zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove `FieldExt::from_u64` usage from SHA-256 example

This commit is contained in:
Jack Grigg 2021-12-25 13:34:36 +00:00
parent af8e0d619a
commit 9297a938ab
9 changed files with 225 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/sha256/table16.rs
View File

@ -3,7 +3,6 @@ use std::marker::PhantomData;
use super::Sha256Instructions;
use halo2::{
arithmetic::FieldExt,
circuit::{AssignedCell, Chip, Layouter, Region},
pasta::pallas,
plonk::{Advice, Any, Assigned, Column, ConstraintSystem, Error},
@ -84,7 +83,7 @@ impl<const LEN: usize> From<&Bits<LEN>> for [bool; LEN] {
impl<const LEN: usize> From<&Bits<LEN>> for Assigned<pallas::Base> {
fn from(bits: &Bits<LEN>) -> Assigned<pallas::Base> {
assert!(LEN <= 64);
pallas::Base::from_u64(lebs2ip(&bits.0)).into()
pallas::Base::from(lebs2ip(&bits.0)).into()
}
}

166
examples/sha256/table16/compression/compression_gates.rs
View File

@ -47,21 +47,21 @@ impl<F: FieldExt> CompressionGate<F> {
let range_check_tag_b = Gate::range_check(tag_b, 0, 2);
let range_check_tag_d = Gate::range_check(tag_d, 0, 1);
let dense_check = a
+ b * F::from_u64(1 << 2)
+ c_lo * F::from_u64(1 << 13)
+ c_mid * F::from_u64(1 << 16)
+ c_hi * F::from_u64(1 << 19)
+ d * F::from_u64(1 << 22)
+ b * F::from(1 << 2)
+ c_lo * F::from(1 << 13)
+ c_mid * F::from(1 << 16)
+ c_hi * F::from(1 << 19)
+ d * F::from(1 << 22)
+ word_lo * (-F::one())
+ word_hi * F::from_u64(1 << 16) * (-F::one());
+ word_hi * F::from(1 << 16) * (-F::one());
let spread_check = spread_a
+ spread_b * F::from_u64(1 << 4)
+ spread_c_lo * F::from_u64(1 << 26)
+ spread_c_mid * F::from_u64(1 << 32)
+ spread_c_hi * F::from_u64(1 << 38)
+ spread_d * F::from_u64(1 << 44)
+ spread_b * F::from(1 << 4)
+ spread_c_lo * F::from(1 << 26)
+ spread_c_mid * F::from(1 << 32)
+ spread_c_hi * F::from(1 << 38)
+ spread_d * F::from(1 << 44)
+ spread_word_lo * (-F::one())
+ spread_word_hi * F::from_u64(1 << 32) * (-F::one());
+ spread_word_hi * F::from(1 << 32) * (-F::one());
check_spread_and_range
.chain(Some(("range_check_tag_b", range_check_tag_b)))
@ -112,21 +112,21 @@ impl<F: FieldExt> CompressionGate<F> {
let range_check_tag_c = Gate::range_check(tag_c, 0, 4);
let range_check_tag_d = Gate::range_check(tag_d, 0, 0);
let dense_check = a_lo
+ a_hi * F::from_u64(1 << 3)
+ b_lo * F::from_u64(1 << 6)
+ b_hi * F::from_u64(1 << 8)
+ c * F::from_u64(1 << 11)
+ d * F::from_u64(1 << 25)
+ a_hi * F::from(1 << 3)
+ b_lo * F::from(1 << 6)
+ b_hi * F::from(1 << 8)
+ c * F::from(1 << 11)
+ d * F::from(1 << 25)
+ word_lo * (-F::one())
+ word_hi * F::from_u64(1 << 16) * (-F::one());
+ word_hi * F::from(1 << 16) * (-F::one());
let spread_check = spread_a_lo
+ spread_a_hi * F::from_u64(1 << 6)
+ spread_b_lo * F::from_u64(1 << 12)
+ spread_b_hi * F::from_u64(1 << 16)
+ spread_c * F::from_u64(1 << 22)
+ spread_d * F::from_u64(1 << 50)
+ spread_a_hi * F::from(1 << 6)
+ spread_b_lo * F::from(1 << 12)
+ spread_b_hi * F::from(1 << 16)
+ spread_c * F::from(1 << 22)
+ spread_d * F::from(1 << 50)
+ spread_word_lo * (-F::one())
+ spread_word_hi * F::from_u64(1 << 32) * (-F::one());
+ spread_word_hi * F::from(1 << 32) * (-F::one());
check_spread_and_range
.chain(Some(("range_check_tag_c", range_check_tag_c)))
@ -153,26 +153,26 @@ impl<F: FieldExt> CompressionGate<F> {
spread_d: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let spread_witness = spread_r0_even
+ spread_r0_odd * F::from_u64(2)
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
+ spread_r0_odd * F::from(2)
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
let xor_0 = spread_b.clone()
+ spread_c_lo.clone() * F::from_u64(1 << 22)
+ spread_c_mid.clone() * F::from_u64(1 << 28)
+ spread_c_hi.clone() * F::from_u64(1 << 34)
+ spread_d.clone() * F::from_u64(1 << 40)
