fix: review the pub types/fields(post-split)(1)

halo2_backend/src/arithmetic.rs

@@ -14,7 +14,7 @@ pub use halo2curves::{CurveAffine, CurveExt};
 /// This represents an element of a group with basic operations that can be
 /// performed. This allows an FFT implementation (for example) to operate
 /// generically over either a field or elliptic curve group.
-pub trait FftGroup<Scalar: Field>:
+pub(crate) trait FftGroup<Scalar: Field>:
     Copy + Send + Sync + 'static + GroupOpsOwned + ScalarMulOwned<Scalar>
 {
 }
@@ -27,7 +27,7 @@ where
 }
 
 /// Convert coefficient bases group elements to lagrange basis by inverse FFT.
-pub fn g_to_lagrange<C: CurveAffine>(g_projective: Vec<C::Curve>, k: u32) -> Vec<C> {
+pub(crate) fn g_to_lagrange<C: CurveAffine>(g_projective: Vec<C::Curve>, k: u32) -> Vec<C> {
     let n_inv = C::Scalar::TWO_INV.pow_vartime([k as u64, 0, 0, 0]);
     let mut omega_inv = C::Scalar::ROOT_OF_UNITY_INV;
     for _ in k..C::Scalar::S {
@@ -54,7 +54,7 @@ pub fn g_to_lagrange<C: CurveAffine>(g_projective: Vec<C::Curve>, k: u32) -> Vec
 }
 
 /// This evaluates a provided polynomial (in coefficient form) at `point`.
-pub fn eval_polynomial<F: Field>(poly: &[F], point: F) -> F {
+pub(crate) fn eval_polynomial<F: Field>(poly: &[F], point: F) -> F {
     fn evaluate<F: Field>(poly: &[F], point: F) -> F {
         poly.iter()
             .rev()
@@ -84,7 +84,7 @@ pub fn eval_polynomial<F: Field>(poly: &[F], point: F) -> F {
 /// This computes the inner product of two vectors `a` and `b`.
 ///
 /// This function will panic if the two vectors are not the same size.
-pub fn compute_inner_product<F: Field>(a: &[F], b: &[F]) -> F {
+pub(crate) fn compute_inner_product<F: Field>(a: &[F], b: &[F]) -> F {
     // TODO: parallelize?
     assert_eq!(a.len(), b.len());
 
@@ -98,7 +98,7 @@ pub fn compute_inner_product<F: Field>(a: &[F], b: &[F]) -> F {
 
 /// Divides polynomial `a` in `X` by `X - b` with
 /// no remainder.
-pub fn kate_division<'a, F: Field, I: IntoIterator<Item = &'a F>>(a: I, mut b: F) -> Vec<F>
+pub(crate) fn kate_division<'a, F: Field, I: IntoIterator<Item = &'a F>>(a: I, mut b: F) -> Vec<F>
 where
     I::IntoIter: DoubleEndedIterator + ExactSizeIterator,
 {
@@ -174,7 +174,7 @@ pub fn parallelize<T: Send, F: Fn(&mut [T], usize) + Send + Sync + Clone>(v: &mu
 /// Returns coefficients of an n - 1 degree polynomial given a set of n points
 /// and their evaluations. This function will panic if two values in `points`
 /// are the same.
-pub fn lagrange_interpolate<F: Field>(points: &[F], evals: &[F]) -> Vec<F> {
+pub(crate) fn lagrange_interpolate<F: Field>(points: &[F], evals: &[F]) -> Vec<F> {
     assert_eq!(points.len(), evals.len());
     if points.len() == 1 {
         // Constant polynomial
@@ -229,7 +229,7 @@ pub fn lagrange_interpolate<F: Field>(points: &[F], evals: &[F]) -> Vec<F> {
     }
 }
 
