mirror of https://github.com/zcash/halo2.git
Remove `FieldExt::from_u64` usage from SHA-256 example
This commit is contained in:
parent
af8e0d619a
commit
9297a938ab
|
@ -3,7 +3,6 @@ use std::marker::PhantomData;
|
||||||
|
|
||||||
use super::Sha256Instructions;
|
use super::Sha256Instructions;
|
||||||
use halo2::{
|
use halo2::{
|
||||||
arithmetic::FieldExt,
|
|
||||||
circuit::{AssignedCell, Chip, Layouter, Region},
|
circuit::{AssignedCell, Chip, Layouter, Region},
|
||||||
pasta::pallas,
|
pasta::pallas,
|
||||||
plonk::{Advice, Any, Assigned, Column, ConstraintSystem, Error},
|
plonk::{Advice, Any, Assigned, Column, ConstraintSystem, Error},
|
||||||
|
@ -84,7 +83,7 @@ impl<const LEN: usize> From<&Bits<LEN>> for [bool; LEN] {
|
||||||
impl<const LEN: usize> From<&Bits<LEN>> for Assigned<pallas::Base> {
|
impl<const LEN: usize> From<&Bits<LEN>> for Assigned<pallas::Base> {
|
||||||
fn from(bits: &Bits<LEN>) -> Assigned<pallas::Base> {
|
fn from(bits: &Bits<LEN>) -> Assigned<pallas::Base> {
|
||||||
assert!(LEN <= 64);
|
assert!(LEN <= 64);
|
||||||
pallas::Base::from_u64(lebs2ip(&bits.0)).into()
|
pallas::Base::from(lebs2ip(&bits.0)).into()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -47,21 +47,21 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
let range_check_tag_b = Gate::range_check(tag_b, 0, 2);
|
let range_check_tag_b = Gate::range_check(tag_b, 0, 2);
|
||||||
let range_check_tag_d = Gate::range_check(tag_d, 0, 1);
|
let range_check_tag_d = Gate::range_check(tag_d, 0, 1);
|
||||||
let dense_check = a
|
let dense_check = a
|
||||||
+ b * F::from_u64(1 << 2)
|
+ b * F::from(1 << 2)
|
||||||
+ c_lo * F::from_u64(1 << 13)
|
+ c_lo * F::from(1 << 13)
|
||||||
+ c_mid * F::from_u64(1 << 16)
|
+ c_mid * F::from(1 << 16)
|
||||||
+ c_hi * F::from_u64(1 << 19)
|
+ c_hi * F::from(1 << 19)
|
||||||
+ d * F::from_u64(1 << 22)
|
+ d * F::from(1 << 22)
|
||||||
+ word_lo * (-F::one())
|
+ word_lo * (-F::one())
|
||||||
+ word_hi * F::from_u64(1 << 16) * (-F::one());
|
+ word_hi * F::from(1 << 16) * (-F::one());
|
||||||
let spread_check = spread_a
|
let spread_check = spread_a
|
||||||
+ spread_b * F::from_u64(1 << 4)
|
+ spread_b * F::from(1 << 4)
|
||||||
+ spread_c_lo * F::from_u64(1 << 26)
|
+ spread_c_lo * F::from(1 << 26)
|
||||||
+ spread_c_mid * F::from_u64(1 << 32)
|
+ spread_c_mid * F::from(1 << 32)
|
||||||
+ spread_c_hi * F::from_u64(1 << 38)
|
+ spread_c_hi * F::from(1 << 38)
|
||||||
+ spread_d * F::from_u64(1 << 44)
|
+ spread_d * F::from(1 << 44)
|
||||||
+ spread_word_lo * (-F::one())
|
+ spread_word_lo * (-F::one())
|
||||||
+ spread_word_hi * F::from_u64(1 << 32) * (-F::one());
|
+ spread_word_hi * F::from(1 << 32) * (-F::one());
|
||||||
|
|
||||||
check_spread_and_range
|
check_spread_and_range
|
||||||
.chain(Some(("range_check_tag_b", range_check_tag_b)))
|
.chain(Some(("range_check_tag_b", range_check_tag_b)))
|
||||||
|
@ -112,21 +112,21 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
let range_check_tag_c = Gate::range_check(tag_c, 0, 4);
|
let range_check_tag_c = Gate::range_check(tag_c, 0, 4);
|
||||||
let range_check_tag_d = Gate::range_check(tag_d, 0, 0);
|
let range_check_tag_d = Gate::range_check(tag_d, 0, 0);
|
||||||
let dense_check = a_lo
|
let dense_check = a_lo
|
||||||
+ a_hi * F::from_u64(1 << 3)
|
+ a_hi * F::from(1 << 3)
|
||||||
+ b_lo * F::from_u64(1 << 6)
|
+ b_lo * F::from(1 << 6)
|
||||||
+ b_hi * F::from_u64(1 << 8)
|
+ b_hi * F::from(1 << 8)
|
||||||
+ c * F::from_u64(1 << 11)
|
+ c * F::from(1 << 11)
|
||||||
+ d * F::from_u64(1 << 25)
|
+ d * F::from(1 << 25)
|
||||||
+ word_lo * (-F::one())
|
+ word_lo * (-F::one())
|
||||||
+ word_hi * F::from_u64(1 << 16) * (-F::one());
|
+ word_hi * F::from(1 << 16) * (-F::one());
|
||||||
let spread_check = spread_a_lo
|
let spread_check = spread_a_lo
|
||||||
+ spread_a_hi * F::from_u64(1 << 6)
|
+ spread_a_hi * F::from(1 << 6)
|
||||||
+ spread_b_lo * F::from_u64(1 << 12)
|
+ spread_b_lo * F::from(1 << 12)
|
||||||
+ spread_b_hi * F::from_u64(1 << 16)
|
+ spread_b_hi * F::from(1 << 16)
|
||||||
+ spread_c * F::from_u64(1 << 22)
|
+ spread_c * F::from(1 << 22)
|
||||||
+ spread_d * F::from_u64(1 << 50)
|
+ spread_d * F::from(1 << 50)
|
||||||
+ spread_word_lo * (-F::one())
|
+ spread_word_lo * (-F::one())
|
||||||
+ spread_word_hi * F::from_u64(1 << 32) * (-F::one());
|
+ spread_word_hi * F::from(1 << 32) * (-F::one());
|
||||||
|
|
||||||
check_spread_and_range
|
check_spread_and_range
|
||||||
.chain(Some(("range_check_tag_c", range_check_tag_c)))
|
.chain(Some(("range_check_tag_c", range_check_tag_c)))
|
||||||
|
@ -153,26 +153,26 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
spread_d: Expression<F>,
|
spread_d: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let spread_witness = spread_r0_even
|
let spread_witness = spread_r0_even
|
||||||
+ spread_r0_odd * F::from_u64(2)
|
+ spread_r0_odd * F::from(2)
|
||||||
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
|
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
|
||||||
let xor_0 = spread_b.clone()
|
let xor_0 = spread_b.clone()
|
||||||
+ spread_c_lo.clone() * F::from_u64(1 << 22)
|
+ spread_c_lo.clone() * F::from(1 << 22)
|
||||||
+ spread_c_mid.clone() * F::from_u64(1 << 28)
|
+ spread_c_mid.clone() * F::from(1 << 28)
|
||||||
+ spread_c_hi.clone() * F::from_u64(1 << 34)
