zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
926 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

297 Commits

Author SHA1 Message Date
Jack Grigg b4ed5295fe Migrate to group traits 
The `Curve` trait is now `CurveExt: group::prime::PrimeCurve`, and
`CurveAffine` is now `CurveAffine: group::prime::PrimeCurveAffine`.

There is no `CurveAffine` trait in `group`, and it's a widely-used
trait in this crate, so we don't rename it to `CurveAffineExt`.
 2021-02-22 20:20:23 +00:00
Jack Grigg 7037d55320 Rename Curve and CurveAffine properties to match group traits 2021-02-22 20:05:08 +00:00
Daira Hopwood 4d61ad8ff5 Need a borrow here. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-18 23:50:19 +00:00
Sean Bowe 81af4e43d1
Update pinned verification key to account for circuit changes 2021-02-18 15:48:20 -07:00
therealyingtong d29246b49b
Rename const_* -> constant_* 2021-02-18 15:41:36 -07:00
therealyingtong 4bf46fc349
Add Expression::Const variant 2021-02-18 15:41:36 -07:00
therealyingtong 6a7f869f66
Clippy fixes 2021-02-18 15:41:36 -07:00
therealyingtong df2d818891
Account for Rotations of LagrangeCoeff values 2021-02-18 15:41:36 -07:00
therealyingtong 8e56b415fb
Rename column -> expression for lookups 2021-02-18 15:41:36 -07:00
therealyingtong 2f2de13887
Calculate required degree of lookup 2021-02-18 15:41:36 -07:00
therealyingtong aca6de61f8
Evaluate Expressions and all variants 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-02-18 15:41:36 -07:00
therealyingtong d8534e1c50
Pass Expressions to meta.lookup() 2021-02-18 15:41:35 -07:00
Sean Bowe 8060a12ea4
Fix minor nit (match ergonomics) 2021-02-17 15:39:46 -07:00
Sean Bowe 87536cea10
Use newtypes to simplify Debug implementations for pinning verification keys. 2021-02-17 15:20:19 -07:00
ebfull bc9d05e67b
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-02-17 15:19:34 -07:00
Sean Bowe dfa7d96fa9
Refactor verification key hashing logic to use Display impls. 2021-02-17 15:19:34 -07:00
therealyingtong f35e190455
Hash in field modulus, curve parameters 2021-02-17 15:19:34 -07:00
therealyingtong 52c028b4da
Disambiguate naming of hash() -> hash_into() 2021-02-17 15:19:34 -07:00
therealyingtong e7d6f67564
Rename aux -> instance after rebasing 2021-02-17 15:19:34 -07:00
therealyingtong b204ff74a8
Do not return hash results from component hash() methods 2021-02-17 15:19:34 -07:00
therealyingtong 4aa4b4463a
Hash domain and cs into transcript 2021-02-17 15:19:34 -07:00
therealyingtong 437782e902
Hash fixed_commitments and permutations into transcript 2021-02-17 15:19:33 -07:00
therealyingtong a19dc68dee Use Column<Any> in Permutation::Argument 2021-02-17 21:32:17 +08:00
Daira Hopwood 760d69bd2c Rename "auxiliary column" to "instance column" in the book and in code. fixes #181 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-14 21:09:49 +00:00
Sean Bowe 4b960a7c0c
cargo fmt 2021-02-14 09:28:51 -07:00
Jack Grigg 821bca0abe Reduce FieldExt bound to Field for Neg and Sub impls on Expression<F> 2021-02-12 16:52:42 +00:00
Jack Grigg db0477a606 impl<F: FieldExt> {Neg, Sub} for Expression<F> 2021-02-01 21:42:57 +00:00
Jack Grigg 0a378c3d0f Require Circuit::Config implement Clone instead of Copy 2021-02-01 19:05:19 +00:00
Jack Grigg 82da677add Add name field to ConstraintSystem::create_gate 
The name has type `&'static str`, as gates apply to every row and thus
do not require any runtime information to name.
 2021-02-01 18:38:13 +00:00
Jack Grigg bf771a7446 Add namespacing and gadget name collection to Layouter 2021-02-01 18:38:04 +00:00
Jack Grigg 60061f64fd Add name field to Layouter::assign_region 2021-02-01 18:34:24 +00:00
Jack Grigg 4c3adf59d5 Add annotations to Region::{assign_advice, assign_fixed} 
This enables circuits to annotate individual cells with variable names
or similar protocol-specific metadata.
