QED-it · naure · Sep 26, 2022 · Sep 26, 2022 · Sep 27, 2022 · Oct 1, 2022
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,8 +29,8 @@ blake2b_simd = "1"
 ff = "0.12"
 fpe = "0.5"
 group = "0.12"
-halo2_gadgets = { version = "0.2", git = "https://github.com/QED-it/halo2", branch = "sinsemilla-hash-blind" }
-halo2_proofs = { version = "0.2", git = "https://github.com/QED-it/halo2", branch = "sinsemilla-hash-blind" }
+halo2_gadgets = { version = "0.2", git = "https://github.com/QED-it/halo2", branch = "ecc-mul-short" }
+halo2_proofs = { version = "0.2", git = "https://github.com/QED-it/halo2", branch = "ecc-mul-short" }
 #halo2_gadgets = { version = "0.2", path = "../halo2/halo2_gadgets" }
 #halo2_proofs = { version = "0.2", path = "../halo2/halo2_proofs" }
 hex = "0.4"
@@ -54,7 +54,7 @@ plotters = { version = "0.3.0", optional = true }
 
 [dev-dependencies]
 criterion = "0.3"
-halo2_gadgets = { version = "0.2", git = "https://github.com/QED-it/halo2", branch = "sinsemilla-hash-blind", features = ["test-dependencies"] }
+halo2_gadgets = { version = "0.2", git = "https://github.com/QED-it/halo2", branch = "ecc-mul-short", features = ["test-dependencies"] }
 #halo2_gadgets = { version = "0.2", path = "../halo2/halo2_gadgets", features = ["test-dependencies"] }
 hex = "0.4"
 proptest = "1.0.0"

diff --git a/src/circuit.rs b/src/circuit.rs
@@ -514,6 +514,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
                 layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"),
                 ecc_chip.clone(),
                 v_net,
+                note_type.clone(),
                 rcv,
             )?;
 

diff --git a/src/circuit/gadget.rs b/src/circuit/gadget.rs
@@ -6,11 +6,10 @@ use pasta_curves::pallas;
 use super::{commit_ivk::CommitIvkChip, note_commit::NoteCommitChip};
 use crate::constants::{
     NullifierK, OrchardCommitDomains, OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains,
-    ValueCommitV,
 };
 use halo2_gadgets::{
     ecc::{
-        chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, FixedPointShort, Point,
+        chip::EccChip, EccInstructions, FixedPoint, FixedPointBaseField, Point,
         ScalarFixed, ScalarFixedShort, X,
     },
     poseidon::{
@@ -125,14 +124,19 @@ pub(in crate::circuit) fn value_commit_orchard<
     mut layouter: impl Layouter<pallas::Base>,
     ecc_chip: EccChip,
     v: ScalarFixedShort<pallas::Affine, EccChip>,
+    note_type: NonIdentityPoint<pallas::Affine, EccChip>,
     rcv: ScalarFixed<pallas::Affine, EccChip>,
 ) -> Result<Point<pallas::Affine, EccChip>, plonk::Error> {
+    let (commitment, _) = note_type.mul_short(layouter.namespace(|| "[v] NoteType"), v)?;
+
+    /* TODO: remove.
     // commitment = [v] ValueCommitV
     let (commitment, _) = {
         let value_commit_v = ValueCommitV;
         let value_commit_v = FixedPointShort::from_inner(ecc_chip.clone(), value_commit_v);
         value_commit_v.mul(layouter.namespace(|| "[v] ValueCommitV"), v)?
     };
+    */
 
     // blind = [rcv] ValueCommitR
     let (blind, _rcv) = {
@@ -207,3 +211,4 @@ pub(in crate::circuit) fn derive_nullifier<
 
 pub(in crate::circuit) use crate::circuit::commit_ivk::gadgets::commit_ivk;
 pub(in crate::circuit) use crate::circuit::note_commit::gadgets::note_commit;
+use halo2_gadgets::ecc::NonIdentityPoint;
diff --git a/src/circuit/gadget/mux_chip.rs b/src/circuit/gadget/mux_chip.rs
@@ -141,6 +141,14 @@ pub(crate) trait MuxInstructions<C: CurveAffine> {
         advice: &AssignedCell<C::Base, C::Base>,
         constant: &C::Base,
     ) -> Result<(), plonk::Error>;
+
+    // TODO: remove if not used?
+    fn mul(
+        &self,
+        layouter: impl Layouter<C::Base>,
+        a: &AssignedCell<C::Base, C::Base>,
+        b: &AssignedCell<C::Base, C::Base>,
+    ) -> Result<AssignedCell<C::Base, C::Base>, plonk::Error>;
 }
 
 impl MuxInstructions<pallas::Affine> for MuxChip {
@@ -214,12 +222,7 @@ impl MuxInstructions<pallas::Affine> for MuxChip {
                     || "witness 1/value",
                     self.config.right,
                     0,
-                    || {
-                        value.map(|v| {
-                            let inverse = v.invert().unwrap();
-                            inverse
-                        })
-                    },
+                    || value.map(|v| v.invert().unwrap()),
                 )?;
 
