zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,396 Commits 40 Branches 6 Tags 58 MiB
Commit Graph

321 Commits

Author SHA1 Message Date
Daira Hopwood f5bab61f81 Update nullifier explanation to include Extract_P. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 18:25:31 +01:00
therealyingtong 96d60b3f13 Move addition sections into ecc.rs 2021-04-17 12:53:10 +08:00
ying tong cd809c57dc
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-04-09 16:53:35 +08:00
ying tong 137066e056
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-09 16:51:14 +08:00
therealyingtong d7b88addd9 [book] Point compression background section 2021-03-30 04:29:35 +08:00
therealyingtong c3c80cd0a1 [book] Point addition background section 2021-03-29 23:08:56 +08:00
therealyingtong c074990bb9 [book] Document ECC gadget in circuit 2021-03-29 14:01:05 +08:00
Daira Hopwood 0191fa0a47 Orchard book: minimal description of unified addresses. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-27 17:08:39 +00:00
Daira Hopwood 532e5eb11c Fixed columns are not necessarily selector columns. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-24 20:14:38 +00:00
Daira Hopwood 25616616e3 "Copy constraints" -> "equality constraints". (There were no other uses of this terminology.) 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-24 20:14:12 +00:00
Daira Hopwood 2f34318510 Fix mistaken use of "extended domain" in the permutation argument section, and improve wording. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-24 20:13:11 +00:00
Daira Hopwood 8fbf20beae The algorithm for constructing the permutation needs to update the sizes array when merging cycles. 
Thanks to @porcuquine for spotting this. (The implementation is correct.)

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-24 20:06:09 +00:00
Jack Grigg 2f21135e68 book: Note that none of the documented gadgets have been reviewed 2021-02-25 20:05:19 +00:00
Jack Grigg 668bd8e89a book: Tidy up Sarkar explanation and make adjustments for clarity 2021-02-23 14:01:47 +00:00
Jack Grigg b2d91140e7 book: Move Sarkar explanation into implementation section 2021-02-23 14:01:47 +00:00
ebfull 2e8af8f0ca
Merge pull request #198 from zcash/book-sarkar 
[book] Add Sarkar sqrt explanation to Fields section
 2021-02-22 16:39:23 -07:00
Jack Grigg 6717594c46 book: Render gtab and invtab as matrices 2021-02-19 01:13:16 +00:00
therealyingtong b148c34c10 [book] Add Sarkar sqrt explanation to Fields section 2021-02-19 00:21:05 +00:00
Daira Hopwood e2f20770bb Edits from pairing with @str4d. This fixes an error in Z_P for the equality constraint argument, 
and also errors in the circuit commitments section.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-18 23:27:42 +00:00
Daira Hopwood ad771f89cb Book: improve the section explaining the permutation argument. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-17 21:26:39 +00:00
Daira Hopwood a73560c842 Book: cosmetics and minor corrections / wording improvements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-17 17:10:11 +00:00
Daira Hopwood 07af9ea3e7 Book: generalize input columns to expressions in lookup argument. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-17 17:09:10 +00:00
str4d c10b84ce13
Merge pull request #187 from zcash/book-fixes 
Book fixes
 2021-02-17 06:53:10 +13:00
str4d e1a3cc5e9e
book: Evaluation points are elements of fields, not groups 
Polynomials require both addition and multiplication, which fields have, whereas a group only specifies a single operation.
 2021-02-17 06:46:28 +13:00
Daira Hopwood c769dd0fa6 Address @str4d's review comment about advice and instance columns being treated almost identically. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-15 15:08:29 +00:00
Jack Grigg ba9917e35c book: Linkify URLs in references 2021-02-15 14:38:46 +00:00
Jack Grigg cf68b5ba05 book: Clarify meaning of "evaluation point" in our context 
Polynomial evaluation points and elliptic curve points are both things
we rely on, but never in the same context (we either use elliptic curve
points inside circuits, or implement proving systems on top of them).
