zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
931 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

300 Commits

Author SHA1 Message Date
Sean Bowe 32df26d881
Make permutation argument perfectly complete and zero-knowledge. 2021-07-02 16:20:36 -06:00
Sean Bowe 2ef2f7e73c
Change create_proof API to take vectors of scalars and compute polynomials internally. 2021-07-01 13:53:54 -06:00
Sean Bowe 1c586c081c
Switch directionality of the permutation argument's constraints. 2021-07-01 13:47:03 -06:00
Sean Bowe 9118697213
Additional comment about blinding h(X) 2021-07-01 13:01:39 -06:00
Sean Bowe 7fda6f672e
Always commit to a random polynomial that is evaluated at x in order to blind the multiopen evaluation of h(X). 2021-07-01 12:59:53 -06:00
Sean Bowe fa2d0b061e
Remove unnecessary clones of fixed columns. 2021-07-01 12:52:27 -06:00
Sean Bowe 0a6804bb30
Compute the number of blinding factors each advice polynomial needs. 2021-07-01 12:48:01 -06:00
Sean Bowe 8eb3b7313c
Add support for computing ranges of evaluations of the Lagrange basis polynomials. 2021-07-01 12:46:22 -06:00
Sean Bowe 7bf2bbb941
Clippy fixes 2021-07-01 12:45:14 -06:00
Sean Bowe fd91b6b42c
Allow MSMs to be queried and not just raw commitments. 
This allows us to avoid some interstitial arithmetic in the vanishing argument.
 2021-07-01 12:42:24 -06:00
Sean Bowe f7ef626858
Linearize the h(X) check. 2021-06-30 10:11:53 -06:00
str4d 305ca89bab
Merge pull request #302 from daira/clippy-nightly-clean 
Make this crate clippy clean for warnings on nightly
 2021-06-23 13:30:07 +01:00
Jack Grigg 6d0017f47c Introduce a FloorPlanner trait and integrate it into the Circuit trait 
This is the beginning of the process to enable full floor planning
capabilities in `halo2`. For now, all that a floor planner can do is
synthesize a circuit, which makes it no more powerful than a layouter,
but easier to use (as moving to a multi-pass layouter no longer requires
changes to `Circuit::synthesize`).
 2021-06-22 23:47:17 +01:00
Daira Hopwood 00ca9aa6c3 Remove needless .collect()s. 
https://rust-lang.github.io/rust-clippy/master/index.html#needless_collect

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:26:08 +01:00
Daira Hopwood 209144981a Remove needless borrows that are immediately dereferenced: 
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:19:15 +01:00
Jack Grigg 088f912d34 Make Assigned an enum, to remove field comparisions from batch eval 2021-06-18 22:04:31 +01:00
Jack Grigg 572d74e1a0 Add an Assigned::invert method 2021-06-12 19:36:37 +01:00
Jack Grigg cbd198fc71 Batch invert cell assignments during keygen and proving 2021-06-12 19:34:13 +01:00
Jack Grigg d685c5c5e6 impl operators for Assigned 
This enables chips to use this as an intermediate value while computing
witnesses.
 2021-06-12 19:34:13 +01:00
Jack Grigg 251bc68c05 Introduce an Assigned struct into the Assignment trait APIs 
Value closures can now return a `(numerator, denominator)` tuple, in
order to defer inversions until after assignment.
 2021-06-12 19:34:13 +01:00
str4d 236115917d
Merge pull request #290 from zcash/v1-layouter 
V1 layouter
 2021-06-12 18:14:54 +01:00
therealyingtong c907ca5410 plonk::circuit.rs: Add Expression::square() method. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-06-11 12:31:27 +08:00
Jack Grigg 7cca91331b Implement improved strategy for the V1 layouter 
This layouter improves on the single-pass strategy in two ways:

- Regions are layed out with a "first fit" strategy (using the algorithm
  described in https://github.com/zcash/halo2/issues/93) instead of a
  "last fit" strategy. This enables gaps in the circuit to be filled.

