2022-01-04 18:41:47 -08:00
|
|
|
use ff::Field;
|
2021-01-23 09:54:31 -08:00
|
|
|
use halo2::{
|
|
|
|
arithmetic::FieldExt,
|
2021-06-21 11:10:59 -07:00
|
|
|
circuit::{Cell, Layouter, Region, SimpleFloorPlanner},
|
2021-01-23 09:54:31 -08:00
|
|
|
pasta::Fp,
|
2021-07-27 07:46:37 -07:00
|
|
|
plonk::{Advice, Circuit, Column, ConstraintSystem, Error, Fixed, TableColumn},
|
2021-01-23 09:54:31 -08:00
|
|
|
poly::Rotation,
|
|
|
|
};
|
2022-01-04 18:41:47 -08:00
|
|
|
use rand::rngs::OsRng;
|
2021-01-23 09:54:31 -08:00
|
|
|
use std::marker::PhantomData;
|
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
/// This represents an advice column at a certain row in the ConstraintSystem
|
|
|
|
#[derive(Copy, Clone, Debug)]
|
|
|
|
pub struct Variable(Column<Advice>, usize);
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
#[derive(Clone)]
|
|
|
|
struct PlonkConfig {
|
|
|
|
a: Column<Advice>,
|
|
|
|
b: Column<Advice>,
|
|
|
|
c: Column<Advice>,
|
|
|
|
d: Column<Advice>,
|
|
|
|
e: Column<Advice>,
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
sa: Column<Fixed>,
|
|
|
|
sb: Column<Fixed>,
|
|
|
|
sc: Column<Fixed>,
|
|
|
|
sm: Column<Fixed>,
|
|
|
|
sl: TableColumn,
|
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
trait StandardCs<FF: FieldExt> {
|
|
|
|
fn raw_multiply<F>(&self, region: &mut Region<FF>, f: F) -> Result<(Cell, Cell, Cell), Error>
|
|
|
|
where
|
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>;
|
|
|
|
fn raw_add<F>(&self, region: &mut Region<FF>, f: F) -> Result<(Cell, Cell, Cell), Error>
|
|
|
|
where
|
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>;
|
|
|
|
fn copy(&self, region: &mut Region<FF>, a: Cell, b: Cell) -> Result<(), Error>;
|
|
|
|
fn lookup_table(&self, layouter: &mut impl Layouter<FF>, values: &[FF]) -> Result<(), Error>;
|
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
struct MyCircuit<F: FieldExt> {
|
|
|
|
a: Option<F>,
|
|
|
|
lookup_table: Vec<F>,
|
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
struct StandardPlonk<F: FieldExt> {
|
|
|
|
config: PlonkConfig,
|
|
|
|
_marker: PhantomData<F>,
|
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
impl<FF: FieldExt> StandardPlonk<FF> {
|
|
|
|
fn new(config: PlonkConfig) -> Self {
|
|
|
|
StandardPlonk {
|
|
|
|
config,
|
|
|
|
_marker: PhantomData,
|
2021-01-23 09:54:31 -08:00
|
|
|
}
|
|
|
|
}
|
2021-09-30 15:34:34 -07:00
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
impl<FF: FieldExt> StandardCs<FF> for StandardPlonk<FF> {
|
|
|
|
fn raw_multiply<F>(
|
|
|
|
&self,
|
|
|
|
region: &mut Region<FF>,
|
|
|
|
mut f: F,
|
|
|
|
) -> Result<(Cell, Cell, Cell), Error>
|
|
|
|
where
|
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>,
|
|
|
|
{
|
|
|
|
let mut value = None;
|
|
|
|
let lhs = region.assign_advice(
|
|
|
|
|| "lhs",
|
|
|
|
self.config.a,
|
|
|
|
0,
|
|
|
|
|| {
|
|
|
|
value = Some(f()?);
|
2021-05-26 15:55:40 -07:00
|
|
|
Ok(value.ok_or(Error::Synthesis)?.0)
|
2021-09-30 15:34:34 -07:00
|
|
|
},
|
|
|
|
)?;
|
|
|
|
region.assign_advice(
|
|
|
|
|| "lhs^4",
|
|
|
|