 2021-02-15 14:30:12 +00:00
Daira Hopwood 760d69bd2c Rename "auxiliary column" to "instance column" in the book and in code. fixes #181 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-14 21:09:49 +00:00
Jack Grigg 4739aaae5c book: Clarify IPA inputs in tl;dr section 2021-02-12 16:05:44 +00:00
Jack Grigg 126abd151c book: Clarify why fixed columns are shown separately in commitments 2021-02-12 15:30:48 +00:00
Jack Grigg 67b6d197aa book: Tweak wording for proving system stage 1 commitments 2021-02-12 15:18:12 +00:00
Jack Grigg 576796037a book: Move lookup argument design page to have consistent URI 2021-02-12 15:15:05 +00:00
Jack Grigg 7820083c0d book: Reword paragraph about degree of relation polynomials 2021-02-12 15:13:16 +00:00
Jack Grigg 3181a21cba book: Add beta and gamma requirements for lookup permutation product 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-12 15:08:00 +00:00
Jack Grigg 2c647009fc book: Fix notation for committing to lookup permutation product columns 2021-02-12 15:06:33 +00:00
Jack Grigg f30cbcbfc9 book: Fix notation in example constraint system 2021-02-12 14:48:05 +00:00
str4d 0a2fb4781d
book: Small changes from review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-13 03:43:35 +13:00
Jack Grigg f563c1636f book: Update commitment tree section with the design decision 2021-02-12 01:47:04 +00:00
Jack Grigg 59010c4674 book: Document commitments to lookup and equality constraint arguments 2021-02-11 21:22:18 +00:00
Jack Grigg 7b7346c462 book: Add a placeholder page for explaining the IPA 
For now, it directs readers to the existing comparision page, which
describes Halo 2's IPA relative to another work.
 2021-02-11 19:54:45 +00:00
Jack Grigg 6da0adb4e1 book: Refactor the multipoint opening argument section 2021-02-11 19:54:45 +00:00
Jack Grigg 91a90f1d9d book: Renumber multipoint opening challenges to match implementation 2021-02-11 19:54:39 +00:00
Jack Grigg ffa8dacaba book: Add section about vanishing argument 2021-02-11 19:54:38 +00:00
Jack Grigg 9e9a92a912 book: Add section about circuit commitments 2021-02-11 19:54:20 +00:00
Jack Grigg e666f8b966 book: Add summary and succinct description of the Halo 2 protocol 2021-02-11 19:16:08 +00:00
str4d d541261507
Apply suggestions from review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-02-12 08:09:45 +13:00
Jack Grigg 4aceada21a book: Re-order "Proving system" sub-sections 2021-02-10 13:06:22 +00:00
Jack Grigg adb377de7d book: Document design rationale for Orchard keys and addresses 2021-02-08 18:31:36 +00:00
Jack Grigg 425c45d96b book: Add a simple example showing how the API is used 2021-02-08 15:56:16 +00:00
Jack Grigg bfbfa80900 book: Add a comparison to BCMS20 2021-02-04 16:04:37 +00:00
Daira Hopwood 20f33f427f Further clarify notation and make sure that the discussion is correct for non-cyclic groups. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-30 16:16:22 +00:00
Daira Hopwood fc0bddad8a
Merge pull request #158 from daira/background-update 
Improvements to background section
 2021-01-30 03:25:24 +00:00
Daira Hopwood 13f406acc1
Fix link 2021-01-30 03:24:35 +00:00
Daira Hopwood 7a5915ab09
Apply some suggestions from code review 
Co-authored-by: str4d <thestr4d@gmail.com>
 2021-01-30 02:49:40 +00:00
Daira Hopwood cda768aa00 Improvements to background section: 
* describe groups in general, rather than via the example of F_p^*
* explain the isomorphism between group elements and scalars, and how it is useful
* corrections and pedantry :-)

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-30 01:43:24 +00:00
Jack Grigg d84a4cbbfc book: Add a link from "Background Material" to the issue tracker 
This will hopefully encourage readers to submit feedback as they read
the book, enabling us to catch things that could be explained better.