|
+ spread_c_hi.clone() * F::from(1 << 34)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 40)
|
+ spread_d.clone() * F::from(1 << 40)
|
||||||
+ spread_a.clone() * F::from_u64(1 << 60);
|
+ spread_a.clone() * F::from(1 << 60);
|
||||||
let xor_1 = spread_c_lo.clone()
|
let xor_1 = spread_c_lo.clone()
|
||||||
+ spread_c_mid.clone() * F::from_u64(1 << 6)
|
+ spread_c_mid.clone() * F::from(1 << 6)
|
||||||
+ spread_c_hi.clone() * F::from_u64(1 << 12)
|
+ spread_c_hi.clone() * F::from(1 << 12)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 18)
|
+ spread_d.clone() * F::from(1 << 18)
|
||||||
+ spread_a.clone() * F::from_u64(1 << 38)
|
+ spread_a.clone() * F::from(1 << 38)
|
||||||
+ spread_b.clone() * F::from_u64(1 << 42);
|
+ spread_b.clone() * F::from(1 << 42);
|
||||||
let xor_2 = spread_d
|
let xor_2 = spread_d
|
||||||
+ spread_a * F::from_u64(1 << 20)
|
+ spread_a * F::from(1 << 20)
|
||||||
+ spread_b * F::from_u64(1 << 24)
|
+ spread_b * F::from(1 << 24)
|
||||||
+ spread_c_lo * F::from_u64(1 << 46)
|
+ spread_c_lo * F::from(1 << 46)
|
||||||
+ spread_c_mid * F::from_u64(1 << 52)
|
+ spread_c_mid * F::from(1 << 52)
|
||||||
+ spread_c_hi * F::from_u64(1 << 58);
|
+ spread_c_hi * F::from(1 << 58);
|
||||||
let xor = xor_0 + xor_1 + xor_2;
|
let xor = xor_0 + xor_1 + xor_2;
|
||||||
let check = spread_witness + (xor * -F::one());
|
let check = spread_witness + (xor * -F::one());
|
||||||
|
|
||||||
|
@ -196,27 +196,27 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
spread_d: Expression<F>,
|
spread_d: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let spread_witness = spread_r0_even
|
let spread_witness = spread_r0_even
|
||||||
+ spread_r0_odd * F::from_u64(2)
|
+ spread_r0_odd * F::from(2)
|
||||||
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
|
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
|
||||||
|
|
||||||
let xor_0 = spread_b_lo.clone()
|
let xor_0 = spread_b_lo.clone()
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 4)
|
+ spread_b_hi.clone() * F::from(1 << 4)
|
||||||
+ spread_c.clone() * F::from_u64(1 << 10)
|
+ spread_c.clone() * F::from(1 << 10)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 38)
|
+ spread_d.clone() * F::from(1 << 38)
|
||||||
+ spread_a_lo.clone() * F::from_u64(1 << 52)
|
+ spread_a_lo.clone() * F::from(1 << 52)
|
||||||
+ spread_a_hi.clone() * F::from_u64(1 << 58);
|
+ spread_a_hi.clone() * F::from(1 << 58);
|
||||||
let xor_1 = spread_c.clone()
|
let xor_1 = spread_c.clone()
|
||||||
+ spread_d.clone() * F::from_u64(1 << 28)
|
+ spread_d.clone() * F::from(1 << 28)
|
||||||
+ spread_a_lo.clone() * F::from_u64(1 << 42)
|
+ spread_a_lo.clone() * F::from(1 << 42)
|
||||||
+ spread_a_hi.clone() * F::from_u64(1 << 48)
|
+ spread_a_hi.clone() * F::from(1 << 48)
|
||||||
+ spread_b_lo.clone() * F::from_u64(1 << 54)
|
+ spread_b_lo.clone() * F::from(1 << 54)
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 58);
|
+ spread_b_hi.clone() * F::from(1 << 58);
|
||||||
let xor_2 = spread_d
|
let xor_2 = spread_d
|
||||||
+ spread_a_lo * F::from_u64(1 << 14)
|
+ spread_a_lo * F::from(1 << 14)
|
||||||
+ spread_a_hi * F::from_u64(1 << 20)
|
+ spread_a_hi * F::from(1 << 20)
|
||||||
+ spread_b_lo * F::from_u64(1 << 26)
|
+ spread_b_lo * F::from(1 << 26)
|
||||||
+ spread_b_hi * F::from_u64(1 << 30)
|
+ spread_b_hi * F::from(1 << 30)
|
||||||
+ spread_c * F::from_u64(1 << 36);
|
+ spread_c * F::from(1 << 36);
|
||||||
let xor = xor_0 + xor_1 + xor_2;
|
let xor = xor_0 + xor_1 + xor_2;
|
||||||
let check = spread_witness + (xor * -F::one());
|
let check = spread_witness + (xor * -F::one());
|
||||||
|
|
||||||
|
@ -238,11 +238,11 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let lhs_lo = spread_e_lo + spread_f_lo;
|
let lhs_lo = spread_e_lo + spread_f_lo;
|
||||||
let lhs_hi = spread_e_hi + spread_f_hi;
|
let lhs_hi = spread_e_hi + spread_f_hi;
|
||||||
let lhs = lhs_lo + lhs_hi * F::from_u64(1 << 32);
|
let lhs = lhs_lo + lhs_hi * F::from(1 << 32);
|
||||||
|
|
||||||
let rhs_even = spread_p0_even + spread_p1_even * F::from_u64(1 << 32);
|
let rhs_even = spread_p0_even + spread_p1_even * F::from(1 << 32);
|
||||||
let rhs_odd = spread_p0_odd + spread_p1_odd * F::from_u64(1 << 32);
|
let rhs_odd = spread_p0_odd + spread_p1_odd * F::from(1 << 32);
|
||||||
let rhs = rhs_even + rhs_odd * F::from_u64(2);
|
let rhs = rhs_even + rhs_odd * F::from(2);
|
||||||
|
|
||||||
let check = lhs + rhs * -F::one();
|
let check = lhs + rhs * -F::one();
|
||||||
|
|
||||||
|
@ -265,7 +265,7 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
spread_g_hi: Expression<F>,
|
spread_g_hi: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let neg_check = {
|
let neg_check = {
|
||||||
let evens = Self::ones() * F::from_u64(MASK_EVEN_32 as u64);
|
let evens = Self::ones() * F::from(MASK_EVEN_32 as u64);
|
||||||
// evens - spread_e_lo = spread_e_neg_lo
|
// evens - spread_e_lo = spread_e_neg_lo
|
||||||
let lo_check = spread_e_neg_lo.clone() + spread_e_lo + (evens.clone() * (-F::one()));
|
let lo_check = spread_e_neg_lo.clone() + spread_e_lo + (evens.clone() * (-F::one()));
|
||||||
// evens - spread_e_hi = spread_e_neg_hi
|
// evens - spread_e_hi = spread_e_neg_hi
|
||||||
|
@ -278,11 +278,11 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
|
|
||||||
let lhs_lo = spread_e_neg_lo + spread_g_lo;