self.config.d,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.0.square().square()),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
|
|
|
let rhs = region.assign_advice(
|
|
|
|
|| "rhs",
|
|
|
|
self.config.b,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.1),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
|
|
|
region.assign_advice(
|
|
|
|
|| "rhs^4",
|
|
|
|
self.config.e,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.1.square().square()),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
|
|
|
let out = region.assign_advice(
|
|
|
|
|| "out",
|
|
|
|
self.config.c,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.2),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
region.assign_fixed(|| "a", self.config.sa, 0, || Ok(FF::zero()))?;
|
|
|
|
region.assign_fixed(|| "b", self.config.sb, 0, || Ok(FF::zero()))?;
|
|
|
|
region.assign_fixed(|| "c", self.config.sc, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "a * b", self.config.sm, 0, || Ok(FF::one()))?;
|
2021-11-27 07:08:01 -08:00
|
|
|
Ok((lhs.cell(), rhs.cell(), out.cell()))
|
2021-09-30 15:34:34 -07:00
|
|
|
}
|
|
|
|
fn raw_add<F>(&self, region: &mut Region<FF>, mut f: F) -> Result<(Cell, Cell, Cell), Error>
|
|
|
|
where
|
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>,
|
|
|
|
{
|
|
|
|
let mut value = None;
|
|
|
|
let lhs = region.assign_advice(
|
|
|
|
|| "lhs",
|
|
|
|
self.config.a,
|
|
|
|
0,
|
|
|
|
|| {
|
|
|
|
value = Some(f()?);
|
2021-05-26 15:55:40 -07:00
|
|
|
Ok(value.ok_or(Error::Synthesis)?.0)
|
2021-09-30 15:34:34 -07:00
|
|
|
},
|
|
|
|
)?;
|
|
|
|
region.assign_advice(
|
|
|
|
|| "lhs^4",
|
|
|
|
self.config.d,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.0.square().square()),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
|
|
|
let rhs = region.assign_advice(
|
|
|
|
|| "rhs",
|
|
|
|
self.config.b,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.1),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
|
|
|
region.assign_advice(
|
|
|
|
|| "rhs^4",
|
|
|
|
self.config.e,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.1.square().square()),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
|
|
|
let out = region.assign_advice(
|
|
|
|
|| "out",
|
|
|
|
self.config.c,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.2),
|
2021-09-30 15:34:34 -07:00
|
|
|
)?;
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
region.assign_fixed(|| "a", self.config.sa, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "b", self.config.sb, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "c", self.config.sc, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "a * b", self.config.sm, 0, || Ok(FF::zero()))?;
|
2021-11-27 07:08:01 -08:00
|
|
|
Ok((lhs.cell(), rhs.cell(), out.cell()))
|
2021-09-30 15:34:34 -07:00
|
|
|
}
|
|
|
|
fn copy(&self, region: &mut Region<FF>, left: Cell, right: Cell) -> Result<(), Error> {
|
|
|
|
region.constrain_equal(left, right)
|
2021-01-23 09:54:31 -08:00
|
|
|
}
|
2021-09-30 15:34:34 -07:00
|
|
|
fn lookup_table(&self, layouter: &mut impl Layouter<FF>, values: &[FF]) -> Result<(), Error> {
|
|
|
|
layouter.assign_table(
|
|
|
|
|| "",
|
|
|
|