 2021-02-01 18:33:25 +00:00
therealyingtong ea14d99a83 Renaming and cleanups from code review 
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
 2021-02-02 00:05:55 +08:00
therealyingtong a00d7c2fa6 Cleanups from code review 
Co-authored-by: Kris Nuttycombe <kris.nuttycombe@gmail.com>
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
 2021-01-31 11:48:32 +08:00
therealyingtong def65609b1 Refactor PLONK verifier 2021-01-31 11:45:40 +08:00
therealyingtong 02b5b8442b Refactor PLONK prover 2021-01-31 11:45:40 +08:00
ebfull 5f89227cdd
Merge pull request #135 from zcash/serialize-params 
Serialize params
 2021-01-30 11:43:55 -07:00
therealyingtong faf5da15c9 Track column usage in RegionShape. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-01-28 10:55:02 +08:00
therealyingtong ffdd739f85 Only write k in Params; calculate n when reading 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-24 08:07:30 +08:00
therealyingtong e0f9fe1dcf Clippy fixes + address review comments 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-01-24 08:07:30 +08:00
therealyingtong 58479fbcc3 Refactor keygen to generate pk from vk. 2021-01-24 08:07:30 +08:00
Sean Bowe ba591c3b39 Add serialization support for PLONK verifying keys. 2021-01-24 08:05:58 +08:00
Sean Bowe d9d20bfe36 Break out domain creation logic into separate method. 2021-01-24 08:04:13 +08:00
Kris Nuttycombe 74b2aa715f Require Rotation instead of i32 for relative rows in circuits. 
Co-authored-by: str4d <thestr4d@gmail.com>
 2021-01-14 11:57:32 -07:00
Kris Nuttycombe 483cb1139f Remove rotations from ConstraintSystem 2021-01-14 11:35:23 -07:00
Sean Bowe e4dac4f621
clippy: remove unnecessarily explicit lifetimes and return types 2021-01-14 08:53:19 -07:00
Jack Grigg d95e4e4724
clippy: Remove unnecessary Result 2021-01-14 08:46:25 -07:00
Jack Grigg 95314d0f69
clippy: Add type definitions for complex types 2021-01-14 08:46:23 -07:00
Jack Grigg 75915f67ed
clippy: Small cleanups 2021-01-14 08:43:25 -07:00
Sean Bowe ec2d8db8cb
Multiopen prover never needed evals to be specified. 
The Lagrange interpolation we were doing was pointless. kate_division sheds the constant
term off each time it is invoked because the quotient polynomial isn't affected by it.
This means we were modifying coefficients that end up getting discarded anyway; the
quotient polynomial coefficients are already determined exactly by the leading coefficients
and the fact that a root exists at each of the points.
 2021-01-13 17:22:32 -07:00
ebfull ccca639591
Merge pull request #111 from zcash/transcript-api-2 
New Transcript API (and modified commitment scheme)
 2021-01-13 16:50:47 -07:00
Sean Bowe 775151a67d
Change absorb_ to read_ in subprotocols. 2021-01-13 15:47:35 -07:00
Sean Bowe 9a26ef1acd
Refactor the Committed structure. 2021-01-13 15:44:37 -07:00
Jack Grigg 64b06735bf Expose MockProver in crate, and add documentation 2021-01-06 21:52:56 +00:00
therealyingtong fb939f17a9 Add permutation check to MockProver 2021-01-06 21:52:56 +00:00
Sean Bowe c5e0364962
Remove the Read/Write type parameters from Transcript{Read,Write}. 2021-01-06 10:45:11 -07:00
Sean Bowe 4ecbfb548e
Remove unnecessary lifetimes. 2021-01-06 10:45:11 -07:00
Sean Bowe 06552eec44
Update the PLONK implementation to adapt to the new transcript API. 2021-01-06 10:45:11 -07:00
Jack Grigg f49e1e6177 Fix breakage of trait resolution in Rust 1.49.0 
Previously, `ChallengeScalar` could use the operator traits defined on
the `F: Field` type it wrapped, due to its `impl Deref<Target = F>`.
This was technically ambiguous, and Rust 1.49.0 makes that ambiguity an
error.

