From bf523bd0da8394e7c0b500bcc09dfd5c2e49030a Mon Sep 17 00:00:00 2001 From: zhenfei Date: Mon, 20 Mar 2023 17:45:52 -0400 Subject: [PATCH 1/2] sync group ff 0.13.0 --- .gitignore | 1 + Cargo.toml | 9 +- snark-verifier-sdk/Cargo.toml | 19 ++-- snark-verifier-sdk/benches/standard_plonk.rs | 4 +- snark-verifier-sdk/src/halo2/aggregation.rs | 8 +- snark-verifier/Cargo.toml | 21 ++-- .../examples/evm-verifier-with-accumulator.rs | 7 +- snark-verifier/examples/evm-verifier.rs | 6 +- snark-verifier/examples/recursion.rs | 17 ++- snark-verifier/src/cost.rs | 7 +- snark-verifier/src/lib.rs | 2 +- snark-verifier/src/loader.rs | 35 +++--- snark-verifier/src/loader/evm/code.rs | 4 +- snark-verifier/src/loader/evm/loader.rs | 106 ++++++------------ snark-verifier/src/loader/evm/test.rs | 13 +-- snark-verifier/src/loader/evm/test/tui.rs | 92 ++++----------- snark-verifier/src/loader/evm/util.rs | 8 +- .../src/loader/evm/util/executor.rs | 91 +++------------ snark-verifier/src/loader/halo2/loader.rs | 18 +-- snark-verifier/src/loader/halo2/shim.rs | 65 +++++------ snark-verifier/src/loader/native.rs | 8 +- snark-verifier/src/pcs/ipa.rs | 2 +- snark-verifier/src/pcs/ipa/accumulation.rs | 2 +- snark-verifier/src/pcs/ipa/decider.rs | 2 +- snark-verifier/src/pcs/ipa/multiopen/bgh19.rs | 12 +- snark-verifier/src/pcs/kzg/accumulator.rs | 2 +- snark-verifier/src/pcs/kzg/decider.rs | 14 +-- .../src/pcs/kzg/multiopen/bdfg21.rs | 15 ++- snark-verifier/src/pcs/kzg/multiopen/gwc19.rs | 2 + snark-verifier/src/system/halo2.rs | 26 +++-- snark-verifier/src/system/halo2/test.rs | 2 + .../src/system/halo2/test/circuit/maingate.rs | 16 +-- .../src/system/halo2/test/circuit/standard.rs | 17 ++- snark-verifier/src/system/halo2/test/kzg.rs | 6 +- .../src/system/halo2/test/kzg/halo2.rs | 2 +- snark-verifier/src/system/halo2/transcript.rs | 21 +++- .../src/system/halo2/transcript/halo2.rs | 20 +++- snark-verifier/src/util/arithmetic.rs | 14 +-- snark-verifier/src/util/hash/poseidon.rs | 29 +++-- snark-verifier/src/util/msm.rs | 40 ++----- snark-verifier/src/util/poly.rs | 28 +++-- snark-verifier/src/util/protocol.rs | 4 +- snark-verifier/src/verifier/plonk.rs | 2 +- 43 files changed, 343 insertions(+), 476 deletions(-) diff --git a/.gitignore b/.gitignore index 0175c775..bfa78d1e 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ testdata Cargo.lock +*.srs \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index 7b3ec409..b6387c11 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,4 +36,11 @@ debug = true # patch until PR https://github.com/privacy-scaling-explorations/halo2/pull/111 is merged [patch."https://github.com/privacy-scaling-explorations/halo2.git"] -halo2_proofs = { git = "https://github.com/axiom-crypto/halo2.git", branch = "feat/serde-raw" } \ No newline at end of file +halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-snark-verifier-0220" } + +[patch."https://github.com/privacy-scaling-explorations/poseidon.git"] +poseidon = { git = "https://github.com/scroll-tech/poseidon.git", branch = "halo2-ecc-snark-verifier-0220" } + +[patch.crates-io] +# temporary solution to funty@1.2.0 being yanked, tracking issue: https://github.com/ferrilab/funty/issues/7 +funty = { git = "https://github.com/ferrilab/funty/", rev = "7ef0d890fbcd8b3def1635ac1a877fc298488446" } \ No newline at end of file diff --git a/snark-verifier-sdk/Cargo.toml b/snark-verifier-sdk/Cargo.toml index 222e6eb9..0c1dd7b9 100644 --- a/snark-verifier-sdk/Cargo.toml +++ b/snark-verifier-sdk/Cargo.toml @@ -17,7 +17,8 @@ serde_json = "1.0" bincode = "1.3.3" ark-std = { version = "0.3.0", features = ["print-trace"], optional = true } -halo2-base = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false } +# halo2-base = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false } +halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220" } snark-verifier = { path = "../snark-verifier", default-features = false } # loader_evm @@ -28,10 +29,14 @@ ethereum-types = { version = "0.14", default-features = false, features = ["std" # rlp = { version = "0.5", default-features = false, features = ["std"], optional = true } # zkevm benchmarks -zkevm-circuits = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", features = ["test"], optional = true } -bus-mapping = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", optional = true } -eth-types = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", optional = true } -mock = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", optional = true } +# zkevm-circuits = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", features = ["test"], optional = true } +# bus-mapping = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", optional = true } +# eth-types = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", optional = true } +# mock = { git = "https://github.com/jonathanpwang/zkevm-circuits.git", branch = "bench-12-04", optional = true } +zkevm-circuits = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0220", features = ["test"], optional = true } +bus-mapping = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0220", optional = true } +eth-types = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0220", optional = true } +mock = { git = "https://github.com/scroll-tech/zkevm-circuits.git", branch = "halo2-ecc-snark-verifier-0220", optional = true } [dev-dependencies] ark-std = { version = "0.3.0", features = ["print-trace"] } @@ -44,14 +49,14 @@ crossterm = { version = "0.25" } tui = { version = "0.19", default-features = false, features = ["crossterm"] } [features] -default = ["loader_halo2", "loader_evm", "halo2-axiom", "halo2-base/jemallocator"] +default = ["loader_halo2", "loader_evm", "halo2-pse", "halo2-base/jemallocator"] display = ["snark-verifier/display", "dep:ark-std"] loader_evm = ["snark-verifier/loader_evm", "dep:ethereum-types"] loader_halo2 = ["snark-verifier/loader_halo2"] parallel = ["snark-verifier/parallel"] # EXACTLY one of halo2-pse / halo2-axiom should always be turned on; not sure how to enforce this with Cargo halo2-pse = ["snark-verifier/halo2-pse"] -halo2-axiom = ["snark-verifier/halo2-axiom"] +# halo2-axiom = ["snark-verifier/halo2-axiom"] zkevm = ["dep:zkevm-circuits", "dep:bus-mapping", "dep:mock", "dep:eth-types"] diff --git a/snark-verifier-sdk/benches/standard_plonk.rs b/snark-verifier-sdk/benches/standard_plonk.rs index e19776e9..08a5b78b 100644 --- a/snark-verifier-sdk/benches/standard_plonk.rs +++ b/snark-verifier-sdk/benches/standard_plonk.rs @@ -146,7 +146,7 @@ mod application { #[cfg(feature = "halo2-axiom")] { region.assign_advice(config.a, 0, Value::known(self.0))?; - region.assign_fixed(config.q_a, 0, -Fr::one()); + region.assign_fixed(config.q_a, 0, -Fr::ONE); region.assign_advice(config.a, 1, Value::known(-Fr::from(5u64)))?; for (idx, column) in (1..).zip([ config.q_a, @@ -158,7 +158,7 @@ mod application { region.assign_fixed(column, 1, Fr::from(idx as u64)); } - let a = region.assign_advice(config.a, 2, Value::known(Fr::one()))?; + let a = region.assign_advice(config.a, 2, Value::known(Fr::ONE))?; a.copy_advice(&mut region, config.b, 3); a.copy_advice(&mut region, config.c, 4); } diff --git a/snark-verifier-sdk/src/halo2/aggregation.rs b/snark-verifier-sdk/src/halo2/aggregation.rs index 4748c930..6e3949c6 100644 --- a/snark-verifier-sdk/src/halo2/aggregation.rs +++ b/snark-verifier-sdk/src/halo2/aggregation.rs @@ -50,9 +50,9 @@ pub fn load_verify_circuit_degree() -> u32 { params.degree } -pub fn flatten_accumulator<'b, 'a: 'b>( +pub fn flatten_accumulator<'a>( accumulator: KzgAccumulator>>, -) -> Vec> { +) -> Vec> { let KzgAccumulator { lhs, rhs } = accumulator; let lhs = lhs.into_assigned(); let rhs = rhs.into_assigned(); @@ -372,7 +372,7 @@ impl Circuit for AggregationCircuit { // Expose instances for (i, cell) in instances.into_iter().enumerate() { - layouter.constrain_instance(cell, config.instance, i); + layouter.constrain_instance(cell, config.instance, i)?; } #[cfg(feature = "display")] end_timer!(witness_time); @@ -510,7 +510,7 @@ impl Circuit for PublicAggregationCircuit { .unwrap(); // Expose instances for (i, cell) in instances.into_iter().enumerate() { - layouter.constrain_instance(cell, config.instance, i); + layouter.constrain_instance(cell, config.instance, i)?; } #[cfg(feature = "display")] end_timer!(witness_time); diff --git a/snark-verifier/Cargo.toml b/snark-verifier/Cargo.toml index 97d7c00f..6b386dcd 100644 --- a/snark-verifier/Cargo.toml +++ b/snark-verifier/Cargo.toml @@ -14,11 +14,15 @@ rand = "0.8" rustc-hash = "1.1.0" serde = { version = "1.0", features = ["derive"] } -# Use halo2-base as non-optional dependency because it re-exports halo2_proofs, halo2curves, and poseidon, using different repos based on feature flag "halo2-axiom" or "halo2-pse" -halo2-base = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false } -# This poseidon is identical to PSE (for now) but uses axiom's halo2curves; otherwise would require patching -poseidon-axiom = { git = "https://github.com/axiom-crypto/halo2.git", branch = "axiom/faster-witness-generation", package = "poseidon", optional = true } -poseidon= { git = "https://github.com/privacy-scaling-explorations/poseidon", optional = true } +# # Use halo2-base as non-optional dependency because it re-exports halo2_proofs, halo2curves, and poseidon, using different repos based on feature flag "halo2-axiom" or "halo2-pse" +# halo2-base = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false } +# # This poseidon is identical to PSE (for now) but uses axiom's halo2curves; otherwise would require patching +# poseidon-axiom = { git = "https://github.com/axiom-crypto/halo2.git", branch = "axiom/faster-witness-generation", package = "poseidon", optional = true } +# poseidon= { git = "https://github.com/privacy-scaling-explorations/poseidon", optional = true } + +halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-snark-verifier-0220" } +halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220" } +poseidon = { git = "https://github.com/scroll-tech/poseidon", branch = "halo2-ecc-snark-verifier-0220", optional = true } # parallel rayon = { version = "1.5.3", optional = true } @@ -31,7 +35,8 @@ bytes = { version = "1.2", optional = true } rlp = { version = "0.5", default-features = false, features = ["std"], optional = true } # loader_halo2 -halo2-ecc = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false, optional = true } +# halo2-ecc = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false, optional = true } +halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220", default-features = false, optional = true } [dev-dependencies] ark-std = { version = "0.3.0", features = ["print-trace"] } @@ -44,14 +49,14 @@ crossterm = { version = "0.25" } tui = { version = "0.19", default-features = false, features = ["crossterm"] } [features] -default = ["loader_evm", "loader_halo2", "halo2-axiom"] +default = ["loader_evm", "loader_halo2", "halo2-pse"] display = ["halo2-base/display", "halo2-ecc?/display"] loader_evm = ["dep:ethereum-types", "dep:sha3", "dep:revm", "dep:bytes", "dep:rlp"] loader_halo2 = ["halo2-ecc"] parallel = ["dep:rayon"] # EXACTLY one of halo2-pse / halo2-axiom should always be turned on; not sure how to enforce this with Cargo halo2-pse = ["halo2-base/halo2-pse", "halo2-ecc?/halo2-pse", "poseidon"] -halo2-axiom = ["halo2-base/halo2-axiom", "halo2-ecc?/halo2-axiom", "poseidon-axiom"] +# halo2-axiom = ["halo2-base/halo2-axiom", "halo2-ecc?