                 // Set the "left" and "output" constants.
@@ -333,7 +336,7 @@ impl MuxInstructions<pallas::Affine> for MuxChip {
         else_constant: &pallas::Base,
     ) -> Result<(), plonk::Error> {
         layouter.assign_region(
-            || "equal_or_anything",
+            || "equal_or_any_value",
             |mut region| {
                 // Enable the multiplexer gate.
                 self.config.q_mux.enable(&mut region, 0)?;
@@ -398,13 +401,13 @@ impl MuxInstructions<pallas::Affine> for MuxChip {
 
         // Prepare a cell that is definitely different than the advice cell.
         let different_than_advice =
-            add_chip.add(layouter.namespace(|| "different cell"), &advice, &non_zero)?;
+            add_chip.add(layouter.namespace(|| "different cell"), advice, &non_zero)?;
 
         // Prepare a cell whose value equals the given constant.
         let advice_or_different = self.mux(
             layouter.namespace(|| "advice or different"),
             is_different,
-            &advice,                // switch == 0, constant == advice
+            advice,                 // switch == 0, constant == advice
             &different_than_advice, // switch == 1, constant != advice
         )?;
 
@@ -415,6 +418,48 @@ impl MuxInstructions<pallas::Affine> for MuxChip {
         )?;
         Ok(())
     }
+
+    fn mul(
+        &self,
+        mut layouter: impl Layouter<pallas::Base>,
+        a: &AssignedCell<pallas::Base, pallas::Base>,
+        b: &AssignedCell<pallas::Base, pallas::Base>,
+    ) -> Result<AssignedCell<pallas::Base, pallas::Base>, plonk::Error> {
+        layouter.assign_region(
+            || "mul",
+            |mut region| {
+                // This is a multiplication implemented with the mux gate.
+                // Set switch=a, right=b, output=product, left=0, giving:
+                //     a * b == product
+
+                // Enable the multiplexer gate.
+                self.config.q_mux.enable(&mut region, 0)?;
+
+                // Copy the inputs into the multiplexer row.
+                a.copy_advice(|| "copy a", &mut region, self.config.switch, 0)?;
+                b.copy_advice(|| "copy b", &mut region, self.config.right, 0)?;
+
+                let product_value = a.value().zip(b.value()).map(|(a, b)| a * b);
+
+                let product = region.assign_advice(
+                    || "witness product",
+                    self.config.out,
+                    0,
+                    || product_value,
+                )?;
+
+                // Set the "left" constant.
+                region.assign_advice_from_constant(
+                    || "left=0",
+                    self.config.left,
+                    0,
+                    pallas::Base::zero(),
+                )?;
+
+                Ok(product)
+            },
+        )
+    }
 }
 
 fn compute_mux(

diff --git a/src/circuit/note_commit.rs b/src/circuit/note_commit.rs
@@ -1065,7 +1065,7 @@ impl NoteTypeCanonicity {
 
             // x(note_type) = h_2 + (2^4)i + (2^254)j_0
             let decomposition_check = {
-                let sum = h_2.clone() + i.clone() * two_pow_4 + j_0.clone() * two_pow_254;
+                let sum = h_2 + i * two_pow_4 + j_0 * two_pow_254;
                 sum - note_type_x
             };
 
@@ -1692,15 +1692,8 @@ impl NoteCommitChip {
             t_p.clone(),
         );
 
-        let note_type = NoteTypeCanonicity::configure(
-            meta,
-            col_l,
-            col_m,
-            col_r,
-            col_z,
-            two_pow_4,
-            two_pow_254,
-        );
+        let note_type =
+            NoteTypeCanonicity::configure(meta, col_l, col_m, col_r, col_z, two_pow_4, two_pow_254);
 
         let value =
             ValueCanonicity::configure(meta, col_l, col_m, col_r, col_z, two_pow_8, two_pow_58);
@@ -1848,7 +1841,7 @@ pub(in crate::circuit) mod gadgets {
             layouter.namespace(|| "h_2 = 0 or start of note_type"),
             &is_zsa,
             &pallas::Base::zero(),
-            &h_2_zsa.inner(),
+            h_2_zsa.inner(),
         )?;
         let h_2 = RangeConstrained::unsound_unchecked(h_2, h_2_zsa.num_bits());
         let (h, h_0, h_1) =
@@ -1952,7 +1945,7 @@ pub(in crate::circuit) mod gadgets {
                 &(hash_native.inner().clone().into()),
                 &(hash_zsa.inner().clone().into()),
             )?;
-            let hash = Point::from_inner(ecc_chip.clone(), hash);
+            let hash = Point::from_inner(ecc_chip, hash);
 
             let cm = domain.blind(layouter.namespace(|| "NoteCommit blind"), hash, rcm)?;
-Original file line number
+Diff line change
@@ Expand Up / @@ -514,6 +514,7 @@ impl plonk::Circuit<pallas::Base> for Circuit { @@
                     layouter.namespace(|| "cv_net = ValueCommit^Orchard_rcv(v_net)"),
                     ecc_chip.clone(),
                     v_net,
+                    note_type.clone(),
                     rcv,
                 )?;
@@ Expand Down @@