-pub fn evaluate_vanishing_polynomial<F: Field>(roots: &[F], z: F) -> F {
+pub(crate) fn evaluate_vanishing_polynomial<F: Field>(roots: &[F], z: F) -> F {
     fn evaluate<F: Field>(roots: &[F], z: F) -> F {
         roots.iter().fold(F::ONE, |acc, point| (z - point) * acc)
     }
@@ -249,7 +249,7 @@ pub fn evaluate_vanishing_polynomial<F: Field>(roots: &[F], z: F) -> F {
     }
 }
 
-pub fn powers<F: Field>(base: F) -> impl Iterator<Item = F> {
+pub(crate) fn powers<F: Field>(base: F) -> impl Iterator<Item = F> {
     std::iter::successors(Some(F::ONE), move |power| Some(base * power))
 }
 

halo2_backend/src/helpers.rs

@@ -102,25 +102,6 @@ pub trait SerdePrimeField: PrimeField + SerdeObject {
 }
 impl<F: PrimeField + SerdeObject> SerdePrimeField for F {}
 
-/// Convert a slice of `bool` into a `u8`.
-///
-/// Panics if the slice has length greater than 8.
-pub fn pack(bits: &[bool]) -> u8 {
-    let mut value = 0u8;
-    assert!(bits.len() <= 8);
-    for (bit_index, bit) in bits.iter().enumerate() {
-        value |= (*bit as u8) << bit_index;
-    }
-    value
-}
-
-/// Writes the first `bits.len()` bits of a `u8` into `bits`.
-pub fn unpack(byte: u8, bits: &mut [bool]) {
-    for (bit_index, bit) in bits.iter_mut().enumerate() {
-        *bit = (byte >> bit_index) & 1 == 1;
-    }
-}
-
 /// Reads a vector of polynomials from buffer
 pub(crate) fn read_polynomial_vec<R: io::Read, F: SerdePrimeField, B>(
     reader: &mut R,

halo2_backend/src/plonk.rs

@@ -230,13 +230,8 @@ impl<C: CurveAffine> VerifyingKey<C> {
         &self.fixed_commitments
     }
 
-    /// Returns `VerifyingKey` of permutation
-    pub fn permutation(&self) -> &permutation::VerifyingKey<C> {
-        &self.permutation
-    }
-
     /// Returns `ConstraintSystem`
-    pub fn cs(&self) -> &ConstraintSystemBack<C::Scalar> {
+    pub(crate) fn cs(&self) -> &ConstraintSystemBack<C::Scalar> {
         &self.cs
     }
 
@@ -388,21 +383,21 @@ impl<C: CurveAffine> VerifyingKey<C> {
 }
 
 #[derive(Clone, Copy, Debug)]
-pub struct Theta;
-pub type ChallengeTheta<F> = ChallengeScalar<F, Theta>;
+pub(crate) struct Theta;
+pub(crate) type ChallengeTheta<F> = ChallengeScalar<F, Theta>;
 
 #[derive(Clone, Copy, Debug)]
-pub struct Beta;
-pub type ChallengeBeta<F> = ChallengeScalar<F, Beta>;
+pub(crate) struct Beta;
+pub(crate) type ChallengeBeta<F> = ChallengeScalar<F, Beta>;
 
 #[derive(Clone, Copy, Debug)]
-pub struct Gamma;
-pub type ChallengeGamma<F> = ChallengeScalar<F, Gamma>;
+pub(crate) struct Gamma;
+pub(crate) type ChallengeGamma<F> = ChallengeScalar<F, Gamma>;
 
 #[derive(Clone, Copy, Debug)]
-pub struct Y;
-pub type ChallengeY<F> = ChallengeScalar<F, Y>;
+pub(crate) struct Y;
+pub(crate) type ChallengeY<F> = ChallengeScalar<F, Y>;
 