/halo2-axiom", "poseidon-axiom"] [[example]] name = "evm-verifier" diff --git a/snark-verifier/examples/evm-verifier-with-accumulator.rs b/snark-verifier/examples/evm-verifier-with-accumulator.rs index be936611..d09eb03f 100644 --- a/snark-verifier/examples/evm-verifier-with-accumulator.rs +++ b/snark-verifier/examples/evm-verifier-with-accumulator.rs @@ -42,7 +42,6 @@ mod application { poly::Rotation, }; use super::Fr; - use halo2_base::halo2_proofs::plonk::Assigned; use rand::RngCore; #[derive(Clone, Copy)] @@ -166,7 +165,7 @@ mod application { 0, Value::known(Assigned::Trivial(self.0)), )?; - region.assign_fixed(config.q_a, 0, Assigned::Trivial(-Fr::one())); + region.assign_fixed(config.q_a, 0, Assigned::Trivial(-Fr::ONE)); region.assign_advice( config.a, @@ -186,7 +185,7 @@ mod application { let a = region.assign_advice( config.a, 2, - Value::known(Assigned::Trivial(Fr::one())), + Value::known(Assigned::Trivial(Fr::ONE)), )?; a.copy_advice(&mut region, config.b, 3); a.copy_advice(&mut region, config.c, 4); @@ -525,7 +524,7 @@ mod aggregation { // TODO: use less instances by following Scroll's strategy of keeping only last bit of y coordinate let mut layouter = layouter.namespace(|| "expose"); for (i, cell) in assigned_instances.unwrap().into_iter().enumerate() { - layouter.constrain_instance(cell, config.instance, i); + layouter.constrain_instance(cell, config.instance, i)?; } Ok(()) } diff --git a/snark-verifier/examples/evm-verifier.rs b/snark-verifier/examples/evm-verifier.rs index e206b5e0..2ca846a6 100644 --- a/snark-verifier/examples/evm-verifier.rs +++ b/snark-verifier/examples/evm-verifier.rs @@ -5,7 +5,7 @@ use halo2_proofs::{ dev::MockProver, halo2curves::bn256::{Bn256, Fq, Fr, G1Affine}, plonk::{ - create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Assigned, Circuit, Column, + create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Circuit, Column, ConstraintSystem, Error, Fixed, Instance, ProvingKey, VerifyingKey, }, poly::{ @@ -141,7 +141,7 @@ impl Circuit for StandardPlonk { #[cfg(feature = "halo2-axiom")] { region.assign_advice(config.a, 0, Value::known(Assigned::Trivial(self.0)))?; - region.assign_fixed(config.q_a, 0, Assigned::Trivial(-Fr::one())); + region.assign_fixed(config.q_a, 0, Assigned::Trivial(-Fr::ONE)); region.assign_advice( config.a, @@ -161,7 +161,7 @@ impl Circuit for StandardPlonk { let a = region.assign_advice( config.a, 2, - Value::known(Assigned::Trivial(Fr::one())), + Value::known(Assigned::Trivial(Fr::ONE)), )?; a.copy_advice(&mut region, config.b, 3); a.copy_advice(&mut region, config.c, 4); diff --git a/snark-verifier/examples/recursion.rs b/snark-verifier/examples/recursion.rs index abc0c808..2a5d1685 100644 --- a/snark-verifier/examples/recursion.rs +++ b/snark-verifier/examples/recursion.rs @@ -10,7 +10,6 @@ use halo2_proofs::{ halo2curves::{ bn256::{Bn256, Fq, Fr, G1Affine}, group::ff::Field, - FieldExt, }, plonk::{ self, create_proof, keygen_pk, keygen_vk, Circuit, ConstraintSystem, Error, ProvingKey, @@ -370,8 +369,8 @@ mod recursion { svk: &Svk, loader: &Rc>, snark: &SnarkWitness, - preprocessed_digest: Option>, - ) -> (Vec>>, Vec>>>) { + preprocessed_digest: Option>, + ) -> (Vec>>, Vec>>>) { let protocol = if let Some(preprocessed_digest) = preprocessed_digest { let preprocessed_digest = loader.scalar_from_assigned(preprocessed_digest); let protocol = snark.protocol.loaded_preprocessed_as_witness(loader); @@ -415,7 +414,7 @@ mod recursion { fn select_accumulator<'a>( loader: &Rc>, - condition: &AssignedValue<'a, Fr>, + condition: &AssignedValue< Fr>, lhs: &KzgAccumulator>>, rhs: &KzgAccumulator>>, ) -> Result>>, Error> { @@ -587,7 +586,7 @@ mod recursion { snark.instances = vec![[g[1].x, g[1].y, g[0].x, g[0].y] .into_iter() .flat_map(fe_to_limbs::<_, _, LIMBS, BITS>) - .chain([Fr::zero(); 4]) + .chain([Fr::ZERO; 4]) .collect_vec()]; snark } @@ -764,7 +763,7 @@ mod recursion { ), ), ] { - ctx.region.constrain_equal(lhs.cell(), rhs.cell()); + ctx.region.constrain_equal(lhs.cell(), rhs.cell())?; } // IMPORTANT: @@ -787,7 +786,7 @@ mod recursion { assert_eq!(assigned_instances.len(), 4 * LIMBS + 4); for (row, limb) in assigned_instances.into_iter().enumerate() { - layouter.constrain_instance(limb, config.instance, row); + layouter.constrain_instance(limb, config.instance, row)?; } Ok(()) @@ -825,8 +824,8 @@ mod recursion { recursion_params, gen_dummy_snark::(app_params, Some(app_vk)), RecursionCircuit::initial_snark(recursion_params, None), - Fr::zero(), - Fr::zero(), + Fr::ZERO, + Fr::ZERO, 0, ); gen_pk(recursion_params, &recursion) diff --git a/snark-verifier/src/cost.rs b/snark-verifier/src/cost.rs index b085aed8..f188c793 100644 --- a/snark-verifier/src/cost.rs +++ b/snark-verifier/src/cost.rs @@ -15,12 +15,7 @@ impl Cost { num_evaluation: usize, num_msm: usize, ) -> Self { - Self { - num_instance, - num_commitment, - num_evaluation, - num_msm, - } + Self { num_instance, num_commitment, num_evaluation, num_msm } } } diff --git a/snark-verifier/src/lib.rs b/snark-verifier/src/lib.rs index 1976def7..76f9766a 100644 --- a/snark-verifier/src/lib.rs +++ b/snark-verifier/src/lib.rs @@ -10,7 +10,7 @@ pub mod util; pub mod verifier; pub(crate) use halo2_base::halo2_proofs; -pub(crate) use halo2_proofs::halo2curves as halo2_curves; +pub(crate) use halo2_base::halo2_proofs::halo2curves as halo2_curves; #[cfg(feature = "halo2-pse")] pub(crate) use poseidon; #[cfg(feature = "halo2-axiom")] diff --git a/snark-verifier/src/loader.rs b/snark-verifier/src/loader.rs index 297390d0..e4855fa7 100644 --- a/snark-verifier/src/loader.rs +++ b/snark-verifier/src/loader.rs @@ -98,11 +98,11 @@ pub trait ScalarLoader { fn load_const(&self, value: &F) -> Self::LoadedScalar; fn load_zero(&self) -> Self::LoadedScalar { - self.load_const(&F::zero()) + self.load_const(&F::ZERO) } fn load_one(&self) -> Self::LoadedScalar { - self.load_const(&F::one()) + self.load_const(&F::ONE) } fn assert_eq( @@ -123,13 +123,13 @@ pub trait ScalarLoader { let loader = values.first().unwrap().1.loader(); iter::empty() - .chain(if constant == F::zero() { + .chain(if constant == F::ZERO { None } else { Some(Cow::Owned(loader.load_const(&constant))) }) .chain(values.iter().map(|&(coeff, value)| { - if coeff == F::one() { + if coeff == F::ONE { Cow::Borrowed(value) } else { Cow::Owned(loader.load_const(&coeff) * value) @@ -151,13 +151,9 @@ pub trait ScalarLoader { let loader = values.first().unwrap().1.loader(); iter::empty() - .chain(if constant == F::zero() { - None - } else { - Some(loader.load_const(&constant)) - }) + .chain(if constant == F::ZERO { None } else { Some(loader.load_const(&constant)) }) .chain(values.iter().map(|&(coeff, lhs, rhs)| { - if coeff == F::one() { + if coeff == F::ONE { lhs.clone() * rhs } else { loader.load_const(&coeff) * lhs * rhs @@ -168,25 +164,25 @@ pub trait ScalarLoader { } fn sum_with_coeff(&self, values: &[(F, &Self::LoadedScalar)]) -> Self::LoadedScalar { - self.sum_with_coeff_and_const(values, F::zero()) + self.sum_with_coeff_and_const(values, F::ZERO) } fn sum_with_const(&self, values: &[&Self::LoadedScalar], constant: F) -> Self::LoadedScalar { self.sum_with_coeff_and_const( - &values.iter().map(|&value| (F::one(), value)).collect_vec(), + &values.iter().map(|&value| (F::ONE, value)).collect_vec(), constant, ) } fn sum(&self, values: &[&Self::LoadedScalar]) -> Self::LoadedScalar { - self.sum_with_const(values, F::zero()) + self.sum_with_const(values, F::ZERO) } fn sum_products_with_coeff( &self, values: &[(F, &Self::LoadedScalar, &Self::LoadedScalar)], ) -> Self::LoadedScalar { - self.sum_products_with_coeff_and_const(values, F::zero()) + self.sum_products_with_coeff_and_const(values, F::ZERO) } fn sum_products_with_const( @@ -195,10 +191,7 @@ pub trait ScalarLoader { constant: F, ) -> Self::LoadedScalar { self.sum_products_with_coeff_and_const( - &values - .iter() - .map(|&(lhs, rhs)| (F::one(), lhs, rhs)) - .collect_vec(), + &values.iter().map(|&(lhs, rhs)| (F::ONE, lhs, rhs)).collect_vec(), constant, ) } @@ -207,13 +200,11 @@ pub trait ScalarLoader { &self, values: &[(&Self::LoadedScalar, &Self::LoadedScalar)], ) -> Self::LoadedScalar { - self.sum_products_with_const(values, F::zero()) + self.sum_products_with_const(values, F::ZERO) } fn product(&self, values: &[&Self::LoadedScalar]) -> Self::LoadedScalar { - values - .iter() - .fold(self.load_one(), |acc, value| acc * *value) + values.iter().fold(self.load_one(), |acc, value| acc * *value) } fn batch_invert<'a>(values: impl IntoIterator) diff --git a/snark-verifier/src/loader/evm/code.rs b/snark-verifier/src/loader/evm/code.rs index 840d1e67..001f6b6e 100644 --- a/snark-verifier/src/loader/evm/code.rs +++ b/snark-verifier/src/loader/evm/code.rs @@ -13,9 +13,7 @@ pub struct YulCode { impl YulCode { pub fn new() -> Self { - YulCode { - runtime: String::new(), - } + YulCode { runtime: String::new() } } pub fn code(&self, base_modulus: String, scalar_modulus: String) -> String { diff --git a/snark-verifier/src/loader/evm/loader.rs b/snark-verifier/src/loader/evm/loader.rs index db15c8d7..dc186d72 100644 --- a/snark-verifier/src/loader/evm/loader.rs +++ b/snark-verifier/src/loader/evm/loader.rs @@ -93,10 +93,9 @@ impl EvmLoader { return(0, 0)" .to_string(); self.code.borrow_mut().runtime_append(code); - self.code.borrow().code( - hex_encode_u256(&self.base_modulus), - hex_encode_u256(&self.scalar_modulus), - ) + self.code + .borrow() + .code(hex_encode_u256(&self.base_modulus), hex_encode_u256(&self.scalar_modulus)) } pub fn allocate(self: &Rc, size: usize) -> usize { @@ -210,10 +209,7 @@ impl EvmLoader { } pub(crate) fn scalar(self: &Rc, value: Value) -> Scalar { - let value = if matches!( - value, - Value::Constant(_) | Value::Memory(_) | Value::Negated(_) - ) { + let value = if matches!(value, Value::Constant(_) | Value::Memory(_) | Value::Negated(_)) { value } else { let identifier = value.identifier(); @@ -221,30 +217,19 @@ impl EvmLoader { let ptr = if let Some(ptr) = some_ptr { ptr } else { - let v = self.push(&Scalar { - loader: self.clone(), - value, - }); + let v = self.push(&Scalar { loader: self.clone(), value }); let ptr = self.allocate(0x20); - self.code - .borrow_mut() - .runtime_append(format!("mstore({ptr:#x}, {v})")); + self.code.borrow_mut().runtime_append(format!("mstore({ptr:#x}, {v})")); self.cache.borrow_mut().insert(identifier, ptr); ptr }; Value::Memory(ptr) }; - Scalar { - loader: self.clone(), - value, - } + Scalar { loader: self.clone(), value } } fn ec_point(self: &Rc, value: Value<(U256, U256)>) -> EcPoint { - EcPoint { - loader: self.clone(), - value, - } + EcPoint { loader: self.clone(), value } } pub fn keccak256(self: &Rc, ptr: usize, len: usize) -> usize { @@ -256,9 +241,7 @@ impl EvmLoader { pub fn copy_scalar(self: &Rc, scalar: &Scalar, ptr: usize) { let scalar = self.push(scalar); - self.code - .borrow_mut() - .runtime_append(format!("mstore({ptr:#x}, {scalar})")); + self.code.borrow_mut().runtime_append(format!("mstore({ptr:#x}, {scalar})")); } pub fn dup_scalar(self: &Rc, scalar: &Scalar) -> Scalar { @@ -392,10 +375,7 @@ impl EvmLoader { return self.scalar(Value::Constant(out.try_into().unwrap())); } - self.scalar(Value::Sum( - Box::new(lhs.value.clone()), - Box::new(rhs.value.clone()), - )) + self.scalar(Value::Sum(Box::new(lhs.value.clone()), Box::new(rhs.value.clone()))) } fn sub(self: &Rc, lhs: &Scalar, rhs: &Scalar) -> Scalar { @@ -415,10 +395,7 @@ impl EvmLoader { return self.scalar(Value::Constant(out.try_into().unwrap())); } - self.scalar(Value::Product( - Box::new(lhs.value.clone()), - Box::new(rhs.value.clone()), - )) + self.scalar(Value::Product(Box::new(lhs.value.clone()), Box::new(rhs.value.clone()))) } fn neg(self: &Rc, scalar: &Scalar) -> Scalar { @@ -433,18 +410,14 @@ impl EvmLoader { #[cfg(test)] impl EvmLoader { fn start_gas_metering(self: &Rc, identifier: &str) { - self.gas_metering_ids - .borrow_mut() - .push(identifier.to_string()); + self.gas_metering_ids.borrow_mut().push(identifier.to_string()); let code = format!