zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
931 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

300 Commits

Author SHA1 Message Date
Jack Grigg 95314d0f69
clippy: Add type definitions for complex types 2021-01-14 08:46:23 -07:00
Jack Grigg 75915f67ed
clippy: Small cleanups 2021-01-14 08:43:25 -07:00
Sean Bowe ec2d8db8cb
Multiopen prover never needed evals to be specified. 
The Lagrange interpolation we were doing was pointless. kate_division sheds the constant
term off each time it is invoked because the quotient polynomial isn't affected by it.
This means we were modifying coefficients that end up getting discarded anyway; the
quotient polynomial coefficients are already determined exactly by the leading coefficients
and the fact that a root exists at each of the points.
 2021-01-13 17:22:32 -07:00
ebfull ccca639591
Merge pull request #111 from zcash/transcript-api-2 
New Transcript API (and modified commitment scheme)
 2021-01-13 16:50:47 -07:00
Sean Bowe 775151a67d
Change absorb_ to read_ in subprotocols. 2021-01-13 15:47:35 -07:00
Sean Bowe 9a26ef1acd
Refactor the Committed structure. 2021-01-13 15:44:37 -07:00
Jack Grigg 64b06735bf Expose MockProver in crate, and add documentation 2021-01-06 21:52:56 +00:00
therealyingtong fb939f17a9 Add permutation check to MockProver 2021-01-06 21:52:56 +00:00
Sean Bowe c5e0364962
Remove the Read/Write type parameters from Transcript{Read,Write}. 2021-01-06 10:45:11 -07:00
Sean Bowe 4ecbfb548e
Remove unnecessary lifetimes. 2021-01-06 10:45:11 -07:00
Sean Bowe 06552eec44
Update the PLONK implementation to adapt to the new transcript API. 2021-01-06 10:45:11 -07:00
Jack Grigg f49e1e6177 Fix breakage of trait resolution in Rust 1.49.0 
Previously, `ChallengeScalar` could use the operator traits defined on
the `F: Field` type it wrapped, due to its `impl Deref<Target = F>`.
This was technically ambiguous, and Rust 1.49.0 makes that ambiguity an
error.

We could fix this by adding operator impls with `ChallengeScalar` on the
RHS, but that would conflict with zcash/halo2#111. Instead we manually
dereference every challenge scalar when used in an arithmetic operation.
 2021-01-06 00:48:29 +00:00
Jack Grigg 90c50fdd11 Refactor permutation proofs to reflect the separate permutations 2020-12-22 23:51:32 +00:00
Jack Grigg 62cace289b Add a few comments to the permutation construction code 
We mainly point at the design document that describes the algorithm.
 2020-12-22 20:25:33 +00:00
Jack Grigg 838d21f2be Refactor permutation keygen to reflect the separate permutations 2020-12-22 18:11:42 +00:00
Sean Bowe 9df7b5386f
Account more rigorously for the degrees of permutations' and lookups' constraints. 2020-12-22 08:59:08 -07:00
Sean Bowe 65ed1d8568
Check h_evals/h_commitments lengths in vanishing argument verifier. 2020-12-22 08:59:06 -07:00
therealyingtong 8360b94f89 Extract plonk::vanishing::{Argument, Proof} from prover and verifier 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2020-12-08 00:57:14 +08:00
therealyingtong e5f55a8576 Abstract add_rotation() helper in plonk::circuit 2020-12-06 07:19:44 +08:00
therealyingtong 4273bbb2ba [Documentation] Consistently use zero-based numbering 2020-12-06 07:10:09 +08:00
ying tong 30c13d5a6a Further cleanups 
