ebfull
ebfull
I didn't want to bring in the `rand` crate and deal with that mess, so the proofs right now are not zero-knowledge as mentioned in this comment: https://github.com/ebfull/sonic/blob/master/src/synthesis.rs#L666
k(Y) needs to be placed in the transcript prior to the choice of y or there will be soundness problems (prover could maliciously fiddle with the public inputs to satisfy...
``` error[E0658]: the `unsafe_op_in_unsafe_fn` lint is unstable Error: --> /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/os_str_bytes-6.0.0/src/lib.rs:159:1 | 159 | #![forbid(unsafe_op_in_unsafe_fn)] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | = note: see issue #71668 for more information error: aborting due to previous...
There may be some useful pieces of the old [Sapling security analysis](https://raw.githubusercontent.com/zcash/sapling-security-analysis/master/SaplingSecurityProof.pdf) that would be useful to extract and place into the Orchard book. I don't think this is urgent;...
The `MultiEq` API relies on `drop`, which is not guaranteed to run. By wrapping the logic in a closure we ensure the final accumulation step must be performed to proceed...
These kinds of tests exist in `pairing` but we'd like to perform them for `Fs`. However, I don't want to implement `Fs` in `pairing`. So, this is tricky. Best alternative...
`Note::uncommitted()` produces `Fr(1)` (it's the smallest invalid u-coordinate) but this is specific to Jubjub, and so should be explicitly obtained from JubjubEngine (and tested to be invalid on the curve).
`EdwardsPoint::interpret()` uses an unnecessary constraint when determining if a point is on the curve.
This one isn't that important since we won't be doing it very often.
This trait (see `src/circuit/mod.rs`) has become an unnecessary wrapper around `Option::ok_or()` etc.