+ spread_a.clone() * F::from_u64(1 << 60);
+ spread_c_lo.clone() * F::from(1 << 22)
+ spread_c_mid.clone() * F::from(1 << 28)
+ spread_c_hi.clone() * F::from(1 << 34)
+ spread_d.clone() * F::from(1 << 40)
+ spread_a.clone() * F::from(1 << 60);
let xor_1 = spread_c_lo.clone()
+ spread_c_mid.clone() * F::from_u64(1 << 6)
+ spread_c_hi.clone() * F::from_u64(1 << 12)
+ spread_d.clone() * F::from_u64(1 << 18)
+ spread_a.clone() * F::from_u64(1 << 38)
+ spread_b.clone() * F::from_u64(1 << 42);
+ spread_c_mid.clone() * F::from(1 << 6)
+ spread_c_hi.clone() * F::from(1 << 12)
+ spread_d.clone() * F::from(1 << 18)
+ spread_a.clone() * F::from(1 << 38)
+ spread_b.clone() * F::from(1 << 42);
let xor_2 = spread_d
+ spread_a * F::from_u64(1 << 20)
+ spread_b * F::from_u64(1 << 24)
+ spread_c_lo * F::from_u64(1 << 46)
+ spread_c_mid * F::from_u64(1 << 52)
+ spread_c_hi * F::from_u64(1 << 58);
+ spread_a * F::from(1 << 20)
+ spread_b * F::from(1 << 24)
+ spread_c_lo * F::from(1 << 46)
+ spread_c_mid * F::from(1 << 52)
+ spread_c_hi * F::from(1 << 58);
let xor = xor_0 + xor_1 + xor_2;
let check = spread_witness + (xor * -F::one());
@ -196,27 +196,27 @@ impl<F: FieldExt> CompressionGate<F> {
spread_d: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let spread_witness = spread_r0_even
+ spread_r0_odd * F::from_u64(2)
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
+ spread_r0_odd * F::from(2)
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
let xor_0 = spread_b_lo.clone()
+ spread_b_hi.clone() * F::from_u64(1 << 4)
+ spread_c.clone() * F::from_u64(1 << 10)
+ spread_d.clone() * F::from_u64(1 << 38)
+ spread_a_lo.clone() * F::from_u64(1 << 52)
+ spread_a_hi.clone() * F::from_u64(1 << 58);
+ spread_b_hi.clone() * F::from(1 << 4)
+ spread_c.clone() * F::from(1 << 10)
+ spread_d.clone() * F::from(1 << 38)
+ spread_a_lo.clone() * F::from(1 << 52)
+ spread_a_hi.clone() * F::from(1 << 58);
let xor_1 = spread_c.clone()
+ spread_d.clone() * F::from_u64(1 << 28)
+ spread_a_lo.clone() * F::from_u64(1 << 42)
+ spread_a_hi.clone() * F::from_u64(1 << 48)
+ spread_b_lo.clone() * F::from_u64(1 << 54)
+ spread_b_hi.clone() * F::from_u64(1 << 58);
+ spread_d.clone() * F::from(1 << 28)
+ spread_a_lo.clone() * F::from(1 << 42)
+ spread_a_hi.clone() * F::from(1 << 48)
+ spread_b_lo.clone() * F::from(1 << 54)
+ spread_b_hi.clone() * F::from(1 << 58);
let xor_2 = spread_d
+ spread_a_lo * F::from_u64(1 << 14)
+ spread_a_hi * F::from_u64(1 << 20)
+ spread_b_lo * F::from_u64(1 << 26)
+ spread_b_hi * F::from_u64(1 << 30)
+ spread_c * F::from_u64(1 << 36);
+ spread_a_lo * F::from(1 << 14)
+ spread_a_hi * F::from(1 << 20)
+ spread_b_lo * F::from(1 << 26)
+ spread_b_hi * F::from(1 << 30)
+ spread_c * F::from(1 << 36);
let xor = xor_0 + xor_1 + xor_2;
let check = spread_witness + (xor * -F::one());
@ -238,11 +238,11 @@ impl<F: FieldExt> CompressionGate<F> {
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let lhs_lo = spread_e_lo + spread_f_lo;
let lhs_hi = spread_e_hi + spread_f_hi;
let lhs = lhs_lo + lhs_hi * F::from_u64(1 << 32);
let lhs = lhs_lo + lhs_hi * F::from(1 << 32);
let rhs_even = spread_p0_even + spread_p1_even * F::from_u64(1 << 32);
let rhs_odd = spread_p0_odd + spread_p1_odd * F::from_u64(1 << 32);
let rhs = rhs_even + rhs_odd * F::from_u64(2);
let rhs_even = spread_p0_even + spread_p1_even * F::from(1 << 32);
let rhs_odd = spread_p0_odd + spread_p1_odd * F::from(1 << 32);
let rhs = rhs_even + rhs_odd * F::from(2);
let check = lhs + rhs * -F::one();
@ -265,7 +265,7 @@ impl<F: FieldExt> CompressionGate<F> {
spread_g_hi: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let neg_check = {
let evens = Self::ones() * F::from_u64(MASK_EVEN_32 as u64);
let evens = Self::ones() * F::from(MASK_EVEN_32 as u64);