|mut table| {
|
|
|
|
for (index, &value) in values.iter().enumerate() {
|
|
|
|
table.assign_cell(|| "table col", self.config.sl, index, || Ok(value))?;
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
},
|
|
|
|
)?;
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
impl<F: FieldExt> Circuit<F> for MyCircuit<F> {
|
|
|
|
type Config = PlonkConfig;
|
|
|
|
type FloorPlanner = SimpleFloorPlanner;
|
2021-06-21 11:10:59 -07:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
fn without_witnesses(&self) -> Self {
|
|
|
|
Self {
|
|
|
|
a: None,
|
|
|
|
lookup_table: self.lookup_table.clone(),
|
2021-06-21 11:10:59 -07:00
|
|
|
}
|
2021-09-30 15:34:34 -07:00
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
#[allow(clippy::many_single_char_names)]
|
|
|
|
fn configure(meta: &mut ConstraintSystem<F>) -> PlonkConfig {
|
|
|
|
let e = meta.advice_column();
|
|
|
|
let a = meta.advice_column();
|
|
|
|
let b = meta.advice_column();
|
|
|
|
let sf = meta.fixed_column();
|
|
|
|
let c = meta.advice_column();
|
|
|
|
let d = meta.advice_column();
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-12-15 09:05:31 -08:00
|
|
|
meta.enable_equality(a);
|
|
|
|
meta.enable_equality(b);
|
|
|
|
meta.enable_equality(c);
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
let sm = meta.fixed_column();
|
|
|
|
let sa = meta.fixed_column();
|
|
|
|
let sb = meta.fixed_column();
|
|
|
|
let sc = meta.fixed_column();
|
|
|
|
let sl = meta.lookup_table_column();
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
/*
|
|
|
|
* A B ... sl
|
|
|
|
* [
|
|
|
|
* instance 0 ... 0
|
|
|
|
* a a ... 0
|
|
|
|
* a a^2 ... 0
|
|
|
|
* a a ... 0
|
|
|
|
* a a^2 ... 0
|
|
|
|
* ... ... ... ...
|
|
|
|
* ... ... ... instance
|
|
|
|
* ... ... ... a
|
|
|
|
* ... ... ... a
|
|
|
|
* ... ... ... 0
|
|
|
|
* ]
|
|
|
|
*/
|
|
|
|
meta.lookup(|meta| {
|
2021-12-15 09:05:31 -08:00
|
|
|
let a_ = meta.query_any(a, Rotation::cur());
|
2021-09-30 15:34:34 -07:00
|
|
|
vec![(a_, sl)]
|
|
|
|
});
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
meta.create_gate("Combined add-mult", |meta| {
|
|
|
|
let d = meta.query_advice(d, Rotation::next());
|
|
|
|
let a = meta.query_advice(a, Rotation::cur());
|
|
|
|
let sf = meta.query_fixed(sf, Rotation::cur());
|
|
|
|
let e = meta.query_advice(e, Rotation::prev());
|
|
|
|
let b = meta.query_advice(b, Rotation::cur());
|
|
|
|
let c = meta.query_advice(c, Rotation::cur());
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
let sa = meta.query_fixed(sa, Rotation::cur());
|
|
|
|
let sb = meta.query_fixed(sb, Rotation::cur());
|
|
|
|
let sc = meta.query_fixed(sc, Rotation::cur());
|
|
|
|
let sm = meta.query_fixed(sm, Rotation::cur());
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
vec![a.clone() * sa + b.clone() * sb + a * b * sm - (c * sc) + sf * (d * e)]
|
|
|
|
});
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
PlonkConfig {
|
|
|
|
a,
|
|
|
|
b,
|
|
|
|
c,
|
|
|
|
d,
|
|
|
|
e,
|
|
|
|
sa,
|
|
|
|
sb,
|
|
|
|
sc,
|
|
|
|
sm,
|
|
|
|
sl,
|
2021-01-23 09:54:31 -08:00
|
|
|
}
|
2021-09-30 15:34:34 -07:00
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
