Move Sprout and Sapling circuits into zcash_proofs

2025-02-12 01:55:48 +00:00 · 2019-08-05 22:45:12 +01:00 · 2019-08-05 22:45:12 +01:00 · 2ae5804a67
commit 2ae5804a67
parent 7ea6d10480
16 changed files with 63 additions and 48 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -567,7 +567,9 @@ dependencies = [
 "directories 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "ff 0.4.0",
 "pairing 0.14.2",
 "rand_core 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "rand_os 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "rand_xorshift 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "sapling-crypto 0.0.1",
 "zcash_primitives 0.0.0",
 ]
--- a/librustzcash/src/rustzcash.rs
+++ b/librustzcash/src/rustzcash.rs
@ -26,8 +26,8 @@ use sapling_crypto::{
    },
 };
-use sapling_crypto::circuit::sapling::TREE_DEPTH as SAPLING_TREE_DEPTH;
+use zcash_proofs::circuit::sapling::TREE_DEPTH as SAPLING_TREE_DEPTH;
-use sapling_crypto::circuit::sprout::{self, TREE_DEPTH as SPROUT_TREE_DEPTH};
+use zcash_proofs::circuit::sprout::{self, TREE_DEPTH as SPROUT_TREE_DEPTH};
 use bellman::groth16::{
    create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
--- a/sapling-crypto/src/circuit/mod.rs
+++ b/sapling-crypto/src/circuit/mod.rs
@ -1,4 +1,3 @@
 #[cfg(test)]
 pub mod test;
 pub mod boolean;
@ -12,9 +11,6 @@ pub mod pedersen_hash;
 pub mod multipack;
 pub mod sha256;
 pub mod sapling;
 pub mod sprout;
 use bellman::{
    SynthesisError
 };
@ -25,7 +21,7 @@ use bellman::{
 /// This basically is just an extension to `Option`
 /// which allows for a convenient mapping to an
 /// error on `None`.
-trait Assignment<T> {
+pub trait Assignment<T> {
    fn get(&self) -> Result<&T, SynthesisError>;
 }
--- a/zcash_primitives/src/sapling.rs
+++ b/zcash_primitives/src/sapling.rs
@ -14,8 +14,7 @@ use crate::merkle_tree::Hashable;
 use crate::redjubjub::{PrivateKey, PublicKey, Signature};
 use JUBJUB;
-pub(crate) const SAPLING_COMMITMENT_TREE_DEPTH: usize =
+pub const SAPLING_COMMITMENT_TREE_DEPTH: usize = 32;
    sapling_crypto::circuit::sapling::TREE_DEPTH;
 /// Compute a parent node in the Sapling commitment tree given its two children.
 pub fn merkle_hash(depth: usize, lhs: &FrRepr, rhs: &FrRepr) -> FrRepr {
--- a/zcash_proofs/Cargo.toml
+++ b/zcash_proofs/Cargo.toml
@ -16,6 +16,10 @@ rand_os = "0.2"
 sapling-crypto = { path = "../sapling-crypto" }
 zcash_primitives = { path = "../zcash_primitives" }
 [dev-dependencies]
 rand_core = "0.5"
 rand_xorshift = "0.2"
 [features]
 default = ["local-prover"]
 local-prover = ["directories"]
--- a/sapling-crypto/examples/bench.rs
+++ b/sapling-crypto/examples/bench.rs
@ -4,6 +4,7 @@ extern crate bellman;
 extern crate pairing;
 extern crate rand_core;
 extern crate rand_xorshift;
 extern crate zcash_proofs;
 use ff::Field;
 use std::time::{Duration, Instant};
@ -12,7 +13,7 @@ use sapling_crypto::jubjub::{
    edwards,
    fs,
 };
-use sapling_crypto::circuit::sapling::{
+use zcash_proofs::circuit::sapling::{
    Spend
 };
 use sapling_crypto::primitives::{
--- a/zcash_proofs/src/circuit.rs
+++ b/zcash_proofs/src/circuit.rs
@ -0,0 +1,2 @@
 pub mod sapling;
 pub mod sprout;
--- a/sapling-crypto/src/circuit/sapling/mod.rs
+++ b/sapling-crypto/src/circuit/sapling/mod.rs
@ -6,28 +6,28 @@ use bellman::{
    Circuit
 };
-use jubjub::{
+use sapling_crypto::jubjub::{
    JubjubEngine,
    FixedGenerators
 };
-use constants;
+use sapling_crypto::constants;
-use primitives::{
+use sapling_crypto::primitives::{
    ValueCommitment,
    ProofGenerationKey,
    PaymentAddress
 };
-use super::Assignment;
+use sapling_crypto::circuit::Assignment;
-use super::boolean;
+use sapling_crypto::circuit::boolean;
-use super::ecc;
+use sapling_crypto::circuit::ecc;
-use super::pedersen_hash;
+use sapling_crypto::circuit::pedersen_hash;
-use super::blake2s;
+use sapling_crypto::circuit::blake2s;
-use super::num;
+use sapling_crypto::circuit::num;
-use super::multipack;
+use sapling_crypto::circuit::multipack;
-pub const TREE_DEPTH: usize = 32;
+pub const TREE_DEPTH: usize = zcash_primitives::sapling::SAPLING_COMMITMENT_TREE_DEPTH;
 /// This is an instance of the `Spend` circuit.
