zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
427 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

427 Commits

Author SHA1 Message Date
Kris Nuttycombe ce4697aca5 Add construction of OrchardIncrementalTreeDigest 2021-06-22 18:14:27 -06:00
Kris Nuttycombe 4bb252eb0c Add Orchard incremental merkle tree digests. 2021-06-22 18:14:27 -06:00
str4d 71756cffda
Merge pull request #128 from zcash/bundle-dynamic-usage 
Add `Bundle<Authorized, _>::dynamic_usage` method
 2021-06-22 17:46:15 +01:00
str4d 66340e2655
Merge pull request #67 from zcash/sinsemilla-chip-config 
Sinsemilla chip with HashDomain
 2021-06-22 16:20:35 +01:00
Jack Grigg 06f7d7fbe0 Add `Bundle<Authorized, _>::dynamic_usage` method 
This will be used by `zcashd` as part of tracking the memory usage of
transactions.
 2021-06-22 16:06:49 +01:00
str4d a64a1cb951
Merge pull request #127 from daira/clippy-nightly-clean 
Make this crate clippy clean for warnings on nightly
 2021-06-21 18:48:38 +01:00
Daira Hopwood 81fb944997 Make this crate clippy clean for warnings on nightly. 
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:04:00 +01:00
Daira Hopwood 8af84479b3 Rename "Sinsemilla gate" constraint to "y check". 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 17:04:47 +01:00
str4d 93a7f1db22
Merge pull request #126 from zcash/proof-verification 
Add `Bundle<Authorized, _>::verify_proof` API
 2021-06-21 15:39:09 +01:00
Jack Grigg 62642fd804 Add `Bundle<Authorized, _>::verify_proof` API 2021-06-21 13:38:43 +01:00
therealyingtong bd08808566 SinsemillaChip::configure(): Merge "Initial y_q" gate with main gate 
This allows the MockProver to see the fixed_y_q query as semantically
connected to q_sinsemilla1.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 20:56:56 +08:00
Jack Grigg a01c2ee829 test: Print layout for Sinsemilla test circuit 2021-06-20 11:51:33 +01:00
str4d 5f5238f411
Doc comment fixes 2021-06-20 11:30:43 +01:00
therealyingtong 002596f6cd Docfixes and cleanups. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 12:11:01 +08:00
therealyingtong 744f3d1653 SinsemillaChip::configure(): Combine and label gates. 
The gates "Secant line" and "Sinsemilla gate" were using the same
selectors and could be combined.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 11:26:59 +08:00
therealyingtong eccd72fcd0 hash_piece(): Remove (correct) duplicate assignment of x_a. 
hash_piece() is an internal API, which means its caller hash_message()
is working in the same region. We rely on the caller to have already
assigned each piece's initial x_a at the correct offset before making
the call to hash_piece().

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 11:14:02 +08:00
therealyingtong 9ce29d9d4d hash_to_point(): Introduce final_piece boolean flag 
This toggles the assignment of q_s2 on the last row of each piece.
We assign q_s2 = 2 on the last row of the final piece, and q_s2 = 0
on the last row of other pieces.

This allows us to process the final_piece in the main loop together
with the other pieces.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 11:00:14 +08:00
therealyingtong 031bb0bc87 SinsemillaChip::configure(): Introduce closures for Y_A and x_r 
These expressions are derived multiple times in the gates.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 10:43:24 +08:00
therealyingtong 9072ed437d generator_table.rs: Fix bug in y_p lookup expression. 
Also, GeneratorTable::configure() was not being called in the main
SinsemillaChip::configure(), which meant the lookup argument had
not been activated. This has now been fixed.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-20 10:34:03 +08:00
Daira Hopwood 3543bab39d
Merge pull request #82 from zcash/book-sinsemilla-gadget 
[book] Add Sinsemilla gadget description
 2021-06-20 01:07:58 +01:00
therealyingtong 2f6ca9e6de generator_table.rs: Enforce z_n = 0 for the last message piece. 2021-06-19 22:39:19 +08:00
Daira Hopwood 9adeead975 [book] Make the order of advice columns for Sinsemilla the same as in the code. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-19 15:35:34 +01:00
Daira Hopwood 9dc909e842 [book] Formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-19 13:37:07 +01:00
Daira Hopwood 2a8fe30fa8 [book] Clarify that x_Q, z_0, z'_0, etc. are copied in using equality constraints. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-19 13:32:11 +01:00
therealyingtong 158ab865f8 gadget::sinsemilla.rs: Add Sinsemilla test. 2021-06-19 18:17:11 +08:00
therealyingtong eba2172f4f chip::hash_to_point.rs: Implement hash_to_point instruction. 2021-06-19 18:17:10 +08:00
therealyingtong f122e481a7 sinsemilla::chip.rs: Configure Sinsemilla gates. 2021-06-19 18:17:09 +08:00
therealyingtong 7cddc9b587 sinsemilla::chip.rs: Implement witness_message_* APIs. 
witness_message() witnesses a full message given a bitstring.

