Commit Graph

852 Commits

Author SHA1 Message Date
Jack Grigg f468e604e3 pprof 0.6 2021-12-17 17:05:23 +00:00
Jack Grigg 4af28cb6d4 incrementalmerkletree 0.2 2021-12-17 16:39:48 +00:00
str4d cad50e7611
Merge pull request #265 from zcash/zcash_note_encryption-api-cleanups
Migrate to latest `zcash_note_encryption` API
2021-12-17 13:43:07 +00:00
Jack Grigg 4b0b32275f Migrate to latest `zcash_note_encryption` API 2021-12-17 05:31:24 +00:00
ebfull 4592c2f275
Merge pull request #262 from zcash/261-ak_P-reject-identity
Reject the identity in `SpendValidatingKey::from_bytes`
2021-12-16 08:19:58 -07:00
str4d a5de219cee
Merge pull request #258 from zcash/ci-benchmarks
CI: Benchmark tweaks
2021-12-15 23:14:33 +00:00
Jack Grigg 044844c0a0 Reject the identity in `SpendValidatingKey::from_bytes`
`ak_P` is not allowed to be the identity in the Orchard protocol. We
were enforcing this by construction in most places, except for the
parsing of an Orchard full viewing key.

Closes zcash/orchard#261.
2021-12-15 13:48:59 +00:00
Jack Grigg eca0dd7177 CI: Switch to storing benchmarks in gh-pages branch 2021-12-09 21:43:56 +00:00
Jack Grigg 84aa43fe8b bench: Fix circuit benchmarks
Criterion's benchmark grouping does not match on group names; it only
groups benchmarks that are run prior to that specific benchmark group
instance being dropped. Since each benchmark group holds a mutable
reference to the criterion instance, this means we can't have multiple
active groups collecting measurements. Instead, we need to collect the
proving benchmarks for all recipient numbers, followed by verification
benchmarks.
2021-12-09 13:18:39 +00:00
str4d 99b767a3a1
Merge pull request #252 from zcash/circuit-pin-proof-size
circuit: Pin the proof size
2021-12-06 20:03:22 +00:00
Jack Grigg fe7796b884 circuit: Ensure that the real proof length matches calculated length 2021-12-06 19:44:44 +00:00
Jack Grigg e2c300368b circuit: Pin the proof size
This is to ensure that if any future circuit changes are made, their
effect on the proof size (if any) will be noticed.
2021-12-06 18:01:55 +00:00
ebfull 53b68ea799
Merge pull request #249 from zcash/241-spendingkey-ct_eq
Replace `PartialEq, PartialOrd` with `ConstantTimeEq` on `{Extended}SpendingKey`
2021-12-02 11:45:44 -07:00
Jack Grigg 37f1bba998 Remove `PartialEq, PartialOrd` impls from `{Extended}SpendingKey` 2021-11-30 23:25:35 +00:00
Jack Grigg 674ceb54c8 `impl ConstantTimeEq for {Extended}SpendingKey` 2021-11-30 23:24:50 +00:00
str4d 68b790c7da
Merge pull request #239 from nuttycom/di_from_bytes
Add construction of DiversifierIndex directly from bytes.
2021-11-29 17:46:44 +00:00
Kris Nuttycombe 14c4b40dfc Add construction of DiversifierIndex directly from bytes. 2021-11-24 18:09:25 -07:00
str4d 067e26822d
Merge pull request #238 from zcash/reddsa-0.1.0
Use reddsa 0.1 instead of the git dependency
2021-11-23 14:12:19 +00:00
Jack Grigg 1cd9e7d4d4 Use reddsa 0.1 instead of the git dependency 2021-11-19 23:10:46 +00:00
ying tong dfcea20569
Merge pull request #218 from zcash/zcash_note_encryption-batchdomain
Migrate to `zcash_note_encryption::BatchDomain`
2021-11-17 15:13:57 +01:00
str4d 465afd162e
Merge pull request #229 from zcash/228-fix-ivk-to_bytes
Fix `IncomingViewingKey::to_bytes`
2021-11-17 13:30:54 +00:00
Jack Grigg 8c018eff7e Migrate to `zcash_note_encryption::BatchDomain` 2021-11-17 12:15:21 +00:00
Jack Grigg 235cd791b4 Fix `IncomingViewingKey::to_bytes`
`slice::copy_from_slice` panics if the source and destination slices are
not the same length.

