zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,265 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

68 Commits

Author SHA1 Message Date
ying tong 34b2e77a57
Merge pull request #467 from zcash/sha256-tweaks 
SHA-256 chip tweaks
 2022-05-25 12:51:16 +08:00
Jack Grigg e36041d198 halo2_gadgets 0.1.0 
Closes zcash/halo2#460.
 2022-05-10 22:05:30 +00:00
Jack Grigg 3bc0c598ef halo2_proofs 0.1.0 
Closes zcash/halo2#426.
 2022-05-10 22:01:21 +00:00
Jack Grigg 91e1106a1e halo2_gadgets: Address review comments 2022-05-10 21:35:52 +00:00
Jack Grigg 4b802a7d07 halo2_gadgets: Documentation fixes 2022-05-10 20:31:35 +00:00
Jack Grigg a94a2bc552 halo2_gadgets: Various small code cleanups 
Also documents a superfluous constraint, for removal in some future
breaking change.
 2022-05-10 20:26:30 +00:00
Jack Grigg ff01e4a1f9 halo2_gadgets: Refactor `ScalarFixed::windows_usize` 
It no longer relies on the `SqrtRatio::get_lower_32` method, which is
specific to that trait and not intended for external usage.
 2022-05-10 20:26:30 +00:00
Jack Grigg 692fee099d halo2_gadgets: Clean up `ecc::chip::mul_fixed::Config` logic 
- We were redundantly storing the `x_p` and `y_p` columns.
- `Config::add_incomplete` was redundantly copying.

Co-authored-by: therealyingtong <yingtong@z.cash>
 2022-05-10 20:04:30 +00:00
Jack Grigg 85b0b7c065 halo2_gadgets: Refactor `ecc::chip::mul_fixed::Config` word assignment logic 
Co-authored-by: therealyingtong <yingtong@z.cash>
 2022-05-10 20:04:30 +00:00
Jack Grigg 18edad5df6 halo2_gadgets: Use separate field names for var-mul incomplete selectors 
The previous tuple was confusing because tuple indices are zero-indexed,
while the selector names are one-indexed.
 2022-05-10 20:04:30 +00:00
Jack Grigg 56fc8960c6 halo2_gadgets: Extract a common `DoubleAndAdd` helper struct 
Both variable-base scalar mul and Sinsemilla use double-and-add with
incomplete addition on a single row, but they do so in slightly
different ways. Some of these are intentional (needing to look up the
y-coordinate vs constrain it), while others are accidental (different
concrete signs in otherwise-identical constraints that make their ASTs
incompatible).

The new `DoubleAndAdd` helper struct extracts the logic that is common
to both implementations, specifically the helper definitions of `x_r`
and `Y_A`. In a future breaking change, we can refactor both gadgets to
share more of this logic, so we are defining the incomplete addition
logic in fewer places.
 2022-05-10 20:04:30 +00:00
Jack Grigg 144d082528 halo2_gadgets: Refactor complete addition constraints 
We also fix several typos in the constraint analysis on the complete
addition book page, and adjust the constraints table for readability.
 2022-05-10 00:20:00 +00:00
Jack Grigg 342ebdd15e halo2_gadgets: Fix return type of `ecc::chip::FixedPoint::u` 
This trait method was previously preventing the trait to working with
fields that encode to more than 256 bits.
 2022-05-10 00:20:00 +00:00
Jack Grigg 3486703bd2 halo2_gadgets: Refactor fixed-base scalar mul gadget APIs 
The new `EccInstructions` instructions, and the corresponding changes to
existing instructions, enable chips to choose when to witness or constrain
the scalars, and simplify scalar reuse (though reuse is not implemented
for `EccChip` yet).

