Kris Nuttycombe
77be355912
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
0449edd5b8
Validate the sign of the y-coordinate for ak when deserializing.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
43abadfb55
Adds decryption for a specific index within a bundle.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
c406461f64
Expose inner representation of NoteValue
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
872f337811
Expose SpendingKey byte representation.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
c803114bf6
Go ahead and clone IVKs to limit borrowing hassles.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
d8bf892c72
Return key used to decrypt an output along with decrypted note contents.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
5d78ab3508
Add Eq and Ord implementations for Orchard keys.
2021-08-23 11:29:06 -06:00
Kris Nuttycombe
52f0f158ef
Add serialization and parsing of full viewing keys.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
1fd00e6236
Add raw address serialization and parsing.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
e33cd4ade4
Add trial decryption of actions to Bundle
2021-08-23 11:28:25 -06:00
Kris Nuttycombe
77cf4c9831
Implement IncomingViewingKey::to_bytes
2021-08-23 11:27:02 -06:00
str4d
b4a82211ce
Merge pull request #184 from zcash/poseidon-domain-spec
...
poseidon::Domain: Remove Spec trait bound.
2021-08-17 12:55:01 +01:00
str4d
cb28e00ebd
Merge pull request #178 from zcash/batch-note-decryption
...
Speed up batched note decryption
2021-08-13 14:27:41 +01:00
Jack Grigg
79988a5317
Move the interpolation logic into `SharedSecret::batch_to_affine`
...
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
2021-08-13 14:27:20 +01:00
therealyingtong
1f852544cf
poseidon::Domain: Remove Spec trait bound.
...
The methods in the Domain trait are not generic over Spec.
2021-08-13 14:47:02 +08:00
str4d
4e33fe7aec
Use correct symbol for incomplete addition
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:34:35 +01:00
str4d
459e68b71e
Fix clippy lint
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:32:14 +01:00
Jack Grigg
9f3c9a7e60
Use mixed addition for Sinsemilla bases
...
Performance improvements:
- MerkleCRH: ~5%
- Commit^ivk: ~1%
- NoteCommit: ~3%
2021-08-12 15:45:00 +01:00
Jack Grigg
6197a0ef62
Use `group::Wnaf` to accelerate `sinsemilla::CommitDomain::commit`
...
Performance improvements:
- Commit^ivk: ~31%
- NoteCommit: ~22%
2021-08-12 15:45:00 +01:00
str4d
5f0c3b3585
Merge pull request #179 from zcash/sinsemilla-bases
...
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
2021-08-12 15:18:38 +01:00
therealyingtong
92a7e20d30
Remove sinsemilla_s_generators() function.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-08-12 20:54:51 +08:00
Jack Grigg
c79acc0e08
Fix length of output Vec for `SharedSecret::batch_to_affine`
...
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
2021-08-12 13:40:56 +01:00
therealyingtong
a9e96eb0a4
sinsemilla_s: Add documentation.
2021-08-12 16:15:24 +08:00
therealyingtong
995728caa6
primitives::sinsemilla: Use hard-coded generators in sinsemilla_s.
2021-08-12 15:45:14 +08:00
Jack Grigg
8e13986101
Implement `Domain::batch_epk` for note decryption
...
Improves throughput of batched trial decryption by around 10%.
2021-08-12 01:36:38 +01:00
Jack Grigg
8c15cc25be
Benchmark batch trial decryption
2021-08-12 01:36:38 +01:00
Jack Grigg
0d306d18aa
Expose and benchmark Poseidon
2021-08-10 13:44:04 +01:00
Jack Grigg
08b279b900
Expose and benchmark Sinsemilla primitive
2021-08-10 13:39:14 +01:00
therealyingtong
e62cfaa398
ExtractedNoteCommitment::from_bytes: Document cmx canonicity.
2021-08-09 20:11:27 +08:00
Jack Grigg
f4a8c082a9
Use w-NAF in `ka_orchard`
...
Improves the base-line cost of trial decryption by over 40%.
2021-08-06 13:43:19 +01:00
Jack Grigg
2283310236
Expose `orchard::note_encryption::{CompactAction, OrchardNoteEncryption}`
...
This also removes the `orchard::OrchardDomain` re-export, which is now
available at `orchard::note_encryption::OrchardDomain`.
2021-08-06 01:01:12 +01:00
Kris Nuttycombe
d8091dd575
Update incrementalmerkletree version.
2021-08-05 07:51:19 -06:00
Daira Hopwood
e4612f7f6c
Update Poseidon instantiation from 58 to 56 partial rounds. fixes #166
...
Test vectors are from https://github.com/zcash-hackworks/zcash-test-vectors/pull/45
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-04 13:04:13 +01:00
str4d
8454f86d42
Merge pull request #140 from nuttycom/bundle_zip244_commitments
...
Implement ZIP-244 txid and authorizing commitments.
2021-07-29 14:45:24 +01:00
Kris Nuttycombe
40d80c4d6f
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 07:16:14 -06:00
Jack Grigg
9117273c08
Fix bug in `Builder` initialization of `Circuit` struct
...
`rcv` was being used correctly outside the circuit to derive `cv_net`
but then `Circuit` was just storing 0. The `round_trip` test passed
because it uses `rcv = 0` everywhere.
2021-07-28 22:51:43 +01:00
Jack Grigg
a33d1bd90f
Add circuit benchmarks and (on Unix) flamegraphs
...
- Benchmarks: `cargo bench`
- Flamegraphs: `cargo bench -- --profile-time 100`
2021-07-28 15:09:31 +01:00
Jack Grigg
513f3cf8a6
Make `Builder::build` public
2021-07-28 14:37:12 +01:00
Jack Grigg
01fbd59683
Move proof creation out of `Builder::build`
2021-07-28 14:37:12 +01:00
Jack Grigg
6b495f711a
Extract InProgress type from Unauthorized and PartiallyAuthorized
...
This enables bundle proofs and signatures to be handled separately
outside the builder.
2021-07-28 13:48:03 +01:00
Daira Hopwood
145da9c510
Update to assign_table API.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-27 18:32:32 +01:00
therealyingtong
d3a7e9ed39
lookup_range_check: Merge running sum and short lookup arguments.
...
The lookup running sum decomposition uses the same lookup table as
its short variant. These two lookup arguments have been merged.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 09:50:17 +01:00
str4d
bb90f2eb7d
Merge pull request #101 from zcash/action-circuit
...
Action circuit
2021-07-27 09:49:23 +01:00
str4d
620e227854
Fix y-coordinate recovery in NoteCommit tests
2021-07-27 09:27:33 +01:00
therealyingtong
3f506a0129
circuit.rs: Minor cleanups and column optimisations.
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 15:41:26 +08:00
therealyingtong
664125f44f
commit_ivk::tests: Check value of output ivk against expected ivk.
2021-07-27 15:33:13 +08:00
therealyingtong
fa135fe62e
note_commit::tests: Constrain output of NoteCommit to expected point.
2021-07-27 15:23:00 +08:00
therealyingtong
7aa3174880
sinsemilla::note_commit: Improve NoteCommit gate layout.
...
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
This commit also includes several minor fixes:
- use strict mode for decomposition of j in y-coordinate check;
- Name All Polynomial Constraints;
- remove point_repr() helper function;
- variable renaming and docfixes.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 13:51:35 +08:00
therealyingtong
e4a960d7f1
sinsemilla::note_commit: Simplify y canonicity check region layout
...
Instead of separately witnessing k_1 and equating it to z1_j, we
can directly make use of z1_j in the gate. This allows us to fit
the region into a 5 x 2 area, improving the layout.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-27 12:49:42 +08:00