We could fix this by adding operator impls with `ChallengeScalar` on the
RHS, but that would conflict with zcash/halo2#111. Instead we manually
dereference every challenge scalar when used in an arithmetic operation.
 2021-01-06 00:48:29 +00:00
Jack Grigg 90c50fdd11 Refactor permutation proofs to reflect the separate permutations 2020-12-22 23:51:32 +00:00
Jack Grigg 62cace289b Add a few comments to the permutation construction code 
We mainly point at the design document that describes the algorithm.
 2020-12-22 20:25:33 +00:00
Jack Grigg 838d21f2be Refactor permutation keygen to reflect the separate permutations 2020-12-22 18:11:42 +00:00
Sean Bowe 9df7b5386f
Account more rigorously for the degrees of permutations' and lookups' constraints. 2020-12-22 08:59:08 -07:00
Sean Bowe 65ed1d8568
Check h_evals/h_commitments lengths in vanishing argument verifier. 2020-12-22 08:59:06 -07:00
therealyingtong 8360b94f89 Extract plonk::vanishing::{Argument, Proof} from prover and verifier 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2020-12-08 00:57:14 +08:00
therealyingtong e5f55a8576 Abstract add_rotation() helper in plonk::circuit 2020-12-06 07:19:44 +08:00
therealyingtong 4273bbb2ba [Documentation] Consistently use zero-based numbering 2020-12-06 07:10:09 +08:00
ying tong 30c13d5a6a Further cleanups 
Co-authored-by: ebfull <ewillbefull@gmail.com>
 2020-12-05 13:14:50 +08:00
ying tong ecc805fa35 Correct privacy of lookup structs + minor cleanups 
Co-authored-by: str4d <jack@electriccoin.co>
 2020-12-04 09:19:15 +08:00
therealyingtong 2284bbd0d8 Deduplicate Argument::commit_permuted() and rename {input,table}_values -> {input,table}_columns 2020-12-03 14:00:16 +08:00
therealyingtong 9a3d1b1d05 Optimisations and documentation updates 2020-12-03 12:54:25 +08:00
therealyingtong e51ab7eaa7 Linearise state transition from Argument -> Permuted -> Committed 2020-12-03 12:11:00 +08:00
therealyingtong 0a85e93714 Add lookup to circuit and test 2020-12-03 10:50:20 +08:00
therealyingtong 0c81e9adab Use lookup mod in plonk::prover and plonk::verifier 2020-12-03 10:50:20 +08:00
therealyingtong 19c1b20063 Add lookup::verifier methods 2020-12-03 10:50:20 +08:00
therealyingtong c692311a12 Add Evaluated::open() and Evaluated::build() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 6ccf58fc7c Add Constructed::evaluate() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 39df4954b5 Add Committed::construct() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 2d0f4a11e3 Add commit_product() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 46eed7be93 Add commit_permuted() in lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 02344eb711 Add lookup mod and structs 2020-12-03 10:50:20 +08:00
therealyingtong 2ba44cff9f Add theta challenge 2020-12-03 10:50:20 +08:00
therealyingtong 5d891e029d Add fixed_values to ProvingKey 2020-12-03 10:50:20 +08:00
Sean Bowe 2e65229920
Remove unnecessary Clone impl from plonk::permutation::prover::Committed. 2020-12-02 09:50:45 -07:00
Jack Grigg 3d6afd7b8e permutation: Clean up opening chains 2020-12-01 22:09:50 +00:00
Jack Grigg dd3d1dd68b Small type annotation cleanups 2020-12-01 21:49:07 +00:00
Jack Grigg a63e6e25d8 Restrict visibility of PLONK challenges to plonk module 2020-12-01 21:14:14 +00:00
Jack Grigg 7422efca72 s/permutation::Proof::commit/permutation::Argument::commit 
Once we refactor the permutation argument implementation to be integrated
as Vec<permutation::Proof>, we can change this again to just map from the
Vec<permutation::Argument> inside ConstraintSystem.
 2020-12-01 21:10:31 +00:00
Jack Grigg 66240800a3 Move permutation keygen into plonk::permutation::keygen 2020-12-01 21:10:31 +00:00
Jack Grigg f63f3ff2af Introduce typed challenge scalars 
This also centralises the challenge generation logic in Challenge::get,
ensuring it is consistent across the codebase.