- Regions are sorted by their "advice area" (columns * rows), and are
  then layed out biggest-first. This takes advantage of the regularity
  of circuits, and that the advice columns have the most contention. It
  also leads to larger gaps between early layed-out regions that are more
  easily filled by subsequent smaller regions.
 2021-06-08 11:35:41 +01:00
str4d d8e4f24df4
Merge pull request #287 from zcash/remove-selector-rotations 
Remove rotations from Selectors
 2021-06-05 23:36:37 +01:00
Jack Grigg 0d8b3bab38 Remove rotations from Selectors 
Enabling selectors to be used in gates at non-zero rotations leads to
confusing gates, and inhibits our ability to create visualizations of
circuits. In most cases, a gate can be rearranged so that the selectors
have no rotation; in cases where cross-gate selector optimisations are
required, these can still be implemented using fixed columns.
 2021-06-04 16:18:51 +01:00
Jack Grigg 876587c818 Panic in ConstraintSystem::create_gate if it would contain no constraints 
We use iterators to allow a gate to contain more than one constraint, but
it is a programming error for a gate to not contain any constraints.
 2021-06-04 12:59:57 +01:00
Jack Grigg 6cf73391e8 Enable annotating individual constraints within gates 
The closure passed to `ConstraintSystem::create_gate` can now return:

- Tuples of `(&'static str, Expression<F>)`
- Anything implementing `IntoIterator` (e.g. `Some(Expression<F>)`)
 2021-06-04 03:49:21 +01:00
therealyingtong 684efbd6c1 plonk::circuit : Derive Eq for Permutation 2021-06-01 17:19:06 +01:00
Jack Grigg 6dd3d1831b MockProver: Check that cells for active gates are assigned to 2021-05-27 18:10:23 +01:00
Jack Grigg 32896917d0 Add a failing test showing an undetected missed assignment 2021-05-27 15:02:01 +01:00
Jack Grigg 0f0dd8a26c Allow multiple polynomial constraints per gate 
This enables a gate such as ECC complete addition to define its
constraints in terms of a common set of queried columns.
 2021-05-27 15:01:46 +01:00
Jack Grigg e19407a749 Expose selector enablement to the Assignment backends 2021-05-27 12:51:25 +01:00
Jack Grigg 52396aaffc Rename "virtual registers" to "virtual cells" 
This name makes more sense at present, given the current API.
 2021-05-27 12:08:58 +01:00
Jack Grigg f314fe0156 Track which "virtual registers" are queried for custom gates 2021-05-27 01:47:13 +01:00
Jack Grigg 6bf0803fd9 Add a plonk::Gate struct 
This will make it easier to track additional gate-related metadata.
 2021-05-27 01:25:22 +01:00
Jack Grigg 4a2d0a0287 Move query APIs from `ConstraintSystem` to a new `Registers` struct 
This simplifies the API of `ConstraintSystem`, by only exposing query
APIs in the contexts they are required (during the creation of custom
gates or lookup tables).
 2021-05-27 01:25:22 +01:00
Jack Grigg 353a07cef1 `ConstraintSystem::lookup`: Move lookup queries into a closure 
This matches `ConstraintSystem::create_gate`.

At the same time, we bind the input and table expressions together as a
"table map" by requiring the closure to return a vector of tuples. This
ensures they are always the same length.
 2021-05-27 00:53:31 +01:00
ebfull 870a2f1e8a
Merge pull request #242 from zcash/challenge-space 
Add support for full-field challenge space
 2021-05-24 11:11:30 -06:00
therealyingtong 502f0c85dc Input as associated type on EncodedChallenge 
Use Input as an associated type instead of a type parameter, to
reduce infection

Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
 2021-05-07 22:21:54 +08:00
therealyingtong 0b102b13bc Explicit type ascription when calling squeeze_challenge_scalar 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-05-01 19:36:09 +08:00
therealyingtong 32f011d52d Replace ChallengeSpace with EncodedChallenge API 
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
 2021-05-01 09:30:08 +08:00
therealyingtong b2d42ef344 Remove superfluous clone() in doc example 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-04-28 10:57:51 +08:00
therealyingtong 85c5f4412d Refactor Transcript API 
- remove method to return a challenge in the base field
- let ChallengeSpace decide length of raw challenge instead of limiting it to u128

