:25 -07:00
therealyingtong
9bb29018ac
poseidon::pow5: Undo circuit change.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-11-23 15:38:55 -05:00
ying tong
79123629da
Docfixes and minor refactors.
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-11-23 15:29:56 -05:00
therealyingtong
fe1bc97ab4
Generalise Pow5T3 chip to be generic over WIDTH, RATE.
2021-11-19 00:50:04 -05:00
therealyingtong
0417e233c3
poseidon: Return CellValue from squeeze()
2021-11-19 00:04:27 -05:00
therealyingtong
de37248749
Allow passing CellValue as input word to Poseidon gadget.
...
Update circuit description.
2021-11-18 23:47:57 -05:00
ying tong
dfcea20569
Merge pull request #218 from zcash/zcash_note_encryption-batchdomain
...
Migrate to `zcash_note_encryption::BatchDomain`
2021-11-17 15:13:57 +01:00
str4d
465afd162e
Merge pull request #229 from zcash/228-fix-ivk-to_bytes
...
Fix `IncomingViewingKey::to_bytes`
2021-11-17 13:30:54 +00:00
Jack Grigg
8c018eff7e
Migrate to `zcash_note_encryption::BatchDomain`
2021-11-17 12:15:21 +00:00
Jack Grigg
235cd791b4
Fix `IncomingViewingKey::to_bytes`
...
`slice::copy_from_slice` panics if the source and destination slices are
not the same length.
Closes zcash/orchard#228 .
2021-11-17 12:12:20 +00:00
Deirdre Connolly
568e24cd5f
Derive Clone for circuit::Instance
2021-11-04 23:30:57 -04:00
Deirdre Connolly
7412dfe79a
Update src/circuit.rs
...
Co-authored-by: str4d <thestr4d@gmail.com>
2021-11-04 17:54:30 -04:00
Deirdre Connolly
e51e92e848
Add `orchard::circuit::Instance::from_parts()`
2021-11-03 23:24:54 -04:00
therealyingtong
c61524ea29
p128pow5t3::tests: Extract verify_constants_helper.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-10-12 11:58:27 +02:00
therealyingtong
2c97e56da7
Add hash() and permute() test vectors for Poseidon over Fq.
2021-10-12 11:58:27 +02:00
therealyingtong
f5775b6c6d
p128pow5t3.rs: Test against reference input for Fq field modulus.
2021-10-12 11:58:27 +02:00
therealyingtong
4eb4c57827
Impl Spec for P128Pow5T3 over Fq.
2021-10-12 11:58:27 +02:00
therealyingtong
764c445a81
Rename poseidon::nullifier -> poseidon::p128pow5t3.
2021-10-12 11:58:27 +02:00
therealyingtong
8e00f69d63
primitives::poseidon: Add constants for Fq field modulus.
2021-10-12 11:58:27 +02:00
str4d
2c8241f25b
Merge pull request #209 from zcash/circuit-bugfixes
...
Circuit bugfixes
2021-09-29 10:06:25 +13:00
Jack Grigg
631182fb77
Update selector columns in expected-failure tests
...
The addition of the non-identity selector caused the layouter to reorder
some of the selectors in the ECC gadget test circuit.
2021-09-28 21:49:06 +01:00
Daira Hopwood
d77cb82c8d
Apply suggestions from code review
...
Co-authored-by: str4d <jack@electriccoin.co>
2021-09-28 21:09:39 +01:00
Jack Grigg
d0056d9050
Test that we can't witness the identity as a NonIdentityPoint
2021-09-28 21:00:29 +01:00
Sean Bowe
ebfd919abc
Update circuit description.
2021-09-28 20:31:32 +01:00
str4d
aec3b1d52d
Remove unnecessary clones in closure
2021-09-28 20:31:32 +01:00
therealyingtong
52f53f3425
Remove IsIdentity trait from public EccInstructions.
...
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
c80ccba801
Witness cm_old using Point::new().
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong
b0de6afd7c
Reintroduce Point::new() API and constraints.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
Jack Grigg
751277cdb2
Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound
...
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
2021-09-28 13:13:25 -06:00
Jack Grigg
97c27e3d5a
Use complete addition in SinsemillaCommit
...
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
2021-09-28 13:13:25 -06:00
therealyingtong
8c8a12a8df
Minor fixes.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-28 13:13:25 -06:00
therealyingtong
fa560d3aee
Replace is_identity() instruction with IsIdentity trait.
2021-09-28 13:13:25 -06:00
therealyingtong
4a13ab4f6b
Docfixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
Daira Hopwood
6b6b515232
`hash_to_point` should return `Result<(Self::NonIdentityPoint, Vec<Self::RunningSum>), Error>`
...
because any exceptional case is treated as an error, and therefore the identity cannot be returned.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
8ad3003e27
Remove Point::new() API and introduce is_identity() instruction.
