QED-it · ConstanceBeguier · Jul 15, 2025 · Jul 10, 2025 · Jul 10, 2025
diff --git a/src/circuit.rs b/src/circuit.rs
@@ -6,12 +6,6 @@
 use alloc::vec::Vec;
 
 use group::{Curve, GroupEncoding};
-use halo2_gadgets::{
-    ecc::chip::EccConfig,
-    poseidon::Pow5Config as PoseidonConfig,
-    sinsemilla::{chip::SinsemillaConfig, merkle::chip::MerkleConfig},
-    utilities::lookup_range_check::PallasLookupRangeCheck,
-};
 use halo2_proofs::{
     circuit::{floor_planner, Layouter, Value},
     plonk::{
@@ -44,6 +38,12 @@ use crate::{
     tree::{Anchor, MerkleHashOrchard},
     value::{NoteValue, ValueCommitTrapdoor, ValueCommitment},
 };
+use halo2_gadgets::{
+    ecc::chip::EccConfig,
+    poseidon::Pow5Config as PoseidonConfig,
+    sinsemilla::{chip::SinsemillaConfig, merkle::chip::MerkleConfig},
+    utilities::lookup_range_check::PallasLookupRangeCheck,
+};
 
 mod circuit_vanilla;
 mod circuit_zsa;

diff --git a/src/circuit/circuit_vanilla.rs b/src/circuit/circuit_vanilla.rs
@@ -380,7 +380,7 @@ impl OrchardCircuit for OrchardVanilla {
         // Nullifier integrity (https://p.z.cash/ZKS:action-nullifier-integrity).
         let nf_old = {
             let nf_old = derive_nullifier(
-                &mut layouter.namespace(|| "nf_old = DeriveNullifier_nk(rho_old, psi_old, cm_old)"),
+                layouter.namespace(|| "nf_old = DeriveNullifier_nk(rho_old, psi_old, cm_old)"),
                 config.poseidon_chip(),
                 config.add_chip(),
                 ecc_chip.clone(),
@@ -652,9 +652,7 @@ mod tests {
         value::{ValueCommitTrapdoor, ValueCommitment},
     };
 
-    type OrchardCircuitVanilla = Circuit<OrchardVanilla>;
-
-    fn generate_circuit_instance<R: RngCore>(mut rng: R) -> (OrchardCircuitVanilla, Instance) {
+    fn generate_circuit_instance<R: RngCore>(mut rng: R) -> (Circuit<OrchardVanilla>, Instance) {
         let (_, fvk, spent_note) = Note::dummy(&mut rng, None, AssetBase::native());
 
         let sender_address = spent_note.recipient();
@@ -677,7 +675,7 @@ mod tests {
         let anchor = path.root(spent_note.commitment().into());
 
         (
-            OrchardCircuitVanilla {
+            Circuit::<OrchardVanilla> {
                 witnesses: Witnesses {
                     path: Value::known(path.auth_path()),
                     pos: Value::known(path.position()),
@@ -880,7 +878,7 @@ mod tests {
             .titled("Orchard Action Circuit", ("sans-serif", 60))
             .unwrap();
 
-        let circuit = OrchardCircuitVanilla {
+        let circuit = Circuit::<OrchardVanilla> {
             witnesses: Witnesses::default(),
             phantom: core::marker::PhantomData,
         };

diff --git a/src/circuit/circuit_zsa.rs b/src/circuit/circuit_zsa.rs
@@ -526,7 +526,7 @@ impl OrchardCircuit for OrchardZSA {
         // [zip226]: https://zips.z.cash/zip-0226
         let nf_old = {
             let nf_old = derive_nullifier(
-                &mut layouter.namespace(|| "nf_old = DeriveNullifier_nk(rho_old, psi_nf, cm_old)"),
+                layouter.namespace(|| "nf_old = DeriveNullifier_nk(rho_old, psi_nf, cm_old)"),
                 config.poseidon_chip(),
                 config.add_chip(),
                 ecc_chip.clone(),
@@ -878,11 +878,10 @@ mod tests {
     use rand::{rngs::OsRng, RngCore};
     use rand_core::CryptoRngCore;
 
-    use crate::circuit::Witnesses;
     use crate::{
         builder::SpendInfo,
         bundle::Flags,
-        circuit::{Circuit, Instance, Proof, ProvingKey, VerifyingKey, ZsaWitnesses, K},
+        circuit::{Circuit, Instance, Proof, ProvingKey, VerifyingKey, Witnesses, ZsaWitnesses, K},
         keys::{FullViewingKey, Scope, SpendValidatingKey, SpendingKey},
         note::{commitment::NoteCommitTrapdoor, AssetBase, Note, NoteCommitment, Nullifier, Rho},
         orchard_flavor::OrchardZSA,
@@ -891,9 +890,7 @@ mod tests {
         value::{NoteValue, ValueCommitTrapdoor, ValueCommitment},
     };
 