// evens - spread_e_lo = spread_e_neg_lo
let lo_check = spread_e_neg_lo.clone() + spread_e_lo + (evens.clone() * (-F::one()));
// evens - spread_e_hi = spread_e_neg_hi
@ -278,11 +278,11 @@ impl<F: FieldExt> CompressionGate<F> {
let lhs_lo = spread_e_neg_lo + spread_g_lo;
let lhs_hi = spread_e_neg_hi + spread_g_hi;
let lhs = lhs_lo + lhs_hi * F::from_u64(1 << 32);
let lhs = lhs_lo + lhs_hi * F::from(1 << 32);
let rhs_even = spread_q0_even + spread_q1_even * F::from_u64(1 << 32);
let rhs_odd = spread_q0_odd + spread_q1_odd * F::from_u64(1 << 32);
let rhs = rhs_even + rhs_odd * F::from_u64(2);
let rhs_even = spread_q0_even + spread_q1_even * F::from(1 << 32);
let rhs_odd = spread_q0_odd + spread_q1_odd * F::from(1 << 32);
let rhs = rhs_even + rhs_odd * F::from(2);
neg_check
.chain(Some(("s_ch_neg", lhs - rhs)))
@ -304,13 +304,13 @@ impl<F: FieldExt> CompressionGate<F> {
spread_c_lo: Expression<F>,
spread_c_hi: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let maj_even = spread_m_0_even + spread_m_1_even * F::from_u64(1 << 32);
let maj_odd = spread_m_0_odd + spread_m_1_odd * F::from_u64(1 << 32);
let maj = maj_even + maj_odd * F::from_u64(2);
let maj_even = spread_m_0_even + spread_m_1_even * F::from(1 << 32);
let maj_odd = spread_m_0_odd + spread_m_1_odd * F::from(1 << 32);
let maj = maj_even + maj_odd * F::from(2);
let a = spread_a_lo + spread_a_hi * F::from_u64(1 << 32);
let b = spread_b_lo + spread_b_hi * F::from_u64(1 << 32);
let c = spread_c_lo + spread_c_hi * F::from_u64(1 << 32);
let a = spread_a_lo + spread_a_hi * F::from(1 << 32);
let b = spread_b_lo + spread_b_hi * F::from(1 << 32);
let c = spread_c_lo + spread_c_hi * F::from(1 << 32);
let sum = a + b + c;
std::iter::empty().chain(Some(("maj", s_maj * (sum - maj))))
@ -339,10 +339,10 @@ impl<F: FieldExt> CompressionGate<F> {
let lo = h_lo + ch_lo + ch_neg_lo + sigma_e_lo + k_lo + w_lo;
let hi = h_hi + ch_hi + ch_neg_hi + sigma_e_hi + k_hi + w_hi;
let sum = lo + hi * F::from_u64(1 << 16);
let h_prime = h_prime_lo + h_prime_hi * F::from_u64(1 << 16);
let sum = lo + hi * F::from(1 << 16);
let h_prime = h_prime_lo + h_prime_hi * F::from(1 << 16);
let check = sum - (h_prime_carry * F::from_u64(1 << 32)) - h_prime;
let check = sum - (h_prime_carry * F::from(1 << 32)) - h_prime;
std::iter::empty().chain(Some(("s_h_prime", s_h_prime * check)))
}
@ -363,10 +363,10 @@ impl<F: FieldExt> CompressionGate<F> {
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let lo = sigma_a_lo + maj_abc_lo + h_prime_lo;
let hi = sigma_a_hi + maj_abc_hi + h_prime_hi;
let sum = lo + hi * F::from_u64(1 << 16);
let a_new = a_new_lo + a_new_hi * F::from_u64(1 << 16);
let sum = lo + hi * F::from(1 << 16);
let a_new = a_new_lo + a_new_hi * F::from(1 << 16);
let check = sum - (a_new_carry * F::from_u64(1 << 32)) - a_new;
let check = sum - (a_new_carry * F::from(1 << 32)) - a_new;
std::iter::empty().chain(Some(("s_a_new", s_a_new * check)))
}
@ -385,10 +385,10 @@ impl<F: FieldExt> CompressionGate<F> {
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let lo = h_prime_lo + d_lo;
let hi = h_prime_hi + d_hi;
let sum = lo + hi * F::from_u64(1 << 16);
let e_new = e_new_lo + e_new_hi * F::from_u64(1 << 16);
let sum = lo + hi * F::from(1 << 16);
let e_new = e_new_lo + e_new_hi * F::from(1 << 16);
let check = sum - (e_new_carry * F::from_u64(1 << 32)) - e_new;
let check = sum - (e_new_carry * F::from(1 << 32)) - e_new;
std::iter::empty().chain(Some(("s_e_new", s_e_new * check)))
}
@ -411,7 +411,7 @@ impl<F: FieldExt> CompressionGate<F> {
word_3: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let check_lo_hi = |lo: Expression<F>, hi: Expression<F>, word: Expression<F>| {
lo + hi * F::from_u64(1 << 16) - word
lo + hi * F::from(1 << 16) - word
};
array::IntoIter::new([

