* Extend Circuit trait to take parameters in config
The Circuit trait is extended with the following:
```
pub trait Circuit<F: Field> {
/// [...]
type Params: Default;
fn params(&self) -> Self::Params {
Self::Params::default()
}
fn configure_with_params(meta: &mut ConstraintSystem<F>, params: &Self::Params) -> Self::Config {
Self::configure(meta)
}
fn configure(meta: &mut ConstraintSystem<F>) -> Self::Config;
}
```
This allows runtime parametrization of the circuit configuration. The extension to the Circuit trait has been designed to minimize the breaking change: existing circuits only need to define the associated `type Params`.
Unfortunately "Associated type defaults" are unstable in Rust, otherwise this would be a non-breaking change. See https://github.com/rust-lang/rust/issues/29661
* Implement circuit params under feature flag
* Don't overwrite configure method
* Fix doc test
* change: Migrate workspace to pasta_curves-0.5
This ports the majority of the workspace to the `pasta_curves-0.5.0`
leaving some tricky edge-cases that we need to handle carefully.
Resolves: #132
* fix: Complete latest trait bounds to compile halo2proofs
* change: Migrate examples & benches to pasta 0.5
* change: Migrate halo2_gadgets to pasta-0.5
* change: Update gadgets outdated code with latest upstream
* fix: Sha3 gadget circuit
* fix: doc tests
* chore: Update merged main
* fix: Apply review suggestions
`BatchVerifier` now manages the entire batch verification process.
Individual proofs are verified on a threadpool, and the resulting MSMs
are then batch-checked as before. The addition of parallelism here
couples with zcash/halo2#608 to make parallelism less fine-grained and
reduce the overhead of multi-threading.
Previously `plonk::verify_proof` took an `MSM` as an argument, to enable
batch verification. However, this also required that it take a source of
randomness in order to enforce separation of proofs within a batch. This
made single-proof verification unnecessarily non-deterministic.
We now have a `VerificationStrategy` trait encapsulating the necessary
details, and separate `SingleVerifier` and `BatchVerifier` structs for
the specific variants. Proof verifiers no longer need to create and
manage the `MSM` themselves, and single-proof verifiers no longer need
to supply a source of randomness.
Co-authored-by: Sean Bowe <sean@electriccoin.co>