From 65e1d32774e19f89283dfd2dc5af7b6183700912 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 9 Sep 2021 17:45:50 +0100 Subject: [PATCH] ff 0.11, group 0.11, etc. --- Cargo.toml | 7 ++----- components/zcash_note_encryption/Cargo.toml | 6 +++--- zcash_client_backend/CHANGELOG.md | 1 + zcash_client_backend/Cargo.toml | 8 ++++---- zcash_client_backend/src/proto.rs | 2 +- zcash_client_sqlite/CHANGELOG.md | 1 + zcash_client_sqlite/Cargo.toml | 6 +++--- zcash_client_sqlite/src/wallet/transact.rs | 4 ++-- zcash_extensions/Cargo.toml | 4 ++-- zcash_primitives/CHANGELOG.md | 1 + zcash_primitives/Cargo.toml | 10 +++++----- zcash_primitives/src/sapling.rs | 5 +++-- zcash_primitives/src/sapling/keys.rs | 4 ++-- zcash_primitives/src/sapling/note_encryption.rs | 3 ++- zcash_primitives/src/sapling/redjubjub.rs | 2 +- .../src/transaction/components/orchard.rs | 2 +- .../src/transaction/components/sapling.rs | 2 +- zcash_proofs/CHANGELOG.md | 2 ++ zcash_proofs/Cargo.toml | 10 +++++----- zcash_proofs/src/circuit/ecc.rs | 17 +++++++---------- zcash_proofs/src/circuit/pedersen_hash.rs | 4 ++-- zcash_proofs/src/circuit/sapling.rs | 8 ++++---- zcash_proofs/src/constants.rs | 9 +++------ 23 files changed, 58 insertions(+), 60 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c83636b27..939ae6eb7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,11 +19,8 @@ codegen-units = 1 [patch.crates-io] # In development. -halo2 = { git = "https://github.com/zcash/halo2.git", rev = "27c4187673a9c6ade13fbdbd4f20955530c22d7f" } -orchard = { git = "https://github.com/zcash/orchard.git", rev = "d0baa18fc6105df4a7847de2b6dc50c5919b3123" } +halo2 = { git = "https://github.com/zcash/halo2.git", rev = "26047eaf323929935fd1e6aa3ae100b1113706e0" } +orchard = { git = "https://github.com/zcash/orchard.git", rev = "52a19279dfad34dc3eb04c77082ee5b9664b017c" } incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" } zcash_encoding = { path = "components/zcash_encoding" } zcash_note_encryption = { path = "components/zcash_note_encryption" } - -# Unreleased -jubjub = { git = "https://github.com/zkcrypto/jubjub.git", rev = "96ab4162b83303378eae32a326b54d88b75bffc2" } diff --git a/components/zcash_note_encryption/Cargo.toml b/components/zcash_note_encryption/Cargo.toml index 904190a82..7baed619f 100644 --- a/components/zcash_note_encryption/Cargo.toml +++ b/components/zcash_note_encryption/Cargo.toml @@ -16,14 +16,14 @@ blake2b_simd = "0.5" byteorder = "1" chacha20 = "0.8" chacha20poly1305 = "0.9" -ff = "0.10" -group = "0.10" +ff = "0.11" +group = "0.11" rand_core = "0.6" subtle = "2.2.3" [dev-dependencies] zcash_primitives = { version = "0.5", path = "../../zcash_primitives" } -jubjub = "0.7" +jubjub = "0.8" [lib] bench = false diff --git a/zcash_client_backend/CHANGELOG.md b/zcash_client_backend/CHANGELOG.md index 9f6e84a33..f4f84fe77 100644 --- a/zcash_client_backend/CHANGELOG.md +++ b/zcash_client_backend/CHANGELOG.md @@ -8,6 +8,7 @@ and this library adheres to Rust's notion of ## [Unreleased] ### Changed - MSRV is now 1.51.0. +- Bumped dependencies to `ff 0.11`, `group 0.11`, `bls12_381 0.6`, `jubjub 0.8`. - `epk: jubjub::ExtendedPoint` has been replaced by `ephemeral_key: zcash_note_encryption::EphemeralKeyBytes` in various places: - `zcash_client_backend::wallet::WalletShieldedOutput`: the `epk` field has diff --git a/zcash_client_backend/Cargo.toml b/zcash_client_backend/Cargo.toml index ad0f4a5d0..3625f8cd7 100644 --- a/zcash_client_backend/Cargo.toml +++ b/zcash_client_backend/Cargo.toml @@ -14,13 +14,13 @@ edition = "2018" [dependencies] bech32 = "0.8" -bls12_381 = "0.5" +bls12_381 = "0.6" bs58 = { version = "0.4", features = ["check"] } base64 = "0.13" -ff = "0.10" -group = "0.10" +ff = "0.11" +group = "0.11" hex = "0.4" -jubjub = "0.7" +jubjub = "0.8" nom = "7" percent-encoding = "2.1.0" proptest = { version = "1.0.0", optional = true } diff --git a/zcash_client_backend/src/proto.rs b/zcash_client_backend/src/proto.rs index 8597cd32b..2d0623916 100644 --- a/zcash_client_backend/src/proto.rs +++ b/zcash_client_backend/src/proto.rs @@ -94,7 +94,7 @@ impl compact_formats::CompactOutput { pub fn cmu(&self) -> Result { let mut repr = [0; 32]; repr.as_mut().copy_from_slice(&self.cmu[..]); - bls12_381::Scalar::from_repr(repr).ok_or(()) + Option::from(bls12_381::Scalar::from_repr(repr)).ok_or(()) } /// Returns the ephemeral public key for this output. diff --git a/zcash_client_sqlite/CHANGELOG.md b/zcash_client_sqlite/CHANGELOG.md index 7ac5cefa8..82cbf0d37 100644 --- a/zcash_client_sqlite/CHANGELOG.md +++ b/zcash_client_sqlite/CHANGELOG.md @@ -8,6 +8,7 @@ and this library adheres to Rust's notion of ## [Unreleased] ### Changed - MSRV is now 1.51.0. +- Bumped dependencies to `ff 0.11`, `group 0.11`, `jubjub 0.8`. - Renamed the following to use lower-case abbreviations (matching Rust naming conventions): - `zcash_client_sqlite::BlockDB` to `BlockDb` diff --git a/zcash_client_sqlite/Cargo.toml b/zcash_client_sqlite/Cargo.toml index 171cb3b42..469b58b0f 100644 --- a/zcash_client_sqlite/Cargo.toml +++ b/zcash_client_sqlite/Cargo.toml @@ -15,9 +15,9 @@ edition = "2018" [dependencies] bech32 = "0.8" bs58 = { version = "0.4", features = ["check"] } -ff = "0.10" -group = "0.10" -jubjub = "0.7" +ff = "0.11" +group = "0.11" +jubjub = "0.8" protobuf = "2.20" rand_core = "0.6" rusqlite = { version = "0.24", features = ["bundled", "time"] } diff --git a/zcash_client_sqlite/src/wallet/transact.rs b/zcash_client_sqlite/src/wallet/transact.rs index ac9dfcdeb..361696ba9 100644 --- a/zcash_client_sqlite/src/wallet/transact.rs +++ b/zcash_client_sqlite/src/wallet/transact.rs @@ -37,11 +37,11 @@ fn to_spendable_note(row: &Row) -> Result { // We store rcm directly in the data DB, regardless of whether the note // used a v1 or v2 note plaintext, so for the purposes of spending let's // pretend this is a pre-ZIP 212 note. - let rcm = jubjub::Fr::from_repr( + let rcm = Option::from(jubjub::Fr::from_repr( rcm_bytes[..] .try_into() .map_err(|_| SqliteClientError::InvalidNote)?, - ) + )) .ok_or(SqliteClientError::InvalidNote)?; Rseed::BeforeZip212(rcm) }; diff --git a/zcash_extensions/Cargo.toml b/zcash_extensions/Cargo.toml index 9ac9e08ef..d84002fb0 100644 --- a/zcash_extensions/Cargo.toml +++ b/zcash_extensions/Cargo.toml @@ -13,8 +13,8 @@ blake2b_simd = "0.5" zcash_primitives = { version = "0.5", path = "../zcash_primitives", features = ["zfuture" ] } [dev-dependencies] -ff = "0.10" -jubjub = "0.7" +ff = "0.11" +jubjub = "0.8" orchard = "0.0" rand_core = "0.6" zcash_proofs = { version = "0.5", path = "../zcash_proofs" } diff --git a/zcash_primitives/CHANGELOG.md b/zcash_primitives/CHANGELOG.md index 74df4bb33..8a1306968 100644 --- a/zcash_primitives/CHANGELOG.md +++ b/zcash_primitives/CHANGELOG.md @@ -54,6 +54,7 @@ and this library adheres to Rust's notion of ### Changed - MSRV is now 1.51.0. +- Bumped dependencies to `ff 0.11`, `group 0.11`, `bls12_381 0.6`, `jubjub 0.8`. - The following modules and helpers have been moved into `zcash_primitives::sapling`: - `zcash_primitives::group_hash` diff --git a/zcash_primitives/Cargo.toml b/zcash_primitives/Cargo.toml index 2b82b374c..00cfc6271 100644 --- a/zcash_primitives/Cargo.toml +++ b/zcash_primitives/Cargo.toml @@ -21,21 +21,21 @@ bitvec = "0.22" bip0039 = { version = "0.8.0", features = ["std", "all-languages"] } blake2b_simd = "0.5" blake2s_simd = "0.5" -bls12_381 = "0.5" +bls12_381 = "0.6" byteorder = "1" chacha20poly1305 = "0.9" equihash = { version = "0.1", path = "../components/equihash" } -ff = "0.10" +ff = "0.11" fpe = "0.5" -group = "0.10" +group = "0.11" hex = "0.4" incrementalmerkletree = "0.1" -jubjub = "0.7" +jubjub = "0.8" lazy_static = "1" log = "0.4" nonempty = "0.7" orchard = "0.0" -pasta_curves = "0.1" +pasta_curves = "0.2" proptest = { version = "1.0.0", optional = true } rand = "0.8" rand_core = "0.6" diff --git a/zcash_primitives/src/sapling.rs b/zcash_primitives/src/sapling.rs index cc591e4f1..99b06e703 100644 --- a/zcash_primitives/src/sapling.rs +++ b/zcash_primitives/src/sapling.rs @@ -115,7 +115,8 @@ impl HashSer for Node { impl From for bls12_381::Scalar { fn from(node: Node) -> Self { - bls12_381::Scalar::from_repr(node.repr).expect("Tree nodes should be in the prime field") + // Tree nodes should be in the prime field. + bls12_381::Scalar::from_repr(node.repr).unwrap() } } @@ -216,7 +217,7 @@ impl ViewingKey { // Drop the most significant five bits, so it can be interpreted as a scalar. h[31] &= 0b0000_0111; - SaplingIvk(jubjub::Fr::from_repr(h).expect("should be a valid scalar")) + SaplingIvk(jubjub::Fr::from_repr(h).unwrap()) } pub fn to_payment_address(&self, diversifier: Diversifier) -> Option { diff --git a/zcash_primitives/src/sapling/keys.rs b/zcash_primitives/src/sapling/keys.rs index 27b302ae8..4ab313bd6 100644 --- a/zcash_primitives/src/sapling/keys.rs +++ b/zcash_primitives/src/sapling/keys.rs @@ -72,12 +72,12 @@ impl ExpandedSpendingKey { pub fn read(mut reader: R) -> io::Result { let mut ask_repr = [0u8; 32]; reader.read_exact(ask_repr.as_mut())?; - let ask = jubjub::Fr::from_repr(ask_repr) + let ask = Option::from(jubjub::Fr::from_repr(ask_repr)) .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "ask not in field"))?; let mut nsk_repr = [0u8; 32]; reader.read_exact(nsk_repr.as_mut())?; - let nsk = jubjub::Fr::from_repr(nsk_repr) + let nsk = Option::from(jubjub::Fr::from_repr(nsk_repr)) .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nsk not in field"))?; let mut ovk = [0u8; 32]; diff --git a/zcash_primitives/src/sapling/note_encryption.rs b/zcash_primitives/src/sapling/note_encryption.rs index 7d833141a..a1de00bf8 100644 --- a/zcash_primitives/src/sapling/note_encryption.rs +++ b/zcash_primitives/src/sapling/note_encryption.rs @@ -102,7 +102,7 @@ where let r: [u8; 32] = plaintext[20..COMPACT_NOTE_SIZE].try_into().unwrap(); let rseed = if plaintext[0] == 0x01 { - let rcm = jubjub::Fr::from_repr(r)?; + let rcm = Option::from(jubjub::Fr::from_repr(r))?; Rseed::BeforeZip212(rcm) } else { Rseed::AfterZip212(r) @@ -351,6 +351,7 @@ impl Domain for SaplingDomain

{ .try_into() .expect("slice is the correct length"), ) + .into() } fn extract_memo(&self, plaintext: &[u8]) -> Self::Memo { diff --git a/zcash_primitives/src/sapling/redjubjub.rs b/zcash_primitives/src/sapling/redjubjub.rs index 4cc29f09f..37efd5d91 100644 --- a/zcash_primitives/src/sapling/redjubjub.rs +++ b/zcash_primitives/src/sapling/redjubjub.rs @@ -16,7 +16,7 @@ fn read_scalar(mut reader: R) -> io::Result { let mut s_repr = [0u8; 32]; reader.read_exact(s_repr.as_mut())?; - jubjub::Fr::from_repr(s_repr) + Option::from(jubjub::Fr::from_repr(s_repr)) .