("let {identifier} := gas()"); self.code.borrow_mut().runtime_append(code); } fn end_gas_metering(self: &Rc) { - let code = format!( - "log1(0, 0, sub({}, gas()))", - self.gas_metering_ids.borrow().last().unwrap() - ); + let code = + format!("log1(0, 0, sub({}, gas()))", self.gas_metering_ids.borrow().last().unwrap()); self.code.borrow_mut().runtime_append(code); } @@ -480,9 +453,7 @@ impl EcPoint { impl Debug for EcPoint { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("EcPoint") - .field("value", &self.value) - .finish() + f.debug_struct("EcPoint").field("value", &self.value).finish() } } @@ -526,21 +497,14 @@ impl Scalar { pub(crate) fn ptr(&self) -> usize { match self.value { Value::Memory(ptr) => ptr, - _ => *self - .loader - .cache - .borrow() - .get(&self.value.identifier()) - .unwrap(), + _ => *self.loader.cache.borrow().get(&self.value.identifier()).unwrap(), } } } impl Debug for Scalar { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("Scalar") - .field("value", &self.value) - .finish() + f.debug_struct("Scalar").field("value", &self.value).finish() } } @@ -706,12 +670,12 @@ impl> ScalarLoader for Rc { } let push_addend = |(coeff, value): &(F, &Scalar)| { - assert_ne!(*coeff, F::zero()); - match (*coeff == F::one(), &value.value) { + assert_ne!(*coeff, F::ZERO); + match (*coeff == F::ONE, &value.value) { (true, _) => self.push(value), - (false, Value::Constant(value)) => self.push(&self.scalar(Value::Constant( - fe_to_u256(*coeff * u256_to_fe::(*value)), - ))), + (false, Value::Constant(value)) => self.push( + &self.scalar(Value::Constant(fe_to_u256(*coeff * u256_to_fe::(*value)))), + ), (false, _) => { let value = self.push(value); let coeff = self.push(&self.scalar(Value::Constant(fe_to_u256(*coeff)))); @@ -721,7 +685,7 @@ impl> ScalarLoader for Rc { }; let mut values = values.iter(); - let initial_value = if constant == F::zero() { + let initial_value = if constant == F::ZERO { push_addend(values.next().unwrap()) } else { self.push(&self.scalar(Value::Constant(fe_to_u256(constant)))) @@ -755,8 +719,8 @@ impl> ScalarLoader for Rc { } let push_addend = |(coeff, lhs, rhs): &(F, &Scalar, &Scalar)| { - assert_ne!(*coeff, F::zero()); - match (*coeff == F::one(), &lhs.value, &rhs.value) { + assert_ne!(*coeff, F::ZERO); + match (*coeff == F::ONE, &lhs.value, &rhs.value) { (_, Value::Constant(lhs), Value::Constant(rhs)) => { self.push(&self.scalar(Value::Constant(fe_to_u256( *coeff * u256_to_fe::(*lhs) * u256_to_fe::(*rhs), @@ -765,9 +729,10 @@ impl> ScalarLoader for Rc { (_, value @ Value::Memory(_), Value::Constant(constant)) | (_, Value::Constant(constant), value @ Value::Memory(_)) => { let v1 = self.push(&self.scalar(value.clone())); - let v2 = self.push(&self.scalar(Value::Constant(fe_to_u256( - *coeff * u256_to_fe::(*constant), - )))); + let v2 = + self.push(&self.scalar(Value::Constant(fe_to_u256( + *coeff * u256_to_fe::(*constant), + )))); format!("mulmod({v1}, {v2}, f_q)") } (true, _, _) => { @@ -785,7 +750,7 @@ impl> ScalarLoader for Rc { }; let mut values = values.iter(); - let initial_value = if constant == F::zero() { + let initial_value = if constant == F::ZERO { push_addend(values.next().unwrap()) } else { self.push(&self.scalar(Value::Constant(fe_to_u256(constant)))) @@ -858,14 +823,9 @@ impl> ScalarLoader for Rc { let v " ); - for (value, product) in values.iter().rev().zip( - products - .iter() - .rev() - .skip(1) - .map(Some) - .chain(iter::once(None)), - ) { + for (value, product) in + values.iter().rev().zip(products.iter().rev().skip(1).map(Some).chain(iter::once(None))) + { if let Some(product) = product { let val_ptr = value.ptr(); let prod_ptr = product.ptr(); diff --git a/snark-verifier/src/loader/evm/test.rs b/snark-verifier/src/loader/evm/test.rs index e6f3703e..36d0876d 100644 --- a/snark-verifier/src/loader/evm/test.rs +++ b/snark-verifier/src/loader/evm/test.rs @@ -24,15 +24,10 @@ pub fn execute(deployment_code: Vec, calldata: Vec) -> (bool, u64, Vec = debug_call[0] - .1 - .iter() - .map(|step| step.pretty_opcode()) - .collect(); + let mut opcode_list: Vec = + debug_call[0].1.iter().map(|step| step.pretty_opcode()).collect(); let mut last_index = 0; let mut stack_labels = false; @@ -383,12 +375,8 @@ impl Tui { if let [op_pane, stack_pane, memory_pane] = Layout::default() .direction(Direction::Vertical) .constraints( - [ - Constraint::Ratio(1, 3), - Constraint::Ratio(1, 3), - Constraint::Ratio(1, 3), - ] - .as_ref(), + [Constraint::Ratio(1, 3), Constraint::Ratio(1, 3), Constraint::Ratio(1, 3)] + .as_ref(), ) .split(app)[..] { @@ -410,14 +398,7 @@ impl Tui { stack_labels, draw_memory, ); - Tui::draw_memory( - f, - debug_steps, - current_step, - memory_pane, - mem_utf, - draw_memory, - ); + Tui::draw_memory(f, debug_steps, current_step, memory_pane, mem_utf, draw_memory); } else { panic!("unable to create vertical panes") } @@ -534,15 +515,11 @@ impl Tui { let prev_start = draw_memory.current_startline; let abs_min_start = 0; let abs_max_start = (opcode_list.len() as i32 - 1) - (height / 2); - let mut min_start = max( - current_step as i32 - height + extra_top_lines, - abs_min_start, - ) as usize; + let mut min_start = + max(current_step as i32 - height + extra_top_lines, abs_min_start) as usize; - let mut max_start = max( - min(current_step as i32 - extra_top_lines, abs_max_start), - abs_min_start, - ) as usize; + let mut max_start = + max(min(current_step as i32 - extra_top_lines, abs_max_start), abs_min_start) as usize; if min_start > max_start { std::mem::swap(&mut min_start, &mut max_start); @@ -557,18 +534,11 @@ impl Tui { } draw_memory.current_startline = display_start; - let max_pc_len = debug_steps - .iter() - .fold(0, |max_val, val| val.pc.max(max_val)) - .to_string() - .len(); + let max_pc_len = + debug_steps.iter().fold(0, |max_val, val| val.pc.max(max_val)).to_string().len(); let mut add_new_line = |line_number| { - let bg_color = if line_number == current_step { - Color::DarkGray - } else { - Color::Reset - }; + let bg_color = if line_number == current_step { Color::DarkGray } else { Color::Reset }; let line_number_format = if line_number == current_step { let step: &DebugStep = &debug_steps[line_number]; @@ -596,9 +566,8 @@ impl Tui { add_new_line(number); } add_new_line(opcode_list.len()); - let paragraph = Paragraph::new(text_output) - .block(block_source_code) - .wrap(Wrap { trim: true }); + let paragraph = + Paragraph::new(text_output).block(block_source_code).wrap(Wrap { trim: true }); f.render_widget(paragraph, area); } @@ -611,9 +580,8 @@ impl Tui { draw_memory: &mut DrawMemory, ) { let stack = &debug_steps[current_step].stack; - let stack_space = Block::default() - .title(format!("Stack: {}", stack.len())) - .borders(Borders::ALL); + let stack_space = + Block::default().title(format!("Stack: {}", stack.len())).borders(Borders::ALL); let min_len = usize::max(format!("{}", stack.len()).len(), 2); let indices_affected = stack_indices_affected(debug_steps[current_step].instruction.0); @@ -624,9 +592,8 @@ impl Tui { .enumerate() .skip(draw_memory.current_stack_startline) .map(|(i, stack_item)| { - let affected = indices_affected - .iter() - .find(|(affected_index, _name)| *affected_index == i); + let affected = + indices_affected.iter().find(|(affected_index, _name)| *affected_index == i); let mut words: Vec = (0..32) .into_iter() @@ -665,9 +632,7 @@ impl Tui { }) .collect(); - let paragraph = Paragraph::new(text) - .block(stack_space) - .wrap(Wrap { trim: true }); + let paragraph = Paragraph::new(text).block(stack_space).wrap(Wrap { trim: true }); f.render_widget(paragraph, area); } @@ -681,10 +646,7 @@ impl Tui { ) { let memory = &debug_steps[current_step].memory; let stack_space = Block::default() - .title(format!( - "Memory (max expansion: {} bytes)", - memory.effective_len() - )) + .title(format!("Memory (max expansion: {} bytes)", memory.effective_len())) .borders(Borders::ALL); let memory = memory.data(); let max_i = memory.len() / 32; @@ -771,9 +733,7 @@ impl Tui { Spans::from(spans) }) .collect(); - let paragraph = Paragraph::new(text) - .block(stack_space) - .wrap(Wrap { trim: true }); + let paragraph = Paragraph::new(text).block(stack_space).wrap(Wrap { trim: true }); f.render_widget(paragraph, area); } } @@ -882,13 +842,7 @@ fn stack_indices_affected(op: u8) -> Vec<(usize, &'static str)> { 0xa0 => vec![(0, "offset"), (1, "length")], 0xa1 => vec![(0, "offset"), (1, "length"), (2, "topic")], 0xa2 => vec![(0, "offset"), (1, "length"), (2, "topic1"), (3, "topic2")], - 0xa3 => vec![ - (0, "offset"), - (1, "length"), - (2, "topic1"), - (3, "topic2"), - (4, "topic3"), - ], + 0xa3 => vec![(0, "offset"), (1, "length"), (2, "topic1"), (3, "topic2"), (4, "topic3")], 0xa4 => vec![ (0, "offset"), (1, "length"), diff --git a/snark-verifier/src/loader/evm/util.rs b/snark-verifier/src/loader/evm/util.rs index a7df5209..26305f17 100644 --- a/snark-verifier/src/loader/evm/util.rs +++ b/snark-verifier/src/loader/evm/util.rs @@ -71,7 +71,7 @@ pub fn modulus() -> U256 where F: PrimeField, { - U256::from_little_endian((-F::one()).to_repr().as_ref()) + 1 + U256::from_little_endian((-F::ONE).to_repr().as_ref()) + 1 } pub fn encode_calldata(instances: &[Vec], proof: &[u8]) -> Vec @@ -108,11 +108,7 @@ pub fn compile_yul(code: &str) -> Vec { .arg("-") .spawn() .unwrap(); - cmd.stdin - .take() - .unwrap() - .write_all(code.as_bytes()) - .unwrap(); + cmd.stdin.take().unwrap().write_all(code.as_bytes()).unwrap(); let output = cmd.wait_with_output().unwrap().stdout; let binary = *split_by_ascii_whitespace(&output).last().unwrap(); hex::decode(binary).unwrap() diff --git a/snark-verifier/src/loader/evm/util/executor.rs b/snark-verifier/src/loader/evm/util/executor.rs index ec9695e0..4f54f6ee 100644 --- a/snark-verifier/src/loader/evm/util/executor.rs +++ b/snark-verifier/src/loader/evm/util/executor.rs @@ -46,13 +46,8 @@ fn get_create2_address_from_hash( salt: [u8; 32], init_code_hash: impl Into, ) -> Address { - let bytes = [ - &[0xff], - from.into().as_bytes(), - salt.as_slice(), - init_code_hash.into().as_ref(), - ] - .concat(); + let bytes = + [&[0xff], from.into().as_bytes(), salt.as_slice(), init_code_hash.into().as_ref()].concat(); let hash = keccak256(&bytes); @@ -292,29 +287,15 @@ impl Debugger { fn enter(&mut self, depth: usize, address: Address, kind: CallKind) { self.context = address; - self.head = self.arena.push_node(DebugNode { - depth, - address, - kind, - ..Default::default() - }); + self.head = self.arena.push_node(DebugNode { depth, address, kind, ..Default::default() }); } fn exit(&mut self) { if let Some(parent_id) = self.arena.arena[self.head].parent { - let DebugNode { - depth, - address, - kind, - .. - } = self.arena.arena[parent_id]; + let DebugNode { depth, address, kind, .. } = self.arena.arena[parent_id]; self.context = address; - self.head = self.arena.push_node(DebugNode { - depth, - address, - kind, - ..Default::default() - }); + self.head = + self.arena.push_node(DebugNode { depth, address, kind, ..Default::default() }); } } } @@ -332,11 +313,7 @@ impl Inspector for Debugger { let opcode_infos = spec_opcode_gas(data.env.cfg.spec_id); let opcode_info = &opcode_infos[op as usize]; - let push_size = if opcode_info.is_push() { - (op - opcode::PUSH1 + 1) as usize - } else { - 0 - }; + let push_size = if opcode_info.is_push() { (op - opcode::PUSH1 + 1) as usize } else { 0 }; let push_bytes = match push_size { 0 => None, n => { @@ -402,12 +379,7 @@ impl Inspector for Debugger { CallKind::Create, ); - ( - Return::Continue, - None, - Gas::new(call.gas_limit), - Bytes::new(), - ) + (Return::Continue, None, Gas::new(call.gas_limit), Bytes::new()) } fn create_end( @@ -628,12 +600,7 @@ impl Inspector for InspectorStack { } ); - ( - Return::Continue, - None, - Gas::new(call.gas_limit), - Bytes::new(), - ) + (Return::Continue, None, Gas::new(call.gas_limit), Bytes::new()) } fn create_end( @@ -734,11 +701,7 @@ pub struct Executor { impl Executor { fn new(debugger: bool, gas_limit: U256) -> Self { - Executor { - db: InMemoryDB::default(), - debugger, - gas_limit, - } + Executor { db: InMemoryDB::default(), debugger, gas_limit } } pub fn db_mut(&mut self) -> &mut InMemoryDB { @@ -750,16 +713,8 @@ impl Executor { let result = self.call_raw_with_env(env); self.commit(&result); - let RawCallResult { - exit_reason, - out, - gas_used, - gas_refunded, - logs, - debug, - env, - .. - } = result; + let RawCallResult { exit_reason, out, gas_used, gas_refunded, logs, debug, env, .. } = + result; let address = match (exit_reason, out) { (return_ok!