 #[derive(Clone, Copy, Debug)]
-pub struct X;
-pub type ChallengeX<F> = ChallengeScalar<F, X>;
+pub(crate) struct X;
+pub(crate) type ChallengeX<F> = ChallengeScalar<F, X>;

halo2_backend/src/plonk/circuit.rs

@@ -97,7 +97,7 @@ pub struct ConstraintSystemBack<F: Field> {
 impl<F: Field> ConstraintSystemBack<F> {
     /// Compute the degree of the constraint system (the maximum degree of all
     /// constraints).
-    pub fn degree(&self) -> usize {
+    pub(crate) fn degree(&self) -> usize {
         // The permutation argument will serve alongside the gates, so must be
         // accounted for.
         let mut degree = permutation_argument_required_degree();
@@ -140,7 +140,7 @@ impl<F: Field> ConstraintSystemBack<F> {
 
     /// Compute the number of blinding factors necessary to perfectly blind
     /// each of the prover's witness polynomials.
-    pub fn blinding_factors(&self) -> usize {
+    pub(crate) fn blinding_factors(&self) -> usize {
         // All of the prover's advice columns are evaluated at no more than
         let factors = *self.num_advice_queries.iter().max().unwrap_or(&1);
         // distinct points during gate checks.
@@ -169,7 +169,7 @@ impl<F: Field> ConstraintSystemBack<F> {
 
     /// Returns the minimum necessary rows that need to exist in order to
     /// account for e.g. blinding factors.
-    pub fn minimum_rows(&self) -> usize {
+    pub(crate) fn minimum_rows(&self) -> usize {
         self.blinding_factors() // m blinding factors
             + 1 // for l_{-(m + 1)} (l_last)
             + 1 // for l_0 (just for extra breathing room for the permutation
@@ -179,7 +179,7 @@ impl<F: Field> ConstraintSystemBack<F> {
             + 1 // for at least one row
     }
 
-    pub fn get_any_query_index(&self, column: ColumnMid, at: Rotation) -> usize {
+    pub(crate) fn get_any_query_index(&self, column: ColumnMid, at: Rotation) -> usize {
         let queries = match column.column_type {
             Any::Advice => &self.advice_queries,
             Any::Fixed => &self.fixed_queries,
@@ -194,7 +194,7 @@ impl<F: Field> ConstraintSystemBack<F> {
     }
 
     /// Returns the list of phases
-    pub fn phases(&self) -> impl Iterator<Item = u8> {
+    pub(crate) fn phases(&self) -> impl Iterator<Item = u8> {
         let max_phase = self
             .advice_column_phase
             .iter()
@@ -207,7 +207,7 @@ impl<F: Field> ConstraintSystemBack<F> {
     /// Obtain a pinned version of this constraint system; a structure with the
     /// minimal parameters needed to determine the rest of the constraint
     /// system.
-    pub fn pinned(&self) -> PinnedConstraintSystem<'_, F> {
+    pub(crate) fn pinned(&self) -> PinnedConstraintSystem<'_, F> {
         PinnedConstraintSystem {
             num_fixed_columns: &self.num_fixed_columns,
             num_advice_columns: &self.num_advice_columns,
@@ -238,7 +238,7 @@ impl<'a, F: Field> std::fmt::Debug for PinnedGates<'a, F> {
 }
 
 /// Represents the minimal parameters that determine a `ConstraintSystem`.
-pub struct PinnedConstraintSystem<'a, F: Field> {
+pub(crate) struct PinnedConstraintSystem<'a, F: Field> {
     num_fixed_columns: &'a usize,
     num_advice_columns: &'a usize,
     num_instance_columns: &'a usize,

halo2_backend/src/plonk/evaluation.rs

@@ -173,7 +173,7 @@ impl Calculation {
 
 /// Evaluator
 #[derive(Clone, Default, Debug)]
-pub struct Evaluator<C: CurveAffine> {
+pub(crate) struct Evaluator<C: CurveAffine> {
     ///  Custom gates evalution
     custom_gates: GraphEvaluator<C>,
     ///  Lookups evalution
@@ -835,7 +835,7 @@ impl<C: CurveAffine> GraphEvaluator<C> {
 }
 
