Merge a597365282 into 7df93fd855

Fix MD book generation

.github/workflows/book.yml

@@ -12,7 +12,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: nightly
+          toolchain: '1.76.0'
           override: true
 
       # - name: Setup mdBook
@@ -26,7 +26,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: install
-          args: mdbook --git https://github.com/HollowMan6/mdBook.git --rev 62e01b34c23b957579c04ee1b24b57814ed8a4d5
+          args: mdbook --git https://github.com/HollowMan6/mdBook.git --rev 5830c9555a4dc051675d17f1fcb04dd0920543e8
 
       - name: Install mdbook-katex and mdbook-pdf
         uses: actions-rs/cargo@v1
@@ -40,6 +40,11 @@ jobs:
       - name: Build halo2 book
         run: mdbook build book/
 
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly-2023-10-05 
+          override: true
+
       - name: Build latest rustdocs
         uses: actions-rs/cargo@v1
         with:

.github/workflows/ci.yml

@@ -151,7 +151,7 @@ jobs:
             --timeout 600
             --out Xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.1
+        uses: codecov/codecov-action@v3.1.4
 
   doc-links:
     name: Intra-doc links

.gitignore

@@ -1,6 +1,8 @@
 /target
+/halo2_gadgets/*-layout.png
+/halo2_gadgets/benches/sha256_assets
+**/.*.swp
 **/*.rs.bk
-Cargo.lock
 .vscode
-**/*.html
 .DS_Store
+/book/book

README.md

@@ -1,6 +1,9 @@
-# halo2 [![Crates.io](https://img.shields.io/crates/v/halo2.svg)](https://crates.io/crates/halo2) #
+# halo2
 
-## [Documentation](https://docs.rs/halo2)
+## Usage
+
+This repository contains the [halo2_proofs](halo2_proofs/README.md) and
+[halo2_gadgets](halo2_gadgets/README.md) crates, which should be used directly.
 
 ## Minimum Supported Rust Version
 

book/Makefile

@@ -1,10 +0,0 @@
-.PHONY: all
-all:
-	find src -type f -a -name '*.md' |sed 's/[.]md$$/.html/g' |xargs $(MAKE)
-
-clean:
-	find src -type f -a -name '*.html' -print0 |xargs -0 rm
-
-%.html: %.md
-	pandoc --katex --from=markdown --to=html "$<" "--output=$@"
-	./edithtml.sh "$@" "$<"

book/book.toml

@@ -2,7 +2,7 @@
 authors = [
     "Jack Grigg",
     "Sean Bowe",
-    "Daira Hopwood",
+    "Daira Emma Hopwood",
     "Ying Tong Lai",
 ]
 language = "en"
@@ -14,8 +14,6 @@ title = "The halo2 Book"
 macros = "macros.txt"
 renderers = ["html"]
 
-[output.katex]
-
 [output.html]
 
 [output.html.print]

book/edithtml.sh

@@ -1,28 +0,0 @@
-#!/bin/sh
-
-cat - "$1" > "$1.prefix" <<EOF
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
-<head>
-  <meta charset="utf-8" />
-  <meta name="generator" content="pandoc" />
-  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
-  <title>$2</title>
-  <style type="text/css">
-      code{white-space: pre-wrap;}
-      span.smallcaps{font-variant: small-caps;}
-      span.underline{text-decoration: underline;}
-      div.column{display: inline-block; vertical-align: top; width: 50%;}
-  </style>
-  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.10.2/dist/katex.min.css" integrity="sha384-yFRtMMDnQtDRO8rLpMIKrtPCD5jdktao2TV19YiZYWMDkUR5GQZR/NOVTdquEx1j" crossorigin="anonymous">
-  <script defer src="https://cdn.jsdelivr.net/npm/katex@0.10.2/dist/katex.min.js" integrity="sha384-9Nhn55MVVN0/4OFx7EE5kpFBPsEMZxKTCnA+4fqDmg12eCTqGi6+BB2LjY8brQxJ" crossorigin="anonymous"></script>
-  <script defer src="https://cdn.jsdelivr.net/npm/katex@0.10.2/dist/contrib/auto-render.min.js" integrity="sha384-kWPLUVMOks5AQFrykwIup5lo0m3iMkkHrD0uJ4H5cjeGihAutqP0yW0J6dpFiVkI" crossorigin="anonymous"
-      onload="renderMathInElement(document.body);"></script>
-</head>
-<body>
-EOF
-cat "$1.prefix" - >"$1" <<EOF
-</body>
-</html>
-EOF
-rm -f "$1.prefix"

book/src/background/polynomials.md

@@ -242,7 +242,7 @@ Now, we can write our polynomial as a linear combination of Lagrange basis funct
 
 $$A(X) = \sum_{i = 0}^{n-1} a_i\mathcal{L_i}(X), X \in \mathcal{H},$$
 
-which is equivalent to saying that $p(X)$ evaluates to $a_0$ at $\omega^0$,
+which is equivalent to saying that $A(X)$ evaluates to $a_0$ at $\omega^0$,
 to $a_1$ at $\omega^1$, to $a_2$ at $\omega^2, \cdots,$ and so on.
 
