diff --git a/halo2_gadgets/src/sinsemilla/chip.rs b/halo2_gadgets/src/sinsemilla/chip.rs index 441ba975af..c55efd1105 100644 --- a/halo2_gadgets/src/sinsemilla/chip.rs +++ b/halo2_gadgets/src/sinsemilla/chip.rs @@ -43,11 +43,8 @@ where /// q_sinsemilla2 is used to define a synthetic selector, /// q_sinsemilla3 = (q_sinsemilla2) ⋅ (q_sinsemilla2 - 1) /// Simple selector used to constrain hash initialization to be consistent with - /// the y-coordinate of the domain $Q$ when $y_Q$ is a public constant. + /// the y-coordinate of the domain $Q$. q_sinsemilla4: Selector, - /// Simple selector used to constrain hash initialization to be consistent with - /// the y-coordinate of the domain $Q$ when $y_Q$ is a private value. - q_sinsemilla4_private: Selector, /// Fixed column used to load the y-coordinate of the domain $Q$. fixed_y_q: Column, /// Logic specific to merged double-and-add. @@ -168,7 +165,6 @@ where q_sinsemilla1: meta.complex_selector(), q_sinsemilla2: meta.fixed_column(), q_sinsemilla4: meta.selector(), - q_sinsemilla4_private: meta.selector(), fixed_y_q, double_and_add: DoubleAndAdd { x_a: advices[0], @@ -206,23 +202,8 @@ where // Check that the initial x_A, x_P, lambda_1, lambda_2 are consistent with y_Q. // https://p.z.cash/halo2-0.1:sinsemilla-constraints?partial - meta.create_gate("Initial y_Q (public)", |meta| { + meta.create_gate("Initial y_Q", |meta| { let q_s4 = meta.query_selector(config.q_sinsemilla4); - let y_q = meta.query_fixed(config.fixed_y_q); - - // Y_A = (lambda_1 + lambda_2) * (x_a - x_r) - let Y_A_cur = Y_A(meta, Rotation::cur()); - - // 2 * y_q - Y_{A,0} = 0 - let init_y_q_check = y_q * two - Y_A_cur; - - Constraints::with_selector(q_s4, Some(("init_y_q_check", init_y_q_check))) - }); - - // Check that the initial x_A, x_P, lambda_1, lambda_2 are consistent with y_Q. - // https://p.z.cash/halo2-0.1:sinsemilla-constraints?partial - meta.create_gate("Initial y_Q (private)", |meta| { - let q_s4 = meta.query_selector(config.q_sinsemilla4_private); let y_q = meta.query_advice(config.double_and_add.x_p, Rotation::prev()); // Y_A = (lambda_1 + lambda_2) * (x_a - x_r) diff --git a/halo2_gadgets/src/sinsemilla/chip/hash_to_point.rs b/halo2_gadgets/src/sinsemilla/chip/hash_to_point.rs index 226e5e8a05..165615efaa 100644 --- a/halo2_gadgets/src/sinsemilla/chip/hash_to_point.rs +++ b/halo2_gadgets/src/sinsemilla/chip/hash_to_point.rs @@ -168,16 +168,17 @@ where #[allow(non_snake_case)] /// Assign the coordinates of the initial public point `Q` /// - /// | offset | x_A | q_sinsemilla4 | fixed_y_Q | - /// -------------------------------------------- - /// | 0 | x_Q | 1 | y_Q | + /// | offset | x_A | x_P | q_sinsemilla4 | + /// -------------------------------------- + /// | 0 | | y_Q | | + /// | 1 | x_Q | | 1 | fn public_initialization( &self, region: &mut Region<'_, pallas::Base>, Q: pallas::Affine, ) -> Result<(usize, X, Y), Error> { let config = self.config().clone(); - let offset = 0; + let mut offset = 0; // Get the `x`- and `y`-coordinates of the starting `Q` base. let x_q = *Q.coordinates().unwrap().x(); @@ -186,17 +187,19 @@ where // Constrain the initial x_a, lambda_1, lambda_2, x_p using the q_sinsemilla4 // selector. let y_a: Y = { - // Enable `q_sinsemilla4` on the first row. - config.q_sinsemilla4.enable(region, offset)?; - region.assign_fixed( - || "fixed y_q", - config.fixed_y_q, - offset, - || Value::known(y_q), - )?; + // Enable `q_sinsemilla4` on the second row. + config.q_sinsemilla4.enable(region, offset + 1)?; + let y_a: AssignedCell, pallas::Base> = region + .assign_advice_from_constant( + || "fixed y_q", + config.double_and_add.x_p, + offset, + y_q.into(), + )?; - Value::known(y_q.into()).into() + y_a.value_field().into() }; + offset += 1; // Constrain the initial x_q to equal the x-coordinate of the domain's `Q`. let x_a: X = { @@ -216,10 +219,10 @@ where #[allow(non_snake_case)] /// Assign the coordinates of the initial private point `Q` /// - /// | offset | x_A | x_P | q_sinsemilla4_private | - /// ----------------------------------------------- - /// | 0 | | y_Q | | - /// | 1 | x_Q | | 1 | + /// | offset | x_A | x_P | q_sinsemilla4 | + /// -------------------------------------- + /// | 0 | | y_Q | | + /// | 1 | x_Q | | 1 | fn private_initialization( &self, region: &mut Region<'_, pallas::Base>, @@ -229,10 +232,10 @@ where let mut offset = 0; // Assign `x_Q` and `y_Q` in the region and constrain the initial x_a, lambda_1, lambda_2, - // x_p, y_Q using the q_sinsemilla4_private selector. + // x_p, y_Q using the q_sinsemilla4 selector. let y_a: Y = { - // Enable `q_sinsemilla4_private` on the first row. - config.q_sinsemilla4_private.enable(region, offset + 1)?; + // Enable `q_sinsemilla4` on the second row. + config.q_sinsemilla4.enable(region, offset + 1)?; let q_y: AssignedCell, pallas::Base> = Q.y().into(); let y_a: AssignedCell, pallas::Base> = q_y.copy_advice(|| "fixed y_q", region, config.double_and_add.x_p, offset)?;