zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
926 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

297 Commits

Author SHA1 Message Date
ebfull ccca639591
Merge pull request #111 from zcash/transcript-api-2 
New Transcript API (and modified commitment scheme)
 2021-01-13 16:50:47 -07:00
Sean Bowe 775151a67d
Change absorb_ to read_ in subprotocols. 2021-01-13 15:47:35 -07:00
Sean Bowe 9a26ef1acd
Refactor the Committed structure. 2021-01-13 15:44:37 -07:00
Jack Grigg 64b06735bf Expose MockProver in crate, and add documentation 2021-01-06 21:52:56 +00:00
therealyingtong fb939f17a9 Add permutation check to MockProver 2021-01-06 21:52:56 +00:00
Sean Bowe c5e0364962
Remove the Read/Write type parameters from Transcript{Read,Write}. 2021-01-06 10:45:11 -07:00
Sean Bowe 4ecbfb548e
Remove unnecessary lifetimes. 2021-01-06 10:45:11 -07:00
Sean Bowe 06552eec44
Update the PLONK implementation to adapt to the new transcript API. 2021-01-06 10:45:11 -07:00
Jack Grigg f49e1e6177 Fix breakage of trait resolution in Rust 1.49.0 
Previously, `ChallengeScalar` could use the operator traits defined on
the `F: Field` type it wrapped, due to its `impl Deref<Target = F>`.
This was technically ambiguous, and Rust 1.49.0 makes that ambiguity an
error.

We could fix this by adding operator impls with `ChallengeScalar` on the
RHS, but that would conflict with zcash/halo2#111. Instead we manually
dereference every challenge scalar when used in an arithmetic operation.
 2021-01-06 00:48:29 +00:00
Jack Grigg 90c50fdd11 Refactor permutation proofs to reflect the separate permutations 2020-12-22 23:51:32 +00:00
Jack Grigg 62cace289b Add a few comments to the permutation construction code 
We mainly point at the design document that describes the algorithm.
 2020-12-22 20:25:33 +00:00
Jack Grigg 838d21f2be Refactor permutation keygen to reflect the separate permutations 2020-12-22 18:11:42 +00:00
Sean Bowe 9df7b5386f
Account more rigorously for the degrees of permutations' and lookups' constraints. 2020-12-22 08:59:08 -07:00
Sean Bowe 65ed1d8568
Check h_evals/h_commitments lengths in vanishing argument verifier. 2020-12-22 08:59:06 -07:00
therealyingtong 8360b94f89 Extract plonk::vanishing::{Argument, Proof} from prover and verifier 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2020-12-08 00:57:14 +08:00
therealyingtong e5f55a8576 Abstract add_rotation() helper in plonk::circuit 2020-12-06 07:19:44 +08:00
therealyingtong 4273bbb2ba [Documentation] Consistently use zero-based numbering 2020-12-06 07:10:09 +08:00
ying tong 30c13d5a6a Further cleanups 
Co-authored-by: ebfull <ewillbefull@gmail.com>
 2020-12-05 13:14:50 +08:00
ying tong ecc805fa35 Correct privacy of lookup structs + minor cleanups 
Co-authored-by: str4d <jack@electriccoin.co>
 2020-12-04 09:19:15 +08:00
therealyingtong 2284bbd0d8 Deduplicate Argument::commit_permuted() and rename {input,table}_values -> {input,table}_columns 2020-12-03 14:00:16 +08:00
therealyingtong 9a3d1b1d05 Optimisations and documentation updates 2020-12-03 12:54:25 +08:00
therealyingtong e51ab7eaa7 Linearise state transition from Argument -> Permuted -> Committed 2020-12-03 12:11:00 +08:00
therealyingtong 0a85e93714 Add lookup to circuit and test 2020-12-03 10:50:20 +08:00
therealyingtong 0c81e9adab Use lookup mod in plonk::prover and plonk::verifier 2020-12-03 10:50:20 +08:00
therealyingtong 19c1b20063 Add lookup::verifier methods 2020-12-03 10:50:20 +08:00
therealyingtong c692311a12 Add Evaluated::open() and Evaluated::build() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 6ccf58fc7c Add Constructed::evaluate() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 39df4954b5 Add Committed::construct() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 2d0f4a11e3 Add commit_product() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 46eed7be93 Add commit_permuted() in lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 02344eb711 Add lookup mod and structs 2020-12-03 10:50:20 +08:00
