zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,482 Commits 40 Branches 6 Tags 59 MiB
Commit Graph

340 Commits

Author SHA1 Message Date
Daira Hopwood 66827f3df9
Merge pull request #544 from zcash/book-patch-vanishing 
[book] Use more intuitive expression for vanishing poly degree
 2022-04-22 16:46:39 +01:00
Daira Hopwood 84f5c26b7f [book] Add description of selector combining optimization. 
fixes #466

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-04-18 20:19:26 +01:00
ying tong 8cb9226670
[book] Use more intuitive expression for vanishing poly degree 2022-04-10 17:10:51 +02:00
ying tong 2194973aa8
[book] Correct typo in protocol description. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2022-03-17 21:35:06 +08:00
Daira Hopwood c5cdea1eb0
Merge pull request #487 from daira/book-improve-incomplete-addition 
Improve the explanation of incomplete addition
 2022-02-15 01:05:00 +00:00
Sean Bowe a129490517
Minor changes 2022-02-10 08:08:20 -07:00
Sean Bowe a4d3c328b9
halo2_proofs: rename variables for consistency 
This changes variable names in the multiopen and commitment opening implementations
and the book's protocol description to keep names and indicies consistent with one
another.

Co-Authored-By: Jack Grigg <jack@electriccoin.co>
 2022-02-09 13:37:50 -07:00
Daira Hopwood c4bdab59e3 Improve the explanation of incomplete addition: 
* use biimplication in the correctness argument to ensure both soundness and completeness;
* avoid introducing lambda at all; it's unnecessary and omitting it shortens the explanation.

Co-authored-by: Jack Grigg <str4d@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-02-03 22:06:05 +00:00
Jack Grigg 5202ec6eda Integrate `halo2_gadgets` into the workspace 
THe SHA-256 example gadget has been moved into the `halo2_gadgets` crate
behind an `unstable` feature flag.
 2022-01-27 23:32:04 +00:00
Jack Grigg 7e9ced2eaa Merge `halo2_gadgets` from zcash/orchard into halo2_gadgets-import 2022-01-27 23:08:35 +00:00
Jack Grigg a2367abcaf Migrate to `halo2_gadgets` crate in subdir 
- The crate module structure from `orchard` has been flattened.
- The book pages we want to include in `halo2` have been moved to their
  target location, to avoid any conflicts during the merge.
- Common files that already exist in zcash/halo2 have been removed.
 2022-01-27 23:08:01 +00:00
Jack Grigg c2866beb47 Delete Orchard-specific code, dependencies, and book pages 
The tests do not compile as of this commit, due to Orchard-specific
constants being deleted, but everything else compiles.