 2021-01-29 20:59:39 +00:00
Daira Hopwood 723ea8feac Clarifications for background, from pairing with Kris. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-29 19:51:48 +00:00
str4d a2f85c7932
Apply editorial suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-22 14:52:05 +13:00
Jack Grigg 18e039218b book: Note that we use 0 for uncommitted leaves in the commitment tree 2021-01-22 00:32:24 +00:00
Daira Hopwood d6fd00b5b3 Cosmetics and Markdown formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-21 00:07:38 +00:00
Daira Hopwood 265ff91cc6 F might be Poseidon. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-21 00:07:21 +00:00
Daira Hopwood db071913b6 Explain in more detail the argument for Balance. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-21 00:06:50 +00:00
Daira Hopwood 3ca9704d30 Swap ak and nk in the input to ShortCommit^{ivk}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-21 00:05:47 +00:00
Jack Grigg f3a36457d7 book: Add rationale for nullifier design 2021-01-20 14:12:38 +00:00
Jack Grigg 0abc0ef11a book: Revert to the previous nullifier design 
We examined the nullifier designs more closely, and determined that the
previously-selected design was actually fine, but for a somewhat-subtle
reason: even though an adversary with knowledge of a victim's full viewing
key could choose psi to cancel out Hash_nk(rho), the nullifier still
directly depends on rho via the note commitment.
 2021-01-20 14:06:03 +00:00
Daira Hopwood 847c41d5c8 Make terminology more consistent with the ZKProof reference and Sean's usage. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-16 15:48:43 +00:00
Daira Hopwood 0caf66b261 [Book] Fix W numbering in SHA-256 table16 doc. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-01-12 21:50:24 +00:00
Jack Grigg afdb4a8981 book: Add design notes about implementation of proofs 
Adapted from https://github.com/zcash/halo2/pull/111
 2021-01-11 21:21:05 +00:00
Jack Grigg fb411b12e8 book: Reorganize design subsections 2021-01-11 21:07:45 +00:00
Jack Grigg f8c5c2e28e book: Add background material 
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-01-11 20:44:53 +00:00
therealyingtong d23fcd1ccd [book] SHA-256: add compression digest gate 2021-01-11 23:56:23 +08:00
therealyingtong 34defb4577 Remove unnecessary spreads for a_new, e_new 2021-01-11 00:49:37 +08:00
therealyingtong c920bdf9a6 Split choice table into two tables 2021-01-11 00:22:07 +08:00
Jack Grigg 9410d14d0a book: Switch to a new nullifier design 
The previously-selected design was broken because an adversary with
knowledge of a victim's full viewing key could perform a Faerie Gold
attack: given knowledge of nk, they can choose psi to cancel out
Hash_nk(rho) and cause a collision.
 2021-01-09 00:22:52 +00:00
Jack Grigg 750bdfb700 book: Update definitions on nullifier page 2021-01-08 23:29:46 +00:00
therealyingtong 42988ce1d0 [book] sha256: Simplify compression region to reuse message schedule gates 2021-01-09 01:29:16 +08:00
Jack Grigg 0fcacf9af0 book: Start adding Orchard design notes 
Some of this content may move into the concepts section, or possibly into
a dedicated specification area, but for now the design section includes
our choices alongside the reasoning.
 2021-01-08 17:10:12 +00:00
Jack Grigg 10bae831eb Rename to Orchard 2021-01-08 16:51:10 +00:00
therealyingtong 68166c27ac Remove superfluous selector columns 2021-01-08 00:24:21 +08:00
therealyingtong 1a3fccd71b [book] Fix compression table formatting 2021-01-06 20:41:13 +08:00
therealyingtong 38c78b8c50 [book] Add compression region to table16.md 2021-01-06 20:30:28 +08:00
therealyingtong 29738d4214 Add sb1 selector 2020-12-28 22:57:50 +08:00
therealyingtong 50e6920ed7 Standardise notation and add sb column to check subpieces 2020-12-28 14:57:33 +08:00
Daira Hopwood e932352390 Rename 'Background' to 'Proof systems' and add a note about intermediate values. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2020-12-26 15:45:15 +00:00
Daira Hopwood fcb176aeb1 Apply suggestions from code review 
Minor fixes.
