Skip to content

Commit

Permalink
Initial checkpoint for halo2-ecc v0.3.0 (#15)
Browse files Browse the repository at this point in the history
* chore: clippy --fix

* Feat/add readme (#4)

* feat: add README

* feat: re-enable `secp256k1` module with updated tests

* chore: fix result println

* chore: update Cargo halo2_proofs_axiom to axiom/dev branch

* compatibility update with `halo2_proofs_axiom`

Co-authored-by: Matthias Seitz <[email protected]>
  • Loading branch information
jonathanpwang and mattsse authored Apr 15, 2023
1 parent 8ab531c commit ac1a926
Show file tree
Hide file tree
Showing 15 changed files with 447 additions and 316 deletions.
277 changes: 277 additions & 0 deletions README.md

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion halo2-base/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"

# Use Axiom's custom halo2 monorepo for faster proving when feature = "halo2-axiom" is on
halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true }
halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", branch = "axiom/dev", package = "halo2_proofs", optional = true }
# Use PSE halo2 and halo2curves for compatibility when feature = "halo2-pse" is on
halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_01_20", optional = true }

Expand Down
37 changes: 20 additions & 17 deletions halo2-base/src/gates/builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ impl<F: ScalarField> GateThreadBuilder<F> {
let column = basic_gate.value;
let value = if use_unknown { Value::unknown() } else { Value::known(advice) };
#[cfg(feature = "halo2-axiom")]
let cell = region.assign_advice(column, row_offset, value);
let cell = *region.assign_advice(column, row_offset, value).cell();
#[cfg(not(feature = "halo2-axiom"))]
let cell =
region.assign_advice(|| "", column, row_offset, || value).unwrap().cell();
Expand All @@ -188,7 +188,7 @@ impl<F: ScalarField> GateThreadBuilder<F> {
#[cfg(feature = "halo2-axiom")]
{
let ncell = region.assign_advice(column, row_offset, value);
region.constrain_equal(&ncell, &cell);
region.constrain_equal(ncell.cell(), &cell);
}
#[cfg(not(feature = "halo2-axiom"))]
{
Expand Down Expand Up @@ -270,7 +270,7 @@ impl<F: ScalarField> GateThreadBuilder<F> {
#[cfg(feature = "halo2-axiom")]
{
let bcell = region.assign_advice(column, lookup_offset, value);
region.constrain_equal(&acell, &bcell);
region.constrain_equal(&acell, bcell.cell());
}
#[cfg(not(feature = "halo2-axiom"))]
{
Expand Down Expand Up @@ -315,21 +315,24 @@ pub fn assign_threads_in<F: ScalarField>(
let mut lookup_advice = lookup_advice.iter();
let mut lookup_column = lookup_advice.next();
for ctx in threads {
for advice in ctx.cells_to_lookup {
if lookup_offset >= config.max_rows {
lookup_offset = 0;
lookup_column = lookup_advice.next();
}
let value = advice.value;
let lookup_column = *lookup_column.unwrap();
#[cfg(feature = "halo2-axiom")]
region.assign_advice(lookup_column, lookup_offset, Value::known(value));
#[cfg(not(feature = "halo2-axiom"))]
region
.assign_advice(|| "", lookup_column, lookup_offset, || Value::known(value))
.unwrap();
// if lookup_column is empty, that means there should be a single advice column and it has lookup enabled, so we don't need to copy to special lookup advice columns
if lookup_column.is_some() {
for advice in ctx.cells_to_lookup {
if lookup_offset >= config.max_rows {
lookup_offset = 0;
lookup_column = lookup_advice.next();
}
let value = advice.value;
let lookup_column = *lookup_column.unwrap();
#[cfg(feature = "halo2-axiom")]
region.assign_advice(lookup_column, lookup_offset, Value::known(value));
#[cfg(not(feature = "halo2-axiom"))]
region
.assign_advice(|| "", lookup_column, lookup_offset, || Value::known(value))
.unwrap();