15
examples/sha256/table16/compression/compression_util.rs
View File

@ -4,7 +4,6 @@ use super::{
};
use crate::table16::{util::*, AssignedBits, SpreadVar, SpreadWord, StateWord, Table16Assignment};
use halo2::{
arithmetic::FieldExt,
circuit::Region,
pasta::pallas,
plonk::{Advice, Column, Error},
@ -782,7 +781,7 @@ impl CompressionConfig {
row + 1,
|| {
h_prime_carry
.map(|value| pallas::Base::from_u64(value as u64))
.map(|value| pallas::Base::from(value as u64))
.ok_or(Error::Synthesis)
},
)?;
@ -831,11 +830,7 @@ impl CompressionConfig {
|| "e_new_carry",
a_9,
row + 1,
|| {
e_new_carry
.map(pallas::Base::from_u64)
.ok_or(Error::Synthesis)
},
|| e_new_carry.map(pallas::Base::from).ok_or(Error::Synthesis),
)?;
Ok(e_new_dense)
@ -889,11 +884,7 @@ impl CompressionConfig {
|| "a_new_carry",
a_9,
row,
|| {
a_new_carry
.map(pallas::Base::from_u64)
.ok_or(Error::Synthesis)
},
|| a_new_carry.map(pallas::Base::from).ok_or(Error::Synthesis),
)?;
Ok(a_new_dense)

7
examples/sha256/table16/compression/subregion_digest.rs
View File

@ -1,7 +1,6 @@
use super::super::{super::DIGEST_SIZE, BlockWord, RoundWordDense};
use super::{compression_util::*, CompressionConfig, State};
use halo2::{
arithmetic::FieldExt,
circuit::Region,
pasta::pallas,
plonk::{Advice, Column, Error},
@ -41,7 +40,7 @@ impl CompressionConfig {
a_5,
abcd_row,
|| {
a.map(|a| pallas::Base::from_u64(a as u64))
a.map(|a| pallas::Base::from(a as u64))
.ok_or(Error::Synthesis)
},
)?;
@ -63,7 +62,7 @@ impl CompressionConfig {
a_5,
efgh_row,
|| {
e.map(|e| pallas::Base::from_u64(e as u64))
e.map(|e| pallas::Base::from(e as u64))
.ok_or(Error::Synthesis)
},
)?;
@ -102,7 +101,7 @@ impl CompressionConfig {
word_col,
row,
|| {
val.map(|val| pallas::Base::from_u64(val as u64))
val.map(|val| pallas::Base::from(val as u64))
.ok_or(Error::Synthesis)
},
)?;

12
examples/sha256/table16/gates.rs
View File

@ -32,10 +32,10 @@ impl<F: FieldExt> Gate<F> {
for i in 0..deg {
let i = i as u64;
if i != idx {
expr = expr * (Self::ones() * (-F::one()) * F::from_u64(i) + var.clone());
expr = expr * (Self::ones() * (-F::one()) * F::from(i) + var.clone());
}
}
expr * F::from_u64(eval.into())
expr * F::from(u64::from(eval))
};
let denominator = |idx: i32| {
let mut denom: i32 = 1;
@ -46,9 +46,9 @@ impl<F: FieldExt> Gate<F> {
}
}
if denom < 0 {
-F::one() * F::from_u64(factor / (-denom as u64))
-F::one() * F::from(factor / (-denom as u64))
} else {
F::from_u64(factor / (denom as u64))
F::from(factor / (denom as u64))
}
};
@ -57,13 +57,13 @@ impl<F: FieldExt> Gate<F> {
expr = expr + numerator(var.clone(), *eval, idx as u64) * denominator(idx as i32)
}
(F::from_u64(factor), expr)
(F::from(factor), expr)
}
pub fn range_check(value: Expression<F>, lower_range: u64, upper_range: u64) -> Expression<F> {
let mut expr = Self::ones();
for i in lower_range..(upper_range + 1) {
expr = expr * (Self::ones() * (-F::one()) * F::from_u64(i) + value.clone())
expr = expr * (Self::ones() * (-F::one()) * F::from(i) + value.clone())
}
expr
}

