zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,396 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

163 Commits

Author SHA1 Message Date
Carlos Pérez d0489c707f
Merge pull request #63 from scroll-tech/opt/commit_setup 
opt: speed up unsafe_setup
 2022-05-03 09:32:22 +02:00
spherel 763a223800 Refine code 2022-05-03 05:04:52 +00:00
spherel 20ae664a7b Restore arithmetic.rs 2022-05-03 04:41:42 +00:00
Zhang Zhuo 598e88856a fix 2022-05-03 09:38:54 +08:00
Zhang Zhuo 3cefda8a45
Update commitment.rs 2022-05-03 09:29:58 +08:00
Zhang Zhuo 0810669718
Update commitment.rs 2022-05-03 09:27:22 +08:00
spherel d274493502 Fix 2022-05-02 08:07:37 +00:00
spherel c1f77ad576 optimize Params<C>::read() 2022-05-02 06:50:52 +00:00
NoCtrlZ 32ed927579 Apply @daira's review suggestion 2022-04-28 09:47:22 +09:00
NoCtrlZ 9a9873a2c5 optimize fft 2022-04-28 09:44:54 +09:00
Jack Grigg f4675997bc Fix some clippy lints 2022-04-27 12:58:16 +00:00
Jack Grigg f830c6f7fb Remove pins for dependencies with MSRV-incompatible point releases 2022-04-27 12:28:19 +00:00
Jack Grigg bb1ed8288a Set edition to 2021 
We also set `resolver = "2"` on the workspace; this is the default for
the root package in Rust 2021, but as we use a virtual workspace we need
to explicitly set it instead.
 2022-04-27 12:28:19 +00:00
Jack Grigg 7688c371f6 Bump MSRV to 1.56.1 
Closes zcash/halo2#482.
 2022-04-27 12:24:57 +00:00
parazyd a6d7785ddc
plonk: Derive Clone for VerifyingKey and ProvingKey. 
Signed-off-by: parazyd <parazyd@dyne.org>
 2022-04-26 14:08:11 +02:00
Han ec0813af64
Merge pull request #61 from han0110/fix/collect-queries-only-once 
Collect `queries` only once in `construct_intermediate_sets`
 2022-04-26 11:37:19 +02:00
str4d 66b2b3ba7e
Merge pull request #414 from zcash/constraints-helper 
Add a `Constraints` helper
 2022-04-22 11:52:06 +02:00
Sean Bowe a02b9e2e7e
Add benchmark for various FFT sizes. 2022-04-20 13:09:58 -06:00
Jack Grigg d93846f8fd Note that `Constraints::with_selector` accepts arrays from 1.53 2022-04-20 10:55:55 +00:00
Jack Grigg 78de8a5c94 Add a `Constraints` helper 
There are two existing patterns for constructing a gate from a set of
constraints with a common selector:

- Create an iterator of constraints, where each constraint includes the
  selector:
  ```
  vec![
      ("foo", selector.clone() * foo),
      ("bar", selector.clone() * bar),
      ("baz", selector * bar),
  ]
  ```
  This requires the user to write O(n) `selector.clone()` calls.

- Create an iterator of constraints, and then map the selector in:
  ```
  vec![
      ("foo", foo),
      ("bar", bar),
      ("baz", bar),
  ].into_iter().map(move |(name, poly)| (name, selector.clone() * poly))
  ```
  This looks cleaner overall, but the API is not as intuitive, and it
  is messier when the constraints are named.