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-23 19:18:41 +08:00
therealyingtong 1a61eaa5d9 Propagate type changes 2021-04-23 19:18:41 +08:00
therealyingtong 40e7bec352 Move config responsiblities from Layouter to Chip trait 2021-04-23 17:40:43 +08:00
Jack Grigg a130edaade Remove metrics crate and inline modelling 
It is causing problems in (some) downstream crates, and we won't want
these annotations in the codebase anyway if a downstream crate is
collecting metrics. We'll be replacing this with the cost model binary
in https://github.com/zcash/halo2/pull/225 shortly.
 2021-03-03 23:13:34 +00:00
Sean Bowe d92b1c4fb9
Relocate computation of the degree of the constraint system to the ConstraintSystem struct. 2021-02-26 08:22:05 -07:00
therealyingtong 570f90e4ee SHA-256 chip that uses a 2^16 lookup table 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-02-25 20:01:44 +00:00
Jack Grigg bd17c726ac Add a Selector type 
This currently just wraps a `Column<Fixed>`, but enables us to start
writing circuits that can later have their selector usage optimised.
 2021-02-25 15:28:29 +00:00
therealyingtong 4ae21a905d Update tests 2021-02-24 00:21:12 +08:00
therealyingtong 5a341b0f8f Modify Assignment::copy() to take Column<Any> instead of usize 2021-02-24 00:18:22 +08:00
therealyingtong d82a0c85b1 Modify Assignment::copy() to take Permutation instead of usize 2021-02-24 00:17:29 +08:00
therealyingtong 340fb2b6df Move Permutation struct from crate::circuit -> plonk::circuit 2021-02-24 00:17:29 +08:00
Jack Grigg b4ed5295fe Migrate to group traits 
The `Curve` trait is now `CurveExt: group::prime::PrimeCurve`, and
`CurveAffine` is now `CurveAffine: group::prime::PrimeCurveAffine`.