|
let lhs_lo = spread_e_neg_lo + spread_g_lo;
|
||||||
let lhs_hi = spread_e_neg_hi + spread_g_hi;
|
let lhs_hi = spread_e_neg_hi + spread_g_hi;
|
||||||
let lhs = lhs_lo + lhs_hi * F::from_u64(1 << 32);
|
let lhs = lhs_lo + lhs_hi * F::from(1 << 32);
|
||||||
|
|
||||||
let rhs_even = spread_q0_even + spread_q1_even * F::from_u64(1 << 32);
|
let rhs_even = spread_q0_even + spread_q1_even * F::from(1 << 32);
|
||||||
let rhs_odd = spread_q0_odd + spread_q1_odd * F::from_u64(1 << 32);
|
let rhs_odd = spread_q0_odd + spread_q1_odd * F::from(1 << 32);
|
||||||
let rhs = rhs_even + rhs_odd * F::from_u64(2);
|
let rhs = rhs_even + rhs_odd * F::from(2);
|
||||||
|
|
||||||
neg_check
|
neg_check
|
||||||
.chain(Some(("s_ch_neg", lhs - rhs)))
|
.chain(Some(("s_ch_neg", lhs - rhs)))
|
||||||
|
@ -304,13 +304,13 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
spread_c_lo: Expression<F>,
|
spread_c_lo: Expression<F>,
|
||||||
spread_c_hi: Expression<F>,
|
spread_c_hi: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let maj_even = spread_m_0_even + spread_m_1_even * F::from_u64(1 << 32);
|
let maj_even = spread_m_0_even + spread_m_1_even * F::from(1 << 32);
|
||||||
let maj_odd = spread_m_0_odd + spread_m_1_odd * F::from_u64(1 << 32);
|
let maj_odd = spread_m_0_odd + spread_m_1_odd * F::from(1 << 32);
|
||||||
let maj = maj_even + maj_odd * F::from_u64(2);
|
let maj = maj_even + maj_odd * F::from(2);
|
||||||
|
|
||||||
let a = spread_a_lo + spread_a_hi * F::from_u64(1 << 32);
|
let a = spread_a_lo + spread_a_hi * F::from(1 << 32);
|
||||||
let b = spread_b_lo + spread_b_hi * F::from_u64(1 << 32);
|
let b = spread_b_lo + spread_b_hi * F::from(1 << 32);
|
||||||
let c = spread_c_lo + spread_c_hi * F::from_u64(1 << 32);
|
let c = spread_c_lo + spread_c_hi * F::from(1 << 32);
|
||||||
let sum = a + b + c;
|
let sum = a + b + c;
|
||||||
|
|
||||||
std::iter::empty().chain(Some(("maj", s_maj * (sum - maj))))
|
std::iter::empty().chain(Some(("maj", s_maj * (sum - maj))))
|
||||||
|
@ -339,10 +339,10 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
let lo = h_lo + ch_lo + ch_neg_lo + sigma_e_lo + k_lo + w_lo;
|
let lo = h_lo + ch_lo + ch_neg_lo + sigma_e_lo + k_lo + w_lo;
|
||||||
let hi = h_hi + ch_hi + ch_neg_hi + sigma_e_hi + k_hi + w_hi;
|
let hi = h_hi + ch_hi + ch_neg_hi + sigma_e_hi + k_hi + w_hi;
|
||||||
|
|
||||||
let sum = lo + hi * F::from_u64(1 << 16);
|
let sum = lo + hi * F::from(1 << 16);
|
||||||
let h_prime = h_prime_lo + h_prime_hi * F::from_u64(1 << 16);
|
let h_prime = h_prime_lo + h_prime_hi * F::from(1 << 16);
|
||||||
|
|
||||||
let check = sum - (h_prime_carry * F::from_u64(1 << 32)) - h_prime;
|
let check = sum - (h_prime_carry * F::from(1 << 32)) - h_prime;
|
||||||
|
|
||||||
std::iter::empty().chain(Some(("s_h_prime", s_h_prime * check)))
|
std::iter::empty().chain(Some(("s_h_prime", s_h_prime * check)))
|
||||||
}
|
}
|
||||||
|
@ -363,10 +363,10 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let lo = sigma_a_lo + maj_abc_lo + h_prime_lo;
|
let lo = sigma_a_lo + maj_abc_lo + h_prime_lo;
|
||||||
let hi = sigma_a_hi + maj_abc_hi + h_prime_hi;
|
let hi = sigma_a_hi + maj_abc_hi + h_prime_hi;
|
||||||
let sum = lo + hi * F::from_u64(1 << 16);
|
let sum = lo + hi * F::from(1 << 16);
|
||||||
let a_new = a_new_lo + a_new_hi * F::from_u64(1 << 16);
|
let a_new = a_new_lo + a_new_hi * F::from(1 << 16);
|
||||||
|
|
||||||
let check = sum - (a_new_carry * F::from_u64(1 << 32)) - a_new;
|
let check = sum - (a_new_carry * F::from(1 << 32)) - a_new;
|
||||||
|
|
||||||
std::iter::empty().chain(Some(("s_a_new", s_a_new * check)))
|
std::iter::empty().chain(Some(("s_a_new", s_a_new * check)))
|
||||||
}
|
}
|
||||||
|
@ -385,10 +385,10 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let lo = h_prime_lo + d_lo;
|
let lo = h_prime_lo + d_lo;
|
||||||
let hi = h_prime_hi + d_hi;
|
let hi = h_prime_hi + d_hi;
|
||||||
let sum = lo + hi * F::from_u64(1 << 16);
|
let sum = lo + hi * F::from(1 << 16);
|
||||||
let e_new = e_new_lo + e_new_hi * F::from_u64(1 << 16);
|
let e_new = e_new_lo + e_new_hi * F::from(1 << 16);
|
||||||
|
|
||||||
let check = sum - (e_new_carry * F::from_u64(1 << 32)) - e_new;
|
let check = sum - (e_new_carry * F::from(1 << 32)) - e_new;
|
||||||
|
|
||||||
std::iter::empty().chain(Some(("s_e_new", s_e_new * check)))
|
std::iter::empty().chain(Some(("s_e_new", s_e_new * check)))
|
||||||
}
|
}
|
||||||
|
@ -411,7 +411,7 @@ impl<F: FieldExt> CompressionGate<F> {
|
||||||
word_3: Expression<F>,
|
word_3: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let check_lo_hi = |lo: Expression<F>, hi: Expression<F>, word: Expression<F>| {
|
let check_lo_hi = |lo: Expression<F>, hi: Expression<F>, word: Expression<F>| {
|
||||||
lo + hi * F::from_u64(1 << 16) - word
|
lo + hi * F::from(1 << 16) - word
|
||||||
};
|
};
|
||||||
|
|
||||||
array::IntoIter::new([
|
array::IntoIter::new([
|
||||||
|
|
|
@ -4,7 +4,6 @@ use super::{
|
||||||
};
|
};
|
||||||
use crate::table16::{util::*, AssignedBits, SpreadVar, SpreadWord, StateWord, Table16Assignment};
|
use crate::table16::{util::*, AssignedBits, SpreadVar, SpreadWord, StateWord, Table16Assignment};
|
||||||
use halo2::{
|
use halo2::{
|
||||||
arithmetic::FieldExt,
|
|
||||||
circuit::Region,
|
circuit::Region,
|
||||||
pasta::pallas,
|
pasta::pallas,
