Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sinsemilla chip with HashDomain #67

Merged
merged 20 commits into from
Jun 22, 2021
Merged

Sinsemilla chip with HashDomain #67

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
83eddd8
ecc::chip.rs: Add Point::from_coordinates_unchecked() API
therealyingtong Jun 19, 2021
af2ac76
gadget::sinsemilla.rs: Add Sinsemilla instructions.
therealyingtong Jun 19, 2021
e2859df
sinsemilla::message.rs: Add message module.
therealyingtong Jun 19, 2021
ebb7dae
sinsemilla::chip.rs: Add Sinsemilla chip.
therealyingtong Jun 19, 2021
74e617b
chip::generator_table.rs: Load Sinsemilla generator lookup table.
therealyingtong Jun 19, 2021
7cddc9b
sinsemilla::chip.rs: Implement witness_message_* APIs.
therealyingtong Jun 19, 2021
f122e48
sinsemilla::chip.rs: Configure Sinsemilla gates.
therealyingtong Jun 19, 2021
eba2172
chip::hash_to_point.rs: Implement hash_to_point instruction.
therealyingtong Jun 19, 2021
158ab86
gadget::sinsemilla.rs: Add Sinsemilla test.
therealyingtong Jun 19, 2021
2f6ca9e
generator_table.rs: Enforce z_n = 0 for the last message piece.
therealyingtong Jun 19, 2021
9072ed4
generator_table.rs: Fix bug in y_p lookup expression.
therealyingtong Jun 20, 2021
031bb0b
SinsemillaChip::configure(): Introduce closures for Y_A and x_r
therealyingtong Jun 20, 2021
9ce29d9
hash_to_point(): Introduce final_piece boolean flag
therealyingtong Jun 20, 2021
eccd72f
hash_piece(): Remove (correct) duplicate assignment of x_a.
therealyingtong Jun 20, 2021
744f3d1
SinsemillaChip::configure(): Combine and label gates.
therealyingtong Jun 20, 2021
002596f
Docfixes and cleanups.
therealyingtong Jun 20, 2021
5f5238f
Doc comment fixes
str4d Jun 20, 2021
a01c2ee
test: Print layout for Sinsemilla test circuit
str4d Jun 20, 2021
bd08808
SinsemillaChip::configure(): Merge "Initial y_q" gate with main gate
therealyingtong Jun 20, 2021
8af8447
Rename "Sinsemilla gate" constraint to "y check".
daira Jun 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 6 additions & 11 deletions src/circuit/gadget/sinsemilla/chip.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,24 +150,14 @@ impl SinsemillaChip {
(lambda_1 + lambda_2) * (x_a - x_r(meta, rotation))
};

// Check that the initial x_A, x_P, lambda_1, lambda_2 are consistent with y_Q.
meta.create_gate("Initial y_Q", |meta| {
let fixed_y_q = meta.query_fixed(config.fixed_y_q, Rotation::cur());

// Y_A = (lambda_1 + lambda_2) * (x_a - x_r)
let Y_A = Y_A(meta, Rotation::cur());

// fixed_y_q * (2 * fixed_y_q - Y_{A,0}) = 0
vec![fixed_y_q.clone() * (two.clone() * fixed_y_q - Y_A)]
});

meta.create_gate("Sinsemilla gate", |meta| {
let q_s1 = meta.query_selector(config.q_sinsemilla1);
let q_s2 = meta.query_fixed(config.q_sinsemilla2, Rotation::cur());
let q_s3 = {
let one = Expression::Constant(pallas::Base::one());
q_s2.clone() * (q_s2 - one)
};
let fixed_y_q = meta.query_fixed(config.fixed_y_q, Rotation::cur());

let lambda_1_next = meta.query_advice(config.lambda_1, Rotation::next());
let lambda_2_cur = meta.query_advice(config.lambda_2, Rotation::cur());
Expand All @@ -183,6 +173,10 @@ impl SinsemillaChip {
// Y_A = (lambda_1 + lambda_2) * (x_a - x_r)
let Y_A_next = Y_A(meta, Rotation::next());

// Check that the initial x_A, x_P, lambda_1, lambda_2 are consistent with y_Q.
// fixed_y_q * (2 * fixed_y_q - Y_{A,0}) = 0
let init_y_q_check = fixed_y_q.clone() * (two.clone() * fixed_y_q - Y_A_cur.clone());

// lambda2^2 - (x_a_next + x_r + x_a_cur) = 0
let secant_line =
lambda_2_cur.clone().square() - (x_a_next.clone() + x_r + x_a_cur.clone());
Copy link
Contributor

@daira daira Jun 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically this is implementing two secant lines, because x_r is itself computed by a secant line. ("Secant" means a line between two distinct points on a curve, extended to infinity in both directions.) I think this naming is fine though.

Expand All @@ -207,6 +201,7 @@ impl SinsemillaChip {
};

vec![
("Initial y_q", init_y_q_check),
("Secant line", q_s1.clone() * secant_line),
("Sinsemilla gate", q_s1 * expr),
therealyingtong marked this conversation as resolved.
Show resolved Hide resolved
]
Expand Down
18 changes: 15 additions & 3 deletions src/circuit/gadget/sinsemilla/chip/hash_to_point.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,20 @@ impl SinsemillaChip {
)?;

// Constrain the initial x_a, lambda_1, lambda_2, x_p using the fixed y_q
// initializer.
region.assign_fixed(|| "fixed y_q", config.fixed_y_q, offset, || Ok(y_q))?;
// initializer. Assign `fixed_y_q` to be zero on every other row.
{
region.assign_fixed(|| "fixed y_q", config.fixed_y_q, offset, || Ok(y_q))?;

let total_num_words = message.iter().map(|piece| piece.num_words()).sum();
for row in 1..total_num_words {
region.assign_fixed(
|| "fixed y_q",
config.fixed_y_q,
offset + row,
|| Ok(pallas::Base::zero()),
)?;
}
}

let y_a = Some(y_q);

Expand All @@ -68,7 +80,7 @@ impl SinsemillaChip {
let mut zs_sum: Vec<Vec<CellValue<pallas::Base>>> = Vec::new();

// Hash each piece in the message.
for (idx, piece) in message[0..message.len()].iter().enumerate() {
for (idx, piece) in message.iter().enumerate() {
let final_piece = idx == message.len() - 1;

// The value of the accumulator after this piece is processed.
Expand Down