Co-authored-by: ebfull <ewillbefull@gmail.com>
 2020-12-05 13:14:50 +08:00
ying tong ecc805fa35 Correct privacy of lookup structs + minor cleanups 
Co-authored-by: str4d <jack@electriccoin.co>
 2020-12-04 09:19:15 +08:00
therealyingtong 2284bbd0d8 Deduplicate Argument::commit_permuted() and rename {input,table}_values -> {input,table}_columns 2020-12-03 14:00:16 +08:00
therealyingtong 9a3d1b1d05 Optimisations and documentation updates 2020-12-03 12:54:25 +08:00
therealyingtong e51ab7eaa7 Linearise state transition from Argument -> Permuted -> Committed 2020-12-03 12:11:00 +08:00
therealyingtong 0a85e93714 Add lookup to circuit and test 2020-12-03 10:50:20 +08:00
therealyingtong 0c81e9adab Use lookup mod in plonk::prover and plonk::verifier 2020-12-03 10:50:20 +08:00
therealyingtong 19c1b20063 Add lookup::verifier methods 2020-12-03 10:50:20 +08:00
therealyingtong c692311a12 Add Evaluated::open() and Evaluated::build() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 6ccf58fc7c Add Constructed::evaluate() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 39df4954b5 Add Committed::construct() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 2d0f4a11e3 Add commit_product() to lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 46eed7be93 Add commit_permuted() in lookup::prover 2020-12-03 10:50:20 +08:00
therealyingtong 02344eb711 Add lookup mod and structs 2020-12-03 10:50:20 +08:00
therealyingtong 2ba44cff9f Add theta challenge 2020-12-03 10:50:20 +08:00
therealyingtong 5d891e029d Add fixed_values to ProvingKey 2020-12-03 10:50:20 +08:00
Sean Bowe 2e65229920
Remove unnecessary Clone impl from plonk::permutation::prover::Committed. 2020-12-02 09:50:45 -07:00
Jack Grigg 3d6afd7b8e permutation: Clean up opening chains 2020-12-01 22:09:50 +00:00
Jack Grigg dd3d1dd68b Small type annotation cleanups 2020-12-01 21:49:07 +00:00
Jack Grigg a63e6e25d8 Restrict visibility of PLONK challenges to plonk module 2020-12-01 21:14:14 +00:00
Jack Grigg 7422efca72 s/permutation::Proof::commit/permutation::Argument::commit 
Once we refactor the permutation argument implementation to be integrated
as Vec<permutation::Proof>, we can change this again to just map from the
Vec<permutation::Argument> inside ConstraintSystem.
 2020-12-01 21:10:31 +00:00
Jack Grigg 66240800a3 Move permutation keygen into plonk::permutation::keygen 2020-12-01 21:10:31 +00:00
Jack Grigg f63f3ff2af Introduce typed challenge scalars 
This also centralises the challenge generation logic in Challenge::get,
ensuring it is consistent across the codebase.
 2020-12-01 21:09:03 +00:00
Jack Grigg 4a3b830165 Extract permutation argument into a submodule 2020-12-01 21:03:31 +00:00
Jack Grigg cdbc41148a Migrate to ff traits 
The `Field` trait in this crate is now `FieldExt: ff::PrimeField`.
 2020-12-01 20:55:03 +00:00
Jack Grigg 875c223748 Simplify h_poly expression evaluation in Proof::create 2020-11-24 23:43:48 +00:00
Jack Grigg 61c9392475 Remove query allocations from Proof::create 
multiopen::Proof::create takes `instances: IntoIterator`, so we can just
pass it an iterator directly.
 2020-11-24 18:25:55 +00:00
Jack Grigg 6360da1f4e Remove query allocations from Proof::verify 
multiopen::Proof::verify takes `queries: IntoIterator`, so we can just
pass it an iterator directly.