(), TransactOut::Create(_, Some(address))) => Some(address), @@ -794,13 +749,7 @@ impl Executor { let result = evm_inner::<_, true>(&mut env, &mut self.db.clone(), &mut inspector).transact(); let (exec_result, state_changeset) = result; - let ExecutionResult { - exit_reason, - gas_refunded, - gas_used, - out, - .. - } = exec_result; + let ExecutionResult { exit_reason, gas_refunded, gas_used, out, .. } = exec_result; let result = match out { TransactOut::Call(ref data) => data.to_owned(), @@ -824,16 +773,13 @@ impl Executor { fn commit(&mut self, result: &RawCallResult) { if let Some(state_changeset) = result.state_changeset.as_ref() { - self.db - .commit(state_changeset.clone().into_iter().collect()); + self.db.commit(state_changeset.clone().into_iter().collect()); } } fn inspector(&self) -> InspectorStack { - let mut stack = InspectorStack { - logs: Some(LogCollector::default()), - ..Default::default() - }; + let mut stack = + InspectorStack { logs: Some(LogCollector::default()), ..Default::default() }; if self.debugger { let gas_inspector = Rc::new(RefCell::new(GasInspector::default())); stack.gas = Some(gas_inspector.clone()); @@ -850,10 +796,7 @@ impl Executor { value: U256, ) -> Env { Env { - block: BlockEnv { - gas_limit: self.gas_limit, - ..BlockEnv::default() - }, + block: BlockEnv { gas_limit: self.gas_limit, ..BlockEnv::default() }, tx: TxEnv { caller, transact_to, diff --git a/snark-verifier/src/loader/halo2/loader.rs b/snark-verifier/src/loader/halo2/loader.rs index 24b9df6e..2527fcde 100644 --- a/snark-verifier/src/loader/halo2/loader.rs +++ b/snark-verifier/src/loader/halo2/loader.rs @@ -129,7 +129,7 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> Halo2Loader<'a, C, Ecc .scalar_chip() .sum_with_coeff_and_const( &mut self.ctx_mut(), - &[(C::Scalar::one(), assigned)], + &[(C::Scalar::ONE, assigned)], *constant, ) .map(Value::Assigned) @@ -138,8 +138,8 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> Halo2Loader<'a, C, Ecc .scalar_chip() .sum_with_coeff_and_const( &mut self.ctx_mut(), - &[(C::Scalar::one(), lhs), (C::Scalar::one(), rhs)], - C::Scalar::zero(), + &[(C::Scalar::ONE, lhs), (C::Scalar::ONE, rhs)], + C::Scalar::ZERO, ) .map(Value::Assigned) .unwrap(), @@ -158,7 +158,7 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> Halo2Loader<'a, C, Ecc .scalar_chip() .sum_with_coeff_and_const( &mut self.ctx_mut(), - &[(-C::Scalar::one(), assigned)], + &[(-C::Scalar::ONE, assigned)], *constant, ) .map(Value::Assigned) @@ -167,7 +167,7 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> Halo2Loader<'a, C, Ecc .scalar_chip() .sum_with_coeff_and_const( &mut self.ctx_mut(), - &[(C::Scalar::one(), assigned)], + &[(C::Scalar::ONE, assigned)], -*constant, ) .map(Value::Assigned) @@ -194,7 +194,7 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> Halo2Loader<'a, C, Ecc .sum_with_coeff_and_const( &mut self.ctx_mut(), &[(*constant, assigned)], - C::Scalar::zero(), + C::Scalar::ZERO, ) .map(Value::Assigned) .unwrap(), @@ -202,8 +202,8 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> Halo2Loader<'a, C, Ecc .scalar_chip() .sum_products_with_coeff_and_const( &mut self.ctx_mut(), - &[(C::Scalar::one(), lhs, rhs)], - C::Scalar::zero(), + &[(C::Scalar::ONE, lhs, rhs)], + C::Scalar::ZERO, ) .map(Value::Assigned) .unwrap(), @@ -609,7 +609,7 @@ impl<'a, C: CurveAffine, EccChip: EccInstructions<'a, C>> EcPointLoader fixed_base.push((scalar, *base)) } (Value::Constant(scalar), Value::Assigned(_)) - if scalar.eq(&C::Scalar::one()) => + if scalar.eq(&C::Scalar::ONE) => { variable_base_non_scaled.push(base); } diff --git a/snark-verifier/src/loader/halo2/shim.rs b/snark-verifier/src/loader/halo2/shim.rs index 588e9482..a66bf2ae 100644 --- a/snark-verifier/src/loader/halo2/shim.rs +++ b/snark-verifier/src/loader/halo2/shim.rs @@ -1,8 +1,9 @@ +use crate::halo2_proofs::ff::PrimeField; use crate::halo2_proofs::{ circuit::{Cell, Value}, plonk::Error, }; -use crate::util::arithmetic::{CurveAffine, FieldExt}; +use crate::util::arithmetic::CurveAffine; use std::{fmt::Debug, ops::Deref}; pub trait Context: Debug { @@ -11,7 +12,7 @@ pub trait Context: Debug { fn offset(&self) -> usize; } -pub trait IntegerInstructions<'a, F: FieldExt>: Clone + Debug { +pub trait IntegerInstructions<'a, F: PrimeField>: Clone + Debug { type Context: Context; type AssignedCell: Clone + Debug; type AssignedInteger: Clone + Debug; @@ -31,19 +32,19 @@ pub trait IntegerInstructions<'a, F: FieldExt>: Clone + Debug { fn sum_with_coeff_and_const( &self, ctx: &mut Self::Context, - values: &[(F::Scalar, impl Deref)], - constant: F::Scalar, + values: &[(F, impl Deref)], + constant: F, ) -> Result; fn sum_products_with_coeff_and_const( &self, ctx: &mut Self::Context, values: &[( - F::Scalar, + F, impl Deref, impl Deref, )], - constant: F::Scalar, + constant: F, ) -> Result; fn sub( @@ -154,15 +155,15 @@ mod halo2_lib { }; use std::ops::Deref; - type AssignedInteger<'v, C> = CRTInteger<'v, ::ScalarExt>; - type AssignedEcPoint<'v, C> = EcPoint<::ScalarExt, AssignedInteger<'v, C>>; + type AssignedInteger = CRTInteger<::ScalarExt>; + type AssignedEcPoint = EcPoint<::ScalarExt, AssignedInteger>; impl<'a, F: PrimeField> Context for halo2_base::Context<'a, F> { fn constrain_equal(&mut self, lhs: Cell, rhs: Cell) -> Result<(), Error> { #[cfg(feature = "halo2-axiom")] self.region.constrain_equal(&lhs, &rhs); #[cfg(feature = "halo2-pse")] - self.region.constrain_equal(lhs, rhs); + self.region.constrain_equal(lhs, rhs)?; Ok(()) } @@ -173,8 +174,8 @@ mod halo2_lib { impl<'a, F: PrimeField> IntegerInstructions<'a, F> for FlexGateConfig { type Context = halo2_base::Context<'a, F>; - type AssignedCell = AssignedValue<'a, F>; - type AssignedInteger = AssignedValue<'a, F>; + type AssignedCell = AssignedValue; + type AssignedInteger = AssignedValue; fn assign_integer( &self, @@ -195,14 +196,14 @@ mod halo2_lib { fn sum_with_coeff_and_const( &self, ctx: &mut Self::Context, - values: &[(F::Scalar, impl Deref)], + values: &[(F, impl Deref)], constant: F, ) -> Result { let mut a = Vec::with_capacity(values.len() + 1); let mut b = Vec::with_capacity(values.len() + 1); - if constant != F::zero() { + if constant != F::ZERO { a.push(Constant(constant)); - b.push(Constant(F::one())); + b.push(Constant(F::ONE)); } a.extend(values.iter().map(|(_, a)| Existing(a))); b.extend(values.iter().map(|(c, _)| Constant(*c))); @@ -213,7 +214,7 @@ mod halo2_lib { &self, ctx: &mut Self::Context, values: &[( - F::Scalar, + F, impl Deref, impl Deref, )], @@ -253,8 +254,8 @@ mod halo2_lib { ) -> Result { // make sure scalar != 0 let is_zero = self.is_zero(ctx, a); - self.assert_is_const(ctx, &is_zero, F::zero()); - Ok(GateInstructions::div_unsafe(self, ctx, Constant(F::one()), Existing(a))) + self.assert_is_const(ctx, &is_zero, F::ZERO); + Ok(GateInstructions::div_unsafe(self, ctx, Constant(F::ONE), Existing(a))) } fn assert_equal( @@ -263,7 +264,7 @@ mod halo2_lib { a: &Self::AssignedInteger, b: &Self::AssignedInteger, ) -> Result<(), Error> { - ctx.region.constrain_equal(a.cell(), b.cell()); + ctx.region.constrain_equal(a.cell(), b.cell())?; Ok(()) } } @@ -275,9 +276,9 @@ mod halo2_lib { { type Context = halo2_base::Context<'a, C::Scalar>; type ScalarChip = FlexGateConfig; - type AssignedCell = AssignedValue<'a, C::Scalar>; - type AssignedScalar = AssignedValue<'a, C::Scalar>; - type AssignedEcPoint = AssignedEcPoint<'a, C>; + type AssignedCell = AssignedValue; + type AssignedScalar = AssignedValue; + type AssignedEcPoint = AssignedEcPoint; fn scalar_chip(&self) -> &Self::ScalarChip { self.field_chip.range().gate() @@ -308,7 +309,7 @@ mod halo2_lib { ) -> Result { let assigned = self.assign_point(ctx, point); let is_valid = self.is_on_curve_or_infinity::(ctx, &assigned); - self.field_chip.range.gate.assert_is_const(ctx, &is_valid, C::Scalar::one()); + self.field_chip.range.gate.assert_is_const(ctx, &is_valid, C::Scalar::ONE); Ok(assigned) } @@ -394,7 +395,7 @@ mod halo2_wrong { use crate::{ loader::halo2::{Context, EccInstructions, IntegerInstructions}, util::{ - arithmetic::{CurveAffine, FieldExt, Group}, + arithmetic::{CurveAffine, PrimeField, Group}, Itertools, }, }; @@ -413,7 +414,7 @@ mod halo2_wrong { use rand::rngs::OsRng; use std::{iter, ops::Deref}; - impl<'a, F: FieldExt> Context for RegionCtx<'a, F> { + impl<'a, F: PrimeField> Context for RegionCtx<'a, F> { fn constrain_equal(&mut self, lhs: Cell, rhs: Cell) -> Result<(), Error> { self.constrain_equal(lhs, rhs) } @@ -423,7 +424,7 @@ mod halo2_wrong { } } - impl<'a, F: FieldExt> IntegerInstructions<'a, F> for MainGate { + impl<'a, F: PrimeField> IntegerInstructions<'a, F> for MainGate { type Context = RegionCtx<'a, F>; type AssignedCell = AssignedCell; type AssignedInteger = AssignedCell; @@ -500,7 +501,7 @@ mod halo2_wrong { ctx, [Term::assigned_to_mul(lhs), Term::assigned_to_mul(rhs)], constant, - CombinationOptionCommon::CombineToNextScaleMul(-F::one(), *scalar).into(), + CombinationOptionCommon::CombineToNextScaleMul(-F::ONE, *scalar).into(), )?; let acc = Value::known(*scalar) * lhs.value() * rhs.value() + Value::known(constant); @@ -515,11 +516,11 @@ mod halo2_wrong { Term::assigned_to_mul(rhs), Term::Zero, Term::Zero, - Term::Unassigned(acc, F::one()), + Term::Unassigned(acc, F::ONE), ], - F::zero(), + F::ZERO, CombinationOptionCommon::CombineToNextScaleMul( - -F::one(), + -F::ONE, *scalar, ) .into(), @@ -535,9 +536,9 @@ mod halo2_wrong { Term::Zero, Term::Zero, Term::Zero, - Term::Unassigned(output, F::zero()), + Term::Unassigned(output, F::ZERO), ], - F::zero(), + F::ZERO, CombinationOptionCommon::OneLinerAdd.into(), ) .map(|mut outputs| outputs.swap_remove(4)) @@ -559,7 +560,7 @@ mod halo2_wrong { ctx: &mut Self::Context, value: &Self::AssignedInteger, ) -> Result { - MainGateInstructions::neg_with_constant(self, ctx, value, F::zero()) + MainGateInstructions::neg_with_constant(self, ctx, value, F::ZERO) } fn invert( diff --git a/snark-verifier/src/loader/native.rs b/snark-verifier/src/loader/native.rs index 6fce383a..bbdf4cad 100644 --- a/snark-verifier/src/loader/native.rs +++ b/snark-verifier/src/loader/native.rs @@ -48,9 +48,7 @@ impl EcPointLoader for NativeLoader { lhs: &Self::LoadedEcPoint, rhs: &Self::LoadedEcPoint, ) -> Result<(), Error> { - lhs.eq(rhs) - .then_some(()) - .ok_or_else(|| Error::AssertionFailure(annotation.to_string())) + lhs.eq(rhs).then_some(()).ok_or_else(|| Error::AssertionFailure(annotation.to_string())) } fn multi_scalar_multiplication( @@ -79,9 +77,7 @@ impl ScalarLoader for NativeLoader { lhs: &Self::LoadedScalar, rhs: &Self::LoadedScalar, ) -> Result<(), Error> { - lhs.eq(rhs) - .then_some(()) - .ok_or_else(|| Error::AssertionFailure(annotation.to_string())) + lhs.eq(rhs).then_some(()).ok_or_else(|| Error::AssertionFailure(annotation.to_string())) } } diff --git a/snark-verifier/src/pcs/ipa.rs b/snark-verifier/src/pcs/ipa.rs index a2b34824..202d5e35 100644 --- a/snark-verifier/src/pcs/ipa.rs +++ b/snark-verifier/src/pcs/ipa.rs @@ -382,7 +382,7 @@ pub fn h_eval>(xi: &[T], z: &T) -> T { pub fn h_coeffs(xi: &[F], scalar: F) -> Vec { assert!