Closes zcash/orchard#228.
2021-11-17 12:12:20 +00:00
str4d d43ad00b8d
Merge pull request #223 from dconnolly/patch-1
Add `orchard::circuit::Instance::from_parts()`
2021-11-17 11:12:16 +00:00
Deirdre Connolly 568e24cd5f Derive Clone for circuit::Instance 2021-11-04 23:30:57 -04:00
Deirdre Connolly 7412dfe79a
Update src/circuit.rs
Co-authored-by: str4d <thestr4d@gmail.com>
2021-11-04 17:54:30 -04:00
Deirdre Connolly e51e92e848 Add `orchard::circuit::Instance::from_parts()` 2021-11-03 23:24:54 -04:00
ebfull 4f9c0be42e
Merge pull request #187 from zcash/poseidon-fq
primitives::poseidon: Add constants for Fq field modulus.
2021-10-15 08:29:01 -06:00
therealyingtong c61524ea29 p128pow5t3::tests: Extract verify_constants_helper.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-10-12 11:58:27 +02:00
therealyingtong 2c97e56da7 Add hash() and permute() test vectors for Poseidon over Fq. 2021-10-12 11:58:27 +02:00
therealyingtong f5775b6c6d p128pow5t3.rs: Test against reference input for Fq field modulus. 2021-10-12 11:58:27 +02:00
therealyingtong 4eb4c57827 Impl Spec for P128Pow5T3 over Fq. 2021-10-12 11:58:27 +02:00
therealyingtong 764c445a81 Rename poseidon::nullifier -> poseidon::p128pow5t3. 2021-10-12 11:58:27 +02:00
therealyingtong 8e00f69d63 primitives::poseidon: Add constants for Fq field modulus. 2021-10-12 11:58:27 +02:00
str4d 2c8241f25b
Merge pull request #209 from zcash/circuit-bugfixes
Circuit bugfixes
2021-09-29 10:06:25 +13:00
Jack Grigg 631182fb77 Update selector columns in expected-failure tests
The addition of the non-identity selector caused the layouter to reorder
some of the selectors in the ECC gadget test circuit.
2021-09-28 21:49:06 +01:00
str4d 41066a310a
Merge pull request #208 from zcash/halo2-beta-1
Switch to halo2 0.1.0-beta.1
2021-09-29 09:12:15 +13:00
Daira Hopwood d77cb82c8d
Apply suggestions from code review
Co-authored-by: str4d <jack@electriccoin.co>
2021-09-28 21:09:39 +01:00
Jack Grigg d0056d9050 Test that we can't witness the identity as a NonIdentityPoint 2021-09-28 21:00:29 +01:00
Jack Grigg 608da3f686 Switch to halo2 0.1.0-beta.1
This is equivalent to the git revision we were previously patching.
2021-09-28 20:48:19 +01:00
Sean Bowe ebfd919abc Update circuit description. 2021-09-28 20:31:32 +01:00
str4d aec3b1d52d Remove unnecessary clones in closure 2021-09-28 20:31:32 +01:00
therealyingtong 52f53f3425 Remove IsIdentity trait from public EccInstructions.
We only need is_identity() in tests and can implement it on the
concrete EccPoint type. This method is flagged off by #[cfg(test)].

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong c80ccba801 Witness cm_old using Point::new().
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
therealyingtong b0de6afd7c Reintroduce Point::new() API and constraints.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 20:31:32 +01:00
Jack Grigg 751277cdb2 Remove `EccInstructions::NonIdentityPoint: TryFrom<Self::Point>` bound
After the previous commit, this is no longer used anywhere. Additionally
it was not enforcing the conversion in the circuit, which could lead to
circuit implementation mistakes.
2021-09-28 13:13:25 -06:00
Jack Grigg 97c27e3d5a Use complete addition in SinsemillaCommit
This is necessary because the blinding factor r can be zero with greater
than negligible probability in an adversarial case, which with incomplete
addition would cause the circuit to compute a commitment that is not on
the curve.
2021-09-28 13:13:25 -06:00
therealyingtong 8c8a12a8df Minor fixes.
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-09-28 13:13:25 -06:00
therealyingtong fa560d3aee Replace is_identity() instruction with IsIdentity trait. 2021-09-28 13:13:25 -06:00
therealyingtong 4a13ab4f6b Docfixes.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-09-28 13:13:25 -06:00