 2020-12-01 21:09:03 +00:00
Jack Grigg 4a3b830165 Extract permutation argument into a submodule 2020-12-01 21:03:31 +00:00
Jack Grigg cdbc41148a Migrate to ff traits 
The `Field` trait in this crate is now `FieldExt: ff::PrimeField`.
 2020-12-01 20:55:03 +00:00
Jack Grigg 875c223748 Simplify h_poly expression evaluation in Proof::create 2020-11-24 23:43:48 +00:00
Jack Grigg 61c9392475 Remove query allocations from Proof::create 
multiopen::Proof::create takes `instances: IntoIterator`, so we can just
pass it an iterator directly.
 2020-11-24 18:25:55 +00:00
Jack Grigg 6360da1f4e Remove query allocations from Proof::verify 
multiopen::Proof::verify takes `queries: IntoIterator`, so we can just
pass it an iterator directly.
 2020-11-24 18:23:27 +00:00
Jack Grigg 7f29ab913d Simplify h(x_3) computation in verifier using Horner's rule 
Closes zcash/halo2#45
 2020-11-24 18:18:45 +00:00
Jack Grigg feba8e2fdf Allocate permutation_modified_advice once in Proof::create 2020-11-24 18:18:45 +00:00
str4d cc5f45231d
Merge pull request #42 from zcash/plonk-benches 
PLONK benchmarks
 2020-11-24 18:14:07 +00:00
therealyingtong 3eb6712c6c Add aux information to metrics 2020-11-24 09:39:34 +08:00
Jack Grigg d4424db8d4 Collect some prover metrics 2020-11-23 12:47:51 +00:00
therealyingtong 2375507f4f Update error handling 2020-11-16 21:26:46 +00:00
therealyingtong 43337dea1b Make Transcript generic over curve points 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2020-11-16 21:26:46 +00:00
ebfull 5d1e1a29db
Merge pull request #51 from zcash/update-ci 
Update Actions CI with improved workflow
 2020-11-11 08:52:59 -07:00
ying tong a856137619 Minor refactors 
Co-authored-by: str4d <jack@electriccoin.co>
 2020-11-11 13:56:34 +08:00
therealyingtong 766caf9214 Make getters for column index() and column_type() 2020-11-10 00:45:52 +08:00
therealyingtong 0519a522aa Use TryFrom to convert Column<Any> to other column types 2020-11-10 00:39:08 +08:00
therealyingtong 22b6d5bd70 Cleanups in circuit.rs 2020-11-07 14:27:38 +08:00
therealyingtong 34c6cba537 Add generic query_any_index() and get_any_query_index methods 2020-11-06 12:39:51 +08:00
therealyingtong 075988ae4e Introduce Column struct and ColumnType trait 2020-11-06 11:29:42 +08:00
therealyingtong 2034179d82 Rename wire -> column 2020-11-06 11:18:12 +08:00
Jack Grigg 10676657f4 Fix stable clippy lints 2020-10-30 01:29:05 +00:00
Jack Grigg 5a6a45c6a8 Fix deref breakage with nightly-2020-10-06 
I think this is related to rust-lang/rust#77638
 2020-10-30 01:21:09 +00:00
therealyingtong 24b85dec67 Remove q_evals.len() = rotations.len() check 
q_evals should now have the same length as point_sets, which is only constructed in the multiopen verifier.
 2020-10-14 00:43:48 +08:00
therealyingtong 89fd6e4d44 Use map_err() when handling multiopen::Proof::create() 
Co-authored-by: Daira Hopwood <daira@electriccoin.co>
 2020-10-14 00:35:36 +08:00
therealyingtong 6cd74999ff Use ProverQuery and construct_intermediate_sets() in prover 2020-10-14 00:35:25 +08:00
therealyingtong c3d0a172a7 Create multiopen abstraction 2020-10-14 00:35:25 +08:00
Sean Bowe 2ccddac674
Split proof/input length checks into separate method of verifier 2020-09-29 17:35:24 -06:00
Sean Bowe 9672bf9725
Minor improvements to check_hx() 2020-09-29 17:14:37 -06:00
Sean Bowe 7d8daa5d05
Refactor h_eval computation into separate, more functional code. 