-    type OrchardCircuitZSA = Circuit<OrchardZSA>;
-
-    fn generate_dummy_circuit_instance<R: RngCore>(mut rng: R) -> (OrchardCircuitZSA, Instance) {
+    fn generate_dummy_circuit_instance<R: RngCore>(mut rng: R) -> (Circuit<OrchardZSA>, Instance) {
         let (_, fvk, spent_note) = Note::dummy(&mut rng, None, AssetBase::native());
 
         let sender_address = spent_note.recipient();
@@ -918,7 +915,7 @@ mod tests {
         let psi_old = spent_note.rseed().psi(&spent_note.rho());
 
         (
-            OrchardCircuitZSA {
+            Circuit::<OrchardZSA> {
                 witnesses: Witnesses {
                     path: Value::known(path.auth_path()),
                     pos: Value::known(path.position()),
@@ -1125,7 +1122,7 @@ mod tests {
             .titled("Orchard Action Circuit", ("sans-serif", 60))
             .unwrap();
 
-        let circuit = OrchardCircuitZSA {
+        let circuit = Circuit::<OrchardZSA> {
             witnesses: Witnesses::default(),
             phantom: core::marker::PhantomData,
         };
@@ -1137,7 +1134,7 @@ mod tests {
     }
 
     fn check_proof_of_orchard_circuit(
-        circuit: &OrchardCircuitZSA,
+        circuit: &Circuit<OrchardZSA>,
         instance: &Instance,
         should_pass: bool,
     ) {
@@ -1163,7 +1160,7 @@ mod tests {
         is_native_asset: bool,
         split_flag: bool,
         mut rng: R,
-    ) -> (OrchardCircuitZSA, Instance) {
+    ) -> (Circuit<OrchardZSA>, Instance) {
         // Create asset
         let asset_base = if is_native_asset {
             AssetBase::native()
@@ -1243,7 +1240,7 @@ mod tests {
         };
 
         (
-            OrchardCircuitZSA {
+            Circuit::<OrchardZSA> {
                 witnesses: Witnesses::from_action_context_unchecked::<OrchardZSA>(
                     spend_info,
                     output_note,
@@ -1321,7 +1318,7 @@ mod tests {
 
                 // Set cm_old to be a random NoteCommitment
                 // The proof should fail
-                let circuit_wrong_cm_old = OrchardCircuitZSA {
+                let circuit_wrong_cm_old = Circuit::<OrchardZSA> {
                     witnesses: Witnesses {
                         path: circuit.witnesses.path,
                         pos: circuit.witnesses.pos,
@@ -1384,7 +1381,7 @@ mod tests {
                 // If split_flag = 0 , set psi_nf to be a random Pallas base element
                 // The proof should fail
                 if !split_flag {
-                    let circuit_wrong_psi_nf = OrchardCircuitZSA {
+                    let circuit_wrong_psi_nf = Circuit::<OrchardZSA> {
                         witnesses: Witnesses {
                             path: circuit.witnesses.path,
                             pos: circuit.witnesses.pos,

diff --git a/src/circuit/derive_nullifier.rs b/src/circuit/derive_nullifier.rs
@@ -40,7 +40,7 @@ pub(in crate::circuit) mod gadgets {
             Var = AssignedCell<pallas::Base, pallas::Base>,
         >,
     >(
-        layouter: &mut impl Layouter<pallas::Base>,
+        mut layouter: impl Layouter<pallas::Base>,
         poseidon_chip: PoseidonChip,
         add_chip: AddChip,
         ecc_chip: EccChip,

diff --git a/src/circuit/gadget.rs b/src/circuit/gadget.rs
@@ -1,38 +1,26 @@
 //! Common gadgets and functions used in the Orchard circuit.
 
 use ff::Field;
-use halo2_gadgets::{
-    ecc::chip::EccChip,
-    poseidon::Pow5Chip as PoseidonChip,
-    sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
-    utilities::{cond_swap::CondSwapChip, lookup_range_check::PallasLookupRangeCheck},
-};
 use pasta_curves::pallas;
 
+use super::{commit_ivk::CommitIvkChip, note_commit::NoteCommitChip, Config};
 use crate::{
-    circuit::{commit_ivk::CommitIvkChip, note_commit::NoteCommitChip, Config},
     constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains},
     note::AssetBase,
 };
+use halo2_gadgets::{
+    ecc::chip::EccChip,
+    poseidon::Pow5Chip as PoseidonChip,
+    sinsemilla::{chip::SinsemillaChip, merkle::chip::MerkleChip},
+    utilities::{cond_swap::CondSwapChip, lookup_range_check::PallasLookupRangeCheck},
+};
 use halo2_proofs::{
-    circuit::Value,
-    circuit::{AssignedCell, Chip, Layouter},
+    circuit::{AssignedCell, Chip, Layouter, Value},
     plonk::{self, Advice, Assigned, Column},
 };
 
 pub(in crate::circuit) mod add_chip;
 