The `Constraints` struct provides a third, clearer API:
```
Constraints::with_selector(
    selector,
    vec![
        ("foo", foo),
        ("bar", bar),
        ("baz", bar),
    ],
)
```
This focuses on the structure of the constraints, and handles the
selector application for the user.
 2022-04-20 10:55:50 +00:00
str4d 46ba444169
Merge pull request #480 from zcash/477-mockprover-pretty-failures 
Add `MockProver::assert_satisfied` with pretty-printed failures
 2022-04-20 12:53:16 +02:00
str4d 69c138c25c
Clarify some comments and messages 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2022-04-19 16:04:19 +02:00
str4d 606afb8349
Merge pull request #445 from daira/mockprover-regression 
Fix mock prover performance regression for lookup arguments
 2022-04-19 14:17:17 +02:00
Daira Hopwood 424a2748d1
Clarify a comment 2022-04-19 12:36:02 +01:00
str4d 221766986b
Merge pull request #532 from zcash/bench-lookup-mockprover 
Bench heavily padded lookup in MockProver.
 2022-04-18 12:45:30 +02:00
str4d 19b2b3b7e2
Fix clippy lints 2022-04-18 12:25:58 +02:00
Zhang Zhuo bdd3fb4841 opt: speed up unsafe_setup 2022-04-15 23:08:55 +08:00
Sphere L 03e5aaf032
Update commitment.rs 2022-04-14 11:54:02 -05:00
ying tong 066bd15d7e
cost-model.rs: Correct lookup required degree calculation. 2022-04-14 16:25:52 +02:00
han0110 b0dd9b45d1 fix: collect queries only once in construct_intermediate_sets 2022-04-13 12:49:54 +08:00
Brechtpd 03c3645134 Rename `evaluate` to `get` 2022-04-08 19:40:05 +02:00
Jack Grigg 90e671e77c Relicense Halo 2 crates as MIT OR Apache 2.0 
See this blog post for details:
    https://electriccoin.co/blog/zero-knowledge-proving-system-halo-now-licensed-under-mit-making-it-available-for-anyone-to-use/
 2022-04-07 14:22:49 +00:00
therealyingtong a11cb9796e halo2_proofs 0.1.0-beta.4 2022-04-06 12:24:28 +08:00
Sean Bowe 6a31a0e6a1
Apply @str4d's review suggestions. 2022-04-04 14:07:31 -06:00
Sean Bowe fa069a7455
Use unwrap_or_default() instead of unwrap_or(HashMap::new()) 2022-04-03 10:06:19 -06:00
Sean Bowe fd7e9ddbb0
rustfmt 2022-04-02 15:38:46 -06:00
Sean Bowe 4163b8765a
Reduce depth of AST by special casing the application of Horner's rule. 
The existing code will fold together a very deep AST that applies Horner's
rule to each gate in a proof -- which could include multiple circuits and
so for some applications will quickly grow such that when we recursively
descend later during evaluation the stack will easily overflow.

This change special cases the application of Horner's rule to a
"DistributePowers" AST node to keep the tree depth from exploding in size.
 2022-04-02 13:13:46 -06:00
Sphere Liu fc2d553a8a Switch to parallelize 2022-03-31 23:10:30 -05:00
Sphere Liu c288b3e98c Make setup parallel. 2022-03-31 13:31:59 -05:00
Sphere Liu ef089a7400 Make setup parallel 2022-03-31 03:41:02 -05:00
Jack Grigg 0946bdb455 dev: Enable `VerifyFailure::Permutation` to point to region offsets 2022-03-30 01:39:50 +00:00
therealyingtong 51d34c12a2 Bench heavily padded lookup in MockProver. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2022-03-24 22:02:29 +08:00
Jack Grigg 8acd4abfb3 halo2_proofs 0.1.0-beta.3 2022-03-22 19:59:10 +00:00
Jack Grigg e39c8e94d2 Update changelogs 2022-03-22 19:55:53 +00:00
str4d 8abd7b74db
Merge pull request #417 from zcash/fix-assigned-usage 
Expand `Assigned<F>` APIs
 2022-03-22 19:46:51 +00:00
str4d 642efc1536
Merge pull request #521 from zcash/reconstruct-selectors 
Remove selector_map from pinned verification key and remove VerificationKey serialization
 2022-03-18 00:14:36 +00:00
Jack Grigg c6b4fcaf34 Fix docs.rs build 
The published source code for each package needs to include the required
header file, and the path to that header file needs to be relative to
the package source (not the repository source). We therefore need to
have the header file present in each workspace package.