174
examples/sha256/table16/message_schedule/schedule_gates.rs
View File

@ -24,8 +24,8 @@ impl<F: FieldExt> ScheduleGate<F> {
let hi = sigma_0_hi + sigma_1_hi + w_minus_9_hi + w_minus_16_hi;
let word_check = lo
+ hi * F::from_u64(1 << 16)
+ (carry.clone() * F::from_u64(1 << 32) * (-F::one()))
+ hi * F::from(1 << 16)
+ (carry.clone() * F::from(1 << 32) * (-F::one()))
+ (word * (-F::one()));
let carry_check = Gate::range_check(carry, 0, 3);
@ -40,7 +40,7 @@ impl<F: FieldExt> ScheduleGate<F> {
hi: Expression<F>,
word: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let check = lo + hi * F::from_u64(1 << 16) - word;
let check = lo + hi * F::from(1 << 16) - word;
std::iter::empty().chain(Some(("s_decompose_0", s_decompose_0 * check)))
}
@ -58,9 +58,9 @@ impl<F: FieldExt> ScheduleGate<F> {
word: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let decompose_check = a
+ b * F::from_u64(1 << 3)
+ c * F::from_u64(1 << 7)
+ d * F::from_u64(1 << 18)
+ b * F::from(1 << 3)
+ c * F::from(1 << 7)
+ d * F::from(1 << 18)
+ word * (-F::one());
let range_check_tag_c = Gate::range_check(tag_c, 0, 2);
let range_check_tag_d = Gate::range_check(tag_d, 0, 4);
@ -91,12 +91,12 @@ impl<F: FieldExt> ScheduleGate<F> {
word: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let decompose_check = a
+ b * F::from_u64(1 << 3)
+ c * F::from_u64(1 << 7)
+ d * F::from_u64(1 << 10)
+ e * F::from_u64(1 << 17)
+ f * F::from_u64(1 << 18)
+ g * F::from_u64(1 << 19)
+ b * F::from(1 << 3)
+ c * F::from(1 << 7)
+ d * F::from(1 << 10)
+ e * F::from(1 << 17)
+ f * F::from(1 << 18)
+ g * F::from(1 << 19)
+ word * (-F::one());
let range_check_tag_d = Gate::range_check(tag_d, 0, 0);
let range_check_tag_g = Gate::range_check(tag_g, 0, 3);
@ -123,9 +123,9 @@ impl<F: FieldExt> ScheduleGate<F> {
word: Expression<F>,
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
let decompose_check = a
+ b * F::from_u64(1 << 10)
+ c * F::from_u64(1 << 17)
+ d * F::from_u64(1 << 19)
+ b * F::from(1 << 10)
+ c * F::from(1 << 17)
+ d * F::from(1 << 19)
+ word * (-F::one());
let range_check_tag_a = Gate::range_check(tag_a, 0, 1);
let range_check_tag_d = Gate::range_check(tag_d, 0, 3);
@ -140,7 +140,7 @@ impl<F: FieldExt> ScheduleGate<F> {
/// b_lo + 2^2 * b_mid = b, on W_[1..49]
fn check_b(b: Expression<F>, b_lo: Expression<F>, b_hi: Expression<F>) -> Expression<F> {
let expected_b = b_lo + b_hi * F::from_u64(1 << 2);
let expected_b = b_lo + b_hi * F::from(1 << 2);
expected_b - b
}
@ -172,22 +172,22 @@ impl<F: FieldExt> ScheduleGate<F> {
.chain(Gate::three_bit_spread_and_range(a, spread_a.clone()));
let check_b = Self::check_b(b, b_lo, b_hi);
let spread_witness = spread_r0_even
+ spread_r0_odd * F::from_u64(2)
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
+ spread_r0_odd * F::from(2)
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
let xor_0 = spread_b_lo.clone()
+ spread_b_hi.clone() * F::from_u64(1 << 4)
+ spread_c.clone() * F::from_u64(1 << 8)
+ spread_d.clone() * F::from_u64(1 << 30);
+ spread_b_hi.clone() * F::from(1 << 4)
+ spread_c.clone() * F::from(1 << 8)
+ spread_d.clone() * F::from(1 << 30);
let xor_1 = spread_c.clone()
+ spread_d.clone() * F::from_u64(1 << 22)
+ spread_a.clone() * F::from_u64(1 << 50)
+ spread_b_lo.clone() * F::from_u64(1 << 56)
+ spread_b_hi.clone() * F::from_u64(1 << 60);
+ spread_d.clone() * F::from(1 << 22)
+ spread_a.clone() * F::from(1 << 50)
+ spread_b_lo.clone() * F::from(1 << 56)
+ spread_b_hi.clone() * F::from(1 << 60);
let xor_2 = spread_d
+ spread_a * F::from_u64(1 << 28)
+ spread_b_lo * F::from_u64(1 << 34)
+ spread_b_hi * F::from_u64(1 << 38)
+ spread_c * F::from_u64(1 << 42);
+ spread_a * F::from(1 << 28)
+ spread_b_lo * F::from(1 << 34)
+ spread_b_hi * F::from(1 << 38)
+ spread_c * F::from(1 << 42);
let xor = xor_0 + xor_1 + xor_2;
check_spread_and_range
@ -230,29 +230,29 @@ impl<F: FieldExt> ScheduleGate<F> {
));
// b_lo + 2^2 * b_mid + 2^4 * b_hi = b, on W_[49..62]
let check_b1 = {
let expected_b = b_lo + b_mid * F::from_u64(1 << 2) + b_hi * F::from_u64(1 << 4);
let expected_b = b_lo + b_mid * F::from(1 << 2) + b_hi * F::from(1 << 4);
expected_b - b
};
let spread_witness = spread_r0_even
+ spread_r0_odd * F::from_u64(2)
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
+ spread_r0_odd * F::from(2)
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
let xor_0 = spread_b_lo.clone()
+ spread_b_mid.clone() * F::from_u64(1 << 4)
+ spread_b_hi.clone() * F::from_u64(1 << 8)
+ spread_c.clone() * F::from_u64(1 << 14)
+ spread_d.clone() * F::from_u64(1 << 18);
+ spread_b_mid.clone() * F::from(1 << 4)
+ spread_b_hi.clone() * F::from(1 << 8)
+ spread_c.clone() * F::from(1 << 14)
+ spread_d.clone() * F::from(1 << 18);