-/// An instruction set for adding two circuit words (field elements).
-pub(in crate::circuit) trait AddInstruction<F: Field>: Chip<F> {
-    /// Constraints `a + b` and returns the sum.
-    fn add(
-        &self,
-        layouter: impl Layouter<F>,
-        a: &AssignedCell<F, F>,
-        b: &AssignedCell<F, F>,
-    ) -> Result<AssignedCell<F, F>, plonk::Error>;
-}
-
 impl<Lookup: PallasLookupRangeCheck> Config<Lookup> {
     pub(super) fn add_chip(&self) -> add_chip::AddChip {
         add_chip::AddChip::construct(self.add_config.clone())
@@ -87,6 +75,17 @@ impl<Lookup: PallasLookupRangeCheck> Config<Lookup> {
     }
 }
 
+/// An instruction set for adding two circuit words (field elements).
+pub(in crate::circuit) trait AddInstruction<F: Field>: Chip<F> {
+    /// Constraints `a + b` and returns the sum.
+    fn add(
+        &self,
+        layouter: impl Layouter<F>,
+        a: &AssignedCell<F, F>,
+        b: &AssignedCell<F, F>,
+    ) -> Result<AssignedCell<F, F>, plonk::Error>;
+}
+
 /// Witnesses the given value in a standalone region.
 ///
 /// Usages of this helper are technically superfluous, as the single-cell region is only

diff --git a/src/circuit/gadget/add_chip.rs b/src/circuit/gadget/add_chip.rs
@@ -1,4 +1,4 @@
-//! 'Add' chip implemetation.
+//! `Add` chip implemetation.
 
 use halo2_proofs::{
     circuit::{AssignedCell, Chip, Layouter},

diff --git a/src/circuit/note_commit.rs b/src/circuit/note_commit.rs
@@ -1,11 +1,19 @@
 //! Note commitment logic for the Orchard circuit.
 
+use core::iter;
+
+use group::ff::PrimeField;
+use halo2_proofs::{
+    circuit::{AssignedCell, Chip, Layouter, Value},
+    plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
+    poly::Rotation,
+};
+use pasta_curves::pallas;
+
 use crate::{
     constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains, T_P},
     value::NoteValue,
 };
-use core::iter;
-use group::ff::PrimeField;
 use halo2_gadgets::{
     ecc::{
         chip::{EccChip, NonIdentityEccPoint},
@@ -20,12 +28,6 @@ use halo2_gadgets::{
         FieldValue, RangeConstrained,
     },
 };
-use halo2_proofs::{
-    circuit::{AssignedCell, Chip, Layouter, Value},
-    plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
-    poly::Rotation,
-};
-use pasta_curves::pallas;
 
 type NoteCommitPiece<Lookup> = MessagePiece<
     pallas::Affine,
@@ -1755,7 +1757,7 @@ pub struct NoteCommitConfigForZsaCircuit<Lookup: PallasLookupRangeCheck> {
 
 #[derive(Clone, Debug)]
 pub struct NoteCommitChip<Lookup: PallasLookupRangeCheck> {
-    pub config: NoteCommitConfig<Lookup>,
+    config: NoteCommitConfig<Lookup>,
 }
 
 impl<Lookup: PallasLookupRangeCheck> NoteCommitChip<Lookup> {
@@ -2047,7 +2049,6 @@ pub(in crate::circuit) mod gadgets {
             g_d.y(),
             b_2,
         )?;
-
         // Check decomposition of `y(pk_d)`.
         let d_1 = y_canonicity(
             &lookup_config,
@@ -2611,9 +2612,10 @@ mod tests {
     use core::iter;
 
     use crate::{
-        circuit::gadget::{assign_free_advice, assign_is_native_asset},
-        circuit::note_commit::gadgets,
-        circuit::note_commit::{NoteCommitChip, NoteCommitConfig},
+        circuit::{
+            gadget::{assign_free_advice, assign_is_native_asset},
+            note_commit::{gadgets, NoteCommitChip, NoteCommitConfig, ZsaNoteCommitParams},
+        },
         constants::{
             fixed_bases::NOTE_COMMITMENT_PERSONALIZATION, OrchardCommitDomains, OrchardFixedBases,
             OrchardHashDomains, L_ORCHARD_BASE, L_VALUE, T_Q,
@@ -2645,7 +2647,6 @@ mod tests {
     };
     use pasta_curves::{arithmetic::CurveAffine, pallas, EpAffine};
 
-    use crate::circuit::note_commit::ZsaNoteCommitParams;
     use rand::{rngs::OsRng, RngCore};
 
     #[test]
@@ -2746,10 +2747,10 @@ mod tests {
 
                 // Load the Sinsemilla generator lookup table used by the whole circuit.
                 SinsemillaChip::<
-                    OrchardHashDomains,
-                    OrchardCommitDomains,
-                    OrchardFixedBases,
-                >::load(note_commit_config.sinsemilla_config.clone(), &mut layouter)?;
+                OrchardHashDomains,
+                OrchardCommitDomains,
+                OrchardFixedBases,
+            >::load(note_commit_config.sinsemilla_config.clone(), &mut layouter)?;
 
                 // Construct a Sinsemilla chip
                 let sinsemilla_chip =