(!xi.is_empty()); - let mut coeffs = vec![F::zero(); 1 << xi.len()]; + let mut coeffs = vec![F::ZERO; 1 << xi.len()]; coeffs[0] = scalar; for (len, xi) in xi.iter().rev().enumerate().map(|(i, xi)| (1 << i, xi)) { diff --git a/snark-verifier/src/pcs/ipa/accumulation.rs b/snark-verifier/src/pcs/ipa/accumulation.rs index 07f294de..229dc89a 100644 --- a/snark-verifier/src/pcs/ipa/accumulation.rs +++ b/snark-verifier/src/pcs/ipa/accumulation.rs @@ -185,7 +185,7 @@ where let (u, h) = instances .iter() - .map(|IpaAccumulator { u, xi }| (*u, h_coeffs(xi, C::Scalar::one()))) + .map(|IpaAccumulator { u, xi }| (*u, h_coeffs(xi, C::Scalar::ONE))) .chain(a_b_u.map(|(a, b, u)| { ( u, diff --git a/snark-verifier/src/pcs/ipa/decider.rs b/snark-verifier/src/pcs/ipa/decider.rs index 2cf8c6cc..dcb256fa 100644 --- a/snark-verifier/src/pcs/ipa/decider.rs +++ b/snark-verifier/src/pcs/ipa/decider.rs @@ -41,7 +41,7 @@ mod native { dk: &Self::DecidingKey, IpaAccumulator { u, xi }: IpaAccumulator, ) -> bool { - let h = h_coeffs(&xi, C::Scalar::one()); + let h = h_coeffs(&xi, C::Scalar::ONE); u == multi_scalar_multiplication(&h, &dk.g).to_affine() } diff --git a/snark-verifier/src/pcs/ipa/multiopen/bgh19.rs b/snark-verifier/src/pcs/ipa/multiopen/bgh19.rs index 29d291ad..d5419f1e 100644 --- a/snark-verifier/src/pcs/ipa/multiopen/bgh19.rs +++ b/snark-verifier/src/pcs/ipa/multiopen/bgh19.rs @@ -5,7 +5,7 @@ use crate::{ MultiOpenScheme, Query, }, util::{ - arithmetic::{ilog2, CurveAffine, Domain, FieldExt, Fraction}, + arithmetic::{ilog2, CurveAffine, Domain, Fraction}, msm::Msm, transcript::TranscriptRead, Itertools, @@ -170,7 +170,7 @@ where fn query_sets(queries: &[Query]) -> Vec> where - F: FieldExt, + F: PrimeField, T: Clone, { let poly_shifts = queries.iter().fold( @@ -226,7 +226,7 @@ where fn query_set_coeffs(sets: &[QuerySet], x: &T, x_3: &T) -> Vec> where - F: FieldExt, + F: PrimeField, T: LoadedScalar, { let loader = x.loader(); @@ -265,7 +265,7 @@ struct QuerySet<'a, F, T> { impl<'a, F, T> QuerySet<'a, F, T> where - F: FieldExt, + F: PrimeField, T: LoadedScalar, { fn msm>( @@ -317,7 +317,7 @@ struct QuerySetCoeff { impl QuerySetCoeff where - F: FieldExt, + F: PrimeField, T: LoadedScalar, { fn new(shifts: &[F], powers_of_x: &[T], x_3: &T, x_3_minus_x_shift_i: &BTreeMap) -> Self { @@ -332,7 +332,7 @@ where .filter(|&(i, _)| i != j) .map(|(_, shift_i)| (*shift_j - shift_i)) .reduce(|acc, value| acc * value) - .unwrap_or_else(|| F::one()) + .unwrap_or_else(|| F::ONE) }) .collect_vec(); diff --git a/snark-verifier/src/pcs/kzg/accumulator.rs b/snark-verifier/src/pcs/kzg/accumulator.rs index efc28cd8..d060ece3 100644 --- a/snark-verifier/src/pcs/kzg/accumulator.rs +++ b/snark-verifier/src/pcs/kzg/accumulator.rs @@ -242,7 +242,7 @@ mod halo2 { .iter() .zip_eq(iter::empty().chain(ec_point.x().limbs()).chain(ec_point.y().limbs())) { - ctx.region.constrain_equal(src.cell(), dst.cell()); + ctx.region.constrain_equal(src.cell(), dst.cell())?; } Ok(ec_point) diff --git a/snark-verifier/src/pcs/kzg/decider.rs b/snark-verifier/src/pcs/kzg/decider.rs index baabda6c..01e9dcf8 100644 --- a/snark-verifier/src/pcs/kzg/decider.rs +++ b/snark-verifier/src/pcs/kzg/decider.rs @@ -10,11 +10,7 @@ pub struct KzgDecidingKey { impl KzgDecidingKey { pub fn new(g2: M::G2Affine, s_g2: M::G2Affine) -> Self { - Self { - g2, - s_g2, - _marker: PhantomData, - } + Self { g2, s_g2, _marker: PhantomData } } } @@ -25,6 +21,8 @@ impl From<(M::G2Affine, M::G2Affine)> for KzgDecidingKey } mod native { + use halo2_proofs::ff::PrimeField; + use crate::{ loader::native::NativeLoader, pcs::{ @@ -39,6 +37,7 @@ mod native { where M: MultiMillerLoop, MOS: Clone + Debug, + M::Scalar: PrimeField, { type DecidingKey = KzgDecidingKey; type Output = bool; @@ -48,10 +47,7 @@ mod native { KzgAccumulator { lhs, rhs }: KzgAccumulator, ) -> bool { let terms = [(&lhs, &dk.g2.into()), (&rhs, &(-dk.s_g2).into())]; - M::multi_miller_loop(&terms) - .final_exponentiation() - .is_identity() - .into() + M::multi_miller_loop(&terms).final_exponentiation().is_identity().into() } fn decide_all( diff --git a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs index bc7b8131..d34bd6f2 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs @@ -1,12 +1,13 @@ use crate::{ cost::{Cost, CostEstimation}, + halo2_proofs::ff::PrimeField, loader::{LoadedScalar, Loader, ScalarLoader}, pcs::{ kzg::{Kzg, KzgAccumulator, KzgSuccinctVerifyingKey}, MultiOpenScheme, Query, }, util::{ - arithmetic::{ilog2, CurveAffine, FieldExt, Fraction, MultiMillerLoop}, + arithmetic::{ilog2, CurveAffine, Fraction, MultiMillerLoop}, msm::Msm, transcript::TranscriptRead, Itertools, @@ -22,6 +23,7 @@ pub struct Bdfg21; impl MultiOpenScheme for Kzg where + M::Scalar: PrimeField + Ord, M: MultiMillerLoop, L: Loader, { @@ -98,7 +100,7 @@ where } } -fn query_sets(queries: &[Query]) -> Vec> { +fn query_sets(queries: &[Query]) -> Vec> { let poly_shifts = queries.iter().fold(Vec::<(usize, Vec, Vec<&T>)>::new(), |mut poly_shifts, query| { if let Some(pos) = poly_shifts.iter().position(|(poly, _, _)| *poly == query.poly) { @@ -138,7 +140,7 @@ fn query_sets(queries: &[Query]) -> Vec>( +fn query_set_coeffs<'a, F: PrimeField + Ord, T: LoadedScalar>( sets: &[QuerySet<'a, F, T>], z: &T, z_prime: &T, @@ -187,7 +189,7 @@ struct QuerySet<'a, F, T> { evals: Vec>, } -impl<'a, F: FieldExt, T: LoadedScalar> QuerySet<'a, F, T> { +impl<'a, F: PrimeField, T: LoadedScalar> QuerySet<'a, F, T> { fn msm>( &self, coeff: &QuerySetCoeff, @@ -232,7 +234,7 @@ struct QuerySetCoeff { impl QuerySetCoeff where - F: FieldExt, + F: PrimeField + Ord, T: LoadedScalar, { fn new( @@ -254,7 +256,7 @@ where .filter(|&(i, _)| i != j) .map(|(_, shift_i)| (*shift_j - shift_i)) .reduce(|acc, value| acc * value) - .unwrap_or_else(|| F::one()) + .unwrap_or_else(|| F::ONE) }) .collect_vec(); @@ -331,6 +333,7 @@ where impl CostEstimation for Kzg where M: MultiMillerLoop, + M::Scalar: PrimeField, { type Input = Vec>; diff --git a/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs b/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs index 12496ad7..aea75f97 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs @@ -20,6 +20,7 @@ impl MultiOpenScheme for Kzg where M: MultiMillerLoop, L: Loader, + M::Scalar: PrimeField, { type SuccinctVerifyingKey = KzgSuccinctVerifyingKey; type Proof = Gwc19Proof; @@ -149,6 +150,7 @@ where impl CostEstimation for Kzg where M: MultiMillerLoop, + M::Scalar: PrimeField, { type Input = Vec>; diff --git a/snark-verifier/src/system/halo2.rs b/snark-verifier/src/system/halo2.rs index 1ba7c1cc..7ca6f40e 100644 --- a/snark-verifier/src/system/halo2.rs +++ b/snark-verifier/src/system/halo2.rs @@ -1,3 +1,4 @@ +use crate::halo2_proofs::ff::PrimeField; use crate::halo2_proofs::{ plonk::{self, Any, ConstraintSystem, FirstPhase, SecondPhase, ThirdPhase, VerifyingKey}, poly::{self, commitment::Params}, @@ -5,7 +6,7 @@ use crate::halo2_proofs::{ }; use crate::{ util::{ - arithmetic::{root_of_unity, CurveAffine, Domain, FieldExt, Rotation}, + arithmetic::{root_of_unity, CurveAffine, Domain, Rotation}, protocol::{ CommonPolynomial, Expression, InstanceCommittingKey, Query, QuotientPolynomial, }, @@ -13,6 +14,7 @@ use crate::{ }, Protocol, }; +use halo2_proofs::ff::FromUniformBytes; use num_integer::Integer; use std::{io, iter, mem::size_of}; @@ -75,7 +77,10 @@ pub fn compile<'a, C: CurveAffine, P: Params<'a, C>>( params: &P, vk: &VerifyingKey, config: Config, -) -> Protocol { +) -> Protocol +where + C::ScalarExt: FromUniformBytes<64>, +{ assert_eq!(vk.get_domain().k(), params.k()); let cs = vk.cs(); @@ -153,7 +158,7 @@ impl From for Rotation { } } -struct Polynomials<'a, F: FieldExt> { +struct Polynomials<'a, F: PrimeField> { cs: &'a ConstraintSystem, zk: bool, query_instance: bool, @@ -171,7 +176,7 @@ struct Polynomials<'a, F: FieldExt> { num_lookup_z: usize, } -impl<'a, F: FieldExt> Polynomials<'a, F> { +impl<'a, F: PrimeField> Polynomials<'a, F> { fn new( cs: &'a ConstraintSystem, zk: bool, @@ -466,7 +471,7 @@ impl<'a, F: FieldExt> Polynomials<'a, F> { } fn l_active(&self) -> Expression { - Expression::Constant(F::one()) - self.l_last() - self.l_blind() + Expression::Constant(F::ONE) - self.l_last() - self.l_blind() } fn system_challenge_offset(&self) -> usize { @@ -491,7 +496,7 @@ impl<'a, F: FieldExt> Polynomials<'a, F> { } fn permutation_constraints(&'a self, t: usize) -> impl IntoIterator> + 'a { - let one = &Expression::Constant(F::one()); + let one = &Expression::Constant(F::ONE); let l_0 = &Expression::::CommonPolynomial(CommonPolynomial::Lagrange(0)); let l_last = &self.l_last(); let l_active = &self.l_active(); @@ -583,7 +588,7 @@ impl<'a, F: FieldExt> Polynomials<'a, F> { } fn lookup_constraints(&'a self, t: usize) -> impl IntoIterator> + 'a { - let one = &Expression::Constant(F::one()); + let one = &Expression::Constant(F::ONE); let l_0 = &Expression::::CommonPolynomial(CommonPolynomial::Lagrange(0)); let l_last = &self.l_last(); let l_active = &self.l_active(); @@ -690,7 +695,7 @@ impl EncodedChallenge for MockChallenge { } #[derive(Default)] -struct MockTranscript(F); +struct MockTranscript(F); impl Transcript for MockTranscript { fn squeeze_challenge(&mut self) -> MockChallenge { @@ -707,7 +712,10 @@ impl Transcript for MockTranscript } } -fn transcript_initial_state(vk: &VerifyingKey) -> C::Scalar { +fn transcript_initial_state(vk: &VerifyingKey) -> C::Scalar +where + C::Scalar: FromUniformBytes<64>, +{ let mut transcript = MockTranscript::default(); vk.hash_into(&mut transcript).unwrap(); transcript.0 diff --git a/snark-verifier/src/system/halo2/test.rs b/snark-verifier/src/system/halo2/test.rs index 88a2ff26..a391ec7a 100644 --- a/snark-verifier/src/system/halo2/test.rs +++ b/snark-verifier/src/system/halo2/test.rs @@ -10,6 +10,7 @@ use crate::halo2_proofs::{ transcript::{EncodedChallenge, TranscriptReadBuffer, TranscriptWriterBuffer}, }; use crate::util::arithmetic::CurveAffine; +use halo2_proofs::ff::FromUniformBytes; use rand_chacha::rand_core::RngCore; use std::{fs, io::Cursor}; @@ -46,6 +47,7 @@ pub fn create_proof_checked<'a, S, C, P, V, VS, TW, TR, EC, R>( ) -> Vec where S: CommitmentScheme, + S::Scalar: FromUniformBytes<64> + Ord, S::ParamsVerifier: 'a, C: Circuit, P: Prover<'a, S>, diff --git a/snark-verifier/src/system/halo2/test/circuit/maingate.rs b/snark-verifier/src/system/halo2/test/circuit/maingate.rs index 82d63b5e..abc7d989 100644 --- a/snark-verifier/src/system/halo2/test/circuit/maingate.rs +++ b/snark-verifier/src/system/halo2/test/circuit/maingate.rs @@ -1,4 +1,4 @@ -use crate::util::arithmetic::{CurveAffine, FieldExt}; +use crate::util::arithmetic::{CurveAffine}; use