 2020-12-26 15:33:59 +00:00
Daira Hopwood f23677cea9 [book] Write Concepts section. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2020-12-26 15:33:59 +00:00
ying tong 659655a4de
Merge pull request #112 from zcash/book-patch-sha256-2 
(cont.) Patch message scheduling table
 2020-12-24 20:37:40 +08:00
therealyingtong 2c3cda4b01 (cont.) Patch message scheduling table 2020-12-24 20:36:03 +08:00
Jack Grigg a4029222fd book: Fix book tests by adding missing definitions to SHA-256 page 2020-12-23 16:13:44 +00:00
therealyingtong a14c538b55 Update message scheduling table 2020-12-23 21:19:42 +08:00
ying tong d7abe3ca00
Merge pull request #98 from zcash/book-sha256 
[book] Add sha256 spec
 2020-12-23 13:35:37 +08:00
therealyingtong 00cb254141 Inline sigma_0 v1 in message scheduling region 2020-12-23 13:33:33 +08:00
Jack Grigg 8f8a8e0772 book: Move multipoint argument into design section 2020-12-23 03:26:45 +00:00
Jack Grigg d5bae060f3 book: Zero-index message schedule in the giant table 2020-12-23 03:09:26 +00:00
Jack Grigg 7fabdc1fe4 book: Mark diagram as plaintext so it doesn't get tested 2020-12-23 02:54:35 +00:00
Jack Grigg 0a9c130276 book: Fix table formatting 2020-12-23 02:51:43 +00:00
Jack Grigg 7d37ff370b book: Fix internal links in Table16 chip 2020-12-23 02:46:28 +00:00
Jack Grigg 8cf0cdeda3 book: Update TOC entry for SHA-256 chip 2020-12-23 02:44:33 +00:00
Jack Grigg 00b33bd48e book: Rework documentation of modular addition for SHA-256 chip 2020-12-23 02:42:53 +00:00
Jack Grigg 151adc83dd book: Document SHA-256 chip instructions and gadget interface 2020-12-23 02:42:27 +00:00
Jack Grigg d2c0c8b623 book: Remove trailing whitespace 2020-12-22 21:35:20 +00:00
therealyingtong e4d5ddecb2 book: Use 0-indexing for message scheduling table16.md 2020-12-22 21:31:13 +00:00
therealyingtong fc4497ac7c book: Bring in second SHA-256 table spec page from HackMD 2020-12-22 21:31:13 +00:00
therealyingtong 6abcc70928 book: Bring in first SHA-256 table spec page from HackMD 2020-12-22 21:31:13 +00:00
Jack Grigg c2742c0d05 book: Edit the lookup argument page to fit the design section 2020-12-22 21:23:32 +00:00
Jack Grigg d41e8ef364 book: Move general PLONK language differences to top of design section 2020-12-22 21:09:05 +00:00
Jack Grigg e9e208e3c4 book: Bring in the lookup argument description from HackMD 2020-12-22 20:43:24 +00:00
str4d 3f856e3066
Merge pull request #91 from zcash/book-multipoint 
[book] Add multipoint opening + small set interpolation
 2020-12-22 20:42:01 +00:00
Jack Grigg 92d9fb3225 book: Annotate ASCII diagrams as plaintext 
This prevents mdbook from interpreting them as Rust and attempting to
test them.
 2020-12-22 20:30:56 +00:00
Jack Grigg 1ba246f7d9 book: Document the permutation construction algorithm 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2020-12-22 20:25:33 +00:00
therealyingtong e8a229fd31 Add small set interpolation to tips-and-tricks 2020-12-17 16:39:36 +08:00
therealyingtong 9d8d5fc6d9 Add multipoint opening explanation to concepts/multipoint-opening.md 2020-12-17 16:10:07 +08:00
str4d 2aea582865
book: Note that roots don't have to be constant 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2020-12-11 18:45:14 +00:00
str4d 653cb6ca88
book: Use \cdot for multiplications 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2020-12-11 18:36:46 +00:00
str4d 8f929888af
book: Describe a lookup table as representing a relation 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2020-12-11 18:34:59 +00:00
Jack Grigg e1c770a591 book: Add some more placeholder sections to the user guide 2020-12-10 20:44:50 +00:00
Jack Grigg 2a7df99478 book: Start collecting tips and tricks 2020-12-10 20:44:50 +00:00
Jack Grigg 0bc95f2776 Add initial book skeleton 2020-12-04 17:19:17 +00:00
Jack Grigg c10e89ab35 Initialise empty mdBook 2020-12-04 16:13:04 +00:00
Jack Grigg 8e6d2a7023 Add initial book skeleton 2020-10-27 21:23:20 +00:00
Jack Grigg b975600b35 Initialise empty mdBook 2020-10-20 23:02:49 +01:00