 2020-11-24 18:23:27 +00:00
Jack Grigg 7f29ab913d Simplify h(x_3) computation in verifier using Horner's rule 
Closes zcash/halo2#45
 2020-11-24 18:18:45 +00:00
Jack Grigg feba8e2fdf Allocate permutation_modified_advice once in Proof::create 2020-11-24 18:18:45 +00:00
str4d cc5f45231d
Merge pull request #42 from zcash/plonk-benches 
PLONK benchmarks
 2020-11-24 18:14:07 +00:00
therealyingtong 3eb6712c6c Add aux information to metrics 2020-11-24 09:39:34 +08:00
Jack Grigg d4424db8d4 Collect some prover metrics 2020-11-23 12:47:51 +00:00
therealyingtong 2375507f4f Update error handling 2020-11-16 21:26:46 +00:00
therealyingtong 43337dea1b Make Transcript generic over curve points 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2020-11-16 21:26:46 +00:00
ebfull 5d1e1a29db
Merge pull request #51 from zcash/update-ci 
Update Actions CI with improved workflow
 2020-11-11 08:52:59 -07:00
ying tong a856137619 Minor refactors 
Co-authored-by: str4d <jack@electriccoin.co>
 2020-11-11 13:56:34 +08:00
therealyingtong 766caf9214 Make getters for column index() and column_type() 2020-11-10 00:45:52 +08:00
therealyingtong 0519a522aa Use TryFrom to convert Column<Any> to other column types 2020-11-10 00:39:08 +08:00
therealyingtong 22b6d5bd70 Cleanups in circuit.rs 2020-11-07 14:27:38 +08:00
therealyingtong 34c6cba537 Add generic query_any_index() and get_any_query_index methods 2020-11-06 12:39:51 +08:00
therealyingtong 075988ae4e Introduce Column struct and ColumnType trait 2020-11-06 11:29:42 +08:00
therealyingtong 2034179d82 Rename wire -> column 2020-11-06 11:18:12 +08:00
Jack Grigg 10676657f4 Fix stable clippy lints 2020-10-30 01:29:05 +00:00
Jack Grigg 5a6a45c6a8 Fix deref breakage with nightly-2020-10-06 
I think this is related to rust-lang/rust#77638
 2020-10-30 01:21:09 +00:00
therealyingtong 24b85dec67 Remove q_evals.len() = rotations.len() check 
q_evals should now have the same length as point_sets, which is only constructed in the multiopen verifier.
 2020-10-14 00:43:48 +08:00
therealyingtong 89fd6e4d44 Use map_err() when handling multiopen::Proof::create() 
Co-authored-by: Daira Hopwood <daira@electriccoin.co>
 2020-10-14 00:35:36 +08:00
therealyingtong 6cd74999ff Use ProverQuery and construct_intermediate_sets() in prover 2020-10-14 00:35:25 +08:00
therealyingtong c3d0a172a7 Create multiopen abstraction 2020-10-14 00:35:25 +08:00
Sean Bowe 2ccddac674
Split proof/input length checks into separate method of verifier 2020-09-29 17:35:24 -06:00
Sean Bowe 9672bf9725
Minor improvements to check_hx() 2020-09-29 17:14:37 -06:00
Sean Bowe 7d8daa5d05
Refactor h_eval computation into separate, more functional code. 
Co-authored-by: str4d <thestr4d@gmail.com>
 2020-09-29 16:56:21 -06:00
Sean Bowe e275d78c7d
Simplify permutations field of ConstraintSystem 
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
 2020-09-29 08:51:00 -06:00
Sean Bowe c97da352ee
Remove SRS and replace with ProvingKey/VerifyingKey abstractions 
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
 2020-09-29 08:25:04 -06:00
Sean Bowe 56b6d8bd03
Auxilary wires in PLONK are foux blinded just like fixed wires. 2020-09-25 10:21:15 -06:00
Sean Bowe 2d1f69328f
Rename `OpeningProof` to just `Proof`. 2020-09-25 09:39:32 -06:00
Sean Bowe a37c926a89
Address clippy lints 2020-09-20 13:09:03 -06:00
Sean Bowe 6620817d81
Return errors from verifier instead of assuming points aren't at infinity in the proof. 2020-09-19 13:47:37 -06:00
Sean Bowe 73d494a72d