Closes zcash/halo2#506.
 2022-03-17 19:14:11 +00:00
Sean Bowe f46d77763e
Remove logic for reading and writing VerificationKey to/from buffers. 2022-03-16 14:19:33 -06:00
Sean Bowe 819bc3c2f5
Stop placing the selector_map (which is an internal API detail) in the pinned verification key. 2022-03-16 14:19:13 -06:00
Sean Bowe e10f4e1d0e
Add mechanism for generating a new proof in test. 2022-03-16 12:53:04 -06:00
Brechtpd e2e04e1415 Parallelized eval_polynomial/evaluate_vanishing_polynomial 2022-03-16 02:23:22 +01:00
Brechtpd 8912c0bd7d misc small improvements 2022-03-15 19:33:10 +01:00
Brechtpd 7cc22cfa03 Poly optimizations 2022-03-15 04:36:16 +01:00
kilic 09758e585c use _diff suffix 2022-03-13 23:10:13 +03:00
kilic 5b04d737cf shplonk: save a scalar mul in verifier side 2022-03-12 16:24:21 +03:00
kilic ee6a48c459 shplonk::verifier Batch remainders contributions 2022-03-11 20:56:46 +03:00
kilic 6c879b7609 Remove diff indicies from rotation set 
Better testing of intermadiate set construction

Refactor intermediate set construction
 2022-03-06 20:17:09 +03:00
TrapdoorHeader e948e10202 fix clippy error 2022-03-06 20:17:09 +03:00
TrapdoorHeader 8c39f89054 use Rotation to sort the opening points s.t. the ordering is static 
Signed-off-by: TrapdoorHeader <support@trapdoortech.com>
 2022-03-06 20:17:09 +03:00
Zhang Zhuo 2b4ebd36d8 MockProver: allow different gate_row_ids and lookup_input_row_ids for verify_at_rows 2022-03-01 12:00:48 +08:00
Zhang Zhuo 4604e7b80c fix 2022-02-26 17:10:08 +08:00
Zhang Zhuo b011557267 feat: add verify_at_rows in MockProver for testing speed 2022-02-26 16:32:57 +08:00
kilic caa6f90608 Add vanishing polynomial evaluator 2022-02-22 14:09:20 +03:00
Daira Hopwood b48b032041
Minor simplification 2022-02-16 17:14:41 +00:00
Chih Cheng Liang 6f8a605821
Merge pull request #29 from lispc/debug/better_lookup_err3 
dev: add name for lookup
 2022-02-16 23:14:40 +08:00
Jack Grigg 57596cab36 dev: Add a custom `VerifyFailure::CellNotAssigned` emitter 
The `dev::tests::unassigned_cell` test case, shown via `assert_eq!(err, Ok(()))`:
```
  left: `Err([CellNotAssigned { gate: Gate { index: 0, name: "Equality check" }, region: Region { index: 0, name: "Faulty synthesis" }, gate_offset: 1, column: Column { index: 1, column_type: Advice }, offset: 1 }])`,
 right: `Ok(())`',
```

Via `impl Display for VerifyFailure`:
```
Region 0 ('Faulty synthesis') uses Gate 0 ('Equality check') at offset 1, which requires cell in column Column { index: 1, column_type: Advice } at offset 1 to be assigned.
```

Via `VerifyFailure::emit`:
```
error: cell not assigned
  Cell layout in region 'Faulty synthesis':
    | Offset | A0 | A1 |
    +--------+----+----+
    |    0   | x0 |    |
    |    1   |    |  X | <--{ X marks the spot! 🦜

  Gate 'Equality check' (applied at offset 1) queries these cells.
```
 2022-02-16 13:57:53 +00:00
Jack Grigg 369ff521d3 dev: Store gate offset in `VerifyFailure::CellNotAssigned` 2022-02-16 13:57:53 +00:00
Jack Grigg c19a1ade2a dev: Add a custom `VerifyFailure::Lookup` emitter 
The `dev::tests::bad_lookup` test case, shown via `assert_eq!(err, Ok(()))`:
```
  left: `Err([Lookup { lookup_index: 0, location: InRegion { region: Region { index: 2, name: "Faulty synthesis" }, offset: 1 } }])`,
 right: `Ok(())`',
```