 /// Simple evaluation of an [`ExpressionBack`] over the provided lagrange polynomials
-pub fn evaluate<F: Field, B: LagrangeBasis>(
+pub(crate) fn evaluate<F: Field, B: LagrangeBasis>(
     expression: &ExpressionBack<F>,
     size: usize,
     rot_scale: i32,

halo2_backend/src/plonk/keygen.rs

@@ -377,58 +377,15 @@ impl<F: Field> From<ConstraintSystemMid<F>> for ConstraintSystemBack<F> {
 
 /// List of queries (columns and rotations) used by a circuit
 #[derive(Debug, Clone)]
-pub struct Queries {
+pub(crate) struct Queries {
     /// List of unique advice queries
-    pub advice: Vec<(ColumnMid, Rotation)>,
+    pub(crate) advice: Vec<(ColumnMid, Rotation)>,
     /// List of unique instance queries
-    pub instance: Vec<(ColumnMid, Rotation)>,
+    pub(crate) instance: Vec<(ColumnMid, Rotation)>,
     /// List of unique fixed queries
-    pub fixed: Vec<(ColumnMid, Rotation)>,
+    pub(crate) fixed: Vec<(ColumnMid, Rotation)>,
     /// Contains an integer for each advice column
     /// identifying how many distinct queries it has
     /// so far; should be same length as cs.num_advice_columns.
-    pub num_advice_queries: Vec<usize>,
-}
-
-impl Queries {
-    /// Returns the minimum necessary rows that need to exist in order to
-    /// account for e.g. blinding factors.
-    pub fn minimum_rows(&self) -> usize {
-        self.blinding_factors() // m blinding factors
-            + 1 // for l_{-(m + 1)} (l_last)
-            + 1 // for l_0 (just for extra breathing room for the permutation
-                // argument, to essentially force a separation in the
-                // permutation polynomial between the roles of l_last, l_0
-                // and the interstitial values.)
-            + 1 // for at least one row
-    }
-
-    /// Compute the number of blinding factors necessary to perfectly blind
-    /// each of the prover's witness polynomials.
-    pub fn blinding_factors(&self) -> usize {
-        // All of the prover's advice columns are evaluated at no more than
-        let factors = *self.num_advice_queries.iter().max().unwrap_or(&1);
-        // distinct points during gate checks.
-
-        // - The permutation argument witness polynomials are evaluated at most 3 times.
-        // - Each lookup argument has independent witness polynomials, and they are
-        //   evaluated at most 2 times.
-        let factors = std::cmp::max(3, factors);
-
-        // Each polynomial is evaluated at most an additional time during
-        // multiopen (at x_3 to produce q_evals):
-        let factors = factors + 1;
-
-        // h(x) is derived by the other evaluations so it does not reveal
-        // anything; in fact it does not even appear in the proof.
-
-        // h(x_3) is also not revealed; the verifier only learns a single
-        // evaluation of a polynomial in x_1 which has h(x_3) and another random
-        // polynomial evaluated at x_3 as coefficients -- this random polynomial
-        // is "random_poly" in the vanishing argument.
-
-        // Add an additional blinding factor as a slight defense against
-        // off-by-one errors.
-        factors + 1
-    }
+    pub(crate) num_advice_queries: Vec<usize>,
 }

halo2_backend/src/plonk/lookup/verifier.rs

@@ -12,17 +12,17 @@ use halo2_middleware::circuit::Any;
 use halo2_middleware::ff::Field;
 use halo2_middleware::poly::Rotation;
 
-pub struct PermutationCommitments<C: CurveAffine> {
+pub(crate) struct PermutationCommitments<C: CurveAffine> {
     permuted_input_commitment: C,
     permuted_table_commitment: C,
 }
 
-pub struct Committed<C: CurveAffine> {
+pub(crate) struct Committed<C: CurveAffine> {
     permuted: PermutationCommitments<C>,
     product_commitment: C,
 }
 