...
Also remove the q_point selector and gate from the circuit.
2021-09-28 13:13:25 -06:00
therealyingtong
ec27989b9b
Clippy and formatting fixes.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
a5a6e78d42
src/circuit.rs: Use NonIdentityPoint for all witnessed points.
...
The witnessed points are cm_old, g_d_old, pk_d_old, ak.
g_d_new and pk_d_new are currently also witnessed as affine points,
which diverges from the spec.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
cdcfcbc0c2
gadget::sinsemilla: Propagate changes to the Sinsemilla gadget.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
258fe5796b
ecc::chip: Propagate changes to sub-chips.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
df26a6c674
chip::witness_point.rs: Constraints for non-identity point.
...
The point_non_id() method returns an error if the given point is
the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
88eb762cf2
ecc::chip.rs: Introduce NonIdentityEccPoint struct.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
therealyingtong
f5ed26790a
gadget::ecc: Introduce NonIdentityPoint associated type and gadget.
...
The add_incomplete() and mul() APIs have been removed from the
Point gadget, since we cannot perform incomplete addition or
variable-base scalar multiplication on the identity.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00
str4d
05f3226314
Merge pull request #206 from defuse/comment-fixes
...
Correct a couple comments
2021-09-29 08:13:08 +13:00
Sean Bowe
f9aa765787
Add test against hardcoded pinned verification key
2021-09-28 12:54:13 -06:00
Taylor Hornby
63a1c9d08e
Correct a couple comments
2021-09-27 20:52:16 -06:00
therealyingtong
1f2132a8c0
Use correct MERKLE_DEPTH_ORCHARD in proptests.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-16 21:37:59 +02:00
therealyingtong
d47c157ae0
Replace arb_tree proptest with incrementalmerkletree impl.
2021-09-16 20:50:27 +02:00
therealyingtong
2c551db32b
Use gen_const_array_with_default where possible.
2021-09-16 18:20:51 +02:00
therealyingtong
291400ec33
Rename MerkleCrhOrchardOutput -> MerkleHashOrchard.
2021-09-16 15:38:01 +02:00
therealyingtong
e9dc2f747f
Move hash_with_l() logic into MerkleCrhOrchardOutput::combine().
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-16 15:37:22 +02:00
therealyingtong
58de805a13
sinsemilla::merkle.rs: Use tree::MerklePath::root in tests.
2021-09-16 15:36:24 +02:00
therealyingtong
f75f890a64
Update tree::MerklePath::root to be total.
2021-09-16 15:36:24 +02:00
Jack Grigg
414eef3ce5
memuse 0.2
2021-09-14 20:40:15 +01:00
Kris Nuttycombe
4488288ac0
Merge pull request #198 from zcash/merkle-path-test-vectors
...
Add Merkle path test vectors
2021-09-14 07:22:28 -06:00
str4d
3dd2a1872a
Merge pull request #169 from zcash/circuit-constraint-refinements
...
Circuit constraint refinements to reduce proof size
2021-09-14 02:05:41 +01:00
Jack Grigg
29a4bbcbc1
Add Merkle path test vectors
2021-09-14 00:15:39 +01:00
Daira Hopwood
ee44d2ccf0
Apply suggestions from code review
2021-09-07 02:45:10 +01:00
Daira Hopwood
97e18a8190
Apply suggestions from code review
2021-09-07 00:56:22 +01:00
Daira Hopwood
faddaf9e30
note_commit.rs: make two_pow_* definitions more consistent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-07 00:52:37 +01:00
Jack Grigg
8c82ceecbf
ff 0.11, group 0.11, pasta_curves 0.2 etc.
2021-09-06 20:39:43 +01:00
Jack Grigg
7fad21e7d6
Switch to `memuse` crate for measuring heap allocations
2021-09-05 01:33:27 +01:00
Daira Hopwood
c24c67d5f0
cargo fmt
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 14:11:08 +01:00
Kris Nuttycombe
e4a54cdf61
Improve error handling in zip32 APIs.
2021-08-31 16:49:58 -06:00
therealyingtong
c3e24794f0
zip32.rs: master and child key derivation for ExtendedSpendingKey
2021-08-31 15:49:32 -06:00
Kris Nuttycombe
77be355912
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
0449edd5b8
Validate the sign of the y-coordinate for ak when deserializing.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
43abadfb55
Adds decryption for a specific index within a bundle.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
c406461f64
Expose inner representation of NoteValue
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
872f337811
Expose SpendingKey byte representation.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
c803114bf6
Go ahead and clone IVKs to limit borrowing hassles.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
d8bf892c72
Return key used to decrypt an output along with decrypted note contents.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
5d78ab3508
Add Eq and Ord implementations for Orchard keys.