therealyingtong 2ba44cff9f Add theta challenge 2020-12-03 10:50:20 +08:00
therealyingtong 5d891e029d Add fixed_values to ProvingKey 2020-12-03 10:50:20 +08:00
Sean Bowe 2e65229920
Remove unnecessary Clone impl from plonk::permutation::prover::Committed. 2020-12-02 09:50:45 -07:00
Jack Grigg 3d6afd7b8e permutation: Clean up opening chains 2020-12-01 22:09:50 +00:00
Jack Grigg dd3d1dd68b Small type annotation cleanups 2020-12-01 21:49:07 +00:00
Jack Grigg a63e6e25d8 Restrict visibility of PLONK challenges to plonk module 2020-12-01 21:14:14 +00:00
Jack Grigg 7422efca72 s/permutation::Proof::commit/permutation::Argument::commit 
Once we refactor the permutation argument implementation to be integrated
as Vec<permutation::Proof>, we can change this again to just map from the
Vec<permutation::Argument> inside ConstraintSystem.
 2020-12-01 21:10:31 +00:00
Jack Grigg 66240800a3 Move permutation keygen into plonk::permutation::keygen 2020-12-01 21:10:31 +00:00
Jack Grigg f63f3ff2af Introduce typed challenge scalars 
This also centralises the challenge generation logic in Challenge::get,
ensuring it is consistent across the codebase.
 2020-12-01 21:09:03 +00:00
Jack Grigg 4a3b830165 Extract permutation argument into a submodule 2020-12-01 21:03:31 +00:00
Jack Grigg cdbc41148a Migrate to ff traits 
The `Field` trait in this crate is now `FieldExt: ff::PrimeField`.
 2020-12-01 20:55:03 +00:00
Jack Grigg 875c223748 Simplify h_poly expression evaluation in Proof::create 2020-11-24 23:43:48 +00:00
Jack Grigg 61c9392475 Remove query allocations from Proof::create 
multiopen::Proof::create takes `instances: IntoIterator`, so we can just
pass it an iterator directly.
 2020-11-24 18:25:55 +00:00
Jack Grigg 6360da1f4e Remove query allocations from Proof::verify 
multiopen::Proof::verify takes `queries: IntoIterator`, so we can just
pass it an iterator directly.
 2020-11-24 18:23:27 +00:00
Jack Grigg 7f29ab913d Simplify h(x_3) computation in verifier using Horner's rule 
Closes zcash/halo2#45
 2020-11-24 18:18:45 +00:00
Jack Grigg feba8e2fdf Allocate permutation_modified_advice once in Proof::create 2020-11-24 18:18:45 +00:00
str4d cc5f45231d
Merge pull request #42 from zcash/plonk-benches 
PLONK benchmarks
 2020-11-24 18:14:07 +00:00
therealyingtong 3eb6712c6c Add aux information to metrics 2020-11-24 09:39:34 +08:00
Jack Grigg d4424db8d4 Collect some prover metrics 2020-11-23 12:47:51 +00:00
therealyingtong 2375507f4f Update error handling 2020-11-16 21:26:46 +00:00
therealyingtong 43337dea1b Make Transcript generic over curve points 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2020-11-16 21:26:46 +00:00
ebfull 5d1e1a29db
Merge pull request #51 from zcash/update-ci 
Update Actions CI with improved workflow
 2020-11-11 08:52:59 -07:00
ying tong a856137619 Minor refactors 
Co-authored-by: str4d <jack@electriccoin.co>
 2020-11-11 13:56:34 +08:00
therealyingtong 766caf9214 Make getters for column index() and column_type() 2020-11-10 00:45:52 +08:00
therealyingtong 0519a522aa Use TryFrom to convert Column<Any> to other column types 2020-11-10 00:39:08 +08:00
therealyingtong 22b6d5bd70 Cleanups in circuit.rs 2020-11-07 14:27:38 +08:00
therealyingtong 34c6cba537 Add generic query_any_index() and get_any_query_index methods 2020-11-06 12:39:51 +08:00
therealyingtong 075988ae4e Introduce Column struct and ColumnType trait 2020-11-06 11:29:42 +08:00
therealyingtong 2034179d82 Rename wire -> column 2020-11-06 11:18:12 +08:00
Jack Grigg 10676657f4 Fix stable clippy lints 2020-10-30 01:29:05 +00:00
Jack Grigg 5a6a45c6a8 Fix deref breakage with nightly-2020-10-06 
I think this is related to rust-lang/rust#77638
 2020-10-30 01:21:09 +00:00
therealyingtong 24b85dec67 Remove q_evals.len() = rotations.len() check 
q_evals should now have the same length as point_sets, which is only constructed in the multiopen verifier.