Via `impl Display for VerifyFailure`:
```
Lookup 0 is not satisfied in Region 2 ('Faulty synthesis') at offset 1
```

Via `VerifyFailure::emit`:
```
error: lookup input does not exist in table
  (L0) ∉ (F0)

  Lookup inputs:
    L0 = x1 * x0 + (1 - x1) * 0x2
    ^
    | Cell layout in region 'Faulty synthesis':
    |   | Offset | A0 | F1 |
    |   +--------+----+----+
    |   |    1   | x0 | x1 | <--{ Lookup inputs queried here
    |
    | Assigned cell values:
    |   x0 = 0x5
    |   x1 = 1
```
 2022-02-16 13:56:17 +00:00
Jack Grigg 62eea4c457 dev: Move cell loaders into `dev::util` 2022-02-16 13:56:17 +00:00
Jack Grigg 44e3cf8c61 dev: Move expression stringifier into `dev::failure::emitter` 2022-02-16 13:56:17 +00:00
Jack Grigg 212e3d07ce dev: Move cell layout emitter into a submodule 2022-02-16 13:56:17 +00:00
Jack Grigg 8e1fb87a33 dev: Add a custom `VerifyFailure::ConstraintNotSatisfied` emitter 
An example failure, shown via `assert_eq!(err, Ok(()))`:
```
  left: `Err([ConstraintNotSatisfied { constraint: Constraint { gate: Gate { index: 0, name: "R1CS constraint" }, index: 0, name: "buggy R1CS" }, location: InRegion { region: Region { index: 0, name: "Example region" }, offset: 1 }, cell_values: [(VirtualCell { name: "", column: Column { column_type: Advice, index: 0 }, rotation: 0 }, "0x2"), (VirtualCell { name: "", column: Column { column_type: Advice, index: 1 }, rotation: -1 }, "0x4"), (VirtualCell { name: "", column: Column { column_type: Advice, index: 2 }, rotation: 1 }, "0x8")] }])`,
 right: `Ok(())`',
```

Via `impl Display for VerifyFailure`:
```
Constraint 0 ('buggy R1CS') in gate 0 ('R1CS constraint') is not satisfied in Region 0 ('Example region') at offset 1
- Column('Advice', 0)@0 = 0x2
- Column('Advice', 1)@-1 = 0x4
- Column('Advice', 2)@1 = 0x8
```

Via `VerifyFailure::emit`:
```
error: constraint not satisfied
  Cell layout in region 'Example region':
    | Offset | A0 | A1 | A2 |
    +--------+----+----+----+
    |    0   |    | x1 |    |
    |    1   | x0 |    |    | <--{ Gate 'R1CS constraint' applied here
    |    2   |    |    | x2 |

  Constraint 'buggy R1CS':
    S0 * (x0 * x1 + x2) = 0

  Assigned cell values:
    x0 = 0x2
    x1 = 0x4
    x2 = 0x8
```
 2022-02-16 13:56:17 +00:00
Jack Grigg 5cdc029bb4 dev: Add `MockProver::assert_satisfied` 
This is equivalent to `assert_eq!(mock_prover.verify(), Ok(()))`, but
pretty-prints the verification failures instead of debug-printing them.
In its initial state, it just prints the `Display` impl.
 2022-02-16 13:56:17 +00:00
Jack Grigg 0e08903669 dev: Move `VerifyFailure` and `FailureLocation` into submodule 2022-02-16 13:55:29 +00:00
kilic 8b616c33e0 Remove commented out code 2022-02-15 17:41:33 +03:00
Zhang Zhuo ca8cad0e62 format 2022-02-15 20:14:01 +08:00
Zhang Zhuo 67437b222d fix examples 2022-02-15 14:53:25 +08:00
Zhang Zhuo 2a49e2a2bb dev: add name for lookup 2022-02-15 14:52:35 +08:00
Zhang Zhuo e2a01d23db dev: add name for lookup 2022-02-15 11:57:57 +08:00
Daira Hopwood e7ffefdbe2 MockProver: Optimize repetitions of the last usable row, not the zero row. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-02-15 00:30:54 +00:00
Daira Hopwood 7107b8353a MockProver: Use a sorted scan to check that lookup inputs 
are contained in the table, fixing a performance regression.
This includes an optimization for "fill rows", which are
assumed in this commit to be all-zeros.