The other two APIs, witness_message_piece_bitstring() and
witness_message_piece_field(), both witness a message piece, i.e.
part of a message that fits within a single base field element.

witness_message_piece_bitstring() takes in a bitstring, while
witness_message_piece_field() takes in a field element. In the
latter case, the number of words encoded must be specified.
 2021-06-19 18:14:22 +08:00
therealyingtong 74e617b46d chip::generator_table.rs: Load Sinsemilla generator lookup table. 
The 2^K table of generators used in the Sinsemilla hash. These
are loaded into a lookup table.
 2021-06-19 18:14:22 +08:00
therealyingtong ebb7dae063 sinsemilla::chip.rs: Add Sinsemilla chip. 
The chip that will implement SinsemillaInstructions.
 2021-06-19 18:14:22 +08:00
therealyingtong e2859df4eb sinsemilla::message.rs: Add message module. 
This defines a Sinsemilla message in terms of pieces and subpieces.
This is useful when decomposing field elements and packing them
into K-bit messages.
 2021-06-19 18:14:22 +08:00
therealyingtong af2ac762f4 gadget::sinsemilla.rs: Add Sinsemilla instructions. 
SinsemillaInstructions has two const generic parameters: K, which
is the number of bits in each word of the hash, and MAX_WORDS,
which is the maximum number of words the hash can process.

For Orchard, K = 10, MAX_WORDS = 253.
 2021-06-19 18:14:22 +08:00
therealyingtong 83eddd8857 ecc::chip.rs: Add Point::from_coordinates_unchecked() API 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-19 18:14:22 +08:00
Daira Hopwood 48573705dc [book] Adjust the definition of m_{i+1} so that the last z_n does not need to be constrained to 0. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-19 08:53:41 +01:00
Daira Hopwood 22036e9f41 [book] More formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-18 22:49:46 +01:00
Daira Hopwood aac10b816f [book] Formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-18 22:45:50 +01:00
Daira Hopwood dc021a2ef1 [book] Merge two similar paragraphs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-18 22:20:09 +01:00
Daira Hopwood 82316b607b [book] Update the Sinsemilla constraints to handle the gap between field elements correctly. 
This also changes i to be zero-based, which is more consistent with the spec.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-18 22:12:48 +01:00
Daira Hopwood 4cd0082294
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-06-18 21:27:55 +01:00
str4d 0b6bd66714
Merge pull request #120 from daira/fix-clippy-lints 
Fix clippy lints
 2021-06-16 20:24:02 +01:00
Daira Hopwood 1c19bea842 Fix clippy lints. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-16 19:13:40 +01:00
str4d 37b1b7f357
Merge pull request #119 from zcash/anchor-serialization 
Anchor serialization APIs
 2021-06-15 16:25:36 +01:00
Jack Grigg 5264d53498 impl Copy for Anchor 2021-06-15 15:42:06 +01:00
Jack Grigg 019ae7da8e Anchor::{from_bytes, to_bytes} 2021-06-15 15:41:57 +01:00
Daira Hopwood e412a5a25b
Merge pull request #115 from zcash/anchor-type 
Store anchors as pallas::Base instead of [u8; 32]
 2021-06-15 14:18:48 +01:00
str4d f7c64e0437
Merge pull request #117 from zcash/change-dep-patching 
Use patches for halo2 and zcash_note_encryption dependencies
 2021-06-15 01:09:18 +01:00
Jack Grigg 5759d66470 Use patches for halo2 and zcash_note_encryption dependencies 
While these two are in flux, it's hard to keep these revisions consistent
(e.g. https://github.com/zcash/zcash/pull/5217 currently depends on two
different versions of zcash_note_encryption). Using patches allows the
downstream users (i.e. zcashd) to define its own set of patches, and keep
everything in sync. This works fine now because we aren't actively making
changes to the public APIs, only additions.
 2021-06-14 23:17:15 +01:00
str4d 63ca1f8d3a
Merge pull request #116 from zcash/signature-validation 
Signature validation APIs
 2021-06-14 22:42:36 +01:00
Jack Grigg e90a5972f1 redpallas: Expose batch validation API 2021-06-14 21:41:12 +01:00
Jack Grigg eec17a9174 Add a `Bundle::binding_validating_key` method 
This derives the `bvk` for validating `Authorized::binding_signature`.
 2021-06-14 21:40:28 +01:00