Co-authored-by: ying tong <yingtong@z.cash>
 2022-01-27 23:07:59 +00:00
Jack Grigg 3c6558f049 Move `halo2` code into `halo2_proofs` crate 2022-01-20 18:50:43 +00:00
str4d 408b617376
Merge pull request #397 from rex4539/typos 
Fix typos
 2021-12-31 14:14:34 +00:00
ying tong 2ab6e1b0d6
[book] Fix SHA256 interpolation polynomial 
Closes #434
 2021-12-23 22:07:09 +08:00
therealyingtong e0a0a0d509 book: Introduce RangeCheck macro. 2021-11-30 09:30:43 -05:00
therealyingtong 303bdc3f65 Replace local bool_check expressions with utilities::bool_check(). 2021-11-29 21:45:48 -05:00
Jack Grigg fa61746526 book: Rename remaining UPA references to PLONKish 
These were missed in zcash/halo2#320.
 2021-11-15 15:53:38 +00:00
Dimitris Apostolou 58e3793911
Fix typos 2021-11-12 03:40:53 +02:00
Jack Grigg a222cdc6d4 book: Document Debian packages required for `dev-graph` feature flag 2021-11-10 16:22:20 +00:00
str4d a635b7c25a
Merge pull request #375 from zcash/366-dev-graph-examples 
Update `dev-graph` examples
 2021-11-11 03:48:41 +13:00
Kris Nuttycombe 8cfff30cc7
Apply suggestions from code review 2021-10-26 07:56:25 -06:00
ying tong 3d2c0e429e
[book] Update link `upa.md` -> `plonkish.md` 
Closes #367
 2021-10-14 12:38:52 +02:00
zyd bac1aa4e84 book: Fix typo 2021-10-06 20:43:21 +08:00
zyd b12d03e815 book: Fix typo 2021-10-02 11:10:47 +08:00
Jack Grigg 5be597c3bc book: Add example for `halo2::dev::circuit_dot_graph` 2021-10-01 16:01:24 +01:00
Jack Grigg c9d890377c book: Render example for `CircuitLayout` 2021-10-01 13:39:04 +01:00
Jack Grigg e3e68bc5d7 book: Fix bugs in dev tools page 2021-10-01 13:39:04 +01:00
zyd c09344a93e book: Fix typo 2021-09-26 23:04:01 +08:00
3for 536279d075 book: Fix typo 2021-09-26 16:41:36 +08:00
3for 70ec164ccd
Merge branch 'zcash:main' into main 2021-09-26 14:55:22 +08:00
3for bcc9d5834b book: Fix typo 2021-09-26 14:55:07 +08:00
3for c89ef70035 book: Fix typo 2021-09-22 18:34:37 +08:00
3for 45a251537a book: Fix typo 2021-09-22 14:58:18 +08:00
zyd e1a4be5728 book: Fix typo 2021-09-21 23:16:05 +08:00
Sean Bowe 424af080ba
Add formal protocol description and preliminaries. 2021-09-20 09:30:02 -06:00
zyd 9c945b982a book: Fix typo 2021-09-19 22:47:20 +08:00
3for 10c0e59835 book: Fix typo 2021-09-18 18:38:04 +08:00
Jack Grigg 1a05398c30 book: Update rotations for Commit^ivk region 
Matches the change made in zcash/orchard#169.
 2021-09-14 02:09:14 +01:00
str4d 9705ebf353
Merge pull request #182 from zcash/book-notecommit-optimisations 
[book] Document NoteCommit region optimisations
 2021-09-14 02:00:49 +01:00
Jack Grigg 3d7649c5b9 book: Move Sinsemilla constraints table to bottom of page 
This moves it below the rationale for the lookup being degree-6.
 2021-09-07 14:20:03 +01:00
Daira Hopwood cc0ac1a744 note_commit.md: make the descriptions of range checks for k_0 and k_2 consistent with other short range checks. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-07 02:39:46 +01:00
Daira Hopwood 462550a26b note_commit.md: fix typo. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-07 02:26:40 +01:00
Daira Hopwood 030c7d1e30 note-commit.md: non-cosmetic improvements (summary, gate names, region layout for y constraints). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-07 01:45:12 +01:00
Daira Hopwood c1dc97477e note-commit.md: cosmetics and line wrapping. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-07 01:41:16 +01:00
Marek afb654b458 Polish the notation for generating sets 2021-09-05 23:42:22 +02:00
Marek a08b7393b4 Avoid associating nonzero elements with groups 2021-09-05 19:04:58 +02:00
Marek 507aed8a54 Change "strict subgroups" to "proper subgroups" 2021-09-05 18:58:45 +02:00
Daira Hopwood 4c25e3c99d note-commit.md: fix an erroneous constraint. 
See https://github.com/zcash/orchard/pull/169/files#r700990376 .