 2020-10-14 00:43:48 +08:00
therealyingtong 89fd6e4d44 Use map_err() when handling multiopen::Proof::create() 
Co-authored-by: Daira Hopwood <daira@electriccoin.co>
 2020-10-14 00:35:36 +08:00
therealyingtong 6cd74999ff Use ProverQuery and construct_intermediate_sets() in prover 2020-10-14 00:35:25 +08:00
therealyingtong c3d0a172a7 Create multiopen abstraction 2020-10-14 00:35:25 +08:00
Sean Bowe 2ccddac674
Split proof/input length checks into separate method of verifier 2020-09-29 17:35:24 -06:00
Sean Bowe 9672bf9725
Minor improvements to check_hx() 2020-09-29 17:14:37 -06:00
Sean Bowe 7d8daa5d05
Refactor h_eval computation into separate, more functional code. 
Co-authored-by: str4d <thestr4d@gmail.com>
 2020-09-29 16:56:21 -06:00
Sean Bowe e275d78c7d
Simplify permutations field of ConstraintSystem 
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
 2020-09-29 08:51:00 -06:00
Sean Bowe c97da352ee
Remove SRS and replace with ProvingKey/VerifyingKey abstractions 
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
 2020-09-29 08:25:04 -06:00
Sean Bowe 56b6d8bd03
Auxilary wires in PLONK are foux blinded just like fixed wires. 2020-09-25 10:21:15 -06:00
Sean Bowe 2d1f69328f
Rename `OpeningProof` to just `Proof`. 2020-09-25 09:39:32 -06:00
Sean Bowe a37c926a89
Address clippy lints 2020-09-20 13:09:03 -06:00
Sean Bowe 6620817d81
Return errors from verifier instead of assuming points aren't at infinity in the proof. 2020-09-19 13:47:37 -06:00
Sean Bowe 73d494a72d
Various changes, including restoring permutation argument to advice wires only for now. 2020-09-19 13:31:56 -06:00
therealyingtong e8839a7579
Refactor wire pattern matching when computing permutation product 2020-09-19 12:39:04 -06:00
therealyingtong 24fe3fae29
Remove aux_commitments computation from Prover; remove blinding factor when accumulator aux_evals 2020-09-19 12:39:04 -06:00
therealyingtong c772801f8f
Pass aux_lagrange_polys to prover as a slice 2020-09-19 12:39:04 -06:00
therealyingtong 0bdcbb6c67
Introduce Wire enum for use in permutations 2020-09-19 12:39:04 -06:00
therealyingtong a257308ba2
Add aux wires to ConstraintSystem 2020-09-19 12:39:04 -06:00
therealyingtong 0caf1d2087
Provide aux_commitments to verifier and aux_lagrange_polys to prover 2020-09-19 12:39:04 -06:00
therealyingtong 76c49a4df3
Minor refactor 2020-09-19 23:44:00 +08:00
therealyingtong 33261ec1a0
Recover from OpeningProof::create() failure in PLONK prover 2020-09-19 23:19:30 +08:00
therealyingtong 69a612fb59
Increment blinding factor instead of choosing new random blinding factor 2020-09-19 23:04:17 +08:00
therealyingtong a6f5d0ad5e
Remove fork from OpeningProof prover; add loop in PLONK prover to try different f_blind values 2020-09-19 16:57:32 +08:00
Sean Bowe 52a85380bc
Rename f_eval to msm_eval. 2020-09-16 13:15:10 -06:00