lookup_offset += 1;
lookup_offset += 1;
}
}
for advice in ctx.advice {
#[cfg(feature = "halo2-axiom")]
Expand Down
8 changes: 4 additions & 4 deletions halo2-ecc/configs/bn254/bench_pairing.config
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{"strategy":"Simple","degree":14,"num_advice":221,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
{"strategy":"Simple","degree":15,"num_advice":106,"num_lookup_advice":14,"num_fixed":1,"lookup_bits":14,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":16,"num_advice":51,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":14,"num_advice":211,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
{"strategy":"Simple","degree":15,"num_advice":105,"num_lookup_advice":14,"num_fixed":1,"lookup_bits":14,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":16,"num_advice":50,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":17,"num_advice":25,"num_lookup_advice":3,"num_fixed":1,"lookup_bits":16,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":18,"num_advice":13,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":17,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":19,"num_advice":6,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":18,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":20,"num_advice":4,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":19,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":20,"num_advice":3,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":19,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":21,"num_advice":2,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":20,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":22,"num_advice":1,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":21,"limb_bits":88,"num_limbs":3}
10 changes: 5 additions & 5 deletions halo2-ecc/configs/secp256k1/bench_ecdsa.config
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{"strategy":"Simple","degree":19,"num_advice":1,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":18,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":18,"num_advice":2,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":17,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":17,"num_advice":4,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":16,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":16,"num_advice":9,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":16,"num_advice":8,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":15,"num_advice":17,"num_lookup_advice":3,"num_fixed":1,"lookup_bits":14,"limb_bits":90,"num_limbs":3}
{"strategy":"Simple","degree":14,"num_advice":36,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
{"strategy":"Simple","degree":13,"num_advice":71,"num_lookup_advice":12,"num_fixed":1,"lookup_bits":12,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":12,"num_advice":142,"num_lookup_advice":24,"num_fixed":2,"lookup_bits":11,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":11,"num_advice":305,"num_lookup_advice":53,"num_fixed":4,"lookup_bits":10,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":14,"num_advice":34,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
{"strategy":"Simple","degree":13,"num_advice":68,"num_lookup_advice":12,"num_fixed":1,"lookup_bits":12,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":12,"num_advice":139,"num_lookup_advice":24,"num_fixed":2,"lookup_bits":11,"limb_bits":88,"num_limbs":3}
{"strategy":"Simple","degree":11,"num_advice":291,"num_lookup_advice":53,"num_fixed":4,"lookup_bits":10,"limb_bits":88,"num_limbs":3}
3 changes: 0 additions & 3 deletions halo2-ecc/src/bigint/big_is_zero.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
use super::{CRTInteger, OverflowInteger};
use halo2_base::{gates::GateInstructions, utils::ScalarField, AssignedValue, Context};
use num_bigint::BigInt;
use num_traits::Zero;

/// assume you know that the limbs of `a` are all in [0, 2^{a.max_limb_bits})
pub fn positive<F: ScalarField>(
Expand Down Expand Up @@ -40,7 +38,6 @@ pub fn crt<F: ScalarField>(
ctx: &mut Context<F>,
a: &CRTInteger<F>,
) -> AssignedValue<F> {
debug_assert_eq!(a.value, BigInt::zero());
let out_trunc = assign::<F>(gate, ctx, &a.truncation);
let out_native = gate.is_zero(ctx, a.native);
gate.and(ctx, out_trunc, out_native)
Expand Down
8 changes: 3 additions & 5 deletions halo2-ecc/src/bigint/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,17 @@ pub mod sub;
pub mod sub_no_carry;

#[derive(Clone, Debug, PartialEq)]
#[derive(Default)]
pub enum BigIntStrategy {
// use existing gates
#[default]
Simple,
// vertical custom gates of length 4 for dot product between an unknown vector and a constant vector, both of length 3
// we restrict to gate of length 4 since this uses the same set of evaluation points Rotation(0..=3) as our simple gate
// CustomVerticalShort,
}

impl Default for BigIntStrategy {
fn default() -> Self {
BigIntStrategy::Simple
}
}