`FixedPoint::mul` and `FixedPointShort::mul` now has the same API style
as `NonIdentityPoint::mul`.
 2022-05-09 15:48:55 +00:00
Jack Grigg 6145b1417c halo2_gadgets: Move `primitives::*` to `*::primitives` 2022-05-09 05:43:34 +00:00
Jack Grigg 96d4a31d39 halo2_gadgets: Batch inversions in `SinsemillaChip::hash_to_point` 
This saves around 3.7% in proving time for a 2-action Orchard bundle on
a Ryzen 9 5950X.
 2022-05-08 03:28:34 +00:00
Jack Grigg 03697e2a7d book: Rewrite Sinsemilla gadget page 
The book now has enough detail for it to be obvious why there are
factors of 2 present in several equations.
 2022-05-08 02:38:01 +00:00
Jack Grigg dc2ec0308d halo2_gadgets: Deduplicate some Sinsemilla chip expressions 2022-05-08 02:38:01 +00:00
Jack Grigg 6444ccc16f halo2_gadgets: Tidy up and document MerkleCRH implementation 2022-05-08 02:38:01 +00:00
Jack Grigg 3bed5725e5 Use `MessagePiece::from_subpieces` in `MerkleChip::hash_layer` 
Several structs now impl `PartialEq, Eq` due to requirements of the
`MessagePiece::from_subpieces` impl.
 2022-05-08 02:20:42 +00:00
Jack Grigg 0d978f0fc4 halo2_gadgets: Generalise `MerklePath` beyond two `MerkleChip`s 2022-05-07 23:03:30 +00:00
str4d 30f92f3f4b
Merge pull request #522 from zcash/full-width-var-base-mul 
[ECC gadget] Distinguish base field element case in variable-base scalar mul.
 2022-05-06 19:53:57 +01:00
str4d 5a543f9318
Move `EccInstructions::ScalarVar` changelog entry to "Changed" 2022-05-06 19:06:06 +01:00
therealyingtong 3c6ffb66cf Address comments from code review. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2022-05-06 23:28:20 +08:00
Taylor Hornby 64e7efb0d4
Merge pull request #542 from zcash/relicense-mit-or-apache-2.0 
Relicense Halo 2 crates as MIT OR Apache 2.0
 2022-05-05 13:50:45 -06:00
therealyingtong fdf516908b Update changelog. 2022-05-05 21:34:30 +02:00
therealyingtong 5fd0834503 Introduce ScalarVar::new and ScalarVar::from_base gadget APIs. 2022-05-05 21:33:43 +02:00
therealyingtong 1c877f3caf ecc::chip: Introduce ScalarVar enum. 2022-05-05 21:14:21 +02:00
therealyingtong 6f2fc57b3c Rename FixedPoint::ScalarKind -> FixedPoint::FixedScalarKind. 2022-05-05 21:14:21 +02:00
therealyingtong 5ebfe91eee Introduce ecc::BaseFitsInScalarInstructions trait. 2022-05-05 21:14:20 +02:00
therealyingtong cbf3d6a7f6 EccInstructions: introduce witness_scalar_var() instruction. 2022-05-05 21:14:20 +02:00
therealyingtong 6d83db719e EccInstructions::mul: take Self::ScalarVar instead of Chip::Var. 2022-05-05 21:14:20 +02:00
str4d b2e2b9b081
Merge pull request #568 from zcash/circuit-review 
Changes from Orchard circuit review
 2022-05-05 16:03:31 +01:00
Jack Grigg 3800de5918 Rename `RangeConstrained::subset_of` to `bitrange_of` 2022-05-04 23:52:15 +00:00
Jack Grigg e04c8bfb4b Migrate to `ff 0.12` 2022-05-04 23:36:18 +00:00
Jack Grigg 97864d714e halo2_gadgets: Add `MessagePiece::from_subpieces` 
We introduce a new `RangeConstrained` newtype wrapper for tracking the
number of bits to which some type has been constrained.
 2022-05-02 16:04:02 +00:00
Jack Grigg 7d15fa3db5 sha256: Simplify single-constraint gates 
`Option<T>` implements `IntoIterator<Item = T>`, so we don't need to
wrap it in an explicit iterator.
 2022-04-27 20:12:03 +00:00
Jack Grigg f2d1f1d56a sha256: Add `InitialRound` and `MainRoundIdx` structs 
This enables the runtime `assert!(matches!(..))` on `RoundIdx` to be
replaced by type system checks.
 2022-04-27 20:12:03 +00:00
Jack Grigg fdc6c9df19 halo2_gadgets: pprof 0.8 2022-04-27 12:58:16 +00:00
Jack Grigg f4675997bc Fix some clippy lints 2022-04-27 12:58:16 +00:00
Jack Grigg e3f1bf68db halo2_gadgets: Remove usage of `array::IntoIter::new` 
Rust 2021 implements `IntoIterator` for arrays directly, instead of only
references to arrays.

    https://doc.rust-lang.org/edition-guide/rust-2021/IntoIterator-for-arrays.html
 2022-04-27 12:56:54 +00:00
Jack Grigg f830c6f7fb Remove pins for dependencies with MSRV-incompatible point releases 2022-04-27 12:28:19 +00:00
Jack Grigg bb1ed8288a Set edition to 2021 
We also set `resolver = "2"` on the workspace; this is the default for
the root package in Rust 2021, but as we use a virtual workspace we need
to explicitly set it instead.
 2022-04-27 12:28:19 +00:00
Jack Grigg 7688c371f6 Bump MSRV to 1.56.1 
Closes zcash/halo2#482.
 2022-04-27 12:24:57 +00:00
Jack Grigg b02800466a halo2_gadgets: Migrate chip gates to `Constraints::with_selector` 
Only one gate couldn't be migrated without altering the Orchard circuit.
 2022-04-24 22:13:38 +00:00
Jack Grigg 78de8a5c94 Add a `Constraints` helper 
There are two existing patterns for constructing a gate from a set of
constraints with a common selector:

- Create an iterator of constraints, where each constraint includes the
  selector:
  ```
  vec![
      ("foo", selector.clone() * foo),
      ("bar", selector.clone() * bar),
      ("baz", selector * bar),
  ]
  ```
  This requires the user to write O(n) `selector.clone()` calls.

- Create an iterator of constraints, and then map the selector in:
  ```
  vec![
      ("foo", foo),
      ("bar", bar),
      ("baz", bar),
  ].into_iter().map(move |(name, poly)| (name, selector.clone() * poly))
  ```
  This looks cleaner overall, but the API is not as intuitive, and it
  is messier when the constraints are named.

The `Constraints` struct provides a third, clearer API:
```
Constraints::with_selector(
    selector,
    vec![
        ("foo", foo),
        ("bar", bar),
        ("baz", bar),
    ],
)
```
This focuses on the structure of the constraints, and handles the
selector application for the user.
 2022-04-20 10:55:50 +00:00
str4d 46ba444169
Merge pull request #480 from zcash/477-mockprover-pretty-failures 
Add `MockProver::assert_satisfied` with pretty-printed failures
 2022-04-20 12:53:16 +02:00
Jack Grigg 90e671e77c Relicense Halo 2 crates as MIT OR Apache 2.0 
See this blog post for details:
    https://electriccoin.co/blog/zero-knowledge-proving-system-halo-now-licensed-under-mit-making-it-available-for-anyone-to-use/
 2022-04-07 14:22:49 +00:00
therealyingtong 75b5c1e923 halo2_gadgets 0.1.0-beta.3 2022-04-06 12:28:36 +08:00
therealyingtong a11cb9796e halo2_proofs 0.1.0-beta.4 2022-04-06 12:24:28 +08:00