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidInput, "scalar is not in field")) } diff --git a/zcash_primitives/src/transaction/components/orchard.rs b/zcash_primitives/src/transaction/components/orchard.rs index e40b4d820..0ee878854 100644 --- a/zcash_primitives/src/transaction/components/orchard.rs +++ b/zcash_primitives/src/transaction/components/orchard.rs @@ -157,7 +157,7 @@ pub fn read_flags(mut reader: R) -> io::Result { pub fn read_anchor(mut reader: R) -> io::Result { let mut bytes = [0u8; 32]; reader.read_exact(&mut bytes)?; - Anchor::from_bytes(bytes).ok_or_else(|| { + Option::from(Anchor::from_bytes(bytes)).ok_or_else(|| { io::Error::new( io::ErrorKind::InvalidInput, "invalid Orchard anchor".to_owned(), diff --git a/zcash_primitives/src/transaction/components/sapling.rs b/zcash_primitives/src/transaction/components/sapling.rs index cd52ed7be..1b746c0bc 100644 --- a/zcash_primitives/src/transaction/components/sapling.rs +++ b/zcash_primitives/src/transaction/components/sapling.rs @@ -95,7 +95,7 @@ pub fn read_point(mut reader: R, field: &str) -> io::Result(mut reader: R, field: &str) -> io::Result { let mut f = [0u8; 32]; reader.read_exact(&mut f)?; - bls12_381::Scalar::from_repr(f).ok_or_else(|| { + Option::from(bls12_381::Scalar::from_repr(f)).ok_or_else(|| { io::Error::new( io::ErrorKind::InvalidInput, format!("{} not in field", field), diff --git a/zcash_proofs/CHANGELOG.md b/zcash_proofs/CHANGELOG.md index b89e8e273..f84c36b27 100644 --- a/zcash_proofs/CHANGELOG.md +++ b/zcash_proofs/CHANGELOG.md @@ -8,6 +8,8 @@ and this library adheres to Rust's notion of ## [Unreleased] ### Changed - MSRV is now 1.51.0. +- Bumped dependencies to `ff 0.11`, `group 0.11`, `bellman 0.11`, + `bls12_381 0.6`, `jubjub 0.8`. - `zcash_proofs::sapling::SaplingVerificationContext::new` now takes a `zip216_enabled` boolean; this is used to control how RedJubjub signatures are validated. diff --git a/zcash_proofs/Cargo.toml b/zcash_proofs/Cargo.toml index da9b90bb8..59b2fab96 100644 --- a/zcash_proofs/Cargo.toml +++ b/zcash_proofs/Cargo.toml @@ -15,14 +15,14 @@ edition = "2018" all-features = true [dependencies] -bellman = { version = "0.10", default-features = false, features = ["groth16"] } +bellman = { version = "0.11", default-features = false, features = ["groth16"] } blake2b_simd = "0.5" -bls12_381 = "0.5" +bls12_381 = "0.6" byteorder = "1" directories = { version = "3", optional = true } -ff = "0.10" -group = "0.10" -jubjub = "0.7" +ff = "0.11" +group = "0.11" +jubjub = "0.8" lazy_static = "1" minreq = { version = "2", features = ["https"], optional = true } rand_core = "0.6" diff --git a/zcash_proofs/src/circuit/ecc.rs b/zcash_proofs/src/circuit/ecc.rs index 17b4ed454..0a15f3dc6 100644 --- a/zcash_proofs/src/circuit/ecc.rs +++ b/zcash_proofs/src/circuit/ecc.rs @@ -1043,35 +1043,32 @@ mod test { assert!(p.assert_not_small_order(&mut cs).is_err() == is_small_order); }; - let check_small_order_from_strs = |u, v| { - let (u, v) = ( - bls12_381::Scalar::from_str(u).unwrap(), - bls12_381::Scalar::from_str(v).unwrap(), - ); + let check_small_order_from_u64s = |u, v| { + let (u, v) = (bls12_381::Scalar::from(u), bls12_381::Scalar::from(v)); let p = jubjub::AffinePoint::from_raw_unchecked(u, v); check_small_order_from_p(p.into(), true); }; // zero has low order - check_small_order_from_strs("0", "1"); + check_small_order_from_u64s(0, 1); // prime subgroup order - let prime_subgroup_order = jubjub::Fr::from_str( + let prime_subgroup_order = jubjub::Fr::from_str_vartime( "6554484396890773809930967563523245729705921265872317281365359162392183254199", ) .unwrap(); - let largest_small_subgroup_order = jubjub::Fr::from_str("8").unwrap(); + let