 When working over a multiplicative subgroup, the Lagrange basis function has a convenient

book/src/design/proving-system/circuit-commitments.md

@@ -59,7 +59,7 @@ arguments are independent.)
 
 Let $c$ be the number of columns that are enabled for equality constraints.
 
-Let $m$ be the maximum number of columns that can accommodated by a
+Let $m$ be the maximum number of columns that can be accommodated by a
 [column set](permutation.md#spanning-a-large-number-of-columns) without exceeding
 the PLONK configuration's maximum constraint degree.
 

book/src/design/proving-system/vanishing.md

@@ -55,7 +55,7 @@ $$\mathbf{H} = [\text{Commit}(h_0(X)), \text{Commit}(h_1(X)), \dots, \text{Commi
 
 ## Evaluating the polynomials
 
-At this point, all properties of the circuit have been committed to. The verifier now
+At this point, we have committed to all properties of the circuit. The verifier now
 wants to see if the prover committed to the correct $h(X)$ polynomial. The verifier
 samples $x$, and the prover produces the purported evaluations of the various polynomials
 at $x$, for all the relative offsets used in the circuit, as well as $h(X)$.

examples/range_check.rs

@@ -0,0 +1,153 @@
+// This circuit implements a simple range check `a ∈ [RANGE_FIRST, RANGE_LAST]` for witness `a`.
+//
+// The prover allocates a single private value `a` in the advice column `a_col` and enables the
+// selector `s_range`. The selector `s_range` toggles the "range" gate whose constraint polynomial
+// is a polynomial of minimal degree having a root at each value in the range, i.e.
+// `s_range * (a - RANGE_START)...(a - RANGE_LAST)` returns `0` when `s_range = 1` if `a` is a root
+// (in the desired range).
+//
+// The constraint system matrix is:
+//
+//          Advice    Fixed
+// |-----||--------|---------|
+// | row || a_col  | s_range |
+// |-----||--------|---------|
+// |  0  ||   a    |    1    |
+// |-----||--------|---------|
+
+use halo2::{
+    circuit::{layouter::SingleChipLayouter, Chip, Layouter},
+    dev::{MockProver, VerifyFailure},
+    pasta::Fp,
+    plonk::{Advice, Assignment, Circuit, Column, ConstraintSystem, Error, Expression, Selector},
+    poly::Rotation,
+};
+
+// The first and last values (inclusive) in the range.
+const RANGE_FIRST: u64 = 1;
+const RANGE_LAST: u64 = 5;
+
+struct RangeChip {
+    config: RangeChipConfig,
+}
+
+#[derive(Clone, Debug)]
+struct RangeChipConfig {
+    a_col: Column<Advice>,
+    s_range: Selector,
+}
+
+impl Chip<Fp> for RangeChip {
+    type Config = RangeChipConfig;
+    type Loaded = ();
+
+    fn config(&self) -> &Self::Config {
+        &self.config
+    }
+
+    fn loaded(&self) -> &Self::Loaded {
+        &()
+    }
+}
+
+impl RangeChip {
+    fn new(config: RangeChipConfig) -> Self {
+        RangeChip { config }
+    }
+
+    fn configure(cs: &mut ConstraintSystem<Fp>) -> RangeChipConfig {
+        let a_col = cs.advice_column();
+        let s_range = cs.selector();
+
+        // `s_range * (a - RANGE_FIRST)...(a - RANGE_LAST)`
+        cs.create_gate("range check", |cs| {
+            let a = cs.query_advice(a_col, Rotation::cur());
+            let s_range = cs.query_selector(s_range, Rotation::cur());
+            let mut poly = s_range;
+            for i in RANGE_FIRST..=RANGE_LAST {
+                let root = Expression::Constant(Fp::from(i));
+                poly = poly * (a.clone() - root);
+            }
+            poly
+        });
+
+        RangeChipConfig { a_col, s_range }
+    }
+
+    fn alloc_and_range_check(
+        &self,
+        layouter: &mut impl Layouter<Fp>,
+        a: Option<Fp>,
+    ) -> Result<(), Error> {
+        layouter.assign_region(
