Configure Sinsemilla chip

zcash · Apr 21, 2021 · c90c3b3 · c90c3b3
1 parent 474feda
commit c90c3b3
Showing 1 changed file with 82 additions and 1 deletion.
diff --git a/src/circuit/gadget/sinsemilla/chip.rs b/src/circuit/gadget/sinsemilla/chip.rs
@@ -2,10 +2,15 @@ use super::super::ecc::chip::{EccChip, EccConfig};
 use super::{CommitDomains, HashDomains, SinsemillaInstructions};
 
 use crate::constants::OrchardFixedBases;
+use crate::primitives::sinsemilla::K;
+
+use ff::Field;
+use group::Curve;
 use halo2::{
     arithmetic::{CurveAffine, FieldExt},
     circuit::{Cell, Layouter},
-    plonk::{Error, Selector},
+    plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
+    poly::Rotation,
 };
 
 mod generator_table;
@@ -92,6 +97,82 @@ impl<C: CurveAffine> CommitDomains<C, OrchardFixedBases<C>, OrchardHashDomains<C
     }
 }
 
+/// Configuration for the ECC chip
+#[derive(Clone, Debug)]
+#[allow(non_snake_case)]
+pub struct SinsemillaConfig {
+    ecc_config: EccConfig,
+    generator_table: GeneratorTable,
+    q_sinsemilla: Selector,
+}
+
+#[allow(non_snake_case)]
+impl<C: CurveAffine> EccChip<C> {
+    fn configure_sinsemilla(
+        meta: &mut ConstraintSystem<C::Base>,
+        q_sinsemilla: Selector,
+        bits: Column<Advice>,
+        u: Column<Advice>,
+        A: (Column<Advice>, Column<Advice>),
+        P: (Column<Advice>, Column<Advice>),
+        lambda: (Column<Advice>, Column<Advice>),
+        add_complete_bool: [Column<Advice>; 4],
+        add_complete_inv: [Column<Advice>; 4],
+    ) -> SinsemillaConfig {
+        let ecc_config = EccChip::<C>::configure(
+            meta,
+            bits,
+            u,
+            A,
+            P,
+            lambda,
+            add_complete_bool,
+            add_complete_inv,
+        );
+
+        // Fixed column for Sinsemilla selector
+        let sinsemilla_cur = meta.query_selector(q_sinsemilla, Rotation::cur());
+
+        // m_i = z_{i + 1} - (z_i * 2^k)
+        let z_cur = meta.query_advice(ecc_config.bits, Rotation::cur());
+        let z_next = meta.query_advice(ecc_config.bits, Rotation::next());
+        let m = z_next - z_cur * C::Base::from_u64((1 << K) as u64);
+
+        // y_a = (1/2) ⋅ (lambda1 + lambda2) ⋅ (x_a - (lambda1^2 - x_a - x_p))
+        let lambda1_cur = meta.query_advice(ecc_config.lambda.0, Rotation::cur());
+        let lambda2_cur = meta.query_advice(ecc_config.lambda.1, Rotation::cur());
+        let x_a_cur = meta.query_advice(ecc_config.A.0, Rotation::cur());
+        let x_p_cur = meta.query_advice(ecc_config.P.0, Rotation::cur());
+        let y_a_cur = (lambda1_cur.clone() + lambda2_cur.clone())
+            * (x_a_cur.clone()
+                - (lambda1_cur.clone() * lambda1_cur.clone() - x_a_cur.clone() - x_p_cur.clone()))
+            * C::Base::TWO_INV;
+
+        // y_p = y_a - lambda1 ⋅ (x_a - x_p)
+        let y_p = y_a_cur.clone() - lambda1_cur.clone() * (x_a_cur.clone() - x_p_cur.clone());
+
+        let (x_p_init, y_p_init) = get_s_by_idx::<C>(0).to_affine().get_xy().unwrap();
+
+        let generator_table = GeneratorTable::configure::<C>(
+            meta,
+            sinsemilla_cur.clone() * m
+                + (Expression::Constant(C::Base::one()) - sinsemilla_cur.clone()) * C::Base::zero(),
+            sinsemilla_cur.clone() * x_p_cur.clone()
+                + (Expression::Constant(C::Base::one()) - sinsemilla_cur.clone()) * x_p_init,
+            sinsemilla_cur.clone() * y_p
+                + (Expression::Constant(C::Base::one()) - sinsemilla_cur.clone()) * y_p_init,
+        );
+
+        // TODO: create gates
+
+        SinsemillaConfig {
+            ecc_config,
+            generator_table,
+            q_sinsemilla,
+        }
+    }
+}
+
 impl<C: CurveAffine> SinsemillaInstructions<C> for EccChip<C> {
     type Message = Message<C::Base>;
     type CommitDomains = OrchardCommitDomains<C>;