let xor_1 = spread_c.clone()
+ spread_d.clone() * F::from_u64(1 << 4)
+ spread_a.clone() * F::from_u64(1 << 30)
+ spread_b_lo.clone() * F::from_u64(1 << 50)
+ spread_b_mid.clone() * F::from_u64(1 << 54)
+ spread_b_hi.clone() * F::from_u64(1 << 58);
+ spread_d.clone() * F::from(1 << 4)
+ spread_a.clone() * F::from(1 << 30)
+ spread_b_lo.clone() * F::from(1 << 50)
+ spread_b_mid.clone() * F::from(1 << 54)
+ spread_b_hi.clone() * F::from(1 << 58);
let xor_2 = spread_d
+ spread_a * F::from_u64(1 << 26)
+ spread_b_lo * F::from_u64(1 << 46)
+ spread_b_mid * F::from_u64(1 << 50)
+ spread_b_hi * F::from_u64(1 << 54)
+ spread_c * F::from_u64(1 << 60);
+ spread_a * F::from(1 << 26)
+ spread_b_lo * F::from(1 << 46)
+ spread_b_mid * F::from(1 << 50)
+ spread_b_hi * F::from(1 << 54)
+ spread_c * F::from(1 << 60);
let xor = xor_0 + xor_1 + xor_2;
check_spread_and_range
@ -294,31 +294,31 @@ impl<F: FieldExt> ScheduleGate<F> {
.chain(Gate::three_bit_spread_and_range(c, spread_c.clone()));
let check_b = Self::check_b(b, b_lo, b_hi);
let spread_witness = spread_r0_even
+ spread_r0_odd * F::from_u64(2)
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
+ spread_r0_odd * F::from(2)
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
let xor_0 = spread_b_lo.clone()
+ spread_b_hi.clone() * F::from_u64(1 << 4)
+ spread_c.clone() * F::from_u64(1 << 8)
+ spread_d.clone() * F::from_u64(1 << 14)
+ spread_e.clone() * F::from_u64(1 << 28)
+ spread_f.clone() * F::from_u64(1 << 30)
+ spread_g.clone() * F::from_u64(1 << 32);
+ spread_b_hi.clone() * F::from(1 << 4)
+ spread_c.clone() * F::from(1 << 8)
+ spread_d.clone() * F::from(1 << 14)
+ spread_e.clone() * F::from(1 << 28)
+ spread_f.clone() * F::from(1 << 30)
+ spread_g.clone() * F::from(1 << 32);
let xor_1 = spread_c.clone()
+ spread_d.clone() * F::from_u64(1 << 6)
+ spread_e.clone() * F::from_u64(1 << 20)
+ spread_f.clone() * F::from_u64(1 << 22)
+ spread_g.clone() * F::from_u64(1 << 24)
+ spread_a.clone() * F::from_u64(1 << 50)
+ spread_b_lo.clone() * F::from_u64(1 << 56)
+ spread_b_hi.clone() * F::from_u64(1 << 60);
+ spread_d.clone() * F::from(1 << 6)
+ spread_e.clone() * F::from(1 << 20)
+ spread_f.clone() * F::from(1 << 22)
+ spread_g.clone() * F::from(1 << 24)
+ spread_a.clone() * F::from(1 << 50)
+ spread_b_lo.clone() * F::from(1 << 56)
+ spread_b_hi.clone() * F::from(1 << 60);
let xor_2 = spread_f
+ spread_g * F::from_u64(1 << 2)
+ spread_a * F::from_u64(1 << 28)
+ spread_b_lo * F::from_u64(1 << 34)
+ spread_b_hi * F::from_u64(1 << 38)
+ spread_c * F::from_u64(1 << 42)
+ spread_d * F::from_u64(1 << 48)
+ spread_e * F::from_u64(1 << 62);
+ spread_g * F::from(1 << 2)
+ spread_a * F::from(1 << 28)
+ spread_b_lo * F::from(1 << 34)
+ spread_b_hi * F::from(1 << 38)
+ spread_c * F::from(1 << 42)
+ spread_d * F::from(1 << 48)
+ spread_e * F::from(1 << 62);
let xor = xor_0 + xor_1 + xor_2;
check_spread_and_range
@ -360,28 +360,28 @@ impl<F: FieldExt> ScheduleGate<F> {
.chain(Gate::three_bit_spread_and_range(c, spread_c.clone()));
let check_b = Self::check_b(b, b_lo, b_hi);
let spread_witness = spread_r0_even
+ spread_r0_odd * F::from_u64(2)
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
+ spread_r0_odd * F::from(2)
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
let xor_0 = spread_d.clone()
+ spread_e.clone() * F::from_u64(1 << 14)
+ spread_f.clone() * F::from_u64(1 << 16)
+ spread_g.clone() * F::from_u64(1 << 18);
+ spread_e.clone() * F::from(1 << 14)
+ spread_f.clone() * F::from(1 << 16)
+ spread_g.clone() * F::from(1 << 18);
let xor_1 = spread_e.clone()
+ spread_f.clone() * F::from_u64(1 << 2)
+ spread_g.clone() * F::from_u64(1 << 4)
+ spread_a.clone() * F::from_u64(1 << 30)
+ spread_b_lo.clone() * F::from_u64(1 << 36)
+ spread_b_hi.clone() * F::from_u64(1 << 40)
+ spread_c.clone() * F::from_u64(1 << 44)
+ spread_d.clone() * F::from_u64(1 << 50);
+ spread_f.clone() * F::from(1 << 2)
+ spread_g.clone() * F::from(1 << 4)
+ spread_a.clone() * F::from(1 << 30)
+ spread_b_lo.clone() * F::from(1 << 36)
+ spread_b_hi.clone() * F::from(1 << 40)
+ spread_c.clone() * F::from(1 << 44)
+ spread_d.clone() * F::from(1 << 50);
let xor_2 = spread_g
+ spread_a * F::from_u64(1 << 26)
+ spread_b_lo * F::from_u64(1 << 32)
+ spread_b_hi * F::from_u64(1 << 36)
+ spread_c * F::from_u64(1 << 40)
+ spread_d * F::from_u64(1 << 46)
+ spread_e * F::from_u64(1 << 60)
+ spread_f * F::from_u64(1 << 62);
+ spread_a * F::from(1 << 26)
+ spread_b_lo * F::from(1 << 32)
+ spread_b_hi * F::from(1 << 36)
+ spread_c * F::from(1 << 40)
+ spread_d * F::from(1 << 46)
+ spread_e * F::from(1 << 60)
+ spread_f * F::from(1 << 62);
let xor = xor_0 + xor_1 + xor_2;
check_spread_and_range