Sean Bowe 68de5db8c6
Mitigate unnecessary scaling operations in commitment verifier. 2020-09-15 17:42:02 -06:00
Sean Bowe a886663e05
Incorporate MSM/Guard into PLONK verifier API and arithmetic. 2020-09-15 17:32:39 -06:00
Sean Bowe 643077b150
Rename `ConstraintSystem` to `Assignment`, and `MetaCircuit` to `ConstraintSystem`. 2020-09-13 10:30:02 -06:00
therealyingtong 1eb2a36086
Return MSM from PLONK verifier 2020-09-13 23:10:06 +08:00
therealyingtong 1a52d8f6b8
Add MSM to PLONK verifier signature 2020-09-13 12:32:32 +08:00
therealyingtong 14d1f41e08
Address review comments 2020-09-13 03:03:36 +08:00
therealyingtong 5f1cd6ced2
Only return Guard from OpeningProof.verify() 2020-09-13 00:50:35 +08:00
therealyingtong d41fcf842b
Modify MSM and Guard structs and methods 2020-09-11 18:57:22 +08:00
therealyingtong 5724706a09
Add MSM and Guard structs in polycommit scheme 2020-09-10 18:51:41 +08:00
Sean Bowe 549232234f
Finish comment on Proof::verify. 2020-09-07 16:34:40 -06:00
Sean Bowe 116659c1ba
Refactor module tree. 2020-09-07 13:07:51 -06:00
Sean Bowe 21f02a73c2
Don't mutate the witness during permutation argument. Also, adds parallelism and reduces state/multiplications. 2020-09-07 09:43:02 -06:00
Sean Bowe b65e75921b
Remove stale comment 2020-09-06 14:21:28 -06:00
Sean Bowe 190242a4e9
Remove redundant permutation_queries vector. 2020-09-06 14:18:05 -06:00
Sean Bowe eff149e734
Fix incorrect indexing into advice_cosets during proving. 2020-09-06 14:10:25 -06:00
Sean Bowe e37d0c946b
Add parallelism in various locations in the prover. 2020-09-06 13:40:06 -06:00
Sean Bowe 3157fdd7d0
Batch inversions during domain setup. 2020-09-06 12:44:36 -06:00
Sean Bowe ff8f9eb20e
Reduce number of inversions by batch inverting when possible. 2020-09-06 12:29:34 -06:00
Sean Bowe 624eb6a421
Remove unnecessary computation of permutation length in prover. 2020-09-06 11:33:09 -06:00
therealyingtong 503939db05
Minor cleanups 2020-09-06 06:34:29 +08:00
Sean Bowe 965362c1f5
Don't precompute deltaomega; inline its computation. 2020-09-05 14:44:13 -06:00
Sean Bowe 937861c0b8
Add implementation of daira's algorithm for copy constraint enforcement. 2020-09-05 12:56:45 -06:00
Sean Bowe d7132404ba
Index into q_evals consistently between prover and verifier. 2020-09-05 12:08:56 -06:00
Sean Bowe 869aba389a
Cleanups 2020-09-05 11:40:25 -06:00
Sean Bowe da9c24bcfa
Obtain permutation product polynomial correctly. 2020-09-05 10:52:40 -06:00
Sean Bowe 114653f366
Fix indexing for permutation argument. 2020-09-04 14:45:05 -06:00
Sean Bowe a128d5d9b3
Undo unnecessarily complicated negation thing. 2020-09-04 14:25:16 -06:00
therealyingtong c7c5cf4db6
Rename tmp variables 2020-09-04 20:31:37 +08:00
ying tong 10a4b4252c
Fix current_delta initialisation in verifier 2020-09-04 19:05:08 +08:00
