Commit Graph

266 Commits

Author SHA1 Message Date
Deirdre Connolly b9737fc0e8 Random z MUST be {1..2^128-1}, so we loop in case we (rarely) randomly generate a zero 2021-02-05 15:12:10 -05:00
Deirdre Connolly 9becaf5079 Check all batch item inputs sizes against the supplied VerifyingKey first 2021-02-04 19:20:45 -05:00
Deirdre Connolly 3e237a9ab1 Mark rng as &mut in closure 2021-02-04 19:11:11 -05:00
Deirdre Connolly ce345d97d5 Add docs 2021-02-04 18:54:23 -05:00
Deirdre Connolly 140d31d24e
Format comment about optimizing miller loop terms
Co-authored-by: str4d <thestr4d@gmail.com>
2021-02-03 21:20:46 -05:00
Deirdre Connolly 8e4d566887
Update doc re: VerifiyingKey
Co-authored-by: str4d <thestr4d@gmail.com>
2021-02-03 20:21:04 -05:00
Deirdre Connolly 70cc09e7e6
Tidy tuple return
Co-authored-by: str4d <thestr4d@gmail.com>
2021-02-03 20:18:34 -05:00
Deirdre Connolly 25b1a8cf6d Tidy up some batch verification math based on review 2021-02-01 19:57:15 -05:00
Deirdre Connolly be65838165 Add groth16 batch verify test and benchmarks 2021-02-01 00:24:51 -05:00
Deirdre Connolly b750faa607 Add common mimc test utils 2021-02-01 00:23:19 -05:00
Deirdre Connolly 414c4f2e88 Finish groth16 batch verification math 2021-02-01 00:23:19 -05:00
Jane Lusby 5b0226b268 port bellman batch changes from librustzcash 2021-02-01 00:23:19 -05:00
ebfull 59e6fc0d47
Merge pull request #63 from zkcrypto/release-0.9.0
bellman 0.9.0
2021-01-26 15:04:51 -07:00
Jack Grigg 9a5fa5dc97 bellman 0.9.0 2021-01-26 21:41:47 +00:00
ebfull 90be7d9826
Merge pull request #62 from zkcrypto/rand-dependency-updates
Bump dependencies
2021-01-26 14:31:22 -07:00
Jack Grigg e0e98c631e Bump MSRV to 1.47.0 2021-01-26 21:14:43 +00:00
Jack Grigg 1944122407 hex-literal 0.3 2021-01-26 21:13:56 +00:00
Jack Grigg 8113d8beab bitvec 0.20 2021-01-26 21:13:16 +00:00
Jack Grigg 6491440eae Bump ff to 0.9 2021-01-26 19:31:04 +00:00
ebfull fa9be45588
Merge pull request #58 from zkcrypto/release-0.8.1
Release v0.8.1
2020-11-10 11:39:04 -07:00
Sean Bowe 2059de8bb3
Release v0.8.1 2020-11-10 11:33:02 -07:00
ebfull a51a6a08f8
Merge pull request #55 from w3f/pub-multiexp
Makes multiexp module public
2020-11-10 07:34:35 -07:00
ebfull a2c22a474e
Merge pull request #57 from zkcrypto/fix-nightly-deref-issue
Fix deref breakage with nightly-2020-10-06
2020-11-02 09:23:04 -07:00
Jack Grigg a5ff6f514b Fix deref breakage with nightly-2020-10-06
Fixes the following error:
  cannot multiply-assign `<E as Engine>::Fr` by `&&<E as Engine>::Fr`