Co-authored-by: str4d <thestr4d@gmail.com>
 2020-09-29 16:56:21 -06:00
Sean Bowe e275d78c7d
Simplify permutations field of ConstraintSystem 
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
 2020-09-29 08:51:00 -06:00
Sean Bowe c97da352ee
Remove SRS and replace with ProvingKey/VerifyingKey abstractions 
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
 2020-09-29 08:25:04 -06:00
Sean Bowe 56b6d8bd03
Auxilary wires in PLONK are foux blinded just like fixed wires. 2020-09-25 10:21:15 -06:00
Sean Bowe 2d1f69328f
Rename `OpeningProof` to just `Proof`. 2020-09-25 09:39:32 -06:00
Sean Bowe a37c926a89
Address clippy lints 2020-09-20 13:09:03 -06:00
Sean Bowe 6620817d81
Return errors from verifier instead of assuming points aren't at infinity in the proof. 2020-09-19 13:47:37 -06:00
Sean Bowe 73d494a72d
Various changes, including restoring permutation argument to advice wires only for now. 2020-09-19 13:31:56 -06:00
therealyingtong e8839a7579
Refactor wire pattern matching when computing permutation product 2020-09-19 12:39:04 -06:00
therealyingtong 24fe3fae29
Remove aux_commitments computation from Prover; remove blinding factor when accumulator aux_evals 2020-09-19 12:39:04 -06:00
therealyingtong c772801f8f
Pass aux_lagrange_polys to prover as a slice 2020-09-19 12:39:04 -06:00
therealyingtong 0bdcbb6c67
Introduce Wire enum for use in permutations 2020-09-19 12:39:04 -06:00
therealyingtong a257308ba2
Add aux wires to ConstraintSystem 2020-09-19 12:39:04 -06:00
therealyingtong 0caf1d2087
Provide aux_commitments to verifier and aux_lagrange_polys to prover 2020-09-19 12:39:04 -06:00
therealyingtong 76c49a4df3
Minor refactor 2020-09-19 23:44:00 +08:00
therealyingtong 33261ec1a0
Recover from OpeningProof::create() failure in PLONK prover 2020-09-19 23:19:30 +08:00
therealyingtong 69a612fb59
Increment blinding factor instead of choosing new random blinding factor 2020-09-19 23:04:17 +08:00
therealyingtong a6f5d0ad5e
Remove fork from OpeningProof prover; add loop in PLONK prover to try different f_blind values 2020-09-19 16:57:32 +08:00
Sean Bowe 52a85380bc
Rename f_eval to msm_eval. 2020-09-16 13:15:10 -06:00
Sean Bowe 68de5db8c6
Mitigate unnecessary scaling operations in commitment verifier. 2020-09-15 17:42:02 -06:00
Sean Bowe a886663e05
Incorporate MSM/Guard into PLONK verifier API and arithmetic. 2020-09-15 17:32:39 -06:00
Sean Bowe 643077b150
Rename `ConstraintSystem` to `Assignment`, and `MetaCircuit` to `ConstraintSystem`. 2020-09-13 10:30:02 -06:00
therealyingtong 1eb2a36086
Return MSM from PLONK verifier 2020-09-13 23:10:06 +08:00
therealyingtong 1a52d8f6b8
Add MSM to PLONK verifier signature 2020-09-13 12:32:32 +08:00
therealyingtong 14d1f41e08
Address review comments 2020-09-13 03:03:36 +08:00
therealyingtong 5f1cd6ced2
Only return Guard from OpeningProof.verify() 2020-09-13 00:50:35 +08:00
therealyingtong d41fcf842b
Modify MSM and Guard structs and methods 2020-09-11 18:57:22 +08:00
therealyingtong 5724706a09
Add MSM and Guard structs in polycommit scheme 2020-09-10 18:51:41 +08:00
Sean Bowe 549232234f
Finish comment on Proof::verify. 2020-09-07 16:34:40 -06:00
Sean Bowe 116659c1ba
Refactor module tree. 2020-09-07 13:07:51 -06:00
Sean Bowe 21f02a73c2
Don't mutate the witness during permutation argument. Also, adds parallelism and reduces state/multiplications. 2020-09-07 09:43:02 -06:00
Sean Bowe b65e75921b
Remove stale comment 2020-09-06 14:21:28 -06:00