Sean Bowe 06a4cfe13b
Use extended omega for coset in prover. 2020-09-04 04:49:59 -06:00
Sean Bowe 0651359cb8
[WIP] Finish prover 2020-09-03 17:21:44 -06:00
Sean Bowe 6b9ea1dbeb
Precompute deltaomega vector. 2020-09-03 14:31:57 -06:00
Sean Bowe 36d37002fe
Remove unneeded exponentiation of x_3 2020-09-03 14:28:22 -06:00
Sean Bowe 335b629724
Avoid redundant wire queries by searching for an existing query. 2020-09-03 14:26:00 -06:00
Sean Bowe 4a88d52457
Use the correct permutation values from the SRS. 2020-09-03 14:21:13 -06:00
Sean Bowe d601533bd7
Commit to permutation product polynomial in the prover. 2020-09-03 10:58:48 -06:00
therealyingtong 441dcf0ecc
Compute permutation_evals in prover 2020-09-03 12:29:38 +08:00
therealyingtong 1bc90c4fec
Remove advice_shifted_evals from prover 2020-09-03 12:25:55 +08:00
Sean Bowe 160dabe9c5
Cleanups for verifier of permutation argument 2020-09-02 13:15:40 -06:00
therealyingtong c44a020de7
Permutation checks in verifier 2020-09-03 00:45:03 +08:00
therealyingtong bdd48f6037
Add advice_shifted_evals to Proof struct 2020-09-02 23:19:06 +08:00
therealyingtong 2472ec3291
WIP permutation checks in verifier 2020-09-02 23:19:06 +08:00
therealyingtong 0bf73c5d08
Minor fixes to srs.rs 2020-09-02 23:18:43 +08:00
Sean Bowe a2fca8a02d
Add comments to clarify implementation of permutation argument in SRS generator. 2020-08-31 10:18:55 -06:00
Sean Bowe dc5df10832
Update structured reference string and API for permutation argument. 2020-08-31 10:01:09 -06:00
therealyingtong 85fd924b15
WIP implement copy() on Variables 2020-08-31 21:51:49 +08:00
Sean Bowe b453b845b8
Clean up prover implementation 2020-08-27 14:03:43 -06:00
Sean Bowe 154568c387
Clean up verification implementation 2020-08-27 13:52:55 -06:00
Sean Bowe 35c4bd4dd9
Improve naming of offsets/indexes and mappings. 2020-08-27 13:27:24 -06:00
Sean Bowe 9852913a32
Add some comments and documentation. 2020-08-27 10:46:54 -06:00
Sean Bowe 1b6c0e9a8b
Remove _x suffix from variable names 2020-08-27 10:25:36 -06:00
Sean Bowe 9099e9d9ba
Properly invert when computing expected opening. 2020-08-27 10:16:42 -06:00
Sean Bowe ad106f1119
(WIP) broken implementation of generalized PLONK 2020-08-27 10:10:55 -06:00
Sean Bowe 6051814c4b
Split coset step up so that we can query wires at multiple spots. 2020-08-24 13:50:52 -06:00
Sean Bowe 36f9e87056
Implementation of gate/query API 2020-08-24 08:28:42 -06:00
Sean Bowe c20f3fdf1a
Give fixed and advice wires separate types 2020-08-23 13:26:04 -06:00
Sean Bowe 7edffe0197
Allow commitments to generic advice wire polynomials 2020-08-22 16:10:27 -06:00
Sean Bowe c16141be9a
Introduce `Variable` type 2020-08-22 15:15:39 -06:00
Sean Bowe 9dfc6ac379
Add first pieces of the API. 2020-08-22 15:09:47 -06:00
Sean Bowe dd1ad9f114
Initial commit 2020-08-22 14:15:39 -06:00