fn synthesize(&self, config: PlonkConfig, mut layouter: impl Layouter<F>) -> Result<(), Error> {
|
|
|
|
let cs = StandardPlonk::new(config);
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
for i in 0..10 {
|
|
|
|
layouter.assign_region(
|
|
|
|
|| format!("region_{}", i),
|
|
|
|
|mut region| {
|
|
|
|
let mut a_squared = None;
|
|
|
|
let (a0, _, c0) = cs.raw_multiply(&mut region, || {
|
|
|
|
a_squared = self.a.map(|a| a.square());
|
|
|
|
Ok((
|
2021-05-26 15:55:40 -07:00
|
|
|
self.a.ok_or(Error::Synthesis)?,
|
|
|
|
self.a.ok_or(Error::Synthesis)?,
|
|
|
|
a_squared.ok_or(Error::Synthesis)?,
|
2021-09-30 15:34:34 -07:00
|
|
|
))
|
|
|
|
})?;
|
|
|
|
let (a1, b1, _) = cs.raw_add(&mut region, || {
|
|
|
|
let fin = a_squared.and_then(|a2| self.a.map(|a| a + a2));
|
|
|
|
Ok((
|
2021-05-26 15:55:40 -07:00
|
|
|
self.a.ok_or(Error::Synthesis)?,
|
|
|
|
a_squared.ok_or(Error::Synthesis)?,
|
|
|
|
fin.ok_or(Error::Synthesis)?,
|
2021-09-30 15:34:34 -07:00
|
|
|
))
|
|
|
|
})?;
|
|
|
|
cs.copy(&mut region, a0, a1)?;
|
|
|
|
cs.copy(&mut region, b1, c0)
|
|
|
|
},
|
|
|
|
)?;
|
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
cs.lookup_table(&mut layouter, &self.lookup_table)?;
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
Ok(())
|
2021-01-23 09:54:31 -08:00
|
|
|
}
|
2021-09-30 15:34:34 -07:00
|
|
|
}
|
2021-01-23 09:54:31 -08:00
|
|
|
|
2021-09-30 15:38:00 -07:00
|
|
|
// ANCHOR: dev-graph
|
2021-09-30 15:34:34 -07:00
|
|
|
fn main() {
|
2021-09-30 15:38:00 -07:00
|
|
|
// Prepare the circuit you want to render.
|
|
|
|
// You don't need to include any witness variables.
|
2022-01-04 18:41:47 -08:00
|
|
|
let a = Fp::random(OsRng);
|
2021-02-14 09:30:36 -08:00
|
|
|
let instance = Fp::one() + Fp::one();
|
|
|
|
let lookup_table = vec![instance, a, a, Fp::zero()];
|
2021-01-23 09:54:31 -08:00
|
|
|
let circuit: MyCircuit<Fp> = MyCircuit {
|
|
|
|
a: None,
|
2021-07-22 11:07:17 -07:00
|
|
|
lookup_table,
|
2021-01-23 09:54:31 -08:00
|
|
|
};
|
|
|
|
|
2021-09-30 15:38:00 -07:00
|
|
|
// Create the area you want to draw on.
|
|
|
|
// Use SVGBackend if you want to render to .svg instead.
|
2021-09-30 15:34:34 -07:00
|
|
|
use plotters::prelude::*;
|
2021-09-30 15:38:00 -07:00
|
|
|
let root = BitMapBackend::new("layout.png", (1024, 768)).into_drawing_area();
|
2021-01-23 09:54:31 -08:00
|
|
|
root.fill(&WHITE).unwrap();
|
|
|
|
let root = root
|
|
|
|
.titled("Example Circuit Layout", ("sans-serif", 60))
|
|
|
|
.unwrap();
|
|
|
|
|
2021-09-30 15:34:34 -07:00
|
|
|
halo2::dev::CircuitLayout::default()
|
2021-09-30 15:38:00 -07:00
|
|
|
// You can optionally render only a section of the circuit.
|
|
|
|
.view_width(0..2)
|
|
|
|
.view_height(0..16)
|
|
|
|
// You can hide labels, which can be useful with smaller areas.
|
|
|
|
.show_labels(false)
|
|
|
|
// Render the circuit onto your area!
|
|
|
|
// The first argument is the size parameter for the circuit.
|
2021-09-30 15:34:34 -07:00
|
|
|
.render(5, &circuit, &root)
|
|
|
|
.unwrap();
|
2021-01-23 09:54:31 -08:00
|
|
|
}
|
2021-09-30 15:38:00 -07:00
|
|
|
// ANCHOR_END: dev-graph
|