Various changes, including restoring permutation argument to advice wires only for now. 2020-09-19 13:31:56 -06:00
therealyingtong e8839a7579
Refactor wire pattern matching when computing permutation product 2020-09-19 12:39:04 -06:00
therealyingtong 24fe3fae29
Remove aux_commitments computation from Prover; remove blinding factor when accumulator aux_evals 2020-09-19 12:39:04 -06:00
therealyingtong c772801f8f
Pass aux_lagrange_polys to prover as a slice 2020-09-19 12:39:04 -06:00
therealyingtong 0bdcbb6c67
Introduce Wire enum for use in permutations 2020-09-19 12:39:04 -06:00
therealyingtong a257308ba2
Add aux wires to ConstraintSystem 2020-09-19 12:39:04 -06:00
therealyingtong 0caf1d2087
Provide aux_commitments to verifier and aux_lagrange_polys to prover 2020-09-19 12:39:04 -06:00
therealyingtong 76c49a4df3
Minor refactor 2020-09-19 23:44:00 +08:00
therealyingtong 33261ec1a0
Recover from OpeningProof::create() failure in PLONK prover 2020-09-19 23:19:30 +08:00
therealyingtong 69a612fb59
Increment blinding factor instead of choosing new random blinding factor 2020-09-19 23:04:17 +08:00
therealyingtong a6f5d0ad5e
Remove fork from OpeningProof prover; add loop in PLONK prover to try different f_blind values 2020-09-19 16:57:32 +08:00
Sean Bowe 52a85380bc
Rename f_eval to msm_eval. 2020-09-16 13:15:10 -06:00
Sean Bowe 68de5db8c6
Mitigate unnecessary scaling operations in commitment verifier. 2020-09-15 17:42:02 -06:00
Sean Bowe a886663e05
Incorporate MSM/Guard into PLONK verifier API and arithmetic. 2020-09-15 17:32:39 -06:00
Sean Bowe 643077b150
Rename `ConstraintSystem` to `Assignment`, and `MetaCircuit` to `ConstraintSystem`. 2020-09-13 10:30:02 -06:00
therealyingtong 1eb2a36086
Return MSM from PLONK verifier 2020-09-13 23:10:06 +08:00
therealyingtong 1a52d8f6b8
Add MSM to PLONK verifier signature 2020-09-13 12:32:32 +08:00
therealyingtong 14d1f41e08
Address review comments 2020-09-13 03:03:36 +08:00
therealyingtong 5f1cd6ced2
Only return Guard from OpeningProof.verify() 2020-09-13 00:50:35 +08:00
therealyingtong d41fcf842b
Modify MSM and Guard structs and methods 2020-09-11 18:57:22 +08:00
therealyingtong 5724706a09
Add MSM and Guard structs in polycommit scheme 2020-09-10 18:51:41 +08:00
Sean Bowe 549232234f
Finish comment on Proof::verify. 2020-09-07 16:34:40 -06:00
Sean Bowe 116659c1ba
Refactor module tree. 2020-09-07 13:07:51 -06:00
Sean Bowe 21f02a73c2
Don't mutate the witness during permutation argument. Also, adds parallelism and reduces state/multiplications. 2020-09-07 09:43:02 -06:00
Sean Bowe b65e75921b
Remove stale comment 2020-09-06 14:21:28 -06:00
Sean Bowe 190242a4e9
Remove redundant permutation_queries vector. 2020-09-06 14:18:05 -06:00
Sean Bowe eff149e734
Fix incorrect indexing into advice_cosets during proving. 2020-09-06 14:10:25 -06:00
Sean Bowe e37d0c946b
Add parallelism in various locations in the prover. 2020-09-06 13:40:06 -06:00
Sean Bowe 3157fdd7d0
Batch inversions during domain setup. 2020-09-06 12:44:36 -06:00
Sean Bowe ff8f9eb20e
Reduce number of inversions by batch inverting when possible. 2020-09-06 12:29:34 -06:00
Sean Bowe 624eb6a421
Remove unnecessary computation of permutation length in prover. 2020-09-06 11:33:09 -06:00
therealyingtong 503939db05
Minor cleanups 2020-09-06 06:34:29 +08:00
Sean Bowe 965362c1f5
Don't precompute deltaomega; inline its computation. 2020-09-05 14:44:13 -06:00
Sean Bowe 937861c0b8
Add implementation of daira's algorithm for copy constraint enforcement. 2020-09-05 12:56:45 -06:00