There is no `CurveAffine` trait in `group`, and it's a widely-used
trait in this crate, so we don't rename it to `CurveAffineExt`.
 2021-02-22 20:20:23 +00:00
Jack Grigg 7037d55320 Rename Curve and CurveAffine properties to match group traits 2021-02-22 20:05:08 +00:00
Daira Hopwood 4d61ad8ff5 Need a borrow here. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-18 23:50:19 +00:00
Sean Bowe 81af4e43d1
Update pinned verification key to account for circuit changes 2021-02-18 15:48:20 -07:00
therealyingtong d29246b49b
Rename const_* -> constant_* 2021-02-18 15:41:36 -07:00
therealyingtong 4bf46fc349
Add Expression::Const variant 2021-02-18 15:41:36 -07:00
therealyingtong 6a7f869f66
Clippy fixes 2021-02-18 15:41:36 -07:00
therealyingtong df2d818891
Account for Rotations of LagrangeCoeff values 2021-02-18 15:41:36 -07:00
therealyingtong 8e56b415fb
Rename column -> expression for lookups 2021-02-18 15:41:36 -07:00
therealyingtong 2f2de13887
Calculate required degree of lookup 2021-02-18 15:41:36 -07:00
therealyingtong aca6de61f8
Evaluate Expressions and all variants 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-02-18 15:41:36 -07:00
therealyingtong d8534e1c50
Pass Expressions to meta.lookup() 2021-02-18 15:41:35 -07:00
Sean Bowe 8060a12ea4
Fix minor nit (match ergonomics) 2021-02-17 15:39:46 -07:00
Sean Bowe 87536cea10
Use newtypes to simplify Debug implementations for pinning verification keys. 2021-02-17 15:20:19 -07:00
ebfull bc9d05e67b
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-02-17 15:19:34 -07:00
Sean Bowe dfa7d96fa9
Refactor verification key hashing logic to use Display impls. 2021-02-17 15:19:34 -07:00
therealyingtong f35e190455
Hash in field modulus, curve parameters 2021-02-17 15:19:34 -07:00
therealyingtong 52c028b4da
Disambiguate naming of hash() -> hash_into() 2021-02-17 15:19:34 -07:00
therealyingtong e7d6f67564
Rename aux -> instance after rebasing 2021-02-17 15:19:34 -07:00
therealyingtong b204ff74a8
Do not return hash results from component hash() methods 2021-02-17 15:19:34 -07:00
therealyingtong 4aa4b4463a
Hash domain and cs into transcript 2021-02-17 15:19:34 -07:00
therealyingtong 437782e902
Hash fixed_commitments and permutations into transcript 2021-02-17 15:19:33 -07:00
therealyingtong a19dc68dee Use Column<Any> in Permutation::Argument 2021-02-17 21:32:17 +08:00
Daira Hopwood 760d69bd2c Rename "auxiliary column" to "instance column" in the book and in code. fixes #181 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-14 21:09:49 +00:00
Sean Bowe 4b960a7c0c
cargo fmt 2021-02-14 09:28:51 -07:00
Jack Grigg 821bca0abe Reduce FieldExt bound to Field for Neg and Sub impls on Expression<F> 2021-02-12 16:52:42 +00:00
Jack Grigg db0477a606 impl<F: FieldExt> {Neg, Sub} for Expression<F> 2021-02-01 21:42:57 +00:00
Jack Grigg 0a378c3d0f Require Circuit::Config implement Clone instead of Copy 2021-02-01 19:05:19 +00:00
Jack Grigg 82da677add Add name field to ConstraintSystem::create_gate 
The name has type `&'static str`, as gates apply to every row and thus
do not require any runtime information to name.
 2021-02-01 18:38:13 +00:00
Jack Grigg bf771a7446 Add namespacing and gadget name collection to Layouter 2021-02-01 18:38:04 +00:00
Jack Grigg 60061f64fd Add name field to Layouter::assign_region 2021-02-01 18:34:24 +00:00
Jack Grigg 4c3adf59d5 Add annotations to Region::{assign_advice, assign_fixed} 
This enables circuits to annotate individual cells with variable names
or similar protocol-specific metadata.
 2021-02-01 18:33:25 +00:00
therealyingtong ea14d99a83 Renaming and cleanups from code review 
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
 2021-02-02 00:05:55 +08:00
therealyingtong a00d7c2fa6 Cleanups from code review 
Co-authored-by: Kris Nuttycombe <kris.nuttycombe@gmail.com>
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
 2021-01-31 11:48:32 +08:00
therealyingtong def65609b1 Refactor PLONK verifier 2021-01-31 11:45:40 +08:00
therealyingtong 02b5b8442b Refactor PLONK prover 2021-01-31 11:45:40 +08:00
ebfull 5f89227cdd
Merge pull request #135 from zcash/serialize-params 
Serialize params
 2021-01-30 11:43:55 -07:00
therealyingtong faf5da15c9 Track column usage in RegionShape. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-01-28 10:55:02 +08:00
therealyingtong ffdd739f85 Only write k in Params; calculate n when reading 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-24 08:07:30 +08:00
therealyingtong e0f9fe1dcf Clippy fixes + address review comments 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-01-24 08:07:30 +08:00
therealyingtong 58479fbcc3 Refactor keygen to generate pk from vk. 2021-01-24 08:07:30 +08:00
Sean Bowe ba591c3b39 Add serialization support for PLONK verifying keys. 2021-01-24 08:05:58 +08:00
Sean Bowe d9d20bfe36 Break out domain creation logic into separate method. 2021-01-24 08:04:13 +08:00
Kris Nuttycombe 74b2aa715f Require Rotation instead of i32 for relative rows in circuits. 
Co-authored-by: str4d <thestr4d@gmail.com>
 2021-01-14 11:57:32 -07:00
Kris Nuttycombe 483cb1139f Remove rotations from ConstraintSystem 2021-01-14 11:35:23 -07:00
Sean Bowe e4dac4f621
clippy: remove unnecessarily explicit lifetimes and return types 2021-01-14 08:53:19 -07:00
Jack Grigg d95e4e4724
clippy: Remove unnecessary Result 2021-01-14 08:46:25 -07:00