I think this is related to:
  https://github.com/rust-lang/rust/issues/77638
2020-10-30 00:25:57 +00:00
Sergey Vasilyev eec6155ec4 makes multiexp module public 2020-10-25 23:26:35 +03:00
ebfull 0f2244fdb4
Merge pull request #53 from zkcrypto/release-0.8.0
Release 0.8.0
2020-09-08 17:04:14 -06:00
Jack Grigg f0141b6f69 bellman 0.8.0 2020-09-08 23:54:10 +01:00
ebfull e35089357e
Merge pull request #52 from zkcrypto/ff-0.8
Fix performance regression in multiexp
2020-09-08 16:53:05 -06:00
Jack Grigg f3c8d4e634 Add Actions CI workflow 2020-09-08 23:46:57 +01:00
Jack Grigg ec638e4d02 Replace bit-vec crate with bitvec 2020-09-08 23:44:20 +01:00
Jack Grigg e6a404a29e Pass exponent bits into multiexp instead of exponents themselves
This de-duplicates multiple Montgomery reductions.
2020-09-08 23:44:20 +01:00
Jack Grigg f90fa65a32 Migrate to ff 0.8
MSRV is now 1.44.0, matching the ff crate.
2020-09-08 23:44:20 +01:00
ebfull 81f4aac8c7
Merge pull request #50 from zkcrypto/release-0.7.0
Release 0.7.0
2020-08-25 16:34:28 -06:00
Jack Grigg 212f8ae3fe Remove paths from dependencies
Now that we have extracted the release changes from the
zcash/librustzcash subtree, we are no longer in a workspace with
relative paths to these dependencies.
2020-08-25 23:33:43 +01:00
Jack Grigg 227890761a Add missing intra-doc link 2020-08-25 23:32:14 +01:00
Jack Grigg 9738f45d1d s/into_iter/iter to fix warnings 2020-08-25 23:30:20 +01:00
Jack Grigg 18a85dc3bd Remove unnecessary extern crates
Since Rust 2018, these are implied.
2020-08-25 23:29:52 +01:00
Jack Grigg 2030fb488b bellman 0.7.0 2020-08-25 23:11:18 +01:00
Jack Grigg c3cfe43dad bls12_381 0.2.0 2020-08-25 23:11:18 +01:00
Jack Grigg 1f3ffdd5a1 pairing 0.17.0 2020-08-25 23:11:18 +01:00
Jack Grigg 9d85d4eac3 group 0.7.0 2020-08-25 23:11:18 +01:00
Jack Grigg 8521902516 ff 0.7.0 2020-08-25 23:11:18 +01:00
Jack Grigg 459fa4a635 pairing: Remove BLS12-381 implementation
It is replaced by the bls12_381 crate.
2020-08-25 23:11:18 +01:00
Jack Grigg 200901d496 s/{pairing::bls12_381, zcash_primitives::jubjub}/{bls12_381, jubjub}
FINALLY.
2020-08-25 23:11:18 +01:00
Jack Grigg 6c76adca08 bellman: Migrate to bit-vec 0.6 2020-08-25 23:11:18 +01:00
Jack Grigg 10ac7ce51f bellman: Migrate to sha2 0.9 2020-08-25 23:11:18 +01:00
Jack Grigg b6a2e4e485 pairing: Require G1 and G2 to be PrimeCurve
Pairings require that G1, G2, and GT are groups of prime order.
2020-08-25 23:11:18 +01:00
Jack Grigg 74c7d4914d group: Hard-code a w-NAF window size of 4
We were already ignoring the actual bit length of the scalar, and
selecting the window size based on the maximum bit length, which
effectively hard-coded a window size of 4.
2020-08-25 23:11:18 +01:00
Jack Grigg 6875667f1d group: CofactorGroup::mul_by_cofactor -> CofactorGroup::clear_cofactor
The generic API now only guarantees that the torsion component is
cleared deterministically; group elements may be multiplied by multiples
of the cofactor (not necessarily the actual cofactor), as long as the
choice of multiplier is fixed for a given implementation.
2020-08-25 23:11:18 +01:00
Henry de Valence e534f36ec4 bellman: add VerificationError (#254)
* bellman: add VerificationError

This adds a distinct VerificationError type to the crate and changes
`verify_proof` to return `Result<(), VerificationError>` rather than
`Result<bool, SynthesisError>`.  This is significantly safer, because it avoids
the need to mix pattern-matching logic with boolean logic (the cause of
RUSTSEC-2019-0004).

* Rename VerificationError variants per review comments.

* Add missing Clone impl to VerificationError.
2020-08-25 23:11:18 +01:00