+            || "load private inputs",
+            |mut region| {
+                let row_offset = 0;
+                self.config.s_range.enable(&mut region, row_offset)?;
+                region.assign_advice(
+                    || "private input 'a'",
+                    self.config.a_col,
+                    row_offset,
+                    || a.ok_or(Error::SynthesisError),
+                )?;
+                Ok(())
+            },
+        )
+    }
+}
+
+// Allocates `a` and ensures that it is contained within the range `[RANGE_FIRST, RANGE_LAST]`.
+#[derive(Clone)]
+struct MyCircuit {
+    // Private input.
+    a: Option<Fp>,
+}
+
+impl Circuit<Fp> for MyCircuit {
+    type Config = RangeChipConfig;
+
+    fn configure(cs: &mut ConstraintSystem<Fp>) -> Self::Config {
+        RangeChip::configure(cs)
+    }
+
+    fn synthesize(&self, cs: &mut impl Assignment<Fp>, config: Self::Config) -> Result<(), Error> {
+        let mut layouter = SingleChipLayouter::new(cs)?;
+        let chip = RangeChip::new(config);
+        chip.alloc_and_range_check(&mut layouter, self.a)
+    }
+}
+
+fn main() {
+    // The number of rows utilized in the constraint system matrix.
+    const N_ROWS_USED: u32 = 1;
+
+    // `k` can be zero, which is the case when `N_ROWS_USED = 1`.
+    let k = (N_ROWS_USED as f32).log2().ceil() as u32;
+    // This circuit has no public inputs.
+    let pub_inputs = vec![Fp::zero(); 1 << k];
+
+    // Assert that the constraint system is satisfied when `a ∈ [RANGE_FIRST, RANGE_LAST]`.
+    for a in RANGE_FIRST..=RANGE_LAST {
+        let circuit = MyCircuit { a: Some(Fp::from(a)) };
+        let prover = MockProver::run(k, &circuit, vec![pub_inputs.clone()])
+            .expect("failed to synthesize circuit");
+        assert!(prover.verify().is_ok());
+    }
+
+    // Assert that the constraint system is not satisfied when `a ∉ [RANGE_FIRST, RANGE_LAST]`.
+    for bad_a in &[RANGE_FIRST - 1, RANGE_LAST + 1] {
+        let bad_circuit = MyCircuit { a: Some(Fp::from(*bad_a)) };
+        let prover = MockProver::run(k, &bad_circuit, vec![pub_inputs.clone()])
+            .expect("failed to synthesize circuit");
+        match prover.verify() {
+            Err(errors) => {
+                assert_eq!(errors.len(), 1, "expected one verification error, found: {:?}", errors);
+                match &errors[0] {
+                    VerifyFailure::Gate { .. } => {}
+                    err => panic!("expected 'range check' gate failure, found: {:?}", err),
+                }
+            }
+            _ => panic!("expected `prover.verify()` to return an error for `a = {}`", bad_a),
+        };
+    }
+}

halo2/Cargo.toml

@@ -5,7 +5,7 @@ authors = [
     "Jack Grigg <jack@electriccoin.co>",
 ]
 edition = "2021"
-rust-version = "1.59"
+rust-version = "1.60"
 description = "[BETA] Fast zero-knowledge proof-carrying data implementation with no trusted setup"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/zcash/halo2"

halo2_gadgets/Cargo.toml

@@ -4,12 +4,12 @@ version = "0.3.0"
 authors = [
     "Sean Bowe <sean@electriccoin.co>",
     "Jack Grigg <jack@electriccoin.co>",
-    "Daira Hopwood <daira@jacaranda.org>",
+    "Daira Emma Hopwood <daira@jacaranda.org>",
     "Ying Tong Lai <yingtong@electriccoin.co>",
     "Kris Nuttycombe <kris@electriccoin.co>",
 ]
 edition = "2021"
-rust-version = "1.59"
+rust-version = "1.60"
 description = "Reusable gadgets and chip implementations for Halo 2"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/zcash/halo2"
@@ -54,6 +54,7 @@ test-dev-graph = [
     "plotters",
     "plotters/bitmap_backend",
     "plotters/bitmap_encoder",
+    "plotters/ttf",
 ]
 test-dependencies = ["proptest"]
 