|
||||||
plonk::{Advice, Column, Error},
|
plonk::{Advice, Column, Error},
|
||||||
|
@ -782,7 +781,7 @@ impl CompressionConfig {
|
||||||
row + 1,
|
row + 1,
|
||||||
|| {
|
|| {
|
||||||
h_prime_carry
|
h_prime_carry
|
||||||
.map(|value| pallas::Base::from_u64(value as u64))
|
.map(|value| pallas::Base::from(value as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
@ -831,11 +830,7 @@ impl CompressionConfig {
|
||||||
|| "e_new_carry",
|
|| "e_new_carry",
|
||||||
a_9,
|
a_9,
|
||||||
row + 1,
|
row + 1,
|
||||||
|| {
|
|| e_new_carry.map(pallas::Base::from).ok_or(Error::Synthesis),
|
||||||
e_new_carry
|
|
||||||
.map(pallas::Base::from_u64)
|
|
||||||
.ok_or(Error::Synthesis)
|
|
||||||
},
|
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
Ok(e_new_dense)
|
Ok(e_new_dense)
|
||||||
|
@ -889,11 +884,7 @@ impl CompressionConfig {
|
||||||
|| "a_new_carry",
|
|| "a_new_carry",
|
||||||
a_9,
|
a_9,
|
||||||
row,
|
row,
|
||||||
|| {
|
|| a_new_carry.map(pallas::Base::from).ok_or(Error::Synthesis),
|
||||||
a_new_carry
|
|
||||||
.map(pallas::Base::from_u64)
|
|
||||||
.ok_or(Error::Synthesis)
|
|
||||||
},
|
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
Ok(a_new_dense)
|
Ok(a_new_dense)
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
use super::super::{super::DIGEST_SIZE, BlockWord, RoundWordDense};
|
use super::super::{super::DIGEST_SIZE, BlockWord, RoundWordDense};
|
||||||
use super::{compression_util::*, CompressionConfig, State};
|
use super::{compression_util::*, CompressionConfig, State};
|
||||||
use halo2::{
|
use halo2::{
|
||||||
arithmetic::FieldExt,
|
|
||||||
circuit::Region,
|
circuit::Region,
|
||||||
pasta::pallas,
|
pasta::pallas,
|
||||||
plonk::{Advice, Column, Error},
|
plonk::{Advice, Column, Error},
|
||||||
|
@ -41,7 +40,7 @@ impl CompressionConfig {
|
||||||
a_5,
|
a_5,
|
||||||
abcd_row,
|
abcd_row,
|
||||||
|| {
|
|| {
|
||||||
a.map(|a| pallas::Base::from_u64(a as u64))
|
a.map(|a| pallas::Base::from(a as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
@ -63,7 +62,7 @@ impl CompressionConfig {
|
||||||
a_5,
|
a_5,
|
||||||
efgh_row,
|
efgh_row,
|
||||||
|| {
|
|| {
|
||||||
e.map(|e| pallas::Base::from_u64(e as u64))
|
e.map(|e| pallas::Base::from(e as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
@ -102,7 +101,7 @@ impl CompressionConfig {
|
||||||
word_col,
|
word_col,
|
||||||
row,
|
row,
|
||||||
|| {
|
|| {
|
||||||
val.map(|val| pallas::Base::from_u64(val as u64))
|
val.map(|val| pallas::Base::from(val as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
|
|
@ -32,10 +32,10 @@ impl<F: FieldExt> Gate<F> {
|
||||||
for i in 0..deg {
|
for i in 0..deg {
|
||||||
let i = i as u64;
|
let i = i as u64;
|
||||||
if i != idx {
|
if i != idx {
|
||||||
expr = expr * (Self::ones() * (-F::one()) * F::from_u64(i) + var.clone());
|
expr = expr * (Self::ones() * (-F::one()) * F::from(i) + var.clone());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
expr * F::from_u64(eval.into())
|
expr * F::from(u64::from(eval))
|
||||||
};
|
};
|
||||||
let denominator = |idx: i32| {
|
let denominator = |idx: i32| {
|
||||||
let mut denom: i32 = 1;
|
let mut denom: i32 = 1;
|
||||||
|
@ -46,9 +46,9 @@ impl<F: FieldExt> Gate<F> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if denom < 0 {
|
if denom < 0 {
|
||||||
-F::one() * F::from_u64(factor / (-denom as u64))
|
-F::one() * F::from(factor / (-denom as u64))
|
||||||
} else {
|
} else {
|
||||||
F::from_u64(factor / (denom as u64))
|
F::from(factor / (denom as u64))
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -57,13 +57,13 @@ impl<F: FieldExt> Gate<F> {
|
||||||
expr = expr + numerator(var.clone(), *eval, idx as u64) * denominator(idx as i32)
|
expr = expr + numerator(var.clone(), *eval, idx as u64) * denominator(idx as i32)
|
||||||
}
|
}
|
||||||
|
|
||||||
(F::from_u64(factor), expr)
|
(F::from(factor), expr)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn range_check(value: Expression<F>, lower_range: u64, upper_range: u64) -> Expression<F> {
|
pub fn range_check(value: Expression<F>, lower_range: u64, upper_range: u64) -> Expression<F> {
|
||||||
let mut expr = Self::ones();
|
let mut expr = Self::ones();
|
||||||
for i in lower_range..(upper_range + 1) {
|
for i in lower_range..(upper_range + 1) {
|
||||||
expr = expr * (Self::ones() * (-F::one()) * F::from_u64(i) + value.clone())
|
expr = expr * (Self::ones() * (-F::one()) * F::from(i) + value.clone())
|
||||||
}
|
}
|
||||||
expr
|
expr
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,8 +24,8 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
let hi = sigma_0_hi + sigma_1_hi + w_minus_9_hi + w_minus_16_hi;
|
let hi = sigma_0_hi + sigma_1_hi + w_minus_9_hi + w_minus_16_hi;
|
||||||
|
|
||||||
let word_check = lo
|
let word_check = lo
|
||||||
+ hi * F::from_u64(1 << 16)
|
+ hi * F::from(1 << 16)
|
||||||
+ (carry.clone() * F::from_u64(1 << 32) * (-F::one()))
|
+ (carry.clone() * F::from(1 << 32) * (-F::one()))
|
||||||
+ (word * (-F::one()));
|
+ (word * (-F::one()));
|
||||||
let carry_check = Gate::range_check(carry, 0, 3);
|
let carry_check = Gate::range_check(carry, 0, 3);
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
hi: Expression<F>,
|
hi: Expression<F>,
|
||||||
word: Expression<F>,
|
word: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let check = lo + hi * F::from_u64(1 << 16) - word;