6
examples/sha256/table16/message_schedule/subregion2.rs
View File

@ -1,6 +1,6 @@
use super::super::{util::*, AssignedBits, Bits, SpreadVar, SpreadWord, Table16Assignment};
use super::{schedule_util::*, MessageScheduleConfig, MessageWord};
use halo2::{arithmetic::FieldExt, circuit::Region, pasta::pallas, plonk::Error};
use halo2::{circuit::Region, pasta::pallas, plonk::Error};
use std::convert::TryInto;
/// A word in subregion 2
@ -252,7 +252,7 @@ impl MessageScheduleConfig {
a_5,
get_word_row(new_word_idx - 16) + 1,
|| {
word.map(|word| pallas::Base::from_u64(word as u64))
word.map(|word| pallas::Base::from(word as u64))
.ok_or(Error::Synthesis)
},
)?;
@ -262,7 +262,7 @@ impl MessageScheduleConfig {
get_word_row(new_word_idx - 16) + 1,
|| {
carry
.map(|carry| pallas::Base::from_u64(carry as u64))
.map(|carry| pallas::Base::from(carry as u64))
.ok_or(Error::Synthesis)
},
)?;

6
examples/sha256/table16/message_schedule/subregion3.rs
View File

@ -1,6 +1,6 @@
use super::super::{util::*, AssignedBits, Bits, SpreadVar, SpreadWord, Table16Assignment};
use super::{schedule_util::*, MessageScheduleConfig, MessageWord};
use halo2::{arithmetic::FieldExt, circuit::Region, pasta::pallas, plonk::Error};
use halo2::{circuit::Region, pasta::pallas, plonk::Error};
use std::convert::TryInto;
// A word in subregion 3
@ -168,7 +168,7 @@ impl MessageScheduleConfig {
a_5,
get_word_row(new_word_idx - 16) + 1,
|| {
word.map(|word| pallas::Base::from_u64(word as u64))
word.map(|word| pallas::Base::from(word as u64))
.ok_or(Error::Synthesis)
},
)?;
@ -178,7 +178,7 @@ impl MessageScheduleConfig {
get_word_row(new_word_idx - 16) + 1,
|| {
carry
.map(|carry| pallas::Base::from_u64(carry as u64))
.map(|carry| pallas::Base::from(carry as u64))
.ok_or(Error::Synthesis)
},
)?;