-pub struct Evaluated<C: CurveAffine> {
+pub(crate) struct Evaluated<C: CurveAffine> {
     committed: Committed<C>,
     product_eval: C::Scalar,
     product_next_eval: C::Scalar,

halo2_backend/src/plonk/permutation.rs

@@ -11,22 +11,17 @@ pub use halo2_middleware::permutation::ArgumentMid as Argument;
 
 use std::io;
 
-pub mod keygen;
-pub mod prover;
-pub mod verifier;
+pub(crate) mod keygen;
+pub(crate) mod prover;
+pub(crate) mod verifier;
 
 /// The verifying key for a single permutation argument.
 #[derive(Clone, Debug)]
-pub struct VerifyingKey<C: CurveAffine> {
+pub(crate) struct VerifyingKey<C: CurveAffine> {
     commitments: Vec<C>,
 }
 
 impl<C: CurveAffine> VerifyingKey<C> {
-    /// Returns commitments of sigma polynomials
-    pub fn commitments(&self) -> &Vec<C> {
-        &self.commitments
-    }
-
     pub(crate) fn write<W: io::Write>(&self, writer: &mut W, format: SerdeFormat) -> io::Result<()>
     where
         C: SerdeCurveAffine,

halo2_backend/src/plonk/permutation/keygen.rs

@@ -16,7 +16,7 @@ use halo2_middleware::permutation::{ArgumentMid, AssemblyMid};
 
 /// Struct that accumulates all the necessary data in order to construct the permutation argument.
 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct Assembly {
+pub(crate) struct Assembly {
     /// Columns that participate on the copy permutation argument.
     columns: Vec<ColumnMid>,
     /// Mapping of the actual copies done.

halo2_backend/src/plonk/vanishing/verifier.rs

@@ -14,22 +14,22 @@ use crate::{
 
 use super::Argument;
 
-pub struct Committed<C: CurveAffine> {
+pub(in crate::plonk) struct Committed<C: CurveAffine> {
     random_poly_commitment: C,
 }
 
-pub struct Constructed<C: CurveAffine> {
+pub(in crate::plonk) struct Constructed<C: CurveAffine> {
     h_commitments: Vec<C>,
     random_poly_commitment: C,
 }
 
-pub struct PartiallyEvaluated<C: CurveAffine> {
+pub(in crate::plonk) struct PartiallyEvaluated<C: CurveAffine> {
     h_commitments: Vec<C>,
     random_poly_commitment: C,
     random_eval: C::Scalar,
 }
 
-pub struct Evaluated<C: CurveAffine, M: MSM<C>> {
+pub(in crate::plonk) struct Evaluated<C: CurveAffine, M: MSM<C>> {
     h_commitment: M,
     random_poly_commitment: C,
     expected_h_eval: C::Scalar,

halo2_backend/src/poly.rs

@@ -28,15 +28,10 @@ pub mod kzg;
 mod multiopen_test;
 
 pub use domain::*;
-pub use query::{ProverQuery, VerifierQuery};
+pub(crate) use query::{ProverQuery, VerifierQuery};
 pub use strategy::{Guard, VerificationStrategy};
 
-// TODO: move everything from the poly module to the backend.  This requires that the frontend
-// works without Poly (and just Vec<F>).
-// https://github.com/privacy-scaling-explorations/halo2/issues/257
-
 /// This is an error that could occur during proving or circuit synthesis.
-// TODO: these errors need to be cleaned up
 #[derive(Debug)]
 pub enum Error {
     /// OpeningProof is not well-formed

halo2_frontend/src/circuit.rs

@@ -133,7 +133,7 @@ pub fn compile_circuit<F: Field, ConcreteCircuit: Circuit<F>>(
     ))
 }
 
-pub struct WitnessCollection<'a, F: Field> {
+struct WitnessCollection<'a, F: Field> {
     k: u32,
     current_phase: sealed::Phase,
     advice_column_phase: &'a Vec<sealed::Phase>,