halo2_gadgets/src/poseidon/pow5.rs

@@ -341,24 +341,30 @@ impl<
 
                 // Load the input into this region.
                 let load_input_word = |i: usize| {
-                    let constraint_var = match input.0[i].clone() {
-                        Some(PaddedWord::Message(word)) => word,
-                        Some(PaddedWord::Padding(padding_value)) => region.assign_fixed(
-                            || format!("load pad_{}", i),
-                            config.rc_b[i],
-                            1,
-                            || Value::known(padding_value),
-                        )?,
+                    let (cell, value) = match input.0[i].clone() {
+                        Some(PaddedWord::Message(word)) => (word.cell(), word.value().copied()),
+                        Some(PaddedWord::Padding(padding_value)) => {
+                            let cell = region
+                                .assign_fixed(
+                                    || format!("load pad_{}", i),
+                                    config.rc_b[i],
+                                    1,
+                                    || Value::known(padding_value),
+                                )?
+                                .cell();
+                            (cell, Value::known(padding_value))
+                        }
                         _ => panic!("Input is not padded"),
                     };
-                    constraint_var
-                        .copy_advice(
-                            || format!("load input_{}", i),
-                            &mut region,
-                            config.state[i],
-                            1,
-                        )
-                        .map(StateWord)
+                    let var = region.assign_advice(
+                        || format!("load input_{}", i),
+                        config.state[i],
+                        1,
+                        || value,
+                    )?;
+                    region.constrain_equal(cell, var.cell())?;
+
+                    Ok(StateWord(var))
                 };
                 let input: Result<Vec<_>, Error> = (0..RATE).map(load_input_word).collect();
                 let input = input?;
@@ -597,9 +603,11 @@ mod tests {
         circuit::{Layouter, SimpleFloorPlanner, Value},
         dev::MockProver,
         pasta::Fp,
-        plonk::{Circuit, ConstraintSystem, Error},
+        plonk::{self, Circuit, ConstraintSystem, Error, SingleVerifier},
+        poly::commitment::Params,
+        transcript::{Blake2bRead, Blake2bWrite, Challenge255},
     };
-    use pasta_curves::pallas;
+    use pasta_curves::{pallas, EqAffine};
     use rand::rngs::OsRng;
 
     use super::{PoseidonInstructions, Pow5Chip, Pow5Config, StateWord};
@@ -840,7 +848,29 @@ mod tests {
             _spec: PhantomData,
         };
         let prover = MockProver::run(k, &circuit, vec![]).unwrap();
-        assert_eq!(prover.verify(), Ok(()))
+        assert_eq!(prover.verify(), Ok(()));
+
+        let params = Params::new(k);
+        let vk = plonk::keygen_vk(&params, &circuit).unwrap();
+        let pk = plonk::keygen_pk(&params, vk, &circuit).unwrap();
+
+        let mut transcript = Blake2bWrite::<_, EqAffine, _>::init(vec![]);
+        plonk::create_proof(
+            &params,
+            &pk,
+            &[circuit],
+            &[&[]],
+            &mut OsRng,
+            &mut transcript,
+        )
+        .unwrap();
+        let proof = transcript.finalize();
+
+        let strategy = SingleVerifier::new(&params);
+        let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
+        assert!(
+            plonk::verify_proof(&params, pk.get_vk(), strategy, &[&[]], &mut transcript).is_ok()
+        );
     }
 
     #[test]

halo2_proofs/Cargo.toml

@@ -4,11 +4,11 @@ version = "0.3.0"
 authors = [
     "Sean Bowe <sean@electriccoin.co>",
     "Ying Tong Lai <yingtong@electriccoin.co>",
-    "Daira Hopwood <daira@electriccoin.co>",
+    "Daira Emma Hopwood <daira@jacaranda.org>",
     "Jack Grigg <jack@electriccoin.co>",
 ]
 edition = "2021"
-rust-version = "1.59"
+rust-version = "1.60"
 description = """
 Fast PLONK-based zero-knowledge proving system with no trusted setup
 """
@@ -67,6 +67,11 @@ gumdrop = "0.8"
 proptest = "1"
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
 
+# Indirect dev-dependencies that we pin to preserve MSRV in CI checks.
+dashmap = ">=5, <5.5.0" # dashmap 5.5.0 has MSRV 1.64
+image = ">=0.24, <0.24.5" # image 0.24.5 has MSRV 1.61
+tempfile = ">=3, <3.7.0" # tempfile 3.7.0 has MSRV 1.63
+
 [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dev-dependencies]
 getrandom = { version = "0.2", features = ["js"] }
 
@@ -77,6 +82,8 @@ dev-graph = ["plotters", "tabbycat"]
 test-dev-graph = [
     "dev-graph",
     "plotters/bitmap_backend",
+    "plotters/bitmap_encoder",
+    "plotters/ttf",
 ]
 gadget-traces = ["backtrace"]
 sanity-checks = []