closes #398

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-02-14 23:54:06 +00:00
Jack Grigg f642727e51 halo2_proofs 0.1.0-beta.2 2022-02-14 21:58:20 +00:00
Jack Grigg 1d2f698aca Update license dates and links 2022-02-14 21:58:20 +00:00
Jack Grigg e0cc7b39d3 Update changelogs 2022-02-14 21:29:42 +00:00
Sean Bowe 0b73c74f72
Address comments brought up by @str4d. 2022-02-14 10:44:14 -07:00
Sean Bowe f2daf91315
halo2_proofs: change IPA check equation to match the book 
The verifier's check in the inner product argument used to assume that the
G'_0 value had an additional (trivial) blinding factor term, which makes
it slightly easier to reason that it never is the point at infinity.
However, we never sample challenges that are zeroes (both for security
and completeness reasons) so this element would never be the point at
infinity anyway. Thus, we can simplify the check with the added benefit of
matching the book's description of the protocol.
 2022-02-14 09:37:57 -07:00
ebfull 8c0deb10aa
Merge pull request #495 from zcash/book-consistency 
halo2_proofs: rename variables for consistency
 2022-02-14 09:24:20 -07:00
Sean Bowe 90bebdf29a
halo2_proofs: add hardcoded proof to plonk_api test for backwards compatibility testing 2022-02-14 08:48:03 -07:00
kilic 641b4b5f94 Apply clippy and fmt 2022-02-14 14:31:04 +03:00
kilic a892dd56e9 Make shplonk default 2022-02-12 20:56:25 +03:00
kilic e73c1b2582 Fix typos 2022-02-12 20:56:25 +03:00
kilic c67e7d9f25 Minor cleanups 2022-02-12 20:56:25 +03:00
kilic bebee898fe Add lookup_any 2022-02-12 20:56:25 +03:00
kilic 0e9b075c3a Change multiopen commitment scheme to KZG 2022-02-12 20:56:25 +03:00
Sean Bowe 289f24bb8b
Improvements due to @daira's code review. 2022-02-11 08:50:55 -07:00
Sean Bowe a129490517
Minor changes 2022-02-10 08:08:20 -07:00
Sean Bowe a4d3c328b9
halo2_proofs: rename variables for consistency 
This changes variable names in the multiopen and commitment opening implementations
and the book's protocol description to keep names and indicies consistent with one
another.

Co-Authored-By: Jack Grigg <jack@electriccoin.co>
 2022-02-09 13:37:50 -07:00
Dimitris Apostolou e2f88e450b
Fix typos 2022-02-03 18:01:22 +02:00
Jack Grigg 9a12beee73 halo2_gadgets: Rename `halo2` to `halo2_proofs` 
The previous commit renamed `halo2_proofs` back to `halo2` temporarily
to keep the commit size down. This commit performs the rename in a
single pass.
 2022-01-27 23:32:04 +00:00
str4d bb56139414
Merge pull request #472 from zcash/separate-single-and-batch-verification 
halo2_proofs: Improve `plonk::verify_proof` API
 2022-01-27 01:19:34 +00:00