largest_small_subgroup_order = jubjub::Fr::from(8); let (zero_u, zero_v) = (bls12_381::Scalar::zero(), bls12_381::Scalar::one()); // generator for jubjub let (u, v) = ( - bls12_381::Scalar::from_str( + bls12_381::Scalar::from_str_vartime( "11076627216317271660298050606127911965867021807910416450833192264015104452986", ) .unwrap(), - bls12_381::Scalar::from_str( + bls12_381::Scalar::from_str_vartime( "44412834903739585386157632289020980010620626017712148233229312325549216099227", ) .unwrap(), diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 028de8ee9..67fbf38cd 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -292,11 +292,11 @@ mod test { assert_eq!( res.get_u().get_value().unwrap(), - bls12_381::Scalar::from_str(expected_us[length - 300]).unwrap() + bls12_381::Scalar::from_str_vartime(expected_us[length - 300]).unwrap() ); assert_eq!( res.get_v().get_value().unwrap(), - bls12_381::Scalar::from_str(expected_vs[length - 300]).unwrap() + bls12_381::Scalar::from_str_vartime(expected_vs[length - 300]).unwrap() ); } } diff --git a/zcash_proofs/src/circuit/sapling.rs b/zcash_proofs/src/circuit/sapling.rs index 2af76ae12..882976f8a 100644 --- a/zcash_proofs/src/circuit/sapling.rs +++ b/zcash_proofs/src/circuit/sapling.rs @@ -464,7 +464,7 @@ impl Circuit for Output { // Witness the sign bit let sign_bit = boolean::Boolean::from(boolean::AllocatedBit::alloc( cs.namespace(|| "pk_d bit of u"), - pk_d.map(|e| e.get_u().is_odd()), + pk_d.map(|e| e.get_u().is_odd().into()), )?); // Extend the note with pk_d representation @@ -703,7 +703,7 @@ fn test_input_circuit_with_bls12_381_external_test_vectors() { for i in 0..10 { let value_commitment = ValueCommitment { value: i, - randomness: jubjub::Fr::from_str(&(1000 * (i + 1)).to_string()).unwrap(), + randomness: jubjub::Fr::from(1000 * (i + 1)), }; let proof_generation_key = ProofGenerationKey { @@ -740,11 +740,11 @@ fn test_input_circuit_with_bls12_381_external_test_vectors() { jubjub::ExtendedPoint::from(value_commitment.commitment()).to_affine(); assert_eq!( expected_value_commitment.get_u(), - bls12_381::Scalar::from_str(&expected_commitment_us[i as usize]).unwrap() + bls12_381::Scalar::from_str_vartime(&expected_commitment_us[i as usize]).unwrap() ); assert_eq!( expected_value_commitment.get_v(), - bls12_381::Scalar::from_str(&expected_commitment_vs[i as usize]).unwrap() + bls12_381::Scalar::from_str_vartime(&expected_commitment_vs[i as usize]).unwrap() ); let note = Note { value: value_commitment.value, diff --git a/zcash_proofs/src/constants.rs b/zcash_proofs/src/constants.rs index 0aa82344b..ee32dfd2e 100644 --- a/zcash_proofs/src/constants.rs +++ b/zcash_proofs/src/constants.rs @@ -109,7 +109,7 @@ pub(crate) fn to_montgomery_coords(g: ExtendedPoint) -> Option<(Scalar, Scalar)> // // We have that y != 1 above. If x = 0, the only // solutions for y are 1 (contradiction) or -1. - if x.is_zero() { + if x.is_zero_vartime() { // (0, -1) is the point of order two which is not // the neutral element, so we map it to (0, 0) which is // the only affine point of order 2. @@ -169,23 +169,20 @@ fn generate_pedersen_circuit_generators() -> Vec>> { #[cfg(test)] mod tests { - use ff::PrimeField; - use super::*; #[test] fn edwards_d() { // d = -(10240/10241) assert_eq!( - -Scalar::from_str("10240").unwrap() - * Scalar::from_str("10241").unwrap().invert().unwrap(), + -Scalar::from(10240) * Scalar::from(10241).invert().unwrap(), EDWARDS_D ); } #[test] fn montgomery_a() { - assert_eq!(Scalar::from_str("40962").unwrap(), MONTGOMERY_A); + assert_eq!(Scalar::from(40962), MONTGOMERY_A); } #[test]