|
let check = lo + hi * F::from(1 << 16) - word;
|
||||||
std::iter::empty().chain(Some(("s_decompose_0", s_decompose_0 * check)))
|
std::iter::empty().chain(Some(("s_decompose_0", s_decompose_0 * check)))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -58,9 +58,9 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
word: Expression<F>,
|
word: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let decompose_check = a
|
let decompose_check = a
|
||||||
+ b * F::from_u64(1 << 3)
|
+ b * F::from(1 << 3)
|
||||||
+ c * F::from_u64(1 << 7)
|
+ c * F::from(1 << 7)
|
||||||
+ d * F::from_u64(1 << 18)
|
+ d * F::from(1 << 18)
|
||||||
+ word * (-F::one());
|
+ word * (-F::one());
|
||||||
let range_check_tag_c = Gate::range_check(tag_c, 0, 2);
|
let range_check_tag_c = Gate::range_check(tag_c, 0, 2);
|
||||||
let range_check_tag_d = Gate::range_check(tag_d, 0, 4);
|
let range_check_tag_d = Gate::range_check(tag_d, 0, 4);
|
||||||
|
@ -91,12 +91,12 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
word: Expression<F>,
|
word: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let decompose_check = a
|
let decompose_check = a
|
||||||
+ b * F::from_u64(1 << 3)
|
+ b * F::from(1 << 3)
|
||||||
+ c * F::from_u64(1 << 7)
|
+ c * F::from(1 << 7)
|
||||||
+ d * F::from_u64(1 << 10)
|
+ d * F::from(1 << 10)
|
||||||
+ e * F::from_u64(1 << 17)
|
+ e * F::from(1 << 17)
|
||||||
+ f * F::from_u64(1 << 18)
|
+ f * F::from(1 << 18)
|
||||||
+ g * F::from_u64(1 << 19)
|
+ g * F::from(1 << 19)
|
||||||
+ word * (-F::one());
|
+ word * (-F::one());
|
||||||
let range_check_tag_d = Gate::range_check(tag_d, 0, 0);
|
let range_check_tag_d = Gate::range_check(tag_d, 0, 0);
|
||||||
let range_check_tag_g = Gate::range_check(tag_g, 0, 3);
|
let range_check_tag_g = Gate::range_check(tag_g, 0, 3);
|
||||||
|
@ -123,9 +123,9 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
word: Expression<F>,
|
word: Expression<F>,
|
||||||
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
) -> impl Iterator<Item = (&'static str, Expression<F>)> {
|
||||||
let decompose_check = a
|
let decompose_check = a
|
||||||
+ b * F::from_u64(1 << 10)
|
+ b * F::from(1 << 10)
|
||||||
+ c * F::from_u64(1 << 17)
|
+ c * F::from(1 << 17)
|
||||||
+ d * F::from_u64(1 << 19)
|
+ d * F::from(1 << 19)
|
||||||
+ word * (-F::one());
|
+ word * (-F::one());
|
||||||
let range_check_tag_a = Gate::range_check(tag_a, 0, 1);
|
let range_check_tag_a = Gate::range_check(tag_a, 0, 1);
|
||||||
let range_check_tag_d = Gate::range_check(tag_d, 0, 3);
|
let range_check_tag_d = Gate::range_check(tag_d, 0, 3);
|
||||||
|
@ -140,7 +140,7 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
|
|
||||||
/// b_lo + 2^2 * b_mid = b, on W_[1..49]
|
/// b_lo + 2^2 * b_mid = b, on W_[1..49]
|
||||||
fn check_b(b: Expression<F>, b_lo: Expression<F>, b_hi: Expression<F>) -> Expression<F> {
|
fn check_b(b: Expression<F>, b_lo: Expression<F>, b_hi: Expression<F>) -> Expression<F> {
|
||||||
let expected_b = b_lo + b_hi * F::from_u64(1 << 2);
|
let expected_b = b_lo + b_hi * F::from(1 << 2);
|
||||||
expected_b - b
|
expected_b - b
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,22 +172,22 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
.chain(Gate::three_bit_spread_and_range(a, spread_a.clone()));
|
.chain(Gate::three_bit_spread_and_range(a, spread_a.clone()));
|
||||||
let check_b = Self::check_b(b, b_lo, b_hi);
|
let check_b = Self::check_b(b, b_lo, b_hi);
|
||||||
let spread_witness = spread_r0_even
|
let spread_witness = spread_r0_even
|
||||||
+ spread_r0_odd * F::from_u64(2)
|
+ spread_r0_odd * F::from(2)
|
||||||
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
|
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
|
||||||
let xor_0 = spread_b_lo.clone()
|
let xor_0 = spread_b_lo.clone()
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 4)
|
+ spread_b_hi.clone() * F::from(1 << 4)
|
||||||
+ spread_c.clone() * F::from_u64(1 << 8)
|
+ spread_c.clone() * F::from(1 << 8)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 30);
|
+ spread_d.clone() * F::from(1 << 30);
|
||||||
let xor_1 = spread_c.clone()
|
let xor_1 = spread_c.clone()
|
||||||
+ spread_d.clone() * F::from_u64(1 << 22)
|
+ spread_d.clone() * F::from(1 << 22)
|
||||||
+ spread_a.clone() * F::from_u64(1 << 50)
|
+ spread_a.clone() * F::from(1 << 50)
|
||||||
+ spread_b_lo.clone() * F::from_u64(1 << 56)
|
+ spread_b_lo.clone() * F::from(1 << 56)
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 60);
|
+ spread_b_hi.clone() * F::from(1 << 60);
|
||||||
let xor_2 = spread_d
|
let xor_2 = spread_d
|
||||||
+ spread_a * F::from_u64(1 << 28)
|
+ spread_a * F::from(1 << 28)
|
||||||
+ spread_b_lo * F::from_u64(1 << 34)
|
+ spread_b_lo * F::from(1 << 34)
|
||||||
+ spread_b_hi * F::from_u64(1 << 38)
|
+ spread_b_hi * F::from(1 << 38)
|
||||||
+ spread_c * F::from_u64(1 << 42);
|
+ spread_c * F::from(1 << 42);
|
||||||
let xor = xor_0 + xor_1 + xor_2;
|
let xor = xor_0 + xor_1 + xor_2;
|
||||||
|
|
||||||
check_spread_and_range
|
check_spread_and_range
|
||||||
|
@ -230,29 +230,29 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
));
|
));
|
||||||
// b_lo + 2^2 * b_mid + 2^4 * b_hi = b, on W_[49..62]
|
// b_lo + 2^2 * b_mid + 2^4 * b_hi = b, on W_[49..62]
|
||||||