80
examples/sha256/table16/spread_table.rs
View File

@ -89,7 +89,7 @@ impl<const DENSE: usize, const SPREAD: usize> SpreadVar<DENSE, SPREAD> {
cols.tag,
row,
|| {
tag.map(|tag| pallas::Base::from_u64(tag as u64))
tag.map(|tag| pallas::Base::from(tag as u64))
.ok_or(Error::Synthesis)
},
)?;
@ -271,7 +271,7 @@ impl SpreadTableConfig {
*spread = F::zero();
for b in 0..16 {
if (i >> b) & 1 != 0 {
*spread += F::from_u64(1 << (2 * b));
*spread += F::from(1 << (2 * b));
}
}
} else {
@ -347,68 +347,60 @@ mod tests {
};
// Test the first few small values.
add_row(F::zero(), F::from_u64(0b000), F::from_u64(0b000000))?;
add_row(F::zero(), F::from_u64(0b001), F::from_u64(0b000001))?;
add_row(F::zero(), F::from_u64(0b010), F::from_u64(0b000100))?;
add_row(F::zero(), F::from_u64(0b011), F::from_u64(0b000101))?;
add_row(F::zero(), F::from_u64(0b100), F::from_u64(0b010000))?;
add_row(F::zero(), F::from_u64(0b101), F::from_u64(0b010001))?;
add_row(F::zero(), F::from(0b000), F::from(0b000000))?;
add_row(F::zero(), F::from(0b001), F::from(0b000001))?;
add_row(F::zero(), F::from(0b010), F::from(0b000100))?;
add_row(F::zero(), F::from(0b011), F::from(0b000101))?;
add_row(F::zero(), F::from(0b100), F::from(0b010000))?;
add_row(F::zero(), F::from(0b101), F::from(0b010001))?;
// Test the tag boundaries:
// 7-bit
add_row(
F::zero(),
F::from_u64(0b1111111),
F::from_u64(0b01010101010101),
)?;
add_row(
F::one(),
F::from_u64(0b10000000),
F::from_u64(0b0100000000000000),
)?;
add_row(F::zero(), F::from(0b1111111), F::from(0b01010101010101))?;
add_row(F::one(), F::from(0b10000000), F::from(0b0100000000000000))?;
// - 10-bit
add_row(
F::one(),
F::from_u64(0b1111111111),
F::from_u64(0b01010101010101010101),
F::from(0b1111111111),
F::from(0b01010101010101010101),
)?;
add_row(
F::from_u64(2),
F::from_u64(0b10000000000),
F::from_u64(0b0100000000000000000000),
F::from(2),
F::from(0b10000000000),
F::from(0b0100000000000000000000),
)?;
// - 11-bit
add_row(
F::from_u64(2),
F::from_u64(0b11111111111),
F::from_u64(0b0101010101010101010101),
F::from(2),
F::from(0b11111111111),
F::from(0b0101010101010101010101),
)?;
add_row(
F::from_u64(3),
F::from_u64(0b100000000000),
F::from_u64(0b010000000000000000000000),
F::from(3),
F::from(0b100000000000),
F::from(0b010000000000000000000000),
)?;
// - 13-bit
add_row(
F::from_u64(3),
F::from_u64(0b1111111111111),
F::from_u64(0b01010101010101010101010101),
F::from(3),
F::from(0b1111111111111),
F::from(0b01010101010101010101010101),
)?;
add_row(
F::from_u64(4),
F::from_u64(0b10000000000000),
F::from_u64(0b0100000000000000000000000000),
F::from(4),
F::from(0b10000000000000),
F::from(0b0100000000000000000000000000),
)?;
// - 14-bit
add_row(
F::from_u64(4),
F::from_u64(0b11111111111111),
F::from_u64(0b0101010101010101010101010101),
F::from(4),
F::from(0b11111111111111),
F::from(0b0101010101010101010101010101),
)?;
add_row(
F::from_u64(5),
F::from_u64(0b100000000000000),
F::from_u64(0b010000000000000000000000000000),
F::from(5),
F::from(0b100000000000000),
F::from(0b010000000000000000000000000000),
)?;
// Test random lookup values
@ -426,9 +418,9 @@ mod tests {
for _ in 0..10 {
let word: u16 = rng.gen();
add_row(
F::from_u64(get_tag(word).into()),
F::from_u64(word.into()),
F::from_u64(interleave_u16_with_zeros(word).into()),
F::from(get_tag(word).into()),
F::from(word.into()),
F::from(interleave_u16_with_zeros(word).into()),
)?;
}