2021-08-23 11:29:06 -06:00
Kris Nuttycombe
52f0f158ef
Add serialization and parsing of full viewing keys.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
1fd00e6236
Add raw address serialization and parsing.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
e33cd4ade4
Add trial decryption of actions to Bundle
2021-08-23 11:28:25 -06:00
Kris Nuttycombe
77cf4c9831
Implement IncomingViewingKey::to_bytes
2021-08-23 11:27:02 -06:00
str4d
f2400baa01
Improve NoteCommit input value gate doc
...
Brings it in line with the other gate docs.
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-19 14:35:56 +01:00
str4d
bac22d9b19
clippy: Remove redundant clones
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-19 14:34:15 +01:00
str4d
ac900148ed
Fix typo in gate documentation
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-19 14:33:52 +01:00
str4d
b4a82211ce
Merge pull request #184 from zcash/poseidon-domain-spec
...
poseidon::Domain: Remove Spec trait bound.
2021-08-17 12:55:01 +01:00
str4d
cb28e00ebd
Merge pull request #178 from zcash/batch-note-decryption
...
Speed up batched note decryption
2021-08-13 14:27:41 +01:00
Jack Grigg
79988a5317
Move the interpolation logic into `SharedSecret::batch_to_affine`
...
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
2021-08-13 14:27:20 +01:00
therealyingtong
1f852544cf
poseidon::Domain: Remove Spec trait bound.
...
The methods in the Domain trait are not generic over Spec.
2021-08-13 14:47:02 +08:00
str4d
4e33fe7aec
Use correct symbol for incomplete addition
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:34:35 +01:00
str4d
459e68b71e
Fix clippy lint
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:32:14 +01:00
Jack Grigg
9f3c9a7e60
Use mixed addition for Sinsemilla bases
...
Performance improvements:
- MerkleCRH: ~5%
- Commit^ivk: ~1%
- NoteCommit: ~3%
2021-08-12 15:45:00 +01:00
Jack Grigg
6197a0ef62
Use `group::Wnaf` to accelerate `sinsemilla::CommitDomain::commit`
...
Performance improvements:
- Commit^ivk: ~31%
- NoteCommit: ~22%
2021-08-12 15:45:00 +01:00
str4d
5f0c3b3585
Merge pull request #179 from zcash/sinsemilla-bases
...
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
2021-08-12 15:18:38 +01:00
therealyingtong
92a7e20d30
Remove sinsemilla_s_generators() function.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-08-12 20:54:51 +08:00
Jack Grigg
c79acc0e08
Fix length of output Vec for `SharedSecret::batch_to_affine`
...
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
2021-08-12 13:40:56 +01:00
therealyingtong
a9e96eb0a4
sinsemilla_s: Add documentation.
2021-08-12 16:15:24 +08:00
therealyingtong
995728caa6
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
2021-08-12 15:45:14 +08:00
Jack Grigg
8e13986101
Implement `Domain::batch_epk` for note decryption
...
Improves throughput of batched trial decryption by around 10%.
2021-08-12 01:36:38 +01:00
Jack Grigg
8c15cc25be
Benchmark batch trial decryption
2021-08-12 01:36:38 +01:00
Jack Grigg
0d306d18aa
Expose and benchmark Poseidon
2021-08-10 13:44:04 +01:00
Jack Grigg
08b279b900
Expose and benchmark Sinsemilla primitive
2021-08-10 13:39:14 +01:00
therealyingtong
e62cfaa398
ExtractedNoteCommitment::from_bytes: Document cmx canonicity.
2021-08-09 20:11:27 +08:00
Jack Grigg
f4a8c082a9
Use w-NAF in `ka_orchard`
...
Improves the base-line cost of trial decryption by over 40%.
2021-08-06 13:43:19 +01:00
Jack Grigg
2283310236
Expose `orchard::note_encryption::{CompactAction, OrchardNoteEncryption}`
...
This also removes the `orchard::OrchardDomain` re-export, which is now
available at `orchard::note_encryption::OrchardDomain`.
2021-08-06 01:01:12 +01:00
Kris Nuttycombe
d8091dd575
Update incrementalmerkletree version.
2021-08-05 07:51:19 -06:00
Daira Hopwood
e4612f7f6c
Update Poseidon instantiation from 58 to 56 partial rounds. fixes #166
...
Test vectors are from https://github.com/zcash-hackworks/zcash-test-vectors/pull/45
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-04 13:04:13 +01:00
Jack Grigg
9af22a8cbc
circuit: Add region layout diagrams for y_switch constraint
...
Helps to see why we can't optimise it to remove the `prev` query.
2021-07-29 20:57:33 +01:00