let check_b1 = {
|
let check_b1 = {
|
||||||
let expected_b = b_lo + b_mid * F::from_u64(1 << 2) + b_hi * F::from_u64(1 << 4);
|
let expected_b = b_lo + b_mid * F::from(1 << 2) + b_hi * F::from(1 << 4);
|
||||||
expected_b - b
|
expected_b - b
|
||||||
};
|
};
|
||||||
let spread_witness = spread_r0_even
|
let spread_witness = spread_r0_even
|
||||||
+ spread_r0_odd * F::from_u64(2)
|
+ spread_r0_odd * F::from(2)
|
||||||
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
|
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
|
||||||
let xor_0 = spread_b_lo.clone()
|
let xor_0 = spread_b_lo.clone()
|
||||||
+ spread_b_mid.clone() * F::from_u64(1 << 4)
|
+ spread_b_mid.clone() * F::from(1 << 4)
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 8)
|
+ spread_b_hi.clone() * F::from(1 << 8)
|
||||||
+ spread_c.clone() * F::from_u64(1 << 14)
|
+ spread_c.clone() * F::from(1 << 14)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 18);
|
+ spread_d.clone() * F::from(1 << 18);
|
||||||
let xor_1 = spread_c.clone()
|
let xor_1 = spread_c.clone()
|
||||||
+ spread_d.clone() * F::from_u64(1 << 4)
|
+ spread_d.clone() * F::from(1 << 4)
|
||||||
+ spread_a.clone() * F::from_u64(1 << 30)
|
+ spread_a.clone() * F::from(1 << 30)
|
||||||
+ spread_b_lo.clone() * F::from_u64(1 << 50)
|
+ spread_b_lo.clone() * F::from(1 << 50)
|
||||||
+ spread_b_mid.clone() * F::from_u64(1 << 54)
|
+ spread_b_mid.clone() * F::from(1 << 54)
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 58);
|
+ spread_b_hi.clone() * F::from(1 << 58);
|
||||||
let xor_2 = spread_d
|
let xor_2 = spread_d
|
||||||
+ spread_a * F::from_u64(1 << 26)
|
+ spread_a * F::from(1 << 26)
|
||||||
+ spread_b_lo * F::from_u64(1 << 46)
|
+ spread_b_lo * F::from(1 << 46)
|
||||||
+ spread_b_mid * F::from_u64(1 << 50)
|
+ spread_b_mid * F::from(1 << 50)
|
||||||
+ spread_b_hi * F::from_u64(1 << 54)
|
+ spread_b_hi * F::from(1 << 54)
|
||||||
+ spread_c * F::from_u64(1 << 60);
|
+ spread_c * F::from(1 << 60);
|
||||||
let xor = xor_0 + xor_1 + xor_2;
|
let xor = xor_0 + xor_1 + xor_2;
|
||||||
|
|
||||||
check_spread_and_range
|
check_spread_and_range
|
||||||
|
@ -294,31 +294,31 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
.chain(Gate::three_bit_spread_and_range(c, spread_c.clone()));
|
.chain(Gate::three_bit_spread_and_range(c, spread_c.clone()));
|
||||||
let check_b = Self::check_b(b, b_lo, b_hi);
|
let check_b = Self::check_b(b, b_lo, b_hi);
|
||||||
let spread_witness = spread_r0_even
|
let spread_witness = spread_r0_even
|
||||||
+ spread_r0_odd * F::from_u64(2)
|
+ spread_r0_odd * F::from(2)
|
||||||
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
|
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
|
||||||
let xor_0 = spread_b_lo.clone()
|
let xor_0 = spread_b_lo.clone()
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 4)
|
+ spread_b_hi.clone() * F::from(1 << 4)
|
||||||
+ spread_c.clone() * F::from_u64(1 << 8)
|
+ spread_c.clone() * F::from(1 << 8)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 14)
|
+ spread_d.clone() * F::from(1 << 14)
|
||||||
+ spread_e.clone() * F::from_u64(1 << 28)
|
+ spread_e.clone() * F::from(1 << 28)
|
||||||
+ spread_f.clone() * F::from_u64(1 << 30)
|
+ spread_f.clone() * F::from(1 << 30)
|
||||||
+ spread_g.clone() * F::from_u64(1 << 32);
|
+ spread_g.clone() * F::from(1 << 32);
|
||||||
let xor_1 = spread_c.clone()
|
let xor_1 = spread_c.clone()
|
||||||
+ spread_d.clone() * F::from_u64(1 << 6)
|
+ spread_d.clone() * F::from(1 << 6)
|
||||||
+ spread_e.clone() * F::from_u64(1 << 20)
|
+ spread_e.clone() * F::from(1 << 20)
|
||||||
+ spread_f.clone() * F::from_u64(1 << 22)
|
+ spread_f.clone() * F::from(1 << 22)
|
||||||
+ spread_g.clone() * F::from_u64(1 << 24)
|
+ spread_g.clone() * F::from(1 << 24)
|
||||||
+ spread_a.clone() * F::from_u64(1 << 50)
|
+ spread_a.clone() * F::from(1 << 50)
|
||||||
+ spread_b_lo.clone() * F::from_u64(1 << 56)
|
+ spread_b_lo.clone() * F::from(1 << 56)
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 60);
|
+ spread_b_hi.clone() * F::from(1 << 60);
|
||||||
let xor_2 = spread_f
|
let xor_2 = spread_f
|
||||||
+ spread_g * F::from_u64(1 << 2)
|
+ spread_g * F::from(1 << 2)
|
||||||
+ spread_a * F::from_u64(1 << 28)
|
+ spread_a * F::from(1 << 28)
|
||||||
+ spread_b_lo * F::from_u64(1 << 34)
|
+ spread_b_lo * F::from(1 << 34)
|
||||||
+ spread_b_hi * F::from_u64(1 << 38)
|
+ spread_b_hi * F::from(1 << 38)
|
||||||
+ spread_c * F::from_u64(1 << 42)
|
+ spread_c * F::from(1 << 42)
|
||||||
+ spread_d * F::from_u64(1 << 48)
|
+ spread_d * F::from(1 << 48)
|
||||||
+ spread_e * F::from_u64(1 << 62);
|
+ spread_e * F::from(1 << 62);
|
||||||
let xor = xor_0 + xor_1 + xor_2;
|
let xor = xor_0 + xor_1 + xor_2;
|
||||||
|
|
||||||
check_spread_and_range
|
check_spread_and_range
|
||||||
|
@ -360,28 +360,28 @@ impl<F: FieldExt> ScheduleGate<F> {
|
||||||
.chain(Gate::three_bit_spread_and_range(c, spread_c.clone()));
|
.chain(Gate::three_bit_spread_and_range(c, spread_c.clone()));
|
||||||
let check_b = Self::check_b(b, b_lo, b_hi);
|
let check_b = Self::check_b(b, b_lo, b_hi);
|
||||||
let spread_witness = spread_r0_even
|
let spread_witness = spread_r0_even
|
||||||
+ spread_r0_odd * F::from_u64(2)
|
+ spread_r0_odd * F::from(2)
|
||||||
+ (spread_r1_even + spread_r1_odd * F::from_u64(2)) * F::from_u64(1 << 32);