 pub struct Spend<'a, E: JubjubEngine> {
@ -602,9 +602,12 @@ fn test_input_circuit_with_bls12_381() {
    use pairing::bls12_381::*;
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;
-
+    use sapling_crypto::{
-    use ::circuit::test::*;
+        circuit::test::*,
-    use jubjub::{JubjubBls12, fs, edwards};
+        jubjub::{JubjubBls12, fs, edwards},
        pedersen_hash,
        primitives::{Diversifier, Note, ProofGenerationKey},
    };
    let params = &JubjubBls12::new();
    let rng = &mut XorShiftRng::from_seed([
@ -623,7 +626,7 @@ fn test_input_circuit_with_bls12_381() {
        let nsk = fs::Fs::random(rng);
        let ak = edwards::Point::rand(rng, params).mul_by_cofactor(params);
-        let proof_generation_key = ::primitives::ProofGenerationKey {
+        let proof_generation_key = ProofGenerationKey {
            ak: ak.clone(),
            nsk: nsk.clone()
        };
@ -636,7 +639,7 @@ fn test_input_circuit_with_bls12_381() {
            let diversifier = {
                let mut d = [0; 11];
                rng.fill_bytes(&mut d);
-                ::primitives::Diversifier(d)
+                Diversifier(d)
            };
            if let Some(p) = viewing_key.into_payment_address(
@ -657,7 +660,7 @@ fn test_input_circuit_with_bls12_381() {
        {
            let rk = viewing_key.rk(ar, params).into_xy();
            let expected_value_cm = value_commitment.cm(params).into_xy();
-            let note = ::primitives::Note {
+            let note = Note {
                value: value_commitment.value,
                g_d: g_d.clone(),
                pk_d: payment_address.pk_d.clone(),
@ -685,8 +688,8 @@ fn test_input_circuit_with_bls12_381() {
                lhs.reverse();
                rhs.reverse();
-                cur = ::pedersen_hash::pedersen_hash::<Bls12, _>(
+                cur = pedersen_hash::pedersen_hash::<Bls12, _>(
-                    ::pedersen_hash::Personalization::MerkleTree(i),
+                    pedersen_hash::Personalization::MerkleTree(i),
                    lhs.into_iter()
                       .take(Fr::NUM_BITS as usize)
                       .chain(rhs.into_iter().take(Fr::NUM_BITS as usize)),
@ -743,8 +746,11 @@ fn test_output_circuit_with_bls12_381() {
    use pairing::bls12_381::*;
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;
-    use ::circuit::test::*;
+    use sapling_crypto::{
-    use jubjub::{JubjubBls12, fs, edwards};
+        circuit::test::*,
        jubjub::{JubjubBls12, fs, edwards},
        primitives::{Diversifier, ProofGenerationKey},
    };
    let params = &JubjubBls12::new();
    let rng = &mut XorShiftRng::from_seed([
@ -761,7 +767,7 @@ fn test_output_circuit_with_bls12_381() {
        let nsk = fs::Fs::random(rng);
        let ak = edwards::Point::rand(rng, params).mul_by_cofactor(params);
-        let proof_generation_key = ::primitives::ProofGenerationKey {
+        let proof_generation_key = ProofGenerationKey {
            ak: ak.clone(),
            nsk: nsk.clone()
        };
@ -774,7 +780,7 @@ fn test_output_circuit_with_bls12_381() {
            let diversifier = {
                let mut d = [0; 11];
                rng.fill_bytes(&mut d);
-                ::primitives::Diversifier(d)
+                Diversifier(d)
            };
            if let Some(p) = viewing_key.into_payment_address(
--- a/sapling-crypto/src/circuit/sprout/commitment.rs
+++ b/sapling-crypto/src/circuit/sprout/commitment.rs
@ -1,9 +1,9 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use circuit::sha256::{
+use sapling_crypto::circuit::sha256::{
