Skip to content

Add NonIdentityPoint::new_from_constant#887

Open
ConstanceBeguier wants to merge 6 commits into
zcash:mainfrom
QED-it:add_non_identity_constant_point
Open

Add NonIdentityPoint::new_from_constant#887
ConstanceBeguier wants to merge 6 commits into
zcash:mainfrom
QED-it:add_non_identity_constant_point

Conversation

@ConstanceBeguier

@ConstanceBeguier ConstanceBeguier commented May 5, 2026

Copy link
Copy Markdown
Contributor

This PR adds NonIdentityPoint::new_from_constant to enable creating non-identity points that are properly pinned to constants, which is required by the Orchard ZSA circuit (Orchard PR).

More precisely, in the Orchard ZSA circuit, q_init_zec / q_init_zsa must be constrained to fixed constants, as they define the initial point Q of the Sinsemilla hash. If constructed via NonIdentityPoint::new, they remain unconstrained witnesses, allowing a prover to inject an arbitrary on-curve point and break commitment soundness.

@ConstanceBeguier
Add NonIdentityPoint::new_from_constant (#55)
d44d277 
This PR adds `NonIdentityPoint::new_from_constant` to enable creating non-identity points that are properly pinned to constants, which is required by the Orchard ZSA circuit ([Orchard PR](QED-it/orchard#246)).

More precisely, in the Orchard ZSA circuit, `q_init_zec` / `q_init_zsa` must be constrained to fixed constants, as they define the initial point `Q` of the Sinsemilla hash. If constructed via `NonIdentityPoint::new`, they remain unconstrained witnesses, allowing a prover to inject an arbitrary on-curve point and break commitment soundness.
@codecov-commenter

codecov-commenter commented May 11, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 68.75000% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.36%. Comparing base (7e76b1c) to head (d44d277).
⚠️ Report is 14 commits behind head on main.

Files with missing lines Patch % Lines
halo2_gadgets/src/ecc/chip/witness_point.rs 37.50% 5 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #887      +/-   ##
==========================================
+ Coverage   83.31%   83.36%   +0.05%     
==========================================
  Files         105      105              
  Lines       13054    13048       -6     
==========================================
+ Hits        10876    10878       +2     
+ Misses       2178     2170       -8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ConstanceBeguier
Test NonIdentityPoint::new_from_constant and Point::new_from_constant (
11eb2bf 
…#57)

Add tests for `NonIdentityPoint::new_from_constant` and `Point::new_from_constant`.
daira
daira reviewed Jun 3, 2026
View reviewed changes
Comment thread halo2_gadgets/src/test_circuits/circuit_data/vk_ecc_chip.rdata
},
fixed_commitments: [
(0x05f5862cad2888855bc3c1843a9eff57b11b592d9eb0e13354256661387f5231, 0x32236b14df85bf5f532a930232cb23a5c56ef7d67aaeed8bcb8fc10ea132cbd6),
(0x0b70f6f89e88131bb5ab28571ca837a4160b51998c6ced04328991a5c3bdcae9, 0x2cee3ef6523c2d36e01981c4794271d53fb47e9c5480b982a2ff3a869144d648),

@daira daira Jun 3, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes because of the call to super::chip::witness_point::tests::test_witness_non_id in MyEccCircuit::synthesize. But we need to ensure circuit stability, so actually MyEccCircuit should have a test_zsa_additions flag that is set to false in order to check stability of the existing fixtures (both _insecure and _fixed after halo2_gadgets 0.5.0), and to true for the circuit variant that tests non_constant_point_id as well (there we only need the "fixed" variant).

daira
daira requested changes Jun 3, 2026
View reviewed changes

@daira daira left a comment
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking requests:

  • rebase on top of halo2_gadgets 0.5.0 when that merges;
  • add a flag to MyEccCircuit so that the existing stability checks (test_ecc_chip_*_against_stored_circuit) continue to pass without changing the *.bin,*.rdata fixture files; and add new stability checks with new fixture files (only the circuit_version = AnchoredBase variant needed).

Otherwise this looks good, we'll merge it and release as halo2_gadgets 0.5.1.

@ConstanceBeguier ConstanceBeguier mentioned this pull request Jun 9, 2026
Merged
@ConstanceBeguier
Update new_from_constant tests to not change the existing stability c…
9756658 
…hecks (#58)

This PR introduces a circuit version flag in MyEccCircuit to preserve backward compatibility with the existing serialized circuit fixtures.
@ConstanceBeguier
Merge branch 'zcash-main' into merge_upstream_into_non_id_constant
b4388f5
@ConstanceBeguier
Merge pull request #59 from QED-it/merge_upstream_into_non_id_constant
7bfd002 
Merge upstream into add_non_identity_constant_point
@ConstanceBeguier
Add stored circuit regression test for ECC chip with ZSA additions (#62)
7db8243 
Adds a regression test for the ECC chip with ZSA additions enabled, verifying the proof and verification key against a stored reference.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daira daira daira requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ConstanceBeguier @codecov-commenter @daira