halo2_proofs::{ circuit::{floor_planner::V1, Layouter, Value}, plonk::{Circuit, ConstraintSystem, Error}, @@ -19,7 +19,7 @@ pub struct MainGateWithRangeConfig { } impl MainGateWithRangeConfig { - pub fn configure( + pub fn configure( meta: &mut ConstraintSystem, composition_bits: Vec, overflow_bits: Vec, @@ -33,11 +33,11 @@ impl MainGateWithRangeConfig { } } - pub fn main_gate(&self) -> MainGate { + pub fn main_gate(&self) -> MainGate { MainGate::new(self.main_gate_config.clone()) } - pub fn range_chip(&self) -> RangeChip { + pub fn range_chip(&self) -> RangeChip { RangeChip::new(self.range_config.clone()) } @@ -54,7 +54,7 @@ impl MainGateWithRangeConfig { #[derive(Clone, Default)] pub struct MainGateWithRange(Vec); -impl MainGateWithRange { +impl MainGateWithRange { pub fn new(inner: Vec) -> Self { Self(inner) } @@ -68,12 +68,12 @@ impl MainGateWithRange { } } -impl Circuit for MainGateWithRange { +impl Circuit for MainGateWithRange { type Config = MainGateWithRangeConfig; type FloorPlanner = V1; fn without_witnesses(&self) -> Self { - Self(vec![F::zero()]) + Self(vec![F::ZERO]) } fn configure(meta: &mut ConstraintSystem) -> Self::Config { @@ -97,7 +97,7 @@ impl Circuit for MainGateWithRange { range_chip.decompose(&mut ctx, Value::known(F::from(u32::MAX as u64)), 8, 39)?; let a = range_chip.assign(&mut ctx, Value::known(self.0[0]), 8, 68)?; let b = main_gate.sub_sub_with_constant(&mut ctx, &a, &a, &a, F::from(2))?; - let cond = main_gate.assign_bit(&mut ctx, Value::known(F::one()))?; + let cond = main_gate.assign_bit(&mut ctx, Value::known(F::ONE))?; main_gate.select(&mut ctx, &a, &b, &cond)?; Ok(a) diff --git a/snark-verifier/src/system/halo2/test/circuit/standard.rs b/snark-verifier/src/system/halo2/test/circuit/standard.rs index bfa94df4..75545998 100644 --- a/snark-verifier/src/system/halo2/test/circuit/standard.rs +++ b/snark-verifier/src/system/halo2/test/circuit/standard.rs @@ -3,8 +3,7 @@ use crate::halo2_proofs::{ plonk::{Advice, Circuit, Column, ConstraintSystem, Error, Fixed, Instance}, poly::Rotation, }; -use crate::util::arithmetic::FieldExt; -use halo2_base::halo2_proofs::plonk::Assigned; +use halo2_proofs::ff::PrimeField; use rand::RngCore; #[allow(dead_code)] @@ -22,7 +21,7 @@ pub struct StandardPlonkConfig { } impl StandardPlonkConfig { - pub fn configure(meta: &mut ConstraintSystem) -> Self { + pub fn configure(meta: &mut ConstraintSystem) -> Self { let [a, b, c] = [(); 3].map(|_| meta.advice_column()); let [q_a, q_b, q_c, q_ab, constant] = [(); 5].map(|_| meta.fixed_column()); let instance = meta.instance_column(); @@ -54,7 +53,7 @@ impl StandardPlonkConfig { #[derive(Clone, Default)] pub struct StandardPlonk(F); -impl StandardPlonk { +impl StandardPlonk { pub fn rand(mut rng: R) -> Self { Self(F::from(rng.next_u32() as u64)) } @@ -64,7 +63,7 @@ impl StandardPlonk { } } -impl Circuit for StandardPlonk { +impl Circuit for StandardPlonk { type Config = StandardPlonkConfig; type FloorPlanner = SimpleFloorPlanner; @@ -88,7 +87,7 @@ impl Circuit for StandardPlonk { #[cfg(feature = "halo2-pse")] { region.assign_advice(|| "", config.a, 0, || Value::known(self.0))?; - region.assign_fixed(|| "", config.q_a, 0, || Value::known(-F::one()))?; + region.assign_fixed(|| "", config.q_a, 0, || Value::known(-F::ONE))?; region.assign_advice(|| "", config.a, 1, || Value::known(-F::from(5u64)))?; for (idx, column) in (1..).zip([ @@ -106,14 +105,14 @@ impl Circuit for StandardPlonk { )?; } - let a = region.assign_advice(|| "", config.a, 2, || Value::known(F::one()))?; + let a = region.assign_advice(|| "", config.a, 2, || Value::known(F::ONE))?; a.copy_advice(|| "", &mut region, config.b, 3)?; a.copy_advice(|| "", &mut region, config.c, 4)?; } #[cfg(feature = "halo2-axiom")] { region.assign_advice(config.a, 0, Value::known(Assigned::Trivial(self.0)))?; - region.assign_fixed(config.q_a, 0, Assigned::Trivial(-F::one())); + region.assign_fixed(config.q_a, 0, Assigned::Trivial(-F::ONE)); region.assign_advice( config.a, @@ -133,7 +132,7 @@ impl Circuit for StandardPlonk { let a = region.assign_advice( config.a, 2, - Value::known(Assigned::Trivial(F::one())), + Value::known(Assigned::Trivial(F::ONE)), )?; a.copy_advice(&mut region, config.b, 3); a.copy_advice(&mut region, config.c, 4); diff --git a/snark-verifier/src/system/halo2/test/kzg.rs b/snark-verifier/src/system/halo2/test/kzg.rs index 6cf145db..ae9441f1 100644 --- a/snark-verifier/src/system/halo2/test/kzg.rs +++ b/snark-verifier/src/system/halo2/test/kzg.rs @@ -1,5 +1,6 @@ use crate::halo2_proofs::poly::kzg::commitment::ParamsKZG; use crate::util::arithmetic::MultiMillerLoop; +use halo2_proofs::ff::PrimeField; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; mod native; @@ -16,7 +17,10 @@ pub const TESTDATA_DIR: &str = "./src/system/halo2/test/data"; pub const LIMBS: usize = 3; pub const BITS: usize = 88; -pub fn setup(k: u32) -> ParamsKZG { +pub fn setup(k: u32) -> ParamsKZG +where + M::Scalar: PrimeField, +{ ParamsKZG::::setup(k, ChaCha20Rng::from_seed(Default::default())) } diff --git a/snark-verifier/src/system/halo2/test/kzg/halo2.rs b/snark-verifier/src/system/halo2/test/kzg/halo2.rs index 9090a0a1..73e6e351 100644 --- a/snark-verifier/src/system/halo2/test/kzg/halo2.rs +++ b/snark-verifier/src/system/halo2/test/kzg/halo2.rs @@ -399,7 +399,7 @@ impl Circuit for Accumulation { // TODO: use less instances by following Scroll's strategy of keeping only last bit of y coordinate let mut layouter = layouter.namespace(|| "expose"); for (i, cell) in assigned_instances.unwrap().into_iter().enumerate() { - layouter.constrain_instance(cell, config.instance, i); + layouter.constrain_instance(cell, config.instance, i)?; } Ok(()) } diff --git a/snark-verifier/src/system/halo2/transcript.rs b/snark-verifier/src/system/halo2/transcript.rs index 8b97f968..8b1b19b4 100644 --- a/snark-verifier/src/system/halo2/transcript.rs +++ b/snark-verifier/src/system/halo2/transcript.rs @@ -7,6 +7,7 @@ use crate::{ }, Error, }; +use halo2_proofs::ff::FromUniformBytes; use halo2_proofs::transcript::{Blake2bRead, Blake2bWrite, Challenge255}; use std::io::{Read, Write}; @@ -16,7 +17,10 @@ pub mod evm; #[cfg(feature = "loader_halo2")] pub mod halo2; -impl Transcript for Blake2bRead> { +impl Transcript for Blake2bRead> +where + C::ScalarExt: FromUniformBytes<64>, +{ fn loader(&self) -> &NativeLoader { &native::LOADER } @@ -36,8 +40,9 @@ impl Transcript for Blake2bRead TranscriptRead - for Blake2bRead> +impl TranscriptRead for Blake2bRead> +where + C::ScalarExt: FromUniformBytes<64>, { fn read_scalar(&mut self) -> Result { halo2_proofs::transcript::TranscriptRead::read_scalar(self) @@ -50,7 +55,10 @@ impl TranscriptRead } } -impl Transcript for Blake2bWrite> { +impl Transcript for Blake2bWrite> +where + C::ScalarExt: FromUniformBytes<64>, +{ fn loader(&self) -> &NativeLoader { &native::LOADER } @@ -70,7 +78,10 @@ impl Transcript for Blake2bWrite TranscriptWrite for Blake2bWrite, C, Challenge255> { +impl TranscriptWrite for Blake2bWrite, C, Challenge255> +where + C::ScalarExt: FromUniformBytes<64>, +{ fn write_scalar(&mut self, scalar: C::Scalar) -> Result<(), Error> { halo2_proofs::transcript::TranscriptWrite::write_scalar(self, scalar) .map_err(|err| Error::Transcript(err.kind(), err.to_string())) diff --git a/snark-verifier/src/system/halo2/transcript/halo2.rs b/snark-verifier/src/system/halo2/transcript/halo2.rs index 3c82d83b..6d421963 100644 --- a/snark-verifier/src/system/halo2/transcript/halo2.rs +++ b/snark-verifier/src/system/halo2/transcript/halo2.rs @@ -13,6 +13,8 @@ use crate::{ }, Error, }; +use halo2_proofs::curves::serde::SerdeObject; +use halo2_proofs::ff::FromUniformBytes; use halo2_proofs::{circuit::Value, transcript::EncodedChallenge}; use std::{ io::{self, Read, Write}, @@ -52,6 +54,7 @@ impl<'a, C, R, EccChip, const T: usize, const RATE: usize, const R_F: usize, con PoseidonTranscript>, Value, T, RATE, R_F, R_P> where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, R: Read, EccChip: NativeEncoding<'a, C>, { @@ -80,6 +83,7 @@ impl<'a, C, R, EccChip, const T: usize, const RATE: usize, const R_F: usize, con for PoseidonTranscript>, Value, T, RATE, R_F, R_P> where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, R: Read, EccChip: NativeEncoding<'a, C>, { @@ -123,6 +127,7 @@ impl<'a, C, R, EccChip, const T: usize, const RATE: usize, const R_F: usize, con for PoseidonTranscript>, Value, T, RATE, R_F, R_P> where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, R: Read, EccChip: NativeEncoding<'a, C>, { @@ -159,6 +164,8 @@ where impl PoseidonTranscript +where + C::ScalarExt: SerdeObject + FromUniformBytes<64>, { pub fn new(stream: S) -> Self { Self { loader: NativeLoader, stream, buf: Poseidon::new(&NativeLoader, R_F, R_P) } @@ -176,6 +183,8 @@ impl PoseidonTranscript, T, RATE, R_F, R_P> +where + C::ScalarExt: SerdeObject + FromUniformBytes<64>, { pub fn clear(&mut self) { self.buf.clear(); @@ -185,6 +194,8 @@ impl Transcript for PoseidonTranscript +where + C::ScalarExt: SerdeObject + FromUniformBytes<64>, { fn loader(&self) -> &NativeLoader { &native::LOADER @@ -218,6 +229,7 @@ impl for PoseidonTranscript where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, R: Read, { fn read_scalar(&mut self) -> Result { @@ -267,6 +279,7 @@ impl where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, W: Write, { fn write_scalar(&mut self, scalar: C::Scalar) -> Result<(), Error> { @@ -305,7 +318,8 @@ impl EncodedChallenge for ChallengeScalar { impl halo2_proofs::transcript::Transcript> - for PoseidonTranscript + for PoseidonTranscript where + C::ScalarExt: SerdeObject + FromUniformBytes<64>, { fn squeeze_challenge(&mut self) -> ChallengeScalar { ChallengeScalar::new(&Transcript::squeeze_challenge(self)) @@ -333,6 +347,7 @@ impl where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, R: Read, { fn read_point(&mut self) -> io::Result { @@ -357,6 +372,7 @@ impl where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, R: Read, { fn init(reader: R) -> Self { @@ -369,6 +385,7 @@ impl where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, W: Write, { fn write_point(&mut self, ec_point: C) -> io::Result<()> { @@ -391,6 +408,7 @@ impl where C: CurveAffine, + C::ScalarExt: SerdeObject + FromUniformBytes<64>, W: Write, { fn init(writer: W) -> Self { diff --git a/snark-verifier/src/util/arithmetic.rs b/snark-verifier/src/util/arithmetic.rs index 2d24961e..c7acd6dd 100644 --- a/snark-verifier/src/util/arithmetic.rs +++ b/snark-verifier/src/util/arithmetic.rs @@ -17,7 +17,7 @@ pub use halo2_curves::{ Curve, Group, GroupEncoding, }, pairing::MillerLoopResult, - Coordinates, CurveAffine, CurveExt, FieldExt, + Coordinates, CurveAffine, }; pub trait MultiMillerLoop: halo2_curves::pairing::MultiMillerLoop + Debug {} @@ -47,7 +47,7 @@ pub fn batch_invert_and_mul(values: &mut [F], coeff: &F) { let products = values .iter() .filter(|value| !value.is_zero_vartime()) - .scan(F::one(), |acc, value| { + .scan(F::ONE, |acc, value| { *acc *= value; Some(*acc) }) @@ -59,7 +59,7 @@ pub fn batch_invert_and_mul(values: &mut [F], coeff: &F) { .iter_mut() .rev() .filter(|value| !value.is_zero_vartime()) - .zip(products.into_iter().rev().skip(1).chain(Some(F::one()))) + .zip(products.into_iter().rev().skip(1).chain(Some(F::ONE))) { let mut inv = all_product_inv * product; mem::swap(value, &mut inv); @@ -68,13 +68,13 @@ pub fn batch_invert_and_mul(values: &mut [F], coeff: &F) { } pub fn batch_invert(values: &mut [F]) { - batch_invert_and_mul(values, &F::one()) + batch_invert_and_mul(values, &F::ONE) } pub fn root_of_unity(k: usize) -> F { assert!