    sha256
 };
-use circuit::boolean::{
+use sapling_crypto::circuit::boolean::{
    Boolean
 };
--- a/sapling-crypto/src/circuit/sprout/input.rs
+++ b/sapling-crypto/src/circuit/sprout/input.rs
@ -1,9 +1,9 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use circuit::sha256::{
+use sapling_crypto::circuit::sha256::{
    sha256_block_no_padding
 };
-use circuit::boolean::{
+use sapling_crypto::circuit::boolean::{
    AllocatedBit,
    Boolean
 };
--- a/sapling-crypto/src/circuit/sprout/mod.rs
+++ b/sapling-crypto/src/circuit/sprout/mod.rs
@ -1,11 +1,11 @@
 use ff::Field;
 use pairing::Engine;
 use bellman::{ConstraintSystem, SynthesisError, Circuit, LinearCombination};
-use circuit::boolean::{
+use sapling_crypto::circuit::boolean::{
    AllocatedBit,
    Boolean
 };
-use circuit::multipack::pack_into_inputs;
+use sapling_crypto::circuit::multipack::pack_into_inputs;
 mod prfs;
 mod commitment;
@ -355,7 +355,7 @@ fn witness_u252<E, CS>(
 #[test]
 fn test_sprout_constraints() {
    use pairing::bls12_381::{Bls12};
-    use ::circuit::test::*;
+    use sapling_crypto::circuit::test::*;
    use byteorder::{WriteBytesExt, ReadBytesExt, LittleEndian};
@ -479,7 +479,7 @@ fn test_sprout_constraints() {
        expected_inputs.write_u64::<LittleEndian>(vpub_old.unwrap()).unwrap();
        expected_inputs.write_u64::<LittleEndian>(vpub_new.unwrap()).unwrap();
-        use circuit::multipack;
+        use sapling_crypto::circuit::multipack;
        let expected_inputs = multipack::bytes_to_bits(&expected_inputs);
        let expected_inputs = multipack::compute_multipacking::<Bls12>(&expected_inputs);
--- a/sapling-crypto/src/circuit/sprout/output.rs
+++ b/sapling-crypto/src/circuit/sprout/output.rs
@ -1,6 +1,6 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use circuit::boolean::{Boolean};
+use sapling_crypto::circuit::boolean::{Boolean};
 use super::*;
 use super::prfs::*;
--- a/sapling-crypto/src/circuit/sprout/prfs.rs
+++ b/sapling-crypto/src/circuit/sprout/prfs.rs
@ -1,9 +1,9 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use circuit::sha256::{
+use sapling_crypto::circuit::sha256::{
    sha256_block_no_padding
 };
-use circuit::boolean::{
+use sapling_crypto::circuit::boolean::{
    Boolean
 };
--- a/sapling-crypto/src/circuit/sprout/test_vectors.dat
+++ b/sapling-crypto/src/circuit/sprout/test_vectors.dat
--- a/zcash_proofs/src/lib.rs
+++ b/zcash_proofs/src/lib.rs
@ -10,12 +10,19 @@ extern crate zcash_primitives;
 #[cfg(feature = "local-prover")]
 extern crate directories;
 #[cfg(test)]
 extern crate rand_core;
 #[cfg(test)]
 extern crate rand_xorshift;
 use bellman::groth16::{prepare_verifying_key, Parameters, PreparedVerifyingKey, VerifyingKey};
 use pairing::bls12_381::Bls12;
 use std::fs::File;
 use std::io::{self, BufReader};
 use std::path::Path;
 pub mod circuit;
 mod hashreader;
 pub mod sapling;
--- a/zcash_proofs/src/sapling/prover.rs
+++ b/zcash_proofs/src/sapling/prover.rs
@ -5,10 +5,7 @@ use ff::Field;
 use pairing::bls12_381::{Bls12, Fr};
 use rand_os::OsRng;
 use sapling_crypto::{
-    circuit::{
+    circuit::multipack,
        multipack,
        sapling::{Output, Spend},
    },
    jubjub::{edwards, fs::Fs, FixedGenerators, JubjubBls12, Unknown},
    primitives::{Diversifier, Note, PaymentAddress, ProofGenerationKey, ValueCommitment},
 };
@ -20,6 +17,7 @@ use zcash_primitives::{
 };
 use super::compute_value_balance;
 use crate::circuit::sapling::{Output, Spend};
 /// A context object for creating the Sapling components of a Zcash transaction.
 pub struct SaplingProvingContext {