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-02 12:23:48 +01:00
Daira Hopwood 9fcbe5dc1b note-commit.md: missing h_0 in a layout diagram. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 17:27:00 +01:00
Daira Hopwood 14081efe9b note-commit.md: formatting fix. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 15:57:10 +01:00
therealyingtong 4082ee615f [book] sinsemilla.md: Correct constraint degrees. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-08-17 00:07:30 +08:00
therealyingtong a72d4d3a7f [book] note-commit.md: Update field element regions. 2021-08-13 12:22:51 +08:00
therealyingtong 8d7bf509f2 [book] note-commit.md: Update message piece decomposition gates. 2021-08-13 01:19:30 +08:00
parazyd 1b0a22096b
book: Fix rendering of cost-model output. 
This should stop html tags appearing inside the <code> tags.
 2021-07-31 15:24:50 +02:00
Daira Hopwood b2e25b5ac3 [book] decomposition.md: avoid introducing `m` when we already have `range`. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 17:06:36 +01:00
ying tong ee878ddc57
Merge pull request #162 from zcash/book-merge-lookups 
[book] Merge lookup arguments for normal and short variants
 2021-07-27 23:34:28 +08:00
ying tong 0bb4a7fd71
[book] decomposition.md: Formatting and phrasing fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>
 2021-07-27 23:29:11 +08:00
therealyingtong ac5404a943 [book] note-commit.md: Update NoteCommit gate region layout. 
By rearranging the pieces in the gate, we remove a prev() query and
preserve proximity between pieces involved in the same constraint.
 2021-07-27 13:56:10 +08:00
therealyingtong 920fe64399 [book] note-commit.md: Document substitution of k_1 with z1_j. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-27 12:53:41 +08:00
Jack Grigg 9ef46ae4ee book: Fixes to NoteCommit page 
Noticed during review.
 2021-07-27 05:34:36 +01:00
therealyingtong 65ff84da0a [book] decomposition.md: Merge lookup arguments for normal and short variants. 2021-07-27 11:56:18 +08:00
Daira Hopwood a6badba32f [book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: we always do addition (possibly of the zero point) at the end of variable-base scalar mul. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 02:01:21 +01:00
Daira Hopwood 7895a2a082 [book] src/design/circuit/gadgets/ecc/var-base-scalar-mul.md: more formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 02:01:05 +01:00
Daira Hopwood 3dfefe0e85 [book] src/design/circuit/gadgets/ecc/addition.md: correctness and clarity. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 01:51:37 +01:00
Daira Hopwood 3ed388e6bb [book] src/design/circuit/gadgets/ecc/addition.md: formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 01:51:28 +01:00
therealyingtong f1ccc58d9a [book] note-commit.md: y-coordinate canonicity constraints. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-27 01:56:17 +08:00
ying tong 3833d665de
[book] Clarify upper bounds in canonicity shift constraints. 2021-07-26 12:05:25 +08:00
ying tong 14b8d9b048
[book] note-commit.md: 2^140 -> 2^130 in psi check. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-26 11:12:42 +08:00
ying tong 453681f309
[book] commit-ivk.md: Update region layout to use 9 advice columns. 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-07-26 11:09:47 +08:00
Jack Grigg 0375c64801 [book] Update NoteCommit page to match Commit^ivk style 
Constraint tables have been added along with the region layout. I also
fixed numerous bugs in the constraints (most of which appeared to be
copy-pasta bugs).
 2021-07-26 02:05:35 +01:00
Jack Grigg 5aa05713e7 [book] Use \CommitIvk macro in page heading 
We can't use KaTeX  on the SUMMARY page that generates the sidebar, so
that continues to use a CamelCase approximation.
 2021-07-26 02:05:35 +01:00
Jack Grigg f376a61bb8 [book] Add macros, constraint tables, and region layout to Commit^ivk 
I also merged in content from a page I wrote independently while
reviewing the Action circuit PR, and made various cleanups to the
Markdown source.
 2021-07-26 02:05:35 +01:00
Daira Hopwood 4a5a4cc437 [book] merkle-crh.md: formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-26 02:05:35 +01:00
Daira Hopwood ed20d539b2 [book] merkle-crh.md: corrections. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-26 02:05:35 +01:00
Daira Hopwood 47a29f10aa [book] Document NoteCommit message decomposition & canonicity checks 2021-07-26 02:05:35 +01:00
Daira Hopwood 2846593937 [book] Document CommitIvk message decomposition & canonicity checks 2021-07-26 02:05:35 +01:00
Daira Hopwood 9708e296c8 [book] Document Merkle chip layout and message decomposition. 2021-07-26 02:05:35 +01:00
therealyingtong 5dc5e6479a [book] Recombine Sinsemilla q_S1, q_S2, q_S3 selectors. 
Since q_S1, q_S2, q_S3 are not simple selectors, they cannot be
automatically combined. We manually combine them here.
 2021-07-25 20:28:05 +08:00
ying tong a2ed3f1b52
Merge pull request #155 from zcash/book-selector-optimisations 
[Book] Undo selector optimisations
 2021-07-25 00:57:35 +08:00
ying tong 3d56fb0716
Merge pull request #146 from zcash/book-short-scalar-mul 
[book] Update constraints for short signed fixed-base mul.
 2021-07-25 00:54:32 +08:00
therealyingtong 782a70a786 [book] Minor fixes. 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-25 00:52:38 +08:00
ying tong ce881bc4fe
[book] Formatting fix. 2021-07-25 00:40:44 +08:00
therealyingtong 78b0ec4e7b [book] Sinsemilla: reintroduce fixed_y_q column. 
Loading fixed_y_q into an advice column introduces an additional
row. Instead, we load it into a fixed column.