(k <= F::S as usize); - iter::successors(Some(F::root_of_unity()), |acc| Some(acc.square())) + iter::successors(Some(F::ROOT_OF_UNITY), |acc| Some(acc.square())) .take(F::S as usize - k + 1) .last() .unwrap() @@ -190,7 +190,7 @@ pub fn ilog2(value: usize) -> usize { } pub fn modulus() -> BigUint { - fe_to_big(-F::one()) + 1usize + fe_to_big(-F::ONE) + 1usize } pub fn fe_from_big(big: BigUint) -> F { @@ -238,7 +238,7 @@ pub fn fe_to_limbs(scalar: F) -> impl Iterator { - iter::successors(Some(F::one()), move |power| Some(scalar * power)) + iter::successors(Some(F::ONE), move |power| Some(scalar * power)) } pub fn inner_product(lhs: &[F], rhs: &[F]) -> F { diff --git a/snark-verifier/src/util/hash/poseidon.rs b/snark-verifier/src/util/hash/poseidon.rs index fa7442f4..7e773f8b 100644 --- a/snark-verifier/src/util/hash/poseidon.rs +++ b/snark-verifier/src/util/hash/poseidon.rs @@ -1,17 +1,19 @@ use crate::poseidon::{self, SparseMDSMatrix, Spec}; use crate::{ loader::{LoadedScalar, ScalarLoader}, - util::{arithmetic::FieldExt, Itertools}, + util::Itertools, }; +use halo2_proofs::curves::serde::SerdeObject; +use halo2_proofs::ff::{FromUniformBytes, PrimeField}; use std::{iter, marker::PhantomData, mem}; #[derive(Clone)] -struct State { +struct State { inner: [L; T], _marker: PhantomData, } -impl, const T: usize, const RATE: usize> State { +impl, const T: usize, const RATE: usize> State { fn new(inner: [L; T]) -> Self { Self { inner, _marker: PhantomData } } @@ -49,10 +51,9 @@ impl, const T: usize, const RATE: usize> State, const T: usize, const RATE: usize> State, const T: usize, const RATE: usize> State { +pub struct Poseidon { spec: Spec, default_state: State, state: State, buf: Vec, } -impl, const T: usize, const RATE: usize> Poseidon { +impl< + F: FromUniformBytes<64> + SerdeObject, + L: LoadedScalar, + const T: usize, + const RATE: usize, + > Poseidon +{ pub fn new(loader: &L::Loader, r_f: usize, r_p: usize) -> Self { let default_state = State::new(poseidon::State::default().words().map(|state| loader.load_const(&state))); @@ -159,7 +166,7 @@ impl, const T: usize, const RATE: usize> Poseido self.state.sbox_full(constants); self.state.apply_mds(&mds); } - self.state.sbox_full(&[F::zero(); T]); + self.state.sbox_full(&[F::ZERO; T]); self.state.apply_mds(&mds); } } diff --git a/snark-verifier/src/util/msm.rs b/snark-verifier/src/util/msm.rs index 014a29e8..281cd3fa 100644 --- a/snark-verifier/src/util/msm.rs +++ b/snark-verifier/src/util/msm.rs @@ -26,11 +26,7 @@ where L: Loader, { fn default() -> Self { - Self { - constant: None, - scalars: Vec::new(), - bases: Vec::new(), - } + Self { constant: None, scalars: Vec::new(), bases: Vec::new() } } } @@ -40,19 +36,12 @@ where L: Loader, { pub fn constant(constant: L::LoadedScalar) -> Self { - Msm { - constant: Some(constant), - ..Default::default() - } + Msm { constant: Some(constant), ..Default::default() } } pub fn base<'b: 'a>(base: &'b L::LoadedEcPoint) -> Self { let one = base.loader().load_one(); - Msm { - scalars: vec![one], - bases: vec![base], - ..Default::default() - } + Msm { scalars: vec![one], bases: vec![base], ..Default::default() } } pub(crate) fn size(&self) -> usize { @@ -69,19 +58,9 @@ where } pub fn evaluate(self, gen: Option) -> L::LoadedEcPoint { - let gen = gen.map(|gen| { - self.bases - .first() - .unwrap() - .loader() - .ec_point_load_const(&gen) - }); + let gen = gen.map(|gen| self.bases.first().unwrap().loader().ec_point_load_const(&gen)); let pairs = iter::empty() - .chain( - self.constant - .as_ref() - .map(|constant| (constant, gen.as_ref().unwrap())), - ) + .chain(self.constant.as_ref().map(|constant| (constant, gen.as_ref().unwrap()))) .chain(self.scalars.iter().zip(self.bases.into_iter())) .collect_vec(); L::multi_scalar_multiplication(&pairs) @@ -311,17 +290,12 @@ pub fn multi_scalar_multiplication(scalars: &[C::Scalar], bases: let chunk_size = Integer::div_ceil(&scalars.len(), &num_threads); let mut results = vec![C::Curve::identity(); num_threads]; parallelize_iter( - scalars - .chunks(chunk_size) - .zip(bases.chunks(chunk_size)) - .zip(results.iter_mut()), + scalars.chunks(chunk_size).zip(bases.chunks(chunk_size)).zip(results.iter_mut()), |((scalars, bases), result)| { multi_scalar_multiplication_serial(scalars, bases, result); }, ); - results - .iter() - .fold(C::Curve::identity(), |acc, result| acc + result) + results.iter().fold(C::Curve::identity(), |acc, result| acc + result) } #[cfg(not(feature = "parallel"))] { diff --git a/snark-verifier/src/util/poly.rs b/snark-verifier/src/util/poly.rs index ea120b33..fbd4c903 100644 --- a/snark-verifier/src/util/poly.rs +++ b/snark-verifier/src/util/poly.rs @@ -43,12 +43,8 @@ impl Polynomial { } pub fn evaluate(&self, x: F) -> F { - let evaluate_serial = |coeffs: &[F]| { - coeffs - .iter() - .rev() - .fold(F::zero(), |acc, coeff| acc * x + coeff) - }; + let evaluate_serial = + |coeffs: &[F]| coeffs.iter().rev().fold(F::ZERO, |acc, coeff| acc * x + coeff); #[cfg(feature = "parallel")] { @@ -61,15 +57,17 @@ impl Polynomial { } let chunk_size = Integer::div_ceil(&self.len(), &num_threads); - let mut results = vec![F::zero(); num_threads]; + let mut results = vec![F::ZERO; num_threads]; parallelize_iter( - results - .iter_mut() - .zip(self.0.chunks(chunk_size)) - .zip(powers(x.pow_vartime(&[chunk_size as u64, 0, 0, 0]))), + results.iter_mut().zip(self.0.chunks(chunk_size)).zip(powers(x.pow_vartime(&[ + chunk_size as u64, + 0, + 0, + 0, + ]))), |((result, coeffs), scalar)| *result = evaluate_serial(coeffs) * scalar, ); - results.iter().fold(F::zero(), |acc, result| acc + result) + results.iter().fold(F::ZERO, |acc, result| acc + result) } #[cfg(not(feature = "parallel"))] evaluate_serial(&self.0) @@ -124,10 +122,10 @@ impl Mul for Polynomial { type Output = Polynomial; fn mul(mut self, rhs: F) -> Polynomial { - if rhs == F::zero() { - return Polynomial::new(vec![F::zero(); self.len()]); + if rhs == F::ZERO { + return Polynomial::new(vec![F::ZERO; self.len()]); } - if rhs == F::one() { + if rhs == F::ONE { return self; } parallelize(&mut self.0, |(lhs, _)| { diff --git a/snark-verifier/src/util/protocol.rs b/snark-verifier/src/util/protocol.rs index a883a599..b5103ed0 100644 --- a/snark-verifier/src/util/protocol.rs +++ b/snark-verifier/src/util/protocol.rs @@ -90,7 +90,7 @@ where let numer = zn_minus_one.clone() * &n_inv; let omegas = langranges .iter() - .map(|&i| loader.load_const(&domain.rotate_scalar(C::Scalar::one(), Rotation(i)))) + .map(|&i| loader.load_const(&domain.rotate_scalar(C::Scalar::ONE, Rotation(i)))) .collect_vec(); let lagrange_evals = omegas .iter() @@ -346,7 +346,7 @@ impl Sum for Expression { impl One for Expression { fn one() -> Self { - Expression::Constant(F::one()) + Expression::Constant(F::ONE) } } diff --git a/snark-verifier/src/verifier/plonk.rs b/snark-verifier/src/verifier/plonk.rs index f42c912c..8412c74f 100644 --- a/snark-verifier/src/verifier/plonk.rs +++ b/snark-verifier/src/verifier/plonk.rs @@ -202,7 +202,7 @@ where .iter() .map(|query| pcs::Query { poly: query.poly, - shift: protocol.domain.rotate_scalar(C::Scalar::one(), query.rotation), + shift: protocol.domain.rotate_scalar(C::Scalar::ONE, query.rotation), eval: (), }) .collect() From e12af783d97ecbdbae27dd1ed0c93a395ffd94d5 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Tue, 7 Nov 2023 19:07:22 -0500 Subject: [PATCH 2/2] update snark verifier --- snark-verifier/Cargo.toml | 9 +++--- snark-verifier/examples/evm-verifier.rs | 2 +- snark-verifier/examples/recursion.rs | 32 +++++++++---------- snark-verifier/src/loader/halo2/shim.rs | 27 +++++++++------- snark-verifier/src/pcs/kzg/accumulator.rs | 7 ++-- snark-verifier/src/pcs/kzg/decider.rs | 2 +- .../src/pcs/kzg/multiopen/bdfg21.rs | 2 +- snark-verifier/src/system/halo2.rs | 4 +-- snark-verifier/src/system/halo2/test.rs | 5 +-- .../src/system/halo2/test/circuit/standard.rs | 2 +- snark-verifier/src/system/halo2/test/kzg.rs | 2 +- snark-verifier/src/system/halo2/transcript.rs | 2 +- .../src/system/halo2/transcript/halo2.rs | 14 ++++---- snark-verifier/src/util/hash/poseidon.rs | 4 +-- 14 files changed, 61 insertions(+), 53 deletions(-) diff --git a/snark-verifier/Cargo.toml b/snark-verifier/Cargo.toml index 6b386dcd..81efa283 100644 --- a/snark-verifier/Cargo.toml +++ b/snark-verifier/Cargo.toml @@ -20,9 +20,10 @@ serde = { version = "1.0", features = ["derive"] } # poseidon-axiom = { git = "https://github.com/axiom-crypto/halo2.git", branch = "axiom/faster-witness-generation", package = "poseidon", optional = true } # poseidon= { git = "https://github.com/privacy-scaling-explorations/poseidon", optional = true } -halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-snark-verifier-0220" } -halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220" } -poseidon = { git = "https://github.com/scroll-tech/poseidon", branch = "halo2-ecc-snark-verifier-0220", optional = true } +ff = "0.13" +halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "sync-ff-0.13" } +halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "sync-ff-0.13" } +poseidon = { git = "https://github.com/scroll-tech/poseidon", branch = "sync-ff-0.13", optional = true } # parallel rayon = { version = "1.5.3", optional = true } @@ -36,7 +37,7 @@ rlp = { version = "0.5", default-features = false, features = ["std"], optional # loader_halo2 # halo2-ecc = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false, optional = true } -halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220", default-features = false, optional = true } +halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "sync-ff-0.13", default-features = false, optional = true } [dev-dependencies] ark-std = { version = "0.3.0", features = ["print-trace"] } diff --git a/snark-verifier/examples/evm-verifier.rs b/snark-verifier/examples/evm-verifier.rs index 2ca846a6..f61b6ba7 100644 --- a/snark-verifier/examples/evm-verifier.rs +++ b/snark-verifier/examples/evm-verifier.rs @@ -5,7 +5,7 @@ use halo2_proofs::{ dev::MockProver, halo2curves::bn256::{Bn256, Fq, Fr, G1Affine}, plonk::{ - create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Circuit, Column, + create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Circuit, Column, ConstraintSystem, Error, Fixed, Instance, ProvingKey, VerifyingKey, }, poly::{ diff --git a/snark-verifier/examples/recursion.rs b/snark-verifier/examples/recursion.rs index 2a5d1685..bceed499 100644 --- a/snark-verifier/examples/recursion.rs +++ b/snark-verifier/examples/recursion.rs @@ -369,8 +369,8 @@ mod recursion { svk: &Svk, loader: &Rc>, snark: &SnarkWitness, - preprocessed_digest: Option>, - ) -> (Vec>>, Vec>>>) { + preprocessed_digest: Option>, + ) -> (Vec>>, Vec>>>) { let protocol = if let Some(preprocessed_digest) = preprocessed_digest { let preprocessed_digest = loader.scalar_from_assigned(preprocessed_digest); let protocol = snark.protocol.loaded_preprocessed_as_witness(loader); @@ -414,7 +414,7 @@ mod recursion { fn select_accumulator<'a>( loader: &Rc>, - condition: &AssignedValue< Fr>, + condition: &AssignedValue, lhs: &KzgAccumulator>>, rhs: &KzgAccumulator>>, ) -> Result>>, Error> { @@ -673,7 +673,7 @@ mod recursion { main_gate.assign_integer(&mut ctx, Value::known(instance)).unwrap() }); let first_round = main_gate.is_zero(&mut ctx, &round); - let not_first_round = main_gate.not(&mut ctx, Existing(&first_round)); + let not_first_round = main_gate.not(&mut ctx, Existing(first_round)); let loader = Halo2Loader::new(config.ecc_chip(), ctx); let (mut app_instances, app_accumulators) = @@ -715,8 +715,8 @@ mod recursion { ( &main_gate.mul( &mut ctx, - Existing(&preprocessed_digest), - Existing(¬_first_round), + Existing(preprocessed_digest), + Existing(not_first_round), ), &previous_instances[Self::PREPROCESSED_DIGEST_ROW], ), @@ -724,8 +724,8 @@ mod recursion { ( &main_gate.mul( &mut ctx, - Existing(&initial_state), - Existing(¬_first_round), + Existing(initial_state), + Existing(not_first_round), ), &previous_instances[Self::INITIAL_STATE_ROW], ), @@ -733,13 +733,13 @@ mod recursion { ( &main_gate.mul( &mut ctx, - Existing(&initial_state), - Existing(&first_round), + Existing(initial_state), + Existing(first_round), ), &main_gate.mul( &mut ctx, - Existing(&app_instances[0]), - Existing(&first_round), + Existing(app_instances[0]), + Existing(first_round), ), ), // Verify current state is same as the current application snark @@ -748,8 +748,8 @@ mod recursion { ( &main_gate.mul( &mut ctx, - Existing(&app_instances[0]), - Existing(¬_first_round), + Existing(app_instances[0]), + Existing(not_first_round), ), &previous_instances[Self::STATE_ROW], ), @@ -758,8 +758,8 @@ mod recursion { &round, &main_gate.add( &mut ctx, - Existing(¬_first_round), - Existing(&previous_instances[Self::ROUND_ROW]), + Existing(not_first_round), + Existing(previous_instances[Self::ROUND_ROW]), ), ), ] { diff --git a/snark-verifier/src/loader/halo2/shim.rs b/snark-verifier/src/loader/halo2/shim.rs index a66bf2ae..34acc440 100644 --- a/snark-verifier/src/loader/halo2/shim.rs +++ b/snark-verifier/src/loader/halo2/shim.rs @@ -1,9 +1,9 @@ -use crate::halo2_proofs::ff::PrimeField; use crate::halo2_proofs::{ circuit::{Cell, Value}, plonk::Error, }; use crate::util::arithmetic::CurveAffine; +use ff::PrimeField; use std::{fmt::Debug, ops::Deref}; pub trait Context: Debug { @@ -141,10 +141,11 @@ mod halo2_lib { loader::halo2::{Context, EccInstructions, IntegerInstructions}, util::arithmetic::{CurveAffine, Field}, }; + use ff::PrimeField; use halo2_base::{ self, gates::{flex_gate::FlexGateConfig, GateInstructions, RangeInstructions}, - utils::PrimeField, + utils::ScalarField, AssignedValue, QuantumCell::{Constant, Existing, Witness}, }; @@ -158,7 +159,7 @@ mod halo2_lib { type AssignedInteger = CRTInteger<::ScalarExt>; type AssignedEcPoint = EcPoint<::ScalarExt, AssignedInteger>; - impl<'a, F: PrimeField> Context for halo2_base::Context<'a, F> { + impl<'a, F: ScalarField> Context for halo2_base::Context<'a, F> { fn constrain_equal(&mut self, lhs: Cell, rhs: Cell) -> Result<(), Error> { #[cfg(feature = "halo2-axiom")] self.region.constrain_equal(&lhs, &rhs); @@ -172,7 +173,7 @@ mod halo2_lib { } } - impl<'a, F: PrimeField> IntegerInstructions<'a, F> for FlexGateConfig { + impl<'a, F: ScalarField> IntegerInstructions<'a, F> for FlexGateConfig { type Context = halo2_base::Context<'a, F>; type AssignedCell = AssignedValue; type AssignedInteger = AssignedValue; @@ -205,7 +206,7 @@ mod halo2_lib { a.push(Constant(constant)); b.push(Constant(F::ONE)); } - a.extend(values.iter().map(|(_, a)| Existing(a))); + a.extend(values.iter().map(|(_, a)| Existing(*a.deref()))); b.extend(values.iter().map(|(c, _)| Constant(*c))); Ok(self.inner_product(ctx, a, b)) } @@ -224,7 +225,7 @@ mod halo2_lib { 0 => self.assign_constant(ctx, constant), _ => Ok(self.sum_products_with_coeff_and_var( ctx, - values.iter().map(|(c, a, b)| (*c, Existing(a), Existing(b))), + values.iter().map(|(c, a, b)| (*c, Existing(*a.deref()), Existing(*b.deref()))), Constant(constant), )), } @@ -236,7 +237,7 @@ mod halo2_lib { a: &Self::AssignedInteger, b: &Self::AssignedInteger, ) -> Result { - Ok(GateInstructions::sub(self, ctx, Existing(a), Existing(b))) + Ok(GateInstructions::sub(self, ctx, Existing(*a), Existing(*b))) } fn neg( @@ -244,7 +245,7 @@ mod halo2_lib { ctx: &mut Self::Context, a: &Self::AssignedInteger, ) -> Result { - Ok(GateInstructions::neg(self, ctx, Existing(a))) + Ok(GateInstructions::neg(self, ctx, Existing(*a))) } fn invert( @@ -255,7 +256,7 @@ mod halo2_lib { // make sure scalar != 0 let is_zero = self.is_zero(ctx, a); self.assert_is_const(ctx, &is_zero, F::ZERO); - Ok(GateInstructions::div_unsafe(self, ctx, Constant(F::ONE), Existing(a))) + Ok(GateInstructions::div_unsafe(self, ctx, Constant(F::ONE), Existing(*a))) } fn assert_equal( @@ -271,8 +272,8 @@ mod halo2_lib { impl<'a, C: CurveAffineExt> EccInstructions<'a, C> for BaseFieldEccChip where - C::ScalarExt: PrimeField, - C::Base: PrimeField, + C::ScalarExt: ScalarField + PrimeField, + C::Base: ScalarField + PrimeField, { type Context = halo2_base::Context<'a, C::Scalar>; type ScalarChip = FlexGateConfig; @@ -325,7 +326,9 @@ mod halo2_lib { let constant = EccInstructions::::assign_constant(self, ctx, constant).unwrap(); Some(constant) }; - Ok(self.sum::(ctx, constant.iter().chain(values.iter().map(Deref::deref)))) + let values = constant.iter().chain(values.iter().map(Deref::deref)).cloned(); + + Ok(self.sum::(ctx, values)) } fn variable_base_msm( diff --git a/snark-verifier/src/pcs/kzg/accumulator.rs b/snark-verifier/src/pcs/kzg/accumulator.rs index d060ece3..aa6ee489 100644 --- a/snark-verifier/src/pcs/kzg/accumulator.rs +++ b/snark-verifier/src/pcs/kzg/accumulator.rs @@ -214,15 +214,16 @@ mod halo2 { mod halo2_lib { use super::*; - use halo2_base::{halo2_proofs::halo2curves::CurveAffineExt, utils::PrimeField}; + use ff::PrimeField; + use halo2_base::{halo2_proofs::halo2curves::CurveAffineExt, utils::ScalarField}; use halo2_ecc::ecc::BaseFieldEccChip; impl<'a, C, const LIMBS: usize, const BITS: usize> LimbsEncodingInstructions<'a, C, LIMBS, BITS> for BaseFieldEccChip where C: CurveAffineExt, - C::ScalarExt: PrimeField, - C::Base: PrimeField, + C::ScalarExt: ScalarField + PrimeField, + C::Base: ScalarField + PrimeField, { fn assign_ec_point_from_limbs( &self, diff --git a/snark-verifier/src/pcs/kzg/decider.rs b/snark-verifier/src/pcs/kzg/decider.rs index 01e9dcf8..ada46689 100644 --- a/snark-verifier/src/pcs/kzg/decider.rs +++ b/snark-verifier/src/pcs/kzg/decider.rs @@ -21,7 +21,7 @@ impl From<(M::G2Affine, M::G2Affine)> for KzgDecidingKey } mod native { - use halo2_proofs::ff::PrimeField; + use ff::PrimeField; use crate::{ loader::native::NativeLoader, diff --git a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs index d34bd6f2..196539e9 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs @@ -1,6 +1,5 @@ use crate::{ cost::{Cost, CostEstimation}, - halo2_proofs::ff::PrimeField, loader::{LoadedScalar, Loader, ScalarLoader}, pcs::{ kzg::{Kzg, KzgAccumulator, KzgSuccinctVerifyingKey}, @@ -13,6 +12,7 @@ use crate::{ Itertools, }, }; +use ff::PrimeField; use std::{ collections::{BTreeMap, BTreeSet}, marker::PhantomData, diff --git a/snark-verifier/src/system/halo2.rs b/snark-verifier/src/system/halo2.rs index 7ca6f40e..a382f13b 100644 --- a/snark-verifier/src/system/halo2.rs +++ b/snark-verifier/src/system/halo2.rs @@ -1,4 +1,3 @@ -use crate::halo2_proofs::ff::PrimeField; use crate::halo2_proofs::{ plonk::{self, Any, ConstraintSystem, FirstPhase, SecondPhase, ThirdPhase, VerifyingKey}, poly::{self, commitment::Params}, @@ -14,7 +13,8 @@ use crate::{ }, Protocol, }; -use halo2_proofs::ff::FromUniformBytes; +use ff::FromUniformBytes; +use ff::PrimeField; use num_integer::Integer; use std::{io, iter, mem::size_of}; diff --git a/snark-verifier/src/system/halo2/test.rs b/snark-verifier/src/system/halo2/test.rs index a391ec7a..88fef15c 100644 --- a/snark-verifier/src/system/halo2/test.rs +++ b/snark-verifier/src/system/halo2/test.rs @@ -10,7 +10,8 @@ use crate::halo2_proofs::{ transcript::{EncodedChallenge, TranscriptReadBuffer, TranscriptWriterBuffer}, }; use crate::util::arithmetic::CurveAffine; -use halo2_proofs::ff::FromUniformBytes; +use ff::{PrimeField, WithSmallOrderMulGroup}; +use halo2_base::utils::ScalarField; use rand_chacha::rand_core::RngCore; use std::{fs, io::Cursor}; @@ -47,7 +48,7 @@ pub fn create_proof_checked<'a, S, C, P, V, VS, TW, TR, EC, R>( ) -> Vec where S: CommitmentScheme, - S::Scalar: FromUniformBytes<64> + Ord, + S::Scalar: ScalarField + PrimeField + WithSmallOrderMulGroup<3>, S::ParamsVerifier: 'a, C: Circuit, P: Prover<'a, S>, diff --git a/snark-verifier/src/system/halo2/test/circuit/standard.rs b/snark-verifier/src/system/halo2/test/circuit/standard.rs index 75545998..c55a1f77 100644 --- a/snark-verifier/src/system/halo2/test/circuit/standard.rs +++ b/snark-verifier/src/system/halo2/test/circuit/standard.rs @@ -3,7 +3,7 @@ use crate::halo2_proofs::{ plonk::{Advice, Circuit, Column, ConstraintSystem, Error, Fixed, Instance}, poly::Rotation, }; -use halo2_proofs::ff::PrimeField; +use ff::PrimeField; use rand::RngCore; #[allow(dead_code)] diff --git a/snark-verifier/src/system/halo2/test/kzg.rs b/snark-verifier/src/system/halo2/test/kzg.rs index ae9441f1..32b6564b 100644 --- a/snark-verifier/src/system/halo2/test/kzg.rs +++ b/snark-verifier/src/system/halo2/test/kzg.rs @@ -1,6 +1,6 @@ use crate::halo2_proofs::poly::kzg::commitment::ParamsKZG; use crate::util::arithmetic::MultiMillerLoop; -use halo2_proofs::ff::PrimeField; +use ff::PrimeField; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; mod native; diff --git a/snark-verifier/src/system/halo2/transcript.rs b/snark-verifier/src/system/halo2/transcript.rs index 8b1b19b4..a006a349 100644 --- a/snark-verifier/src/system/halo2/transcript.rs +++ b/snark-verifier/src/system/halo2/transcript.rs @@ -7,7 +7,7 @@ use crate::{ }, Error, }; -use halo2_proofs::ff::FromUniformBytes; +use ff::FromUniformBytes; use halo2_proofs::transcript::{Blake2bRead, Blake2bWrite, Challenge255}; use std::io::{Read, Write}; diff --git a/snark-verifier/src/system/halo2/transcript/halo2.rs b/snark-verifier/src/system/halo2/transcript/halo2.rs index 6d421963..c04e27da 100644 --- a/snark-verifier/src/system/halo2/transcript/halo2.rs +++ b/snark-verifier/src/system/halo2/transcript/halo2.rs @@ -13,8 +13,8 @@ use crate::{ }, Error, }; -use halo2_proofs::curves::serde::SerdeObject; -use halo2_proofs::ff::FromUniformBytes; +use ff::FromUniformBytes; +use halo2_proofs::halo2curves::serde::SerdeObject; use halo2_proofs::{circuit::Value, transcript::EncodedChallenge}; use std::{ io::{self, Read, Write}, @@ -318,7 +318,8 @@ impl EncodedChallenge for ChallengeScalar { impl halo2_proofs::transcript::Transcript> - for PoseidonTranscript where + for PoseidonTranscript +where C::ScalarExt: SerdeObject + FromUniformBytes<64>, { fn squeeze_challenge(&mut self) -> ChallengeScalar { @@ -423,13 +424,14 @@ where mod halo2_lib { use crate::halo2_curves::CurveAffineExt; use crate::system::halo2::transcript::halo2::NativeEncoding; - use halo2_base::utils::PrimeField; + use ff::PrimeField; + use halo2_base::utils::ScalarField; use halo2_ecc::ecc::BaseFieldEccChip; impl<'a, C: CurveAffineExt> NativeEncoding<'a, C> for BaseFieldEccChip where - C::Scalar: PrimeField, - C::Base: PrimeField, + C::ScalarExt: ScalarField + PrimeField, + C::Base: ScalarField + PrimeField, { fn encode( &self, diff --git a/snark-verifier/src/util/hash/poseidon.rs b/snark-verifier/src/util/hash/poseidon.rs index 7e773f8b..2334eed5 100644 --- a/snark-verifier/src/util/hash/poseidon.rs +++ b/snark-verifier/src/util/hash/poseidon.rs @@ -3,8 +3,8 @@ use crate::{ loader::{LoadedScalar, ScalarLoader}, util::Itertools, }; -use halo2_proofs::curves::serde::SerdeObject; -use halo2_proofs::ff::{FromUniformBytes, PrimeField}; +use ff::{FromUniformBytes, PrimeField}; +use halo2_proofs::halo2curves::serde::SerdeObject; use std::{iter, marker::PhantomData, mem}; #[derive(Clone)]