#[derive(Clone, Debug)]
pub struct OverflowInteger<F: ScalarField> {
Expand Down
2 changes: 1 addition & 1 deletion halo2-ecc/src/bn254/tests/pairing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ fn bench_pairing() -> Result<(), Box<dyn std::error::Error>> {

let results_path = "results/bn254/pairing_bench.csv";
let mut fs_results = File::create(results_path).unwrap();
writeln!(fs_results, "degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,vk_size,proof_time,proof_size,verify_time")?;
writeln!(fs_results, "degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,proof_time,proof_size,verify_time")?;

let bench_params_reader = BufReader::new(bench_params_file);
for line in bench_params_reader.lines() {
Expand Down
11 changes: 5 additions & 6 deletions halo2-ecc/src/ecc/fixed_base.rs
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,8 @@ where
.flat_map(|scalar_chunk| chip.gate().num_to_bits(ctx, scalar_chunk, max_bits))
.collect::<Vec<_>>();

let cached_point_window_rev = cached_points.chunks(1usize << window_bits).into_iter().rev();
let bit_window_rev = bits.chunks(window_bits).into_iter().rev();
let cached_point_window_rev = cached_points.chunks(1usize << window_bits).rev();
let bit_window_rev = bits.chunks(window_bits).rev();
let mut curr_point = None;
// `is_started` is just a way to deal with if `curr_point` is actually identity
let mut is_started = ctx.load_zero();
Expand Down Expand Up @@ -228,12 +228,11 @@ where

let sm = cached_points
.chunks(cached_points.len() / points.len())
.into_iter()
.zip(bits.chunks(total_bits).into_iter())
.zip(bits.chunks(total_bits))
.map(|(cached_points, bits)| {
let cached_point_window_rev =
cached_points.chunks(1usize << window_bits).into_iter().rev();
let bit_window_rev = bits.chunks(window_bits).into_iter().rev();
cached_points.chunks(1usize << window_bits).rev();
let bit_window_rev = bits.chunks(window_bits).rev();
let mut curr_point = None;
// `is_started` is just a way to deal with if `curr_point` is actually identity
let mut is_started = ctx.load_zero();
Expand Down
3 changes: 1 addition & 2 deletions halo2-ecc/src/ecc/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -526,8 +526,7 @@ where
}
for (cached_points, rounded_bits) in cached_points
.chunks(cache_size)
.into_iter()
.zip(rounded_bits.chunks(rounded_bitlen).into_iter())
.zip(rounded_bits.chunks(rounded_bitlen))
{
let add_point = ec_select_from_bits::<F, FC>(
chip,
Expand Down
2 changes: 1 addition & 1 deletion halo2-ecc/src/ecc/pippenger.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ where

let mut bucket = Vec::with_capacity(1 << c);
let mut rand_point = rand_base.clone();
for (round, points_clump) in points.chunks(c).into_iter().enumerate() {
for (round, points_clump) in points.chunks(c).enumerate() {
// compute all possible multi-products of elements in points[round * c .. round * (c+1)]

// for later addition collision-prevension, we need a different random point per round
Expand Down
2 changes: 1 addition & 1 deletion halo2-ecc/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ pub mod ecc;
pub mod fields;

pub mod bn254;
//pub mod secp256k1;
pub mod secp256k1;

pub use halo2_base;
pub(crate) use halo2_base::halo2_proofs;
12 changes: 5 additions & 7 deletions halo2-ecc/src/secp256k1/mod.rs
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
use crate::halo2_proofs::halo2curves::secp256k1::Fp;
use crate::halo2_proofs::halo2curves::secp256k1::{Fp, Fq};

use crate::ecc;
use crate::fields::fp;

#[allow(dead_code)]
type FpChip<F> = fp::FpConfig<F, Fp>;
#[allow(dead_code)]
type Secp256k1Chip<F> = ecc::EccChip<F, FpChip<F>>;
#[allow(dead_code)]
const SECP_B: u64 = 7;
pub type FpChip<'range, F> = fp::FpChip<'range, F, Fp>;
pub type FqChip<'range, F> = fp::FpChip<'range, F, Fq>;
pub type Secp256k1Chip<'chip, F> = ecc::EccChip<'chip, F, FpChip<'chip, F>>;
pub const SECP_B: u64 = 7;

#[cfg(test)]
mod tests;
Loading

0 comments on commit ac1a926

Please sign in to comment.