Co-authored-by: Jack Grigg <jack@electriccoin.co>
 2021-07-24 23:15:17 +08:00
ying tong 6c55e1a7e3
[book] Fix updates to Sinsemilla writeup. 2021-07-23 20:34:16 +08:00
therealyingtong 7866623a1b [book] Undo selector optimisation in variable-base scalar mul 
Previously, we were using a non-binary selector q_mul = {1, 2, 3}
to switch between three cases. Now, we replace this with three
binary selectors.
 2021-07-22 22:39:17 +08:00
therealyingtong c5cda9481d [book] Undo selector optimisations in Sinsemilla 
- Instead of defining a synthetic q_S3 based on a combination of
  of q_S1, q_S2, we simply create another selector q_S3.
- Instead of using fixed_y_q as a nonbinary selector, replace it
  with q_S4 and copy the fixed value into a row above.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-22 22:19:01 +08:00
ying tong c23897ea8d
Apply suggestions from code review 
Co-authored-by: str4d <jack@electriccoin.co>
 2021-07-19 19:01:06 +08:00
Daira Hopwood 20c347b269
Merge pull request #320 from daira/book-zk-changes 
[Book] Zero knowledge changes (and misc cleanups)
 2021-07-12 20:35:20 +01:00
Daira Hopwood 43ffa37740 [book] Nullifiers: the scalar is (...) mod p, not ... (mod p). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 20:24:18 +01:00
Daira Hopwood c76358769c book/src/design/nullifiers.md: cosmetics (make the table fit). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 20:20:00 +01:00
Daira Hopwood 103c93391d Clarify the statement about the δ^i being distinct quadratic non-residues. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 17:24:21 +01:00
therealyingtong 2dd23f47b8 [book] Update constraints for short signed fixed-base mul. 
Previously, we witnessed the magnitude of a short signed scalar
directly as three-bit windows. Now, we decompose and range-constrain
it using a running sum.
 2021-07-12 11:58:32 +08:00
Daira Hopwood 8ac20608e4 Merge branch 'kw-halo-book' into book-zk-changes 
Co-authored-by: Kevaundray Wedderburn <kevtheappdev@gmail.com>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:32:36 +01:00
Daira Hopwood 06ff90ba95 Rename UPA to PLONKish. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:12:58 +01:00
Daira Hopwood 6a11c2b97e Update the circuit commitments section for the changes to the permutation argument. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:03:41 +01:00
Daira Hopwood 1b3241d757 Clarify product argument and add a diagram. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:03:41 +01:00
Daira Hopwood fedcc1960d Permutation argument cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:01:39 +01:00
Daira Hopwood 69ca38d2b1 Update permutation argument for zero knowledge changes in #316. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:01:39 +01:00
Daira Hopwood 25b42a531d Follow https://github.com/zcash/halo2/pull/316 and https://github.com/zcash/orchard/issues/143 
in using 1 - Z(X) instead of Z(X) - 1.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-12 02:01:39 +01:00