Sean Bowe d7132404ba
Index into q_evals consistently between prover and verifier. 2020-09-05 12:08:56 -06:00
Sean Bowe 869aba389a
Cleanups 2020-09-05 11:40:25 -06:00
Sean Bowe da9c24bcfa
Obtain permutation product polynomial correctly. 2020-09-05 10:52:40 -06:00
Sean Bowe 114653f366
Fix indexing for permutation argument. 2020-09-04 14:45:05 -06:00
Sean Bowe a128d5d9b3
Undo unnecessarily complicated negation thing. 2020-09-04 14:25:16 -06:00
therealyingtong c7c5cf4db6
Rename tmp variables 2020-09-04 20:31:37 +08:00
ying tong 10a4b4252c
Fix current_delta initialisation in verifier 2020-09-04 19:05:08 +08:00
Sean Bowe 06a4cfe13b
Use extended omega for coset in prover. 2020-09-04 04:49:59 -06:00
Sean Bowe 0651359cb8
[WIP] Finish prover 2020-09-03 17:21:44 -06:00
Sean Bowe 6b9ea1dbeb
Precompute deltaomega vector. 2020-09-03 14:31:57 -06:00
Sean Bowe 36d37002fe
Remove unneeded exponentiation of x_3 2020-09-03 14:28:22 -06:00
Sean Bowe 335b629724
Avoid redundant wire queries by searching for an existing query. 2020-09-03 14:26:00 -06:00
Sean Bowe 4a88d52457
Use the correct permutation values from the SRS. 2020-09-03 14:21:13 -06:00
Sean Bowe d601533bd7
Commit to permutation product polynomial in the prover. 2020-09-03 10:58:48 -06:00
therealyingtong 441dcf0ecc
Compute permutation_evals in prover 2020-09-03 12:29:38 +08:00
therealyingtong 1bc90c4fec
Remove advice_shifted_evals from prover 2020-09-03 12:25:55 +08:00
Sean Bowe 160dabe9c5
Cleanups for verifier of permutation argument 2020-09-02 13:15:40 -06:00
therealyingtong c44a020de7
Permutation checks in verifier 2020-09-03 00:45:03 +08:00
therealyingtong bdd48f6037
Add advice_shifted_evals to Proof struct 2020-09-02 23:19:06 +08:00
therealyingtong 2472ec3291
WIP permutation checks in verifier 2020-09-02 23:19:06 +08:00
therealyingtong 0bf73c5d08
Minor fixes to srs.rs 2020-09-02 23:18:43 +08:00
Sean Bowe a2fca8a02d
Add comments to clarify implementation of permutation argument in SRS generator. 2020-08-31 10:18:55 -06:00
Sean Bowe dc5df10832
Update structured reference string and API for permutation argument. 2020-08-31 10:01:09 -06:00
therealyingtong 85fd924b15
WIP implement copy() on Variables 2020-08-31 21:51:49 +08:00
Sean Bowe b453b845b8
Clean up prover implementation 2020-08-27 14:03:43 -06:00
Sean Bowe 154568c387
Clean up verification implementation 2020-08-27 13:52:55 -06:00
Sean Bowe 35c4bd4dd9
Improve naming of offsets/indexes and mappings. 2020-08-27 13:27:24 -06:00
Sean Bowe 9852913a32
Add some comments and documentation. 2020-08-27 10:46:54 -06:00
Sean Bowe 1b6c0e9a8b
Remove _x suffix from variable names 2020-08-27 10:25:36 -06:00
Sean Bowe 9099e9d9ba
Properly invert when computing expected opening. 2020-08-27 10:16:42 -06:00
Sean Bowe ad106f1119
(WIP) broken implementation of generalized PLONK 2020-08-27 10:10:55 -06:00
Sean Bowe 6051814c4b
Split coset step up so that we can query wires at multiple spots. 2020-08-24 13:50:52 -06:00
Sean Bowe 36f9e87056
Implementation of gate/query API 2020-08-24 08:28:42 -06:00
Sean Bowe c20f3fdf1a
Give fixed and advice wires separate types 2020-08-23 13:26:04 -06:00
Sean Bowe 7edffe0197
Allow commitments to generic advice wire polynomials 2020-08-22 16:10:27 -06:00
Sean Bowe c16141be9a
Introduce `Variable` type 2020-08-22 15:15:39 -06:00
Sean Bowe 9dfc6ac379
Add first pieces of the API. 2020-08-22 15:09:47 -06:00
Sean Bowe dd1ad9f114
Initial commit 2020-08-22 14:15:39 -06:00