|
+ (spread_r1_even + spread_r1_odd * F::from(2)) * F::from(1 << 32);
|
||||||
let xor_0 = spread_d.clone()
|
let xor_0 = spread_d.clone()
|
||||||
+ spread_e.clone() * F::from_u64(1 << 14)
|
+ spread_e.clone() * F::from(1 << 14)
|
||||||
+ spread_f.clone() * F::from_u64(1 << 16)
|
+ spread_f.clone() * F::from(1 << 16)
|
||||||
+ spread_g.clone() * F::from_u64(1 << 18);
|
+ spread_g.clone() * F::from(1 << 18);
|
||||||
let xor_1 = spread_e.clone()
|
let xor_1 = spread_e.clone()
|
||||||
+ spread_f.clone() * F::from_u64(1 << 2)
|
+ spread_f.clone() * F::from(1 << 2)
|
||||||
+ spread_g.clone() * F::from_u64(1 << 4)
|
+ spread_g.clone() * F::from(1 << 4)
|
||||||
+ spread_a.clone() * F::from_u64(1 << 30)
|
+ spread_a.clone() * F::from(1 << 30)
|
||||||
+ spread_b_lo.clone() * F::from_u64(1 << 36)
|
+ spread_b_lo.clone() * F::from(1 << 36)
|
||||||
+ spread_b_hi.clone() * F::from_u64(1 << 40)
|
+ spread_b_hi.clone() * F::from(1 << 40)
|
||||||
+ spread_c.clone() * F::from_u64(1 << 44)
|
+ spread_c.clone() * F::from(1 << 44)
|
||||||
+ spread_d.clone() * F::from_u64(1 << 50);
|
+ spread_d.clone() * F::from(1 << 50);
|
||||||
let xor_2 = spread_g
|
let xor_2 = spread_g
|
||||||
+ spread_a * F::from_u64(1 << 26)
|
+ spread_a * F::from(1 << 26)
|
||||||
+ spread_b_lo * F::from_u64(1 << 32)
|
+ spread_b_lo * F::from(1 << 32)
|
||||||
+ spread_b_hi * F::from_u64(1 << 36)
|
+ spread_b_hi * F::from(1 << 36)
|
||||||
+ spread_c * F::from_u64(1 << 40)
|
+ spread_c * F::from(1 << 40)
|
||||||
+ spread_d * F::from_u64(1 << 46)
|
+ spread_d * F::from(1 << 46)
|
||||||
+ spread_e * F::from_u64(1 << 60)
|
+ spread_e * F::from(1 << 60)
|
||||||
+ spread_f * F::from_u64(1 << 62);
|
+ spread_f * F::from(1 << 62);
|
||||||
let xor = xor_0 + xor_1 + xor_2;
|
let xor = xor_0 + xor_1 + xor_2;
|
||||||
|
|
||||||
check_spread_and_range
|
check_spread_and_range
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
use super::super::{util::*, AssignedBits, Bits, SpreadVar, SpreadWord, Table16Assignment};
|
use super::super::{util::*, AssignedBits, Bits, SpreadVar, SpreadWord, Table16Assignment};
|
||||||
use super::{schedule_util::*, MessageScheduleConfig, MessageWord};
|
use super::{schedule_util::*, MessageScheduleConfig, MessageWord};
|
||||||
use halo2::{arithmetic::FieldExt, circuit::Region, pasta::pallas, plonk::Error};
|
use halo2::{circuit::Region, pasta::pallas, plonk::Error};
|
||||||
use std::convert::TryInto;
|
use std::convert::TryInto;
|
||||||
|
|
||||||
/// A word in subregion 2
|
/// A word in subregion 2
|
||||||
|
@ -252,7 +252,7 @@ impl MessageScheduleConfig {
|
||||||
a_5,
|
a_5,
|
||||||
get_word_row(new_word_idx - 16) + 1,
|
get_word_row(new_word_idx - 16) + 1,
|
||||||
|| {
|
|| {
|
||||||
word.map(|word| pallas::Base::from_u64(word as u64))
|
word.map(|word| pallas::Base::from(word as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
@ -262,7 +262,7 @@ impl MessageScheduleConfig {
|
||||||
get_word_row(new_word_idx - 16) + 1,
|
get_word_row(new_word_idx - 16) + 1,
|
||||||
|| {
|
|| {
|
||||||
carry
|
carry
|
||||||
.map(|carry| pallas::Base::from_u64(carry as u64))
|
.map(|carry| pallas::Base::from(carry as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
use super::super::{util::*, AssignedBits, Bits, SpreadVar, SpreadWord, Table16Assignment};
|
use super::super::{util::*, AssignedBits, Bits, SpreadVar, SpreadWord, Table16Assignment};
|
||||||
use super::{schedule_util::*, MessageScheduleConfig, MessageWord};
|
use super::{schedule_util::*, MessageScheduleConfig, MessageWord};
|
||||||
use halo2::{arithmetic::FieldExt, circuit::Region, pasta::pallas, plonk::Error};
|
use halo2::{circuit::Region, pasta::pallas, plonk::Error};
|
||||||
use std::convert::TryInto;
|
use std::convert::TryInto;
|
||||||
|
|
||||||
// A word in subregion 3
|
// A word in subregion 3
|
||||||
|
@ -168,7 +168,7 @@ impl MessageScheduleConfig {
|
||||||
a_5,
|
a_5,
|
||||||
get_word_row(new_word_idx - 16) + 1,
|
get_word_row(new_word_idx - 16) + 1,
|
||||||
|| {
|
|| {
|
||||||
word.map(|word| pallas::Base::from_u64(word as u64))
|
word.map(|word| pallas::Base::from(word as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
@ -178,7 +178,7 @@ impl MessageScheduleConfig {
|
||||||
get_word_row(new_word_idx - 16) + 1,
|
get_word_row(new_word_idx - 16) + 1,
|
||||||
|| {
|
|| {
|
||||||
carry
|
carry
|
||||||
.map(|carry| pallas::Base::from_u64(carry as u64))
|
.map(|carry| pallas::Base::from(carry as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
|
|
@ -89,7 +89,7 @@ impl<const DENSE: usize, const SPREAD: usize> SpreadVar<DENSE, SPREAD> {
|
||||||
cols.tag,
|
cols.tag,
|
||||||
row,
|
row,
|
||||||
|| {
|
|| {
|
||||||
tag.map(|tag| pallas::Base::from_u64(tag as u64))
|
tag.map(|tag| pallas::Base::from(tag as u64))
|
||||||
.ok_or(Error::Synthesis)
|
.ok_or(Error::Synthesis)
|
||||||
},
|
},
|
||||||
)?;
|
)?;
|
||||||
|
@ -271,7 +271,7 @@ impl SpreadTableConfig {
|
||||||
*spread = F::zero();
|
*spread = F::zero();
|
||||||
for b in 0..16 {
|
for b in 0..16 {
|
||||||
if (i >> b) & 1 != 0 {
|
if (i >> b) & 1 != 0 {
|
||||||
*spread += F::from_u64(1 << (2 * b));
|
*spread += F::from(1 << (2 * b));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -347,68 +347,60 @@ mod tests {
|
||||||
};
|
};
|
||||||
|
|
||||||
// Test the first few small values.
|
// Test the first few small values.
|
||||||
add_row(F::zero(), F::from_u64(0b000), F::from_u64(0b000000))?;
|
add_row(F::zero(), F::from(0b000), F::from(0b000000))?;
|
||||||
add_row(F::zero(), F::from_u64(0b001), F::from_u64(0b000001))?;
|
add_row(F::zero(), F::from(0b001), F::from(0b000001))?;
|
||||||
add_row(F::zero(), F::from_u64(0b010), F::from_u64(0b000100))?;
|
add_row(F::zero(), F::from(0b010), F::from(0b000100))?;
|
||||||
add_row(F::zero(), F::from_u64(0b011), F::from_u64(0b000101))?;
|
add_row(F::zero(), F::from(0b011), F::from(0b000101))?;
|
||||||
add_row(F::zero(), F::from_u64(0b100), F::from_u64(0b010000))?;
|
add_row(F::zero(), F::from(0b100), F::from(0b010000))?;
|
||||||
add_row(F::zero(), F::from_u64(0b101), F::from_u64(0b010001))?;
|
add_row(F::zero(), F::from(0b101), F::from(0b010001))?;
|
||||||
|
|
||||||
// Test the tag boundaries:
|
// Test the tag boundaries:
|
||||||
// 7-bit
|
// 7-bit
|
||||||
add_row(
|
add_row(F::zero(), F::from(0b1111111), F::from(0b01010101010101))?;
|
||||||
F::zero(),
|
add_row(F::one(), F::from(0b10000000), F::from(0b0100000000000000))?;
|
||||||
F::from_u64(0b1111111),
|
|
||||||
F::from_u64(0b01010101010101),
|
|
||||||
)?;
|
|
||||||
add_row(
|
|
||||||
F::one(),
|
|
||||||
F::from_u64(0b10000000),
|
|
||||||
F::from_u64(0b0100000000000000),
|
|
||||||
)?;
|
|
||||||
// - 10-bit
|
// - 10-bit
|
||||||
add_row(
|
add_row(
|
||||||
F::one(),
|
F::one(),
|
||||||
F::from_u64(0b1111111111),
|
F::from(0b1111111111),
|
||||||
F::from_u64(0b01010101010101010101),
|
F::from(0b01010101010101010101),
|
||||||
)?;
|
)?;
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(2),
|
F::from(2),
|
||||||
F::from_u64(0b10000000000),
|
F::from(0b10000000000),
|
||||||
F::from_u64(0b0100000000000000000000),
|
F::from(0b0100000000000000000000),
|
||||||
)?;
|
)?;
|
||||||
// - 11-bit
|
// - 11-bit
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(2),
|
F::from(2),
|
||||||
F::from_u64(0b11111111111),
|
F::from(0b11111111111),
|
||||||
F::from_u64(0b0101010101010101010101),
|
F::from(0b0101010101010101010101),
|
||||||
)?;
|
)?;
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(3),
|
F::from(3),
|
||||||
F::from_u64(0b100000000000),
|
F::from(0b100000000000),
|
||||||
F::from_u64(0b010000000000000000000000),
|
F::from(0b010000000000000000000000),
|
||||||
)?;
|
)?;
|
||||||
// - 13-bit
|
// - 13-bit
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(3),
|
F::from(3),
|
||||||
F::from_u64(0b1111111111111),
|
F::from(0b1111111111111),
|
||||||
F::from_u64(0b01010101010101010101010101),
|
F::from(0b01010101010101010101010101),
|
||||||
)?;
|
)?;
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(4),
|
F::from(4),
|
||||||
F::from_u64(0b10000000000000),
|
F::from(0b10000000000000),
|
||||||
F::from_u64(0b0100000000000000000000000000),
|
F::from(0b0100000000000000000000000000),
|
||||||
)?;
|
)?;
|
||||||
// - 14-bit
|
// - 14-bit
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(4),
|
F::from(4),
|
||||||
F::from_u64(0b11111111111111),
|
F::from(0b11111111111111),
|
||||||
F::from_u64(0b0101010101010101010101010101),
|
F::from(0b0101010101010101010101010101),
|
||||||
)?;
|
)?;
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(5),
|
F::from(5),
|
||||||
F::from_u64(0b100000000000000),
|
F::from(0b100000000000000),
|
||||||
F::from_u64(0b010000000000000000000000000000),
|
F::from(0b010000000000000000000000000000),
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
// Test random lookup values
|
// Test random lookup values
|
||||||
|
@ -426,9 +418,9 @@ mod tests {
|
||||||
for _ in 0..10 {
|
for _ in 0..10 {
|
||||||
let word: u16 = rng.gen();
|
let word: u16 = rng.gen();
|
||||||
add_row(
|
add_row(
|
||||||
F::from_u64(get_tag(word).into()),
|
F::from(get_tag(word).into()),
|
||||||
F::from_u64(word.into()),
|
F::from(word.into()),
|
||||||
F::from_u64(interleave_u16_with_zeros(word).into()),
|
F::from(interleave_u16_with_zeros(word).into()),
|
||||||
)?;
|
)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue