From 451a9a93f1ae20d5cb35f5d8531546902b16f021 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Thu, 2 Feb 2023 21:41:17 -0500 Subject: [PATCH 1/7] halo2-ecc-ecdsa-0129 --- Cargo.toml | 16 +- halo2-base/Cargo.toml | 20 +- halo2-base/src/gates/flex_gate.rs | 45 +-- halo2-base/src/gates/mod.rs | 14 +- halo2-base/src/gates/range.rs | 19 +- halo2-base/src/lib.rs | 277 +++++++++--------- halo2-base/src/utils.rs | 124 ++++---- halo2-ecc/Cargo.toml | 4 +- halo2-ecc/params/kzg_bn254_14.srs | 0 halo2-ecc/params/kzg_bn254_15.srs | 0 halo2-ecc/params/kzg_bn254_17.srs | 0 .../bn254/configs/ec_add_circuit.tmp.config | 1 + .../configs/fixed_msm_circuit.tmp.config | 1 + .../src/bn254/configs/msm_circuit.tmp.config | 1 + .../bn254/configs/pairing_circuit.tmp.config | 1 + halo2-ecc/src/bn254/results/ec_add_bench.csv | 1 + .../src/bn254/results/fixed_msm_bench.csv | 1 + halo2-ecc/src/bn254/results/msm_bench.csv | 1 + halo2-ecc/src/bn254/results/pairing_bench.csv | 1 + halo2-ecc/src/secp256k1/tests/ecdsa.rs | 3 + 20 files changed, 283 insertions(+), 247 deletions(-) create mode 100644 halo2-ecc/params/kzg_bn254_14.srs create mode 100644 halo2-ecc/params/kzg_bn254_15.srs create mode 100644 halo2-ecc/params/kzg_bn254_17.srs create mode 100644 halo2-ecc/src/bn254/configs/ec_add_circuit.tmp.config create mode 100644 halo2-ecc/src/bn254/configs/fixed_msm_circuit.tmp.config create mode 100644 halo2-ecc/src/bn254/configs/msm_circuit.tmp.config create mode 100644 halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config create mode 100644 halo2-ecc/src/bn254/results/ec_add_bench.csv create mode 100644 halo2-ecc/src/bn254/results/fixed_msm_bench.csv create mode 100644 halo2-ecc/src/bn254/results/msm_bench.csv create mode 100644 halo2-ecc/src/bn254/results/pairing_bench.csv diff --git a/Cargo.toml b/Cargo.toml index 4f01110c..0eaa9302 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ members = [ "halo2-base", "halo2-ecc", - "hashes/zkevm-keccak", + # "hashes/zkevm-keccak", ] [profile.dev] @@ -40,6 +40,14 @@ inherits = "release" debug = true # patch so snark-verifier uses this crate's halo2-base -[patch."https://github.com/axiom-crypto/halo2-lib.git"] -halo2-base = { path = "./halo2-base" } -halo2-ecc = { path = "./halo2-ecc" } +# [patch."https://github.com/axiom-crypto/halo2-lib.git"] +# halo2-base = { path = "./halo2-base" } +# halo2-ecc = { path = "./halo2-ecc" } + +# [patch."https://github.com/privacy-scaling-explorations/halo2.git"] +# halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "scroll-dev-1220" } + + + +# [patch."https://github.com/privacy-scaling-explorations/halo2curves.git"] +# halo2curves = { git = 'https://github.com/scroll-tech/halo2curves', branch = "main" } \ No newline at end of file diff --git a/halo2-base/Cargo.toml b/halo2-base/Cargo.toml index 0046f2e0..7c2128f2 100644 --- a/halo2-base/Cargo.toml +++ b/halo2-base/Cargo.toml @@ -13,9 +13,10 @@ rustc-hash = "1.1" ff = "0.12" # Use Axiom's custom halo2 monorepo for faster proving when feature = "halo2-axiom" is on -halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true } +# halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true } # Use PSE halo2 and halo2curves for compatibility when feature = "halo2-pse" is on -halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_01_20", optional = true } +# halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_01_20", optional = true } +halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-ecdsa-0129" } # plotting circuit layout plotters = { version = "0.3.0", optional = true } @@ -35,12 +36,17 @@ jemallocator = { version = "0.5", optional = true } mimalloc = { version = "0.1", default-features = false, optional = true } [features] -default = ["halo2-axiom", "display"] -dev-graph = ["halo2_proofs?/dev-graph", "halo2_proofs_axiom?/dev-graph", "plotters"] -halo2-pse = ["halo2_proofs"] -halo2-axiom = ["halo2_proofs_axiom"] +default = [ "halo2-pse", "display"] +dev-graph = [ + "halo2_proofs/dev-graph", + # "halo2_proofs_axiom?/dev-graph", + "plotters" + ] +# halo2-pse = ["halo2_proofs"] +halo2-pse = [] +# halo2-axiom = ["halo2_proofs_axiom"] display = [] -profile = ["halo2_proofs_axiom?/profile"] +# profile = ["halo2_proofs_axiom?/profile"] [[bench]] name = "mul" diff --git a/halo2-base/src/gates/flex_gate.rs b/halo2-base/src/gates/flex_gate.rs index fdbd8652..14a798f8 100644 --- a/halo2-base/src/gates/flex_gate.rs +++ b/halo2-base/src/gates/flex_gate.rs @@ -5,7 +5,14 @@ use super::{ use crate::halo2_proofs::{ circuit::Value, plonk::{ - Advice, Assigned, Column, ConstraintSystem, FirstPhase, Fixed, SecondPhase, Selector, + Advice, + // Assigned, + Column, + ConstraintSystem, + FirstPhase, + Fixed, + SecondPhase, + Selector, ThirdPhase, }, poly::Rotation, @@ -400,14 +407,14 @@ impl GateInstructions for FlexGateConfig { if self.strategy == GateStrategy::PlonkPlus { let q_coeff = q_coeff.unwrap_or([F::one(), F::zero(), F::zero()]); for (j, q_coeff) in q_coeff.into_iter().enumerate() { - #[cfg(feature = "halo2-axiom")] - { - ctx.region.assign_fixed( - basic_gate.q_enable_plus[0], - ((row_offset as isize) + i) as usize + j, - Assigned::Trivial(q_coeff), - ); - } + // #[cfg(feature = "halo2-axiom")] + // { + // ctx.region.assign_fixed( + // basic_gate.q_enable_plus[0], + // ((row_offset as isize) + i) as usize + j, + // Assigned::Trivial(q_coeff), + // ); + // } #[cfg(feature = "halo2-pse")] { ctx.region @@ -486,14 +493,14 @@ impl GateInstructions for FlexGateConfig { if self.strategy == GateStrategy::PlonkPlus { let q_coeff = q_coeff.unwrap_or([F::one(), F::zero(), F::zero()]); for (j, q_coeff) in q_coeff.into_iter().enumerate() { - #[cfg(feature = "halo2-axiom")] - { - ctx.region.assign_fixed( - basic_gate.q_enable_plus[0], - ((row_offset as isize) + i) as usize + j, - Assigned::Trivial(q_coeff), - ); - } + // #[cfg(feature = "halo2-axiom")] + // { + // ctx.region.assign_fixed( + // basic_gate.q_enable_plus[0], + // ((row_offset as isize) + i) as usize + j, + // Assigned::Trivial(q_coeff), + // ); + // } #[cfg(feature = "halo2-pse")] { ctx.region @@ -750,7 +757,7 @@ impl GateInstructions for FlexGateConfig { ], vec![(0, Some([F::zero(), F::one(), -F::one()])), (3, None)], ); - ctx.region.constrain_equal(assignments[2].cell(), assignments[5].cell()); + ctx.region.constrain_equal(assignments[2].cell(), assignments[5].cell()).unwrap(); assignments.pop().unwrap() } } @@ -815,7 +822,7 @@ impl GateInstructions for FlexGateConfig { self.pow_of_two[..range_bits].iter().map(|c| Constant(*c)), &mut bit_cells, ); - ctx.region.constrain_equal(a.cell(), acc.cell()); + ctx.region.constrain_equal(a.cell(), acc.cell()).unwrap(); for bit_cell in &bit_cells { self.assign_region( diff --git a/halo2-base/src/gates/mod.rs b/halo2-base/src/gates/mod.rs index 52706772..4435ea72 100644 --- a/halo2-base/src/gates/mod.rs +++ b/halo2-base/src/gates/mod.rs @@ -78,10 +78,12 @@ pub trait GateInstructions { let assignments = self.assign_region(ctx, inputs, gate_offsets.into_iter().map(|i| (i as isize, None))); for (offset1, offset2) in equality_offsets.into_iter() { - ctx.region.constrain_equal(assignments[offset1].cell(), assignments[offset2].cell()); + ctx.region + .constrain_equal(assignments[offset1].cell(), assignments[offset2].cell()) + .unwrap(); } for (assigned, eq_offset) in external_equality.into_iter() { - ctx.region.constrain_equal(assigned.cell(), assignments[eq_offset].cell()); + ctx.region.constrain_equal(assigned.cell(), assignments[eq_offset].cell()).unwrap(); } assignments } @@ -198,7 +200,7 @@ pub trait GateInstructions { let out_val = a.value().zip(b.value()).map(|(a, b)| (F::one() - a) * b); let assignments = self.assign_region(ctx, vec![Witness(out_val), a, b.clone(), b], vec![(0, None)]); - ctx.region.constrain_equal(assignments[2].cell(), assignments[3].cell()); + ctx.region.constrain_equal(assignments[2].cell(), assignments[3].cell()).unwrap(); assignments.into_iter().next().unwrap() } @@ -227,7 +229,7 @@ pub trait GateInstructions { fn assert_equal(&self, ctx: &mut Context<'_, F>, a: QuantumCell, b: QuantumCell) { if let (Existing(a), Existing(b)) = (&a, &b) { - ctx.region.constrain_equal(a.cell(), b.cell()); + ctx.region.constrain_equal(a.cell(), b.cell()).unwrap(); } else { self.assign_region_smart( ctx, @@ -241,8 +243,8 @@ pub trait GateInstructions { fn assert_is_const(&self, ctx: &mut Context<'_, F>, a: &AssignedValue, constant: F) { let c_cell = ctx.assign_fixed(constant); - #[cfg(feature = "halo2-axiom")] - ctx.region.constrain_equal(a.cell(), &c_cell); + // #[cfg(feature = "halo2-axiom")] + // ctx.region.constrain_equal(a.cell(), &c_cell); #[cfg(feature = "halo2-pse")] ctx.region.constrain_equal(a.cell(), c_cell).unwrap(); } diff --git a/halo2-base/src/gates/range.rs b/halo2-base/src/gates/range.rs index 07033ee7..b33c874f 100644 --- a/halo2-base/src/gates/range.rs +++ b/halo2-base/src/gates/range.rs @@ -1,3 +1,10 @@ +use crate::halo2_proofs::{ + circuit::{Layouter, Value}, + plonk::{ + Advice, Column, ConstraintSystem, Error, SecondPhase, Selector, TableColumn, ThirdPhase, + }, + poly::Rotation, +}; use crate::{ gates::{ flex_gate::{FlexGateConfig, GateStrategy, MAX_PHASE}, @@ -7,16 +14,6 @@ use crate::{ AssignedValue, QuantumCell::{self, Constant, Existing, Witness}, }; -use crate::{ - halo2_proofs::{ - circuit::{Layouter, Value}, - plonk::{ - Advice, Column, ConstraintSystem, Error, SecondPhase, Selector, TableColumn, ThirdPhase, - }, - poly::Rotation, - }, - utils::PrimeField, -}; use std::cmp::Ordering; use super::{Context, RangeInstructions}; @@ -220,7 +217,7 @@ impl RangeConfig { ), }; // the inner product above must equal `a` - ctx.region.constrain_equal(a.cell(), acc.cell()); + ctx.region.constrain_equal(a.cell(), acc.cell()).unwrap(); }; assert_eq!(limbs_assigned.len(), k); diff --git a/halo2-base/src/lib.rs b/halo2-base/src/lib.rs index 13fb664d..57b2d568 100644 --- a/halo2-base/src/lib.rs +++ b/halo2-base/src/lib.rs @@ -17,21 +17,26 @@ use mimalloc::MiMalloc; #[global_allocator] static GLOBAL: MiMalloc = MiMalloc; -#[cfg(all(feature = "halo2-pse", feature = "halo2-axiom"))] -compile_error!( - "Cannot have both \"halo2-pse\" and \"halo2-axiom\" features enabled at the same time!" -); +// #[cfg(all(feature = "halo2-pse", feature = "halo2-axiom"))] +// compile_error!( +// "Cannot have both \"halo2-pse\" and \"halo2-axiom\" features enabled at the same time!" +// ); #[cfg(not(any(feature = "halo2-pse", feature = "halo2-axiom")))] compile_error!("Must enable exactly one of \"halo2-pse\" or \"halo2-axiom\" features to choose which halo2_proofs crate to use."); use gates::flex_gate::MAX_PHASE; #[cfg(feature = "halo2-pse")] pub use halo2_proofs; -#[cfg(feature = "halo2-axiom")] -pub use halo2_proofs_axiom as halo2_proofs; +// #[cfg(feature = "halo2-axiom")] +// pub use halo2_proofs_axiom as halo2_proofs; use halo2_proofs::{ - circuit::{AssignedCell, Cell, Region, Value}, + circuit::{ + // AssignedCell, + Cell, + Region, + Value, + }, plonk::{Advice, Assigned, Column, Fixed}, }; use rustc_hash::FxHashMap; @@ -44,8 +49,8 @@ pub mod gates; // pub mod hashes; pub mod utils; -#[cfg(feature = "halo2-axiom")] -pub const SKIP_FIRST_PASS: bool = false; +// #[cfg(feature = "halo2-axiom")] +// pub const SKIP_FIRST_PASS: bool = false; #[cfg(feature = "halo2-pse")] pub const SKIP_FIRST_PASS: bool = true; @@ -74,9 +79,8 @@ impl QuantumCell<'_, '_, F> { #[derive(Clone, Debug)] pub struct AssignedValue<'a, F: ScalarField> { - #[cfg(feature = "halo2-axiom")] - pub cell: AssignedCell<&'a Assigned, F>, - + // #[cfg(feature = "halo2-axiom")] + // pub cell: AssignedCell<&'a Assigned, F>, #[cfg(feature = "halo2-pse")] pub cell: Cell, #[cfg(feature = "halo2-pse")] @@ -97,10 +101,10 @@ impl<'a, F: ScalarField> AssignedValue<'a, F> { } pub fn row(&self) -> usize { - #[cfg(feature = "halo2-axiom")] - { - self.cell.row_offset() - } + // #[cfg(feature = "halo2-axiom")] + // { + // self.cell.row_offset() + // } #[cfg(feature = "halo2-pse")] { @@ -108,43 +112,43 @@ impl<'a, F: ScalarField> AssignedValue<'a, F> { } } - #[cfg(feature = "halo2-axiom")] - pub fn cell(&self) -> &Cell { - self.cell.cell() - } + // #[cfg(feature = "halo2-axiom")] + // pub fn cell(&self) -> &Cell { + // self.cell.cell() + // } #[cfg(feature = "halo2-pse")] pub fn cell(&self) -> Cell { self.cell } pub fn value(&self) -> Value<&F> { - #[cfg(feature = "halo2-axiom")] - { - self.cell.value().map(|a| match *a { - Assigned::Trivial(a) => a, - _ => unreachable!(), - }) - } + // #[cfg(feature = "halo2-axiom")] + // { + // self.cell.value().map(|a| match *a { + // Assigned::Trivial(a) => a, + // _ => unreachable!(), + // }) + // } #[cfg(feature = "halo2-pse")] { self.value.as_ref() } } - #[cfg(feature = "halo2-axiom")] - pub fn copy_advice<'v>( - &'a self, - region: &mut Region<'_, F>, - column: Column, - offset: usize, - ) -> AssignedCell<&'v Assigned, F> { - let assigned_cell = region - .assign_advice(column, offset, self.cell.value().map(|v| **v)) - .unwrap_or_else(|err| panic!("{err:?}")); - region.constrain_equal(assigned_cell.cell(), self.cell()); - - assigned_cell - } + // #[cfg(feature = "halo2-axiom")] + // pub fn copy_advice<'v>( + // &'a self, + // region: &mut Region<'_, F>, + // column: Column, + // offset: usize, + // ) -> AssignedCell<&'v Assigned, F> { + // let assigned_cell = region + // .assign_advice(column, offset, self.cell.value().map(|v| **v)) + // .unwrap_or_else(|err| panic!("{err:?}")); + // region.constrain_equal(assigned_cell.cell(), self.cell()); + + // assigned_cell + // } #[cfg(feature = "halo2-pse")] pub fn copy_advice( @@ -193,8 +197,8 @@ pub struct Context<'a, F: ScalarField> { fixed_col: usize, fixed_offset: usize, // fxhash is faster than normal HashMap: https://nnethercote.github.io/perf-book/hashing.html - #[cfg(feature = "halo2-axiom")] - pub assigned_constants: FxHashMap, + // #[cfg(feature = "halo2-axiom")] + // pub assigned_constants: FxHashMap, // PSE's halo2curves does not derive Hash #[cfg(feature = "halo2-pse")] pub assigned_constants: FxHashMap, Cell>, @@ -282,12 +286,12 @@ impl<'a, F: ScalarField> Context<'a, F> { { self.advice_alloc_cache[self.current_phase] = self.advice_alloc.clone(); } - #[cfg(feature = "halo2-axiom")] - self.region.next_phase(); - self.current_phase += 1; - for advice_alloc in self.advice_alloc.iter_mut() { - *advice_alloc = (0, 0); - } + // #[cfg(feature = "halo2-axiom")] + // self.region.next_phase(); + // self.current_phase += 1; + // for advice_alloc in self.advice_alloc.iter_mut() { + // *advice_alloc = (0, 0); + // } assert!(self.current_phase < MAX_PHASE); } @@ -302,17 +306,17 @@ impl<'a, F: ScalarField> Context<'a, F> { ((self.total_fixed + self.max_rows - 1) / self.max_rows, self.total_fixed) } - #[cfg(feature = "halo2-axiom")] - pub fn assign_fixed(&mut self, c: F) -> Cell { - let fixed = self.assigned_constants.get(&c); - if let Some(cell) = fixed { - *cell - } else { - let cell = self.assign_fixed_without_caching(c); - self.assigned_constants.insert(c, cell); - cell - } - } + // #[cfg(feature = "halo2-axiom")] + // pub fn assign_fixed(&mut self, c: F) -> Cell { + // let fixed = self.assigned_constants.get(&c); + // if let Some(cell) = fixed { + // *cell + // } else { + // let cell = self.assign_fixed_without_caching(c); + // self.assigned_constants.insert(c, cell); + // cell + // } + // } #[cfg(feature = "halo2-pse")] pub fn assign_fixed(&mut self, c: F) -> Cell { let fixed = self.assigned_constants.get(c.to_repr().as_ref()); @@ -329,12 +333,12 @@ impl<'a, F: ScalarField> Context<'a, F> { /// /// In situations where you don't expect to reuse the value, you can assign the fixed value directly using this function. pub fn assign_fixed_without_caching(&mut self, c: F) -> Cell { - #[cfg(feature = "halo2-axiom")] - let cell = self.region.assign_fixed( - self.fixed_columns[self.fixed_col], - self.fixed_offset, - Assigned::Trivial(c), - ); + // #[cfg(feature = "halo2-axiom")] + // let cell = self.region.assign_fixed( + // self.fixed_columns[self.fixed_col], + // self.fixed_offset, + // Assigned::Trivial(c), + // ); #[cfg(feature = "halo2-pse")] let cell = self .region @@ -358,71 +362,71 @@ impl<'a, F: ScalarField> Context<'a, F> { cell } - /// Assuming that this is only called if ctx.region is not in shape mode! - #[cfg(feature = "halo2-axiom")] - pub fn assign_cell<'v>( - &mut self, - input: QuantumCell<'_, 'v, F>, - column: Column, - #[cfg(feature = "display")] context_id: usize, - row_offset: usize, - ) -> AssignedValue<'v, F> { - match input { - QuantumCell::Existing(acell) => { - AssignedValue { - cell: acell.copy_advice( - // || "gate: copy advice", - &mut self.region, - column, - row_offset, - ), - #[cfg(feature = "display")] - context_id, - } - } - QuantumCell::ExistingOwned(acell) => { - AssignedValue { - cell: acell.copy_advice( - // || "gate: copy advice", - &mut self.region, - column, - row_offset, - ), - #[cfg(feature = "display")] - context_id, - } - } - QuantumCell::Witness(val) => AssignedValue { - cell: self - .region - .assign_advice(column, row_offset, val.map(Assigned::Trivial)) - .expect("assign advice should not fail"), - #[cfg(feature = "display")] - context_id, - }, - QuantumCell::WitnessFraction(val) => AssignedValue { - cell: self - .region - .assign_advice(column, row_offset, val) - .expect("assign advice should not fail"), - #[cfg(feature = "display")] - context_id, - }, - QuantumCell::Constant(c) => { - let acell = self - .region - .assign_advice(column, row_offset, Value::known(Assigned::Trivial(c))) - .expect("assign fixed advice should not fail"); - let c_cell = self.assign_fixed(c); - self.region.constrain_equal(acell.cell(), &c_cell); - AssignedValue { - cell: acell, - #[cfg(feature = "display")] - context_id, - } - } - } - } + // /// Assuming that this is only called if ctx.region is not in shape mode! + // #[cfg(feature = "halo2-axiom")] + // pub fn assign_cell<'v>( + // &mut self, + // input: QuantumCell<'_, 'v, F>, + // column: Column, + // #[cfg(feature = "display")] context_id: usize, + // row_offset: usize, + // ) -> AssignedValue<'v, F> { + // match input { + // QuantumCell::Existing(acell) => { + // AssignedValue { + // cell: acell.copy_advice( + // // || "gate: copy advice", + // &mut self.region, + // column, + // row_offset, + // ), + // #[cfg(feature = "display")] + // context_id, + // } + // } + // QuantumCell::ExistingOwned(acell) => { + // AssignedValue { + // cell: acell.copy_advice( + // // || "gate: copy advice", + // &mut self.region, + // column, + // row_offset, + // ), + // #[cfg(feature = "display")] + // context_id, + // } + // } + // QuantumCell::Witness(val) => AssignedValue { + // cell: self + // .region + // .assign_advice(column, row_offset, val.map(Assigned::Trivial)) + // .expect("assign advice should not fail"), + // #[cfg(feature = "display")] + // context_id, + // }, + // QuantumCell::WitnessFraction(val) => AssignedValue { + // cell: self + // .region + // .assign_advice(column, row_offset, val) + // .expect("assign advice should not fail"), + // #[cfg(feature = "display")] + // context_id, + // }, + // QuantumCell::Constant(c) => { + // let acell = self + // .region + // .assign_advice(column, row_offset, Value::known(Assigned::Trivial(c))) + // .expect("assign fixed advice should not fail"); + // let c_cell = self.assign_fixed(c); + // self.region.constrain_equal(acell.cell(), &c_cell); + // AssignedValue { + // cell: acell, + // #[cfg(feature = "display")] + // context_id, + // } + // } + // } + // } #[cfg(feature = "halo2-pse")] pub fn assign_cell<'v>( @@ -431,7 +435,7 @@ impl<'a, F: ScalarField> Context<'a, F> { column: Column, #[cfg(feature = "display")] context_id: usize, row_offset: usize, - phase: u8, + _phase: u8, ) -> AssignedValue<'v, F> { match input { QuantumCell::Existing(acell) => { @@ -511,7 +515,7 @@ impl<'a, F: ScalarField> Context<'a, F> { // convenience function to deal with rust warnings pub fn constrain_equal(&mut self, a: &AssignedValue, b: &AssignedValue) { #[cfg(feature = "halo2-axiom")] - self.region.constrain_equal(a.cell(), b.cell()); + self.region.constrain_equal(a.cell(), b.cell()).unwrap(); #[cfg(not(feature = "halo2-axiom"))] self.region.constrain_equal(a.cell(), b.cell()).unwrap(); } @@ -563,13 +567,12 @@ impl<'a, F: ScalarField> Context<'a, F> { pub struct AssignedPrimitive<'a, T: Into + Copy, F: ScalarField> { pub value: Value, - #[cfg(feature = "halo2-axiom")] - pub cell: AssignedCell<&'a Assigned, F>, - + // #[cfg(feature = "halo2-axiom")] + // pub cell: AssignedCell<&'a Assigned, F>, #[cfg(feature = "halo2-pse")] pub cell: Cell, #[cfg(feature = "halo2-pse")] - row_offset: usize, + _row_offset: usize, #[cfg(feature = "halo2-pse")] _marker: PhantomData<&'a F>, } diff --git a/halo2-base/src/utils.rs b/halo2-base/src/utils.rs index bb07150a..fb5bcb8f 100644 --- a/halo2-base/src/utils.rs +++ b/halo2-base/src/utils.rs @@ -1,56 +1,56 @@ #[cfg(feature = "halo2-pse")] use crate::halo2_proofs::arithmetic::CurveAffine; use crate::halo2_proofs::{arithmetic::FieldExt, circuit::Value}; -use core::hash::Hash; +// use core::hash::Hash; use num_bigint::BigInt; use num_bigint::BigUint; use num_bigint::Sign; use num_traits::Signed; use num_traits::{One, Zero}; -#[cfg(feature = "halo2-axiom")] -pub trait BigPrimeField: ScalarField { - fn from_u64_digits(val: &[u64]) -> Self; -} -#[cfg(feature = "halo2-axiom")] -impl BigPrimeField for F -where - F: FieldExt + Hash + Into<[u64; 4]> + From<[u64; 4]>, -{ - #[inline(always)] - fn from_u64_digits(val: &[u64]) -> Self { - debug_assert!(val.len() <= 4); - let mut raw = [0u64; 4]; - raw[..val.len()].copy_from_slice(val); - Self::from(raw) - } -} - -#[cfg(feature = "halo2-axiom")] -pub trait ScalarField: FieldExt + Hash { - /// Returns the base `2^bit_len` little endian representation of the prime field element - /// up to `num_limbs` number of limbs (truncates any extra limbs) - /// - /// Basically same as `to_repr` but does not go further into bytes - /// - /// Undefined behavior if `bit_len > 64` - fn to_u64_limbs(self, num_limbs: usize, bit_len: usize) -> Vec; -} -#[cfg(feature = "halo2-axiom")] -impl ScalarField for F -where - F: FieldExt + Hash + Into<[u64; 4]>, -{ - #[inline(always)] - fn to_u64_limbs(self, num_limbs: usize, bit_len: usize) -> Vec { - let tmp: [u64; 4] = self.into(); - decompose_u64_digits_to_limbs(tmp, num_limbs, bit_len) - } -} +// #[cfg(feature = "halo2-axiom")] +// pub trait BigPrimeField: ScalarField { +// fn from_u64_digits(val: &[u64]) -> Self; +// } +// #[cfg(feature = "halo2-axiom")] +// impl BigPrimeField for F +// where +// F: FieldExt + Hash + Into<[u64; 4]> + From<[u64; 4]>, +// { +// #[inline(always)] +// fn from_u64_digits(val: &[u64]) -> Self { +// debug_assert!(val.len() <= 4); +// let mut raw = [0u64; 4]; +// raw[..val.len()].copy_from_slice(val); +// Self::from(raw) +// } +// } + +// #[cfg(feature = "halo2-axiom")] +// pub trait ScalarField: FieldExt + Hash { +// /// Returns the base `2^bit_len` little endian representation of the prime field element +// /// up to `num_limbs` number of limbs (truncates any extra limbs) +// /// +// /// Basically same as `to_repr` but does not go further into bytes +// /// +// /// Undefined behavior if `bit_len > 64` +// fn to_u64_limbs(self, num_limbs: usize, bit_len: usize) -> Vec; +// } +// #[cfg(feature = "halo2-axiom")] +// impl ScalarField for F +// where +// F: FieldExt + Hash + Into<[u64; 4]>, +// { +// #[inline(always)] +// fn to_u64_limbs(self, num_limbs: usize, bit_len: usize) -> Vec { +// let tmp: [u64; 4] = self.into(); +// decompose_u64_digits_to_limbs(tmp, num_limbs, bit_len) +// } +// } // Later: will need to separate PrimeField from ScalarField when Goldilocks is introduced -#[cfg(feature = "halo2-axiom")] -pub trait PrimeField = BigPrimeField; +// #[cfg(feature = "halo2-axiom")] +// pub trait PrimeField = BigPrimeField; #[cfg(feature = "halo2-pse")] pub trait PrimeField = FieldExt; @@ -113,10 +113,10 @@ pub fn power_of_two(n: usize) -> F { /// assume `e` less than modulus of F pub fn biguint_to_fe(e: &BigUint) -> F { - #[cfg(feature = "halo2-axiom")] - { - F::from_u64_digits(&e.to_u64_digits()) - } + // #[cfg(feature = "halo2-axiom")] + // { + // F::from_u64_digits(&e.to_u64_digits()) + // } #[cfg(feature = "halo2-pse")] { @@ -129,15 +129,15 @@ pub fn biguint_to_fe(e: &BigUint) -> F { /// assume `|e|` less than modulus of F pub fn bigint_to_fe(e: &BigInt) -> F { - #[cfg(feature = "halo2-axiom")] - { - let (sign, digits) = e.to_u64_digits(); - if sign == Sign::Minus { - -F::from_u64_digits(&digits) - } else { - F::from_u64_digits(&digits) - } - } + // #[cfg(feature = "halo2-axiom")] + // { + // let (sign, digits) = e.to_u64_digits(); + // if sign == Sign::Minus { + // -F::from_u64_digits(&digits) + // } else { + // F::from_u64_digits(&digits) + // } + // } #[cfg(feature = "halo2-pse")] { let (sign, bytes) = e.to_bytes_le(); @@ -181,10 +181,10 @@ pub fn decompose_fe_to_u64_limbs( number_of_limbs: usize, bit_len: usize, ) -> Vec { - #[cfg(feature = "halo2-axiom")] - { - e.to_u64_limbs(number_of_limbs, bit_len) - } + // #[cfg(feature = "halo2-axiom")] + // { + // e.to_u64_limbs(number_of_limbs, bit_len) + // } #[cfg(feature = "halo2-pse")] { @@ -262,8 +262,8 @@ fn test_signed_roundtrip() { assert_eq!(fe_to_bigint(&bigint_to_fe::(&-BigInt::one())), -BigInt::one()); } -#[cfg(feature = "halo2-axiom")] -pub use halo2_proofs_axiom::halo2curves::CurveAffineExt; +// #[cfg(feature = "halo2-axiom")] +// pub use halo2_proofs_axiom::halo2curves::CurveAffineExt; #[cfg(feature = "halo2-pse")] pub trait CurveAffineExt: CurveAffine { @@ -290,6 +290,8 @@ pub mod fs { }, poly::{commitment::{Params, ParamsProver}, kzg::commitment::ParamsKZG}, }; + use halo2_proofs::poly::commitment::Params; + // use halo2_proofs_axiom::poly::commitment::Params; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; pub fn read_params(k: u32) -> ParamsKZG { diff --git a/halo2-ecc/Cargo.toml b/halo2-ecc/Cargo.toml index a142200d..7d0bdd5a 100644 --- a/halo2-ecc/Cargo.toml +++ b/halo2-ecc/Cargo.toml @@ -27,11 +27,11 @@ criterion = "0.4" criterion-macro = "0.4" [features] -default = ["jemallocator", "halo2-axiom", "display"] +default = ["jemallocator", "halo2-pse", "display"] dev-graph = ["halo2-base/dev-graph"] display = ["halo2-base/display"] halo2-pse = ["halo2-base/halo2-pse"] -halo2-axiom = ["halo2-base/halo2-axiom"] +# halo2-axiom = ["halo2-base/halo2-axiom"] jemallocator = ["halo2-base/jemallocator"] mimalloc = ["halo2-base/mimalloc"] diff --git a/halo2-ecc/params/kzg_bn254_14.srs b/halo2-ecc/params/kzg_bn254_14.srs new file mode 100644 index 00000000..e69de29b diff --git a/halo2-ecc/params/kzg_bn254_15.srs b/halo2-ecc/params/kzg_bn254_15.srs new file mode 100644 index 00000000..e69de29b diff --git a/halo2-ecc/params/kzg_bn254_17.srs b/halo2-ecc/params/kzg_bn254_17.srs new file mode 100644 index 00000000..e69de29b diff --git a/halo2-ecc/src/bn254/configs/ec_add_circuit.tmp.config b/halo2-ecc/src/bn254/configs/ec_add_circuit.tmp.config new file mode 100644 index 00000000..aa7ffe86 --- /dev/null +++ b/halo2-ecc/src/bn254/configs/ec_add_circuit.tmp.config @@ -0,0 +1 @@ +{"strategy":"Simple","degree":15,"num_advice":10,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":14,"limb_bits":88,"num_limbs":3,"batch_size":100} \ No newline at end of file diff --git a/halo2-ecc/src/bn254/configs/fixed_msm_circuit.tmp.config b/halo2-ecc/src/bn254/configs/fixed_msm_circuit.tmp.config new file mode 100644 index 00000000..bd27f264 --- /dev/null +++ b/halo2-ecc/src/bn254/configs/fixed_msm_circuit.tmp.config @@ -0,0 +1 @@ +{"strategy":"Simple","degree":17,"num_advice":83,"num_lookup_advice":9,"num_fixed":7,"lookup_bits":16,"limb_bits":88,"num_limbs":3,"batch_size":100,"radix":0,"clump_factor":4} \ No newline at end of file diff --git a/halo2-ecc/src/bn254/configs/msm_circuit.tmp.config b/halo2-ecc/src/bn254/configs/msm_circuit.tmp.config new file mode 100644 index 00000000..f66f6077 --- /dev/null +++ b/halo2-ecc/src/bn254/configs/msm_circuit.tmp.config @@ -0,0 +1 @@ +{"strategy":"Simple","degree":17,"num_advice":84,"num_lookup_advice":11,"num_fixed":1,"lookup_bits":16,"limb_bits":88,"num_limbs":3,"batch_size":100,"window_bits":4} \ No newline at end of file diff --git a/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config b/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config new file mode 100644 index 00000000..0716913a --- /dev/null +++ b/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config @@ -0,0 +1 @@ +{"strategy":"Simple","degree":14,"num_advice":221,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3} \ No newline at end of file diff --git a/halo2-ecc/src/bn254/results/ec_add_bench.csv b/halo2-ecc/src/bn254/results/ec_add_bench.csv new file mode 100644 index 00000000..66d4ea38 --- /dev/null +++ b/halo2-ecc/src/bn254/results/ec_add_bench.csv @@ -0,0 +1 @@ +degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,batch_size,proof_time,proof_size,verify_time diff --git a/halo2-ecc/src/bn254/results/fixed_msm_bench.csv b/halo2-ecc/src/bn254/results/fixed_msm_bench.csv new file mode 100644 index 00000000..66d4ea38 --- /dev/null +++ b/halo2-ecc/src/bn254/results/fixed_msm_bench.csv @@ -0,0 +1 @@ +degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,batch_size,proof_time,proof_size,verify_time diff --git a/halo2-ecc/src/bn254/results/msm_bench.csv b/halo2-ecc/src/bn254/results/msm_bench.csv new file mode 100644 index 00000000..7067b4ee --- /dev/null +++ b/halo2-ecc/src/bn254/results/msm_bench.csv @@ -0,0 +1 @@ +degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,batch_size,window_bits,proof_time,proof_size,verify_time diff --git a/halo2-ecc/src/bn254/results/pairing_bench.csv b/halo2-ecc/src/bn254/results/pairing_bench.csv new file mode 100644 index 00000000..9e202cd0 --- /dev/null +++ b/halo2-ecc/src/bn254/results/pairing_bench.csv @@ -0,0 +1 @@ +degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,vk_size,proof_time,proof_size,verify_time diff --git a/halo2-ecc/src/secp256k1/tests/ecdsa.rs b/halo2-ecc/src/secp256k1/tests/ecdsa.rs index 73389d79..49e1c495 100644 --- a/halo2-ecc/src/secp256k1/tests/ecdsa.rs +++ b/halo2-ecc/src/secp256k1/tests/ecdsa.rs @@ -237,8 +237,11 @@ fn bench_secp256k1_ecdsa() -> Result<(), Box> { }; use std::{env::set_var, fs, io::BufRead}; +<<<<<<< HEAD let _rng = OsRng; +======= +>>>>>>> 4e956fa... halo2-ecc-ecdsa-0129 let mut folder = std::path::PathBuf::new(); folder.push("./src/secp256k1"); From e8430c0ac07bd0c861f59c5fba28cad3e2664ead Mon Sep 17 00:00:00 2001 From: zhenfei Date: Wed, 8 Feb 2023 08:24:06 -0500 Subject: [PATCH 2/7] update links --- .gitignore | 5 +++++ Cargo.toml | 2 +- halo2-base/Cargo.toml | 2 +- halo2-ecc/src/secp256k1/configs/ecdsa_circuit.tmp.config | 1 + 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 halo2-ecc/src/secp256k1/configs/ecdsa_circuit.tmp.config diff --git a/.gitignore b/.gitignore index 65983083..a3f5d0ef 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,8 @@ Cargo.lock /halo2_ecc/src/bn254/data/ /halo2_ecc/src/secp256k1/data/ + +*.data +*.csv +*.txt +*.srs \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index 0eaa9302..0615bca2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,7 +45,7 @@ debug = true # halo2-ecc = { path = "./halo2-ecc" } # [patch."https://github.com/privacy-scaling-explorations/halo2.git"] -# halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "scroll-dev-1220" } +# halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "scroll-dev-0220" } diff --git a/halo2-base/Cargo.toml b/halo2-base/Cargo.toml index 7c2128f2..b5c14f23 100644 --- a/halo2-base/Cargo.toml +++ b/halo2-base/Cargo.toml @@ -16,7 +16,7 @@ ff = "0.12" # halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true } # Use PSE halo2 and halo2curves for compatibility when feature = "halo2-pse" is on # halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_01_20", optional = true } -halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-ecdsa-0129" } +halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "scroll-dev-0220" } # plotting circuit layout plotters = { version = "0.3.0", optional = true } diff --git a/halo2-ecc/src/secp256k1/configs/ecdsa_circuit.tmp.config b/halo2-ecc/src/secp256k1/configs/ecdsa_circuit.tmp.config new file mode 100644 index 00000000..32aab180 --- /dev/null +++ b/halo2-ecc/src/secp256k1/configs/ecdsa_circuit.tmp.config @@ -0,0 +1 @@ +{"strategy":"Simple","degree":19,"num_advice":1,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":18,"limb_bits":88,"num_limbs":3} \ No newline at end of file From f57cf7adb567ae922722bc056b09c7afd4699d2d Mon Sep 17 00:00:00 2001 From: zhenfei Date: Mon, 20 Feb 2023 14:20:49 -0500 Subject: [PATCH 3/7] sync up changes after rebase main --- halo2-base/src/utils.rs | 2 -- halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config | 2 +- halo2-ecc/src/bn254/results/pairing_bench.csv | 2 +- halo2-ecc/src/secp256k1/tests/ecdsa.rs | 5 ----- 4 files changed, 2 insertions(+), 9 deletions(-) diff --git a/halo2-base/src/utils.rs b/halo2-base/src/utils.rs index fb5bcb8f..87cac694 100644 --- a/halo2-base/src/utils.rs +++ b/halo2-base/src/utils.rs @@ -290,8 +290,6 @@ pub mod fs { }, poly::{commitment::{Params, ParamsProver}, kzg::commitment::ParamsKZG}, }; - use halo2_proofs::poly::commitment::Params; - // use halo2_proofs_axiom::poly::commitment::Params; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; pub fn read_params(k: u32) -> ParamsKZG { diff --git a/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config b/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config index 0716913a..3aaac67f 100644 --- a/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config +++ b/halo2-ecc/src/bn254/configs/pairing_circuit.tmp.config @@ -1 +1 @@ -{"strategy":"Simple","degree":14,"num_advice":221,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3} \ No newline at end of file +{"strategy":"Simple","degree":14,"num_advice":211,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3} \ No newline at end of file diff --git a/halo2-ecc/src/bn254/results/pairing_bench.csv b/halo2-ecc/src/bn254/results/pairing_bench.csv index 9e202cd0..6db2533f 100644 --- a/halo2-ecc/src/bn254/results/pairing_bench.csv +++ b/halo2-ecc/src/bn254/results/pairing_bench.csv @@ -1 +1 @@ -degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,vk_size,proof_time,proof_size,verify_time +degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,proof_time,proof_size(bytes),verify_time diff --git a/halo2-ecc/src/secp256k1/tests/ecdsa.rs b/halo2-ecc/src/secp256k1/tests/ecdsa.rs index 49e1c495..0a5c4784 100644 --- a/halo2-ecc/src/secp256k1/tests/ecdsa.rs +++ b/halo2-ecc/src/secp256k1/tests/ecdsa.rs @@ -237,11 +237,6 @@ fn bench_secp256k1_ecdsa() -> Result<(), Box> { }; use std::{env::set_var, fs, io::BufRead}; -<<<<<<< HEAD - let _rng = OsRng; - -======= ->>>>>>> 4e956fa... halo2-ecc-ecdsa-0129 let mut folder = std::path::PathBuf::new(); folder.push("./src/secp256k1"); From 4dca32bd2a57bae91956fad36990f1b4bc7531f8 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Mon, 6 Mar 2023 16:45:17 -0500 Subject: [PATCH 4/7] update dependencies --- halo2-base/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/halo2-base/Cargo.toml b/halo2-base/Cargo.toml index b5c14f23..1cde9690 100644 --- a/halo2-base/Cargo.toml +++ b/halo2-base/Cargo.toml @@ -16,7 +16,7 @@ ff = "0.12" # halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true } # Use PSE halo2 and halo2curves for compatibility when feature = "halo2-pse" is on # halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_01_20", optional = true } -halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "scroll-dev-0220" } +halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-snark-verifier-0220" } # plotting circuit layout plotters = { version = "0.3.0", optional = true } From da3075e274b246e61231fe2eba16a82bf2f87766 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Thu, 9 Mar 2023 16:12:35 -0500 Subject: [PATCH 5/7] sync up with ff/group 0.13.0 --- halo2-ecc/Cargo.toml | 4 ---- halo2-ecc/src/bigint/carry_mod.rs | 8 ++++---- halo2-ecc/src/bigint/check_carry_mod_to_zero.rs | 6 +++--- halo2-ecc/src/bigint/check_carry_to_zero.rs | 4 ++-- halo2-ecc/src/bigint/sub.rs | 2 +- halo2-ecc/src/bn254/final_exp.rs | 4 ++-- halo2-ecc/src/bn254/tests/ec_add.rs | 4 ++-- halo2-ecc/src/bn254/tests/fixed_base_msm.rs | 2 +- halo2-ecc/src/bn254/tests/mod.rs | 2 +- halo2-ecc/src/bn254/tests/msm.rs | 1 - halo2-ecc/src/ecc/fixed_base.rs | 2 +- halo2-ecc/src/ecc/mod.rs | 10 +++++----- halo2-ecc/src/ecc/tests.rs | 2 +- halo2-ecc/src/fields/fp.rs | 6 +++--- halo2-ecc/src/fields/tests.rs | 2 +- 15 files changed, 27 insertions(+), 32 deletions(-) diff --git a/halo2-ecc/Cargo.toml b/halo2-ecc/Cargo.toml index 7d0bdd5a..7a665ba4 100644 --- a/halo2-ecc/Cargo.toml +++ b/halo2-ecc/Cargo.toml @@ -14,10 +14,6 @@ rand_chacha = "0.3.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -# arithmetic -ff = "0.12" -group = "0.12" - halo2-base = { path = "../halo2-base", default-features = false } [dev-dependencies] diff --git a/halo2-ecc/src/bigint/carry_mod.rs b/halo2-ecc/src/bigint/carry_mod.rs index 111f31d5..a31fd10d 100644 --- a/halo2-ecc/src/bigint/carry_mod.rs +++ b/halo2-ecc/src/bigint/carry_mod.rs @@ -148,10 +148,10 @@ pub fn crt<'a, F: PrimeField>( let mut assignments = range.gate().assign_region( ctx, [ - Constant(-F::one()), + Constant(-F::ONE), Existing(a_limb), Witness(temp1), - Constant(F::one()), + Constant(F::ONE), Witness(out_v), Witness(check_val), ], @@ -168,7 +168,7 @@ pub fn crt<'a, F: PrimeField>( let mut assignments = range.gate().assign_region( ctx, [Existing(a_limb), Witness(out_v), Witness(check_val)], - [(-1, Some([F::zero(), -F::one(), F::one()]))], + [(-1, Some([F::ZERO, -F::ONE, F::ONE]))], ); check_cell = assignments.pop().unwrap(); out_cell = assignments.pop().unwrap(); @@ -204,7 +204,7 @@ pub fn crt<'a, F: PrimeField>( // | quot_cell | 2^n | 1 | quot_cell + 2^n | range.gate().assign_region_last( ctx, - [Existing(quot_cell), Constant(limb_base), Constant(F::one()), Witness(out_val)], + [Existing(quot_cell), Constant(limb_base), Constant(F::ONE), Witness(out_val)], [(0, None)], ) }; diff --git a/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs b/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs index 38453da0..2f0d298c 100644 --- a/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs +++ b/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs @@ -111,7 +111,7 @@ pub fn crt<'a, F: PrimeField>( let check_val = prod.value().zip(a_limb.value()).map(|(prod, a)| *prod - a); let check_cell = range.gate().assign_region_last( ctx, - vec![Constant(-F::one()), Existing(a_limb), Witness(check_val)], + vec![Constant(-F::ONE), Existing(a_limb), Witness(check_val)], vec![(-1, None)], ); @@ -142,7 +142,7 @@ pub fn crt<'a, F: PrimeField>( vec![ Existing(quot_cell), Constant(limb_base), - Constant(F::one()), + Constant(F::ONE), Witness(out_val), ], vec![(0, None)], @@ -179,7 +179,7 @@ pub fn crt<'a, F: PrimeField>( let _native_computation = range.gate().assign_region( ctx, vec![ - Constant(F::zero()), + Constant(F::ZERO), Constant(mod_native), Existing("_native_assigned), Existing(&a.native), diff --git a/halo2-ecc/src/bigint/check_carry_to_zero.rs b/halo2-ecc/src/bigint/check_carry_to_zero.rs index e718b128..36aad529 100644 --- a/halo2-ecc/src/bigint/check_carry_to_zero.rs +++ b/halo2-ecc/src/bigint/check_carry_to_zero.rs @@ -85,7 +85,7 @@ pub fn truncate<'a, F: PrimeField>( Existing(a_limb), Witness(neg_carry_val), Constant(limb_base), - previous.as_ref().map(Existing).unwrap_or_else(|| Constant(F::zero())), + previous.as_ref().map(Existing).unwrap_or_else(|| Constant(F::ZERO)), ], vec![(0, None)], ) @@ -100,7 +100,7 @@ pub fn truncate<'a, F: PrimeField>( let shift_carry_val = Value::known(shift_val) + neg_carry.value(); let cells = vec![ Existing(&neg_carry), - Constant(F::one()), + Constant(F::ONE), Constant(shift_val), Witness(shift_carry_val), ]; diff --git a/halo2-ecc/src/bigint/sub.rs b/halo2-ecc/src/bigint/sub.rs index 5e987f0c..92357297 100644 --- a/halo2-ecc/src/bigint/sub.rs +++ b/halo2-ecc/src/bigint/sub.rs @@ -51,7 +51,7 @@ pub fn assign<'a, F: PrimeField>( Existing(<), Constant(limb_base), Witness(a_with_borrow_val), - Constant(-F::one()), + Constant(-F::ONE), Existing(&bottom), Witness(out_val), ], diff --git a/halo2-ecc/src/bn254/final_exp.rs b/halo2-ecc/src/bn254/final_exp.rs index e131f7d5..3c9518b7 100644 --- a/halo2-ecc/src/bn254/final_exp.rs +++ b/halo2-ecc/src/bn254/final_exp.rs @@ -174,10 +174,10 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { g0.coeffs[0].truncation.limbs[0] = fp2_chip.range().gate.add( ctx, Existing(&g0.coeffs[0].truncation.limbs[0]), - Constant(F::one()), + Constant(F::ONE), ); g0.coeffs[0].native = - fp2_chip.range().gate.add(ctx, Existing(&g0.coeffs[0].native), Constant(F::one())); + fp2_chip.range().gate.add(ctx, Existing(&g0.coeffs[0].native), Constant(F::ONE)); g0.coeffs[0].truncation.max_limb_bits += 1; g0.coeffs[0].value = g0.coeffs[0].value.as_ref().map(|v| v + 1usize); diff --git a/halo2-ecc/src/bn254/tests/ec_add.rs b/halo2-ecc/src/bn254/tests/ec_add.rs index 08dc9fb1..c2a5954b 100644 --- a/halo2-ecc/src/bn254/tests/ec_add.rs +++ b/halo2-ecc/src/bn254/tests/ec_add.rs @@ -4,8 +4,8 @@ use std::{env::var, fs::File}; use super::*; use crate::fields::FieldChip; -use crate::halo2_proofs::halo2curves::{bn256::G2Affine, FieldExt}; -use group::cofactor::CofactorCurveAffine; +use crate::halo2_proofs::halo2curves::{bn256::G2Affine}; +use crate::halo2_proofs::group::cofactor::CofactorCurveAffine; use halo2_base::SKIP_FIRST_PASS; use rand_core::OsRng; diff --git a/halo2-ecc/src/bn254/tests/fixed_base_msm.rs b/halo2-ecc/src/bn254/tests/fixed_base_msm.rs index c7239d9d..1b6ae189 100644 --- a/halo2-ecc/src/bn254/tests/fixed_base_msm.rs +++ b/halo2-ecc/src/bn254/tests/fixed_base_msm.rs @@ -4,7 +4,7 @@ use std::{env::var, fs::File}; use crate::ecc::fixed_base::FixedEcPoint; use super::*; -use halo2_base::{halo2_proofs::halo2curves::bn256::G1, SKIP_FIRST_PASS}; +use halo2_base::{halo2_proofs::halo2curves::bn256::G1, SKIP_FIRST_PASS};use halo2_base::halo2_proofs::group::Curve; #[derive(Serialize, Deserialize, Debug)] struct MSMCircuitParams { diff --git a/halo2-ecc/src/bn254/tests/mod.rs b/halo2-ecc/src/bn254/tests/mod.rs index 763bd127..28f8d0e1 100644 --- a/halo2-ecc/src/bn254/tests/mod.rs +++ b/halo2-ecc/src/bn254/tests/mod.rs @@ -1,6 +1,6 @@ #![allow(non_snake_case)] use ark_std::{end_timer, start_timer}; -use group::Curve; +use crate::halo2_proofs::group::Curve; use serde::{Deserialize, Serialize}; use std::io::Write; use std::marker::PhantomData; diff --git a/halo2-ecc/src/bn254/tests/msm.rs b/halo2-ecc/src/bn254/tests/msm.rs index 4195c0f8..e2d3d716 100644 --- a/halo2-ecc/src/bn254/tests/msm.rs +++ b/halo2-ecc/src/bn254/tests/msm.rs @@ -1,6 +1,5 @@ use std::{env::var, fs::File}; -use crate::halo2_proofs::arithmetic::FieldExt; use halo2_base::SKIP_FIRST_PASS; use super::*; diff --git a/halo2-ecc/src/ecc/fixed_base.rs b/halo2-ecc/src/ecc/fixed_base.rs index 64168c96..fe6cb5cd 100644 --- a/halo2-ecc/src/ecc/fixed_base.rs +++ b/halo2-ecc/src/ecc/fixed_base.rs @@ -5,7 +5,7 @@ use crate::{ bigint::{CRTInteger, FixedCRTInteger}, fields::{PrimeFieldChip, Selectable}, }; -use group::Curve; +use crate::halo2_proofs::group::Curve; use halo2_base::{ gates::{GateInstructions, RangeInstructions}, utils::{fe_to_biguint, CurveAffineExt, PrimeField}, diff --git a/halo2-ecc/src/ecc/mod.rs b/halo2-ecc/src/ecc/mod.rs index 2b9cedf6..49799f73 100644 --- a/halo2-ecc/src/ecc/mod.rs +++ b/halo2-ecc/src/ecc/mod.rs @@ -2,7 +2,7 @@ use crate::bigint::CRTInteger; use crate::fields::{fp::FpConfig, FieldChip, PrimeFieldChip, Selectable}; use crate::halo2_proofs::{arithmetic::CurveAffine, circuit::Value}; -use group::{Curve, Group}; +use crate::halo2_proofs::group::{Curve, Group}; use halo2_base::{ gates::{GateInstructions, RangeInstructions}, utils::{modulus, CurveAffineExt, PrimeField}, @@ -68,7 +68,7 @@ pub fn ec_add_unequal<'v, F: PrimeField, FC: FieldChip>( if is_strict { // constrains that P.x != Q.x let x_is_equal = chip.is_equal_unenforced(ctx, &P.x, &Q.x); - chip.range().gate().assert_is_const(ctx, &x_is_equal, F::zero()); + chip.range().gate().assert_is_const(ctx, &x_is_equal, F::ZERO); } let dx = chip.sub_no_carry(ctx, &Q.x, &P.x); @@ -110,7 +110,7 @@ pub fn ec_sub_unequal<'v, F: PrimeField, FC: FieldChip>( if is_strict { // constrains that P.x != Q.x let x_is_equal = chip.is_equal_unenforced(ctx, &P.x, &Q.x); - chip.range().gate().assert_is_const(ctx, &x_is_equal, F::zero()); + chip.range().gate().assert_is_const(ctx, &x_is_equal, F::ZERO); } let dx = chip.sub_no_carry(ctx, &Q.x, &P.x); @@ -635,7 +635,7 @@ impl> EccChip { ) -> AssignedValue<'v, F> where C: CurveAffine, - C::Base: ff::PrimeField, + C::Base: crate::halo2_proofs::ff::PrimeField, { let lhs = self.field_chip.mul_no_carry(ctx, &P.y, &P.y); let mut rhs = self.field_chip.mul(ctx, &P.x, &P.x); @@ -778,7 +778,7 @@ where ) -> EcPoint> where C: CurveAffineExt, - C::Base: ff::PrimeField, + C::Base: crate::halo2_proofs::ff::PrimeField, { #[cfg(feature = "display")] println!("computing length {} MSM", P.len()); diff --git a/halo2-ecc/src/ecc/tests.rs b/halo2-ecc/src/ecc/tests.rs index fa9d6ed5..230db7a2 100644 --- a/halo2-ecc/src/ecc/tests.rs +++ b/halo2-ecc/src/ecc/tests.rs @@ -8,7 +8,7 @@ use crate::halo2_proofs::{ halo2curves::bn256::{Fq, Fr, G1Affine, G2Affine, G1, G2}, plonk::*, }; -use group::Group; +use crate::halo2_proofs::group::Group; use halo2_base::utils::bigint_to_fe; use halo2_base::SKIP_FIRST_PASS; use halo2_base::{ diff --git a/halo2-ecc/src/fields/fp.rs b/halo2-ecc/src/fields/fp.rs index 1329726a..17a00d2f 100644 --- a/halo2-ecc/src/fields/fp.rs +++ b/halo2-ecc/src/fields/fp.rs @@ -100,7 +100,7 @@ impl FpConfig { let limb_base = biguint_to_fe::(&(BigUint::one() << limb_bits)); let mut limb_bases = Vec::with_capacity(num_limbs); - limb_bases.push(F::one()); + limb_bases.push(F::ONE); while limb_bases.len() != num_limbs { limb_bases.push(limb_base * limb_bases.last().unwrap()); } @@ -162,7 +162,7 @@ impl FpConfig { }; borrow = Some(lt); } - self.range.gate.assert_is_const(ctx, &borrow.unwrap(), F::one()) + self.range.gate.assert_is_const(ctx, &borrow.unwrap(), F::ONE) } pub fn finalize(&self, ctx: &mut Context<'_, F>) -> usize { @@ -301,7 +301,7 @@ impl FieldChip for FpConfig { let (out_or_p, underflow) = sub::crt::(self.range(), ctx, &p, a, self.limb_bits, self.limb_bases[1]); // constrain underflow to equal 0 - self.range.gate.assert_is_const(ctx, &underflow, F::zero()); + self.range.gate.assert_is_const(ctx, &underflow, F::ZERO); let a_is_zero = big_is_zero::assign::(self.gate(), ctx, &a.truncation); select::crt::(self.range.gate(), ctx, a, &out_or_p, &a_is_zero) diff --git a/halo2-ecc/src/fields/tests.rs b/halo2-ecc/src/fields/tests.rs index 36398e65..75cee2a3 100644 --- a/halo2-ecc/src/fields/tests.rs +++ b/halo2-ecc/src/fields/tests.rs @@ -9,7 +9,7 @@ mod fp { halo2curves::bn256::{Fq, Fr}, plonk::*, }; - use group::ff::Field; + use crate::halo2_proofs::group::ff::Field; use halo2_base::{ utils::{fe_to_biguint, modulus, PrimeField}, SKIP_FIRST_PASS, From 2b12bb5893e6bd84a5b2787451e15456bccd18c5 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Thu, 9 Mar 2023 17:20:38 -0500 Subject: [PATCH 6/7] sync ff group 0.13.0 --- Cargo.toml | 5 +- halo2-base/Cargo.toml | 1 - halo2-base/src/gates/flex_gate.rs | 60 ++++++++-------- halo2-base/src/gates/mod.rs | 68 +++++++++---------- halo2-base/src/gates/range.rs | 24 +++---- halo2-base/src/utils.rs | 16 +++-- .../zkevm-keccak/src/keccak_packed_multi.rs | 18 ++--- hashes/zkevm-keccak/src/util.rs | 2 +- hashes/zkevm-keccak/src/util/expression.rs | 14 ++-- 9 files changed, 107 insertions(+), 101 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0615bca2..c9b3a33b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,4 +50,7 @@ debug = true # [patch."https://github.com/privacy-scaling-explorations/halo2curves.git"] -# halo2curves = { git = 'https://github.com/scroll-tech/halo2curves', branch = "main" } \ No newline at end of file +# halo2curves = { git = 'https://github.com/scroll-tech/halo2curves', branch = "main" } + +[patch."https://github.com/privacy-scaling-explorations/poseidon.git"] +poseidon = { git = "https://github.com/scroll-tech/poseidon.git", branch = "halo2-ecc-snark-verifier-0220" } \ No newline at end of file diff --git a/halo2-base/Cargo.toml b/halo2-base/Cargo.toml index 1cde9690..3be73011 100644 --- a/halo2-base/Cargo.toml +++ b/halo2-base/Cargo.toml @@ -10,7 +10,6 @@ num-integer = "0.1" num-traits = "0.2" rand_chacha = "0.3" rustc-hash = "1.1" -ff = "0.12" # Use Axiom's custom halo2 monorepo for faster proving when feature = "halo2-axiom" is on # halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true } diff --git a/halo2-base/src/gates/flex_gate.rs b/halo2-base/src/gates/flex_gate.rs index 14a798f8..dd12dbce 100644 --- a/halo2-base/src/gates/flex_gate.rs +++ b/halo2-base/src/gates/flex_gate.rs @@ -154,7 +154,7 @@ impl FlexGateConfig { } let mut pow_of_two = Vec::with_capacity(F::NUM_BITS as usize); let two = F::from(2); - pow_of_two.push(F::one()); + pow_of_two.push(F::ONE); pow_of_two.push(two); for _ in 2..F::NUM_BITS { pow_of_two.push(two * pow_of_two.last().unwrap()); @@ -199,14 +199,14 @@ impl FlexGateConfig { let mut a = a.into_iter(); let mut b = b.into_iter().peekable(); - let cells = if matches!(b.peek(), Some(Constant(c)) if c == &F::one()) { + let cells = if matches!(b.peek(), Some(Constant(c)) if c == &F::ONE) { b.next(); let start_a = a.next().unwrap(); sum = start_a.value().copied(); iter::once(start_a) } else { - sum = Value::known(F::zero()); - iter::once(Constant(F::zero())) + sum = Value::known(F::ZERO); + iter::once(Constant(F::ZERO)) } .chain(a.zip(b).flat_map(|(a, b)| { sum = sum + a.value().zip(b.value()).map(|(a, b)| *a * b); @@ -230,14 +230,14 @@ impl FlexGateConfig { let mut a = a.into_iter(); let mut b = b.into_iter().peekable(); - let cells = if matches!(b.peek(), Some(Constant(c)) if c == &F::one()) { + let cells = if matches!(b.peek(), Some(Constant(c)) if c == &F::ONE) { b.next(); let start_a = a.next().unwrap(); sum = start_a.value().copied(); iter::once(start_a) } else { - sum = Value::known(F::zero()); - iter::once(Constant(F::zero())) + sum = Value::known(F::ZERO); + iter::once(Constant(F::ZERO)) } .chain(a.zip(b).flat_map(|(a, b)| { sum = sum + a.value().zip(b.value()).map(|(a, b)| *a * b); @@ -281,7 +281,7 @@ impl FlexGateConfig { // we effect a small optimization if we know the constant b0 == 1: then instead of starting from 0 we can start from a0 // this is a peculiarity of our plonk-plus gate - let start_ida: usize = (vec_b[0] == F::one()).into(); + let start_ida: usize = (vec_b[0] == F::ONE).into(); if start_ida == 1 && k == 1 { // this is just a0 * 1 = a0; you're doing nothing, why are you calling this function? return (vec![], self.assign_region_last(ctx, vec_a, vec![])); @@ -290,14 +290,14 @@ impl FlexGateConfig { let mut cells = Vec::with_capacity(1 + (gate_segment + 1) * k_chunks); let mut gate_offsets = Vec::with_capacity(k_chunks); let mut running_sum = - if start_ida == 1 { vec_a[0].clone() } else { Constant(F::zero()) }; + if start_ida == 1 { vec_a[0].clone() } else { Constant(F::ZERO) }; cells.push(running_sum.clone()); for i in 0..k_chunks { let window = (start_ida + i * gate_segment) ..std::cmp::min(k, start_ida + (i + 1) * gate_segment); // we add a 0 at the start for q_mul = 0 - let mut c_window = [&[F::zero()], &vec_b[window.clone()]].concat(); - c_window.extend((c_window.len()..(gate_segment + 1)).map(|_| F::zero())); + let mut c_window = [&[F::ZERO], &vec_b[window.clone()]].concat(); + c_window.extend((c_window.len()..(gate_segment + 1)).map(|_| F::ZERO)); // c_window should have length gate_segment + 1 gate_offsets.push(( (i * (gate_segment + 1)) as isize, @@ -305,7 +305,7 @@ impl FlexGateConfig { )); cells.extend(window.clone().map(|j| vec_a[j].clone())); - cells.extend((window.len()..gate_segment).map(|_| Constant(F::zero()))); + cells.extend((window.len()..gate_segment).map(|_| Constant(F::ZERO))); running_sum = Witness( window.into_iter().fold(running_sum.value().copied(), |sum, j| { sum + Value::known(vec_b[j]) * vec_a[j].value() @@ -405,7 +405,7 @@ impl GateInstructions for FlexGateConfig { .expect("enable selector should not fail"); if self.strategy == GateStrategy::PlonkPlus { - let q_coeff = q_coeff.unwrap_or([F::one(), F::zero(), F::zero()]); + let q_coeff = q_coeff.unwrap_or([F::ONE, F::ZERO, F::ZERO]); for (j, q_coeff) in q_coeff.into_iter().enumerate() { // #[cfg(feature = "halo2-axiom")] // { @@ -491,7 +491,7 @@ impl GateInstructions for FlexGateConfig { .expect("selector enable should not fail"); if self.strategy == GateStrategy::PlonkPlus { - let q_coeff = q_coeff.unwrap_or([F::one(), F::zero(), F::zero()]); + let q_coeff = q_coeff.unwrap_or([F::ONE, F::ZERO, F::ZERO]); for (j, q_coeff) in q_coeff.into_iter().enumerate() { // #[cfg(feature = "halo2-axiom")] // { @@ -552,7 +552,7 @@ impl GateInstructions for FlexGateConfig { b: impl IntoIterator>, ) -> Box> + 'b> { let mut b = b.into_iter().peekable(); - let flag = matches!(b.peek(), Some(&Constant(c)) if c == F::one()); + let flag = matches!(b.peek(), Some(&Constant(c)) if c == F::ONE); let (assignments_without_last, last) = self.inner_product_simple_with_assignments(ctx, a, b); if flag { @@ -615,12 +615,12 @@ impl GateInstructions for FlexGateConfig { let mut right_one = false; let start = ctx.assign_cell( - if matches!(b.peek(), Some(&Constant(x)) if x == F::one()) { + if matches!(b.peek(), Some(&Constant(x)) if x == F::ONE) { right_one = true; b.next(); a.next().unwrap() } else { - Constant(F::zero()) + Constant(F::ZERO) }, column, #[cfg(feature = "display")] @@ -687,16 +687,16 @@ impl GateInstructions for FlexGateConfig { for (i, (c, a, b)) in values.into_iter().enumerate() { acc = acc + Value::known(c) * a.value() * b.value(); cells.append(&mut vec![a, b, Witness(acc)]); - gate_offsets.push((3 * i as isize, Some([c, F::zero(), F::zero()]))); + gate_offsets.push((3 * i as isize, Some([c, F::ZERO, F::ZERO]))); } self.assign_region_last(ctx, cells, gate_offsets) } GateStrategy::Vertical => { - let (a, b): (Vec<_>, Vec<_>) = std::iter::once((var, Constant(F::one()))) + let (a, b): (Vec<_>, Vec<_>) = std::iter::once((var, Constant(F::ONE))) .chain(values.into_iter().filter_map(|(c, va, vb)| { - if c == F::one() { + if c == F::ONE { Some((va, vb)) - } else if c != F::zero() { + } else if c != F::ZERO { let prod = self.mul(ctx, va, vb); Some((QuantumCell::ExistingOwned(prod), Constant(c))) } else { @@ -727,7 +727,7 @@ impl GateInstructions for FlexGateConfig { GateStrategy::Vertical => { let cells = vec![ Witness(diff_val), - Constant(F::one()), + Constant(F::ONE), b.clone(), a, b, @@ -747,7 +747,7 @@ impl GateInstructions for FlexGateConfig { let mut assignments = self.assign_region( ctx, vec![ - Constant(F::zero()), + Constant(F::ZERO), a, Witness(diff_val), b, @@ -755,7 +755,7 @@ impl GateInstructions for FlexGateConfig { Witness(diff_val), Witness(out_val), ], - vec![(0, Some([F::zero(), F::one(), -F::one()])), (3, None)], + vec![(0, Some([F::ZERO, F::ONE, -F::ONE])), (3, None)], ); ctx.region.constrain_equal(assignments[2].cell(), assignments[5].cell()).unwrap(); assignments.pop().unwrap() @@ -773,20 +773,20 @@ impl GateInstructions for FlexGateConfig { c: QuantumCell<'_, 'v, F>, ) -> AssignedValue<'v, F> { let bc_val = b.value().zip(c.value()).map(|(b, c)| *b * c); - let not_bc_val = bc_val.map(|x| F::one() - x); - let not_a_val = a.value().map(|x| *x - F::one()); + let not_bc_val = bc_val.map(|x| F::ONE - x); + let not_a_val = a.value().map(|x| *x - F::ONE); let out_val = bc_val + a.value() - bc_val * a.value(); let cells = vec![ Witness(not_bc_val), b, c, - Constant(F::one()), + Constant(F::ONE), Witness(not_a_val), Witness(not_bc_val), Witness(out_val), Witness(not_a_val), - Constant(F::one()), - Constant(F::one()), + Constant(F::ONE), + Constant(F::ONE), a, ]; let assigned_cells = @@ -828,7 +828,7 @@ impl GateInstructions for FlexGateConfig { self.assign_region( ctx, vec![ - Constant(F::zero()), + Constant(F::ZERO), Existing(bit_cell), Existing(bit_cell), Existing(bit_cell), diff --git a/halo2-base/src/gates/mod.rs b/halo2-base/src/gates/mod.rs index 4435ea72..4e1f3dab 100644 --- a/halo2-base/src/gates/mod.rs +++ b/halo2-base/src/gates/mod.rs @@ -112,7 +112,7 @@ pub trait GateInstructions { if let Some(zcell) = &ctx.zero_cell { return zcell.clone(); } - let zero_cell = self.assign_region_last(ctx, [Constant(F::zero())], []); + let zero_cell = self.assign_region_last(ctx, [Constant(F::ZERO)], []); ctx.zero_cell = Some(zero_cell.clone()); zero_cell } @@ -128,7 +128,7 @@ pub trait GateInstructions { let out_val = a.value().zip(b.value()).map(|(a, b)| *a + b); self.assign_region_last( ctx, - vec![a, b, Constant(F::one()), Witness(out_val)], + vec![a, b, Constant(F::ONE), Witness(out_val)], vec![(0, None)], ) } @@ -142,10 +142,10 @@ pub trait GateInstructions { b: QuantumCell<'_, 'v, F>, ) -> AssignedValue<'v, F> { let out_val = a.value().zip(b.value()).map(|(a, b)| *a - b); - // slightly better to not have to compute -F::one() since F::one() is cached + // slightly better to not have to compute -F::ONE since F::ONE is cached let assigned_cells = self.assign_region( ctx, - vec![Witness(out_val), b, Constant(F::one()), a], + vec![Witness(out_val), b, Constant(F::ONE), a], vec![(0, None)], ); assigned_cells.into_iter().next().unwrap() @@ -156,7 +156,7 @@ pub trait GateInstructions { let out_val = a.value().map(|v| -*v); let assigned_cells = self.assign_region( ctx, - vec![a, Witness(out_val), Constant(F::one()), Constant(F::zero())], + vec![a, Witness(out_val), Constant(F::ONE), Constant(F::ZERO)], vec![(0, None)], ); assigned_cells.into_iter().nth(1).unwrap() @@ -173,7 +173,7 @@ pub trait GateInstructions { let out_val = a.value().zip(b.value()).map(|(a, b)| *a * b); self.assign_region_last( ctx, - vec![Constant(F::zero()), a, b, Witness(out_val)], + vec![Constant(F::ZERO), a, b, Witness(out_val)], vec![(0, None)], ) } @@ -197,7 +197,7 @@ pub trait GateInstructions { a: QuantumCell<'_, 'v, F>, b: QuantumCell<'_, 'v, F>, ) -> AssignedValue<'v, F> { - let out_val = a.value().zip(b.value()).map(|(a, b)| (F::one() - a) * b); + let out_val = a.value().zip(b.value()).map(|(a, b)| (F::ONE - a) * b); let assignments = self.assign_region(ctx, vec![Witness(out_val), a, b.clone(), b], vec![(0, None)]); ctx.region.constrain_equal(assignments[2].cell(), assignments[3].cell()).unwrap(); @@ -208,7 +208,7 @@ pub trait GateInstructions { fn assert_bit(&self, ctx: &mut Context<'_, F>, x: &AssignedValue) { self.assign_region_last( ctx, - [Constant(F::zero()), Existing(x), Existing(x), Existing(x)], + [Constant(F::ZERO), Existing(x), Existing(x), Existing(x)], [(0, None)], ); } @@ -223,7 +223,7 @@ pub trait GateInstructions { // this would require the API using `Assigned` instead of `F` everywhere, so leave as last resort let c = a.value().zip(b.value()).map(|(a, b)| b.invert().unwrap() * a); let assignments = - self.assign_region(ctx, vec![Constant(F::zero()), Witness(c), b, a], vec![(0, None)]); + self.assign_region(ctx, vec![Constant(F::ZERO), Witness(c), b, a], vec![(0, None)]); assignments.into_iter().nth(1).unwrap() } @@ -233,7 +233,7 @@ pub trait GateInstructions { } else { self.assign_region_smart( ctx, - vec![Constant(F::zero()), a, Constant(F::one()), b], + vec![Constant(F::ZERO), a, Constant(F::ONE), b], vec![0], vec![], vec![], @@ -298,7 +298,7 @@ pub trait GateInstructions { let mut sum = start.value().copied(); let cells = iter::once(start).chain(a.flat_map(|a| { sum = sum + a.value(); - [a, Constant(F::one()), Witness(sum)] + [a, Constant(F::ONE), Witness(sum)] })); self.assign_region_last(ctx, cells, (0..len).map(|i| (3 * i as isize, None))) } @@ -324,7 +324,7 @@ pub trait GateInstructions { let mut sum = start.value().copied(); let cells = iter::once(start).chain(a.flat_map(|a| { sum = sum + a.value(); - [a, Constant(F::one()), Witness(sum)] + [a, Constant(F::ONE), Witness(sum)] })); self.assign_region(ctx, cells, (0..len).map(|i| (3 * i as isize, None))) } @@ -370,14 +370,14 @@ pub trait GateInstructions { a: QuantumCell<'_, 'v, F>, b: QuantumCell<'_, 'v, F>, ) -> AssignedValue<'v, F> { - let not_b_val = b.value().map(|x| F::one() - x); + let not_b_val = b.value().map(|x| F::ONE - x); let out_val = a.value().zip(b.value()).map(|(a, b)| *a + b) - a.value().zip(b.value()).map(|(a, b)| *a * b); let cells = vec![ Witness(not_b_val), - Constant(F::one()), + Constant(F::ONE), b.clone(), - Constant(F::one()), + Constant(F::ONE), b, a, Witness(not_b_val), @@ -399,7 +399,7 @@ pub trait GateInstructions { } fn not<'v>(&self, ctx: &mut Context<'_, F>, a: QuantumCell<'_, 'v, F>) -> AssignedValue<'v, F> { - self.sub(ctx, Constant(F::one()), a) + self.sub(ctx, Constant(F::ONE), a) } fn select<'v>( @@ -432,10 +432,10 @@ pub trait GateInstructions { .assign_region( ctx, vec![ - Witness(bits[k - 1].value().map(|b| F::one() - b)), + Witness(bits[k - 1].value().map(|b| F::ONE - b)), Existing(&bits[k - 1]), - Constant(F::one()), - Constant(F::one()), + Constant(F::ONE), + Constant(F::ONE), ], vec![(0, None)], ) @@ -451,7 +451,7 @@ pub trait GateInstructions { let inv_prod_val = indicator[offset + old_idx] .value() .zip(bit.value()) - .map(|(a, b)| (F::one() - b) * a); + .map(|(a, b)| (F::ONE - b) * a); let inv_prod = self .assign_region_smart( ctx, @@ -490,10 +490,10 @@ pub trait GateInstructions { ctx, (0..len).map(|i| { Witness(idx.value().map(|x| { - if x.get_lower_32() == i as u32 { - F::one() + if u64::from_le_bytes(x.to_repr()[0..8].try_into().unwrap()) == i as u64 { + F::ONE } else { - F::zero() + F::ZERO } })) }), @@ -506,13 +506,13 @@ pub trait GateInstructions { let assignments = self.assign_region( ctx, vec![ - Constant(F::zero()), + Constant(F::ZERO), Existing(ind), idx, Witness(val), Constant(-F::from(i as u64)), Existing(ind), - Constant(F::zero()), + Constant(F::ZERO), ], vec![(0, None), (3, None)], ); @@ -524,20 +524,20 @@ pub trait GateInstructions { // performs inner product on a, indicator // `indicator` values are all boolean - /// Assumes for witness generation that only one element of `indicator` has non-zero value and that value is `F::one()`. + /// Assumes for witness generation that only one element of `indicator` has non-zero value and that value is `F::ONE`. fn select_by_indicator<'a, 'i, 'b: 'a + 'i>( &self, ctx: &mut Context<'_, F>, a: impl IntoIterator>, indicator: impl IntoIterator>, ) -> AssignedValue<'b, F> { - let mut sum = Value::known(F::zero()); + let mut sum = Value::known(F::ZERO); let a = a.into_iter(); let (len, hi) = a.size_hint(); debug_assert_eq!(Some(len), hi); let cells = - std::iter::once(Constant(F::zero())).chain(a.zip(indicator).flat_map(|(a, ind)| { + std::iter::once(Constant(F::ZERO)).chain(a.zip(indicator).flat_map(|(a, ind)| { sum = sum.zip(a.value().zip(ind.value())).map(|(sum, (a, ind))| { if ind.is_zero_vartime() { sum @@ -575,9 +575,9 @@ pub trait GateInstructions { .value() .map(|x| { if x.is_zero_vartime() { - (F::one(), Assigned::Trivial(F::one())) + (F::ONE, Assigned::Trivial(F::ONE)) } else { - (F::zero(), Assigned::Rational(F::one(), *x)) + (F::ZERO, Assigned::Rational(F::ONE, *x)) } }) .unzip(); @@ -586,11 +586,11 @@ pub trait GateInstructions { Witness(is_zero), Existing(a), WitnessFraction(inv), - Constant(F::one()), - Constant(F::zero()), + Constant(F::ONE), + Constant(F::ZERO), Existing(a), Witness(is_zero), - Constant(F::zero()), + Constant(F::ZERO), ]; let assigned_cells = self.assign_region_smart(ctx, cells, vec![0, 4], vec![(0, 6)], vec![]); assigned_cells.into_iter().next().unwrap() @@ -645,7 +645,7 @@ pub trait GateInstructions { } // TODO: batch inversion let is_zero = self.is_zero(ctx, &denom); - self.assert_is_const(ctx, &is_zero, F::zero()); + self.assert_is_const(ctx, &is_zero, F::ZERO); // y_i / denom let quot = self.div_unsafe(ctx, Existing(&coords[i].1), Existing(&denom)); diff --git a/halo2-base/src/gates/range.rs b/halo2-base/src/gates/range.rs index b33c874f..c0298faf 100644 --- a/halo2-base/src/gates/range.rs +++ b/halo2-base/src/gates/range.rs @@ -102,7 +102,7 @@ impl RangeConfig { let mut running_base = limb_base; let num_bases = F::NUM_BITS as usize / lookup_bits; let mut limb_bases = Vec::with_capacity(num_bases + 1); - limb_bases.extend([Constant(F::one()), Constant(running_base)]); + limb_bases.extend([Constant(F::ONE), Constant(running_base)]); for _ in 2..=num_bases { running_base *= &limb_base; limb_bases.push(Constant(running_base)); @@ -239,7 +239,7 @@ impl RangeConfig { let check = self.gate.assign_region_last( ctx, vec![ - Constant(F::zero()), + Constant(F::ZERO), Existing(&limbs_assigned[k - 1]), Constant(mult_val), Witness(limbs_assigned[k - 1].value().map(|limb| mult_val * limb)), @@ -288,11 +288,11 @@ impl RangeConfig { ) -> AssignedValue<'a, F> { let a_v = a.value(); let bit_v = a_v.map(|a| { - let a = a.get_lower_32(); + let a = a.to_repr()[0]; if a ^ 1 == 0 { - F::zero() + F::ZERO } else { - F::one() + F::ONE } }); let two = self.gate.get_field_element(2u64); @@ -350,10 +350,10 @@ impl RangeInstructions for RangeConfig { let cells = vec![ Witness(shift_a_val - b.value()), b, - Constant(F::one()), + Constant(F::ONE), Witness(shift_a_val), Constant(-pow_of_two), - Constant(F::one()), + Constant(F::ONE), a, ]; let assigned_cells = @@ -368,8 +368,8 @@ impl RangeInstructions for RangeConfig { let out_val = Value::known(pow_of_two) + a.value() - b.value(); let assigned_cells = self.gate.assign_region( ctx, - vec![a, Constant(F::one()), b, Witness(out_val)], - vec![(0, Some([F::zero(), pow_of_two, -F::one()]))], + vec![a, Constant(F::ONE), b, Witness(out_val)], + vec![(0, Some([F::ZERO, pow_of_two, -F::ONE]))], ); assigned_cells.into_iter().nth(3).unwrap() } @@ -400,10 +400,10 @@ impl RangeInstructions for RangeConfig { vec![ Witness(shifted_val), b, - Constant(F::one()), + Constant(F::ONE), Witness(shift_a_val), Constant(-pow_padded), - Constant(F::one()), + Constant(F::ONE), a, ], vec![0, 3], @@ -415,7 +415,7 @@ impl RangeInstructions for RangeConfig { RangeStrategy::PlonkPlus => self.gate.assign_region_last( ctx, vec![a, Constant(pow_padded), b, Witness(shifted_val)], - vec![(0, Some([F::zero(), F::one(), -F::one()]))], + vec![(0, Some([F::ZERO, F::ONE, -F::ONE]))], ), }; diff --git a/halo2-base/src/utils.rs b/halo2-base/src/utils.rs index 87cac694..bedc5ae3 100644 --- a/halo2-base/src/utils.rs +++ b/halo2-base/src/utils.rs @@ -1,6 +1,7 @@ #[cfg(feature = "halo2-pse")] use crate::halo2_proofs::arithmetic::CurveAffine; -use crate::halo2_proofs::{arithmetic::FieldExt, circuit::Value}; +use crate::halo2_proofs::circuit::Value; +use crate::halo2_proofs::ff::PrimeField as Halo2ProofPrimeField; // use core::hash::Hash; use num_bigint::BigInt; use num_bigint::BigUint; @@ -52,10 +53,10 @@ use num_traits::{One, Zero}; // #[cfg(feature = "halo2-axiom")] // pub trait PrimeField = BigPrimeField; #[cfg(feature = "halo2-pse")] -pub trait PrimeField = FieldExt; +pub trait PrimeField = Halo2ProofPrimeField; #[cfg(feature = "halo2-pse")] -pub trait ScalarField = FieldExt; +pub trait ScalarField = Halo2ProofPrimeField; #[inline(always)] pub(crate) fn decompose_u64_digits_to_limbs( @@ -104,7 +105,7 @@ pub fn log2_ceil(x: u64) -> usize { } pub fn modulus() -> BigUint { - fe_to_biguint(&-F::one()) + 1u64 + fe_to_biguint(&-F::ONE) + 1u64 } pub fn power_of_two(n: usize) -> F { @@ -152,7 +153,7 @@ pub fn bigint_to_fe(e: &BigInt) -> F { } } -pub fn fe_to_biguint(fe: &F) -> BigUint { +pub fn fe_to_biguint(fe: &F) -> BigUint { BigUint::from_bytes_le(fe.to_repr().as_ref()) } @@ -288,7 +289,10 @@ pub mod fs { bn256::{Bn256, G1Affine}, CurveAffine, }, - poly::{commitment::{Params, ParamsProver}, kzg::commitment::ParamsKZG}, + poly::{ + commitment::{Params, ParamsProver}, + kzg::commitment::ParamsKZG, + }, }; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; diff --git a/hashes/zkevm-keccak/src/keccak_packed_multi.rs b/hashes/zkevm-keccak/src/keccak_packed_multi.rs index 085ff9c6..06d40121 100644 --- a/hashes/zkevm-keccak/src/keccak_packed_multi.rs +++ b/hashes/zkevm-keccak/src/keccak_packed_multi.rs @@ -114,7 +114,7 @@ impl KeccakRow { q_round_last: false, q_padding: false, q_padding_last: false, - round_cst: F::zero(), + round_cst: F::ZERO, is_final: false, cell_values: Vec::new(), }) @@ -154,7 +154,7 @@ impl KeccakRegion { } let row = &mut self.rows[offset]; while column >= row.len() { - row.push(F::zero()); + row.push(F::ZERO); } row[column] = value; } @@ -448,7 +448,7 @@ mod decode { } pub(crate) fn value(parts: Vec>) -> F { - parts.iter().rev().fold(F::zero(), |acc, part| { + parts.iter().rev().fold(F::ZERO, |acc, part| { acc * F::from(1u64 << (BIT_COUNT * part.num_bits)) + part.value }) } @@ -1611,7 +1611,7 @@ pub fn keccak_phase1<'v, F: Field>( let num_rows_per_round = get_num_rows_per_round(); let mut byte_idx = 0; - let mut data_rlc = Value::known(F::zero()); + let mut data_rlc = Value::known(F::ZERO); for _ in 0..num_chunks { for round in 0..NUM_ROUNDS + 1 { @@ -1648,7 +1648,7 @@ pub fn keccak_phase0( bytes: &[u8], ) { let mut bits = into_bits(bytes); - let mut s = [[F::zero(); 5]; 5]; + let mut s = [[F::ZERO; 5]; 5]; let absorb_positions = get_absorb_positions(); let num_bytes_in_last_block = bytes.len() % RATE; let num_rows_per_round = get_num_rows_per_round(); @@ -1666,7 +1666,7 @@ pub fn keccak_phase0( let mut cell_managers = Vec::with_capacity(NUM_ROUNDS + 1); let mut regions = Vec::with_capacity(NUM_ROUNDS + 1); - let mut hash_words = [F::zero(); NUM_WORDS_TO_SQUEEZE]; + let mut hash_words = [F::ZERO; NUM_WORDS_TO_SQUEEZE]; for (idx, chunk) in chunks.enumerate() { let is_final_block = idx == num_chunks - 1; @@ -1771,7 +1771,7 @@ pub fn keccak_phase0( bc.push(bc_norm); } cell_manager.start_region(); - let mut os = [[F::zero(); 5]; 5]; + let mut os = [[F::ZERO; 5]; 5]; for i in 0..5 { let t = decode::value(bc[(i + 4) % 5].clone()) + decode::value(rotate(bc[(i + 1) % 5].clone(), 1, part_size)); @@ -1834,7 +1834,7 @@ pub fn keccak_phase0( // Chi let part_size_base = get_num_bits_per_base_chi_lookup(); let three_packed = pack::(&vec![3u8; part_size_base]); - let mut os = [[F::zero(); 5]; 5]; + let mut os = [[F::ZERO; 5]; 5]; for j in 0..5 { for i in 0..5 { let mut s_parts = Vec::new(); @@ -1974,7 +1974,7 @@ pub fn multi_keccak_phase1<'a, 'v, F: Field>( let num_rows_per_round = get_num_rows_per_round(); for idx in 0..num_rows_per_round { [keccak_table.input_rlc, keccak_table.output_rlc] - .map(|column| assign_advice_custom(region, column, idx, Value::known(F::zero()))); + .map(|column| assign_advice_custom(region, column, idx, Value::known(F::ZERO))); } let mut offset = num_rows_per_round; diff --git a/hashes/zkevm-keccak/src/util.rs b/hashes/zkevm-keccak/src/util.rs index 868c366c..472142a3 100644 --- a/hashes/zkevm-keccak/src/util.rs +++ b/hashes/zkevm-keccak/src/util.rs @@ -169,7 +169,7 @@ pub fn pack(bits: &[u8]) -> F { /// specified bit base pub fn pack_with_base(bits: &[u8], base: usize) -> F { let base = F::from(base as u64); - bits.iter().rev().fold(F::zero(), |acc, &bit| acc * base + F::from(bit as u64)) + bits.iter().rev().fold(F::ZERO, |acc, &bit| acc * base + F::from(bit as u64)) } /// Decodes the bits using the position data found in the part info diff --git a/hashes/zkevm-keccak/src/util/expression.rs b/hashes/zkevm-keccak/src/util/expression.rs index fa0ee216..d254ed0a 100644 --- a/hashes/zkevm-keccak/src/util/expression.rs +++ b/hashes/zkevm-keccak/src/util/expression.rs @@ -11,7 +11,7 @@ pub mod sum { /// Returns the sum of the given list of values within the field. pub fn value(values: &[u8]) -> F { - values.iter().fold(F::zero(), |acc, value| acc + F::from(*value as u64)) + values.iter().fold(F::ZERO, |acc, value| acc + F::from(*value as u64)) } } @@ -28,7 +28,7 @@ pub mod and { /// Returns the product of all given values. pub fn value(inputs: Vec) -> F { - inputs.iter().fold(F::one(), |acc, input| acc * input) + inputs.iter().fold(F::ONE, |acc, input| acc * input) } } @@ -62,7 +62,7 @@ pub mod not { /// Returns a value that represents the NOT of the given value. pub fn value(b: F) -> F { - F::one() - b + F::ONE - b } } @@ -100,7 +100,7 @@ pub mod select { /// Returns the `when_true` value when the selector is true, else returns /// the `when_false` value. pub fn value(selector: F, when_true: F, when_false: F) -> F { - selector * when_true + (F::one() - selector) * when_false + selector * when_true + (F::ONE - selector) * when_false } /// Returns the `when_true` word when selector is true, else returns the @@ -110,7 +110,7 @@ pub mod select { when_true: [u8; 32], when_false: [u8; 32], ) -> [u8; 32] { - if selector == F::one() { + if selector == F::ONE { when_true } else { when_false @@ -170,7 +170,7 @@ impl Expr for i32 { fn expr(&self) -> Expression { Expression::Constant( F::from(self.unsigned_abs() as u64) - * if self.is_negative() { -F::one() } else { F::one() }, + * if self.is_negative() { -F::ONE } else { F::ONE }, ) } } @@ -179,7 +179,7 @@ impl Expr for i32 { /// single expression. pub fn expr_from_bytes>(bytes: &[E]) -> Expression { let mut value = 0.expr(); - let mut multiplier = F::one(); + let mut multiplier = F::ONE; for byte in bytes.iter() { value = value + byte.expr() * multiplier; multiplier *= F::from(256); From 3e0126a5928d23f8c67c4a25f5b9a8c8aed27994 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Sat, 18 Mar 2023 23:50:59 -0400 Subject: [PATCH 7/7] remove unused life timer --- Cargo.toml | 4 +- halo2-base/src/gates/flex_gate.rs | 103 +++---- halo2-base/src/gates/mod.rs | 287 +++++++++--------- halo2-base/src/gates/range.rs | 33 +- halo2-base/src/lib.rs | 40 +-- halo2-ecc/src/bigint/add_no_carry.rs | 16 +- halo2-ecc/src/bigint/big_is_equal.rs | 24 +- halo2-ecc/src/bigint/big_is_zero.rs | 20 +- halo2-ecc/src/bigint/big_less_than.rs | 10 +- halo2-ecc/src/bigint/carry_mod.rs | 8 +- .../src/bigint/check_carry_mod_to_zero.rs | 13 +- halo2-ecc/src/bigint/check_carry_to_zero.rs | 6 +- halo2-ecc/src/bigint/mod.rs | 51 ++-- halo2-ecc/src/bigint/mul_no_carry.rs | 16 +- halo2-ecc/src/bigint/negative.rs | 6 +- .../src/bigint/scalar_mul_and_add_no_carry.rs | 14 +- halo2-ecc/src/bigint/scalar_mul_no_carry.rs | 12 +- halo2-ecc/src/bigint/select.rs | 20 +- halo2-ecc/src/bigint/select_by_indicator.rs | 16 +- halo2-ecc/src/bigint/sub.rs | 20 +- halo2-ecc/src/bigint/sub_no_carry.rs | 16 +- halo2-ecc/src/bn254/final_exp.rs | 72 ++--- halo2-ecc/src/bn254/mod.rs | 4 +- halo2-ecc/src/bn254/pairing.rs | 88 +++--- halo2-ecc/src/bn254/tests/ec_add.rs | 2 +- halo2-ecc/src/bn254/tests/fixed_base_msm.rs | 3 +- halo2-ecc/src/bn254/tests/mod.rs | 2 +- halo2-ecc/src/ecc/ecdsa.rs | 12 +- halo2-ecc/src/ecc/fixed_base.rs | 33 +- halo2-ecc/src/ecc/fixed_base_pippenger.rs | 22 +- halo2-ecc/src/ecc/mod.rs | 218 +++++++------ halo2-ecc/src/ecc/pippenger.rs | 28 +- halo2-ecc/src/ecc/tests.rs | 2 +- halo2-ecc/src/fields/fp.rs | 117 ++++--- halo2-ecc/src/fields/fp12.rs | 153 ++++------ halo2-ecc/src/fields/fp2.rs | 157 ++++------ halo2-ecc/src/fields/mod.rs | 184 +++++------ halo2-ecc/src/fields/tests.rs | 10 +- .../zkevm-keccak/src/keccak_packed_multi.rs | 6 +- 39 files changed, 859 insertions(+), 989 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c9b3a33b..fe376836 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,8 +49,8 @@ debug = true -# [patch."https://github.com/privacy-scaling-explorations/halo2curves.git"] -# halo2curves = { git = 'https://github.com/scroll-tech/halo2curves', branch = "main" } +[patch."https://github.com/privacy-scaling-explorations/halo2curves.git"] +halo2curves = { git = 'https://github.com/scroll-tech/halo2curves', branch = "halo2-ecc-snark-verifier-0220" } [patch."https://github.com/privacy-scaling-explorations/poseidon.git"] poseidon = { git = "https://github.com/scroll-tech/poseidon.git", branch = "halo2-ecc-snark-verifier-0220" } \ No newline at end of file diff --git a/halo2-base/src/gates/flex_gate.rs b/halo2-base/src/gates/flex_gate.rs index dd12dbce..fab471d4 100644 --- a/halo2-base/src/gates/flex_gate.rs +++ b/halo2-base/src/gates/flex_gate.rs @@ -189,12 +189,12 @@ impl FlexGateConfig { } } - pub fn inner_product_simple<'a, 'b: 'a>( + pub fn inner_product_simple<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> AssignedValue<'b, F> { + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> AssignedValue { let mut sum; let mut a = a.into_iter(); let mut b = b.into_iter().peekable(); @@ -220,12 +220,12 @@ impl FlexGateConfig { self.assign_region_last(ctx, cells, gate_offsets) } - pub fn inner_product_simple_with_assignments<'a, 'b: 'a>( + pub fn inner_product_simple_with_assignments<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> (Vec>, AssignedValue<'b, F>) { + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> (Vec>, AssignedValue) { let mut sum; let mut a = a.into_iter(); let mut b = b.into_iter().peekable(); @@ -253,12 +253,12 @@ impl FlexGateConfig { (assignments, last) } - fn inner_product_with_assignments<'a, 'b: 'a>( + fn inner_product_with_assignments<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> (Vec>, AssignedValue<'b, F>) { + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> (Vec>, AssignedValue) { // we will do special handling of the cases where one of the vectors is all constants match self.strategy { GateStrategy::PlonkPlus => { @@ -353,13 +353,13 @@ impl GateInstructions for FlexGateConfig { /// * gate_index can either be set if you know the specific column you want to assign to, or None if you want to auto-select index /// * only selects from advice columns in `ctx.current_phase` // same as `assign_region` except you can specify the `phase` to assign in - fn assign_region_in<'a, 'b: 'a>( + fn assign_region_in<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator)>, phase: usize, - ) -> Vec> { + ) -> Vec> { // We enforce the pattern that you should assign everything in current phase at once and then move onto next phase debug_assert_eq!(phase, ctx.current_phase()); @@ -440,13 +440,13 @@ impl GateInstructions for FlexGateConfig { assignments } - fn assign_region_last_in<'a, 'b: 'a>( + fn assign_region_last_in<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator)>, phase: usize, - ) -> AssignedValue<'b, F> { + ) -> AssignedValue { // We enforce the pattern that you should assign everything in current phase at once and then move onto next phase debug_assert_eq!(phase, ctx.current_phase()); @@ -529,12 +529,12 @@ impl GateInstructions for FlexGateConfig { // Takes two vectors of `QuantumCell` and constrains a witness output to the inner product of `` // outputs are (assignments except last, out_cell) // Currently the only places `assignments` is used are: `num_to_bits, range_check, carry_mod, check_carry_mod_to_zero` - fn inner_product<'a, 'b: 'a>( + fn inner_product<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> AssignedValue<'b, F> { + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> AssignedValue { // we will do special handling of the cases where one of the vectors is all constants match self.strategy { GateStrategy::PlonkPlus => { @@ -545,12 +545,12 @@ impl GateInstructions for FlexGateConfig { } } - fn inner_product_with_sums<'a, 'b: 'a>( + fn inner_product_with_sums<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> Box> + 'b> { + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> Box>> { let mut b = b.into_iter().peekable(); let flag = matches!(b.peek(), Some(&Constant(c)) if c == F::ONE); let (assignments_without_last, last) = @@ -563,13 +563,13 @@ impl GateInstructions for FlexGateConfig { } } - fn inner_product_left<'a, 'b: 'a>( + fn inner_product_left<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - a_assigned: &mut Vec>, - ) -> AssignedValue<'b, F> { + a: impl IntoIterator>, + b: impl IntoIterator>, + a_assigned: &mut Vec>, + ) -> AssignedValue { match self.strategy { GateStrategy::PlonkPlus => { let a = a.into_iter(); @@ -671,12 +671,12 @@ impl GateInstructions for FlexGateConfig { } } - fn sum_products_with_coeff_and_var<'a, 'b: 'a>( + fn sum_products_with_coeff_and_var<'a>( &self, ctx: &mut Context<'_, F>, - values: impl IntoIterator, QuantumCell<'a, 'b, F>)>, - var: QuantumCell<'a, 'b, F>, - ) -> AssignedValue<'b, F> { + values: impl IntoIterator, QuantumCell<'a, F>)>, + var: QuantumCell<'a, F>, + ) -> AssignedValue { // TODO: optimize match self.strategy { GateStrategy::PlonkPlus => { @@ -712,13 +712,13 @@ impl GateInstructions for FlexGateConfig { /// assumes sel is boolean /// returns /// a * sel + b * (1 - sel) - fn select<'v>( + fn select( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - sel: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + sel: QuantumCell<'_, F>, + ) -> AssignedValue { let diff_val: Value = a.value().zip(b.value()).map(|(a, b)| *a - b); let out_val = diff_val * sel.value() + b.value(); match self.strategy { @@ -765,13 +765,13 @@ impl GateInstructions for FlexGateConfig { /// returns: a || (b && c) // | 1 - b c | b | c | 1 | a - 1 | 1 - b c | out | a - 1 | 1 | 1 | a | - fn or_and<'v>( + fn or_and( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - c: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + c: QuantumCell<'_, F>, + ) -> AssignedValue { let bc_val = b.value().zip(c.value()).map(|(b, c)| *b * c); let not_bc_val = bc_val.map(|x| F::ONE - x); let not_a_val = a.value().map(|x| *x - F::ONE); @@ -795,12 +795,12 @@ impl GateInstructions for FlexGateConfig { } // returns little-endian bit vectors - fn num_to_bits<'v>( + fn num_to_bits( &self, ctx: &mut Context<'_, F>, - a: &AssignedValue<'v, F>, + a: &AssignedValue, range_bits: usize, - ) -> Vec> { + ) -> Vec> { let bits = a .value() .map(|a| { @@ -827,12 +827,7 @@ impl GateInstructions for FlexGateConfig { for bit_cell in &bit_cells { self.assign_region( ctx, - vec![ - Constant(F::ZERO), - Existing(bit_cell), - Existing(bit_cell), - Existing(bit_cell), - ], + vec![Constant(F::ZERO), Existing(bit_cell), Existing(bit_cell), Existing(bit_cell)], vec![(0, None)], ); } diff --git a/halo2-base/src/gates/mod.rs b/halo2-base/src/gates/mod.rs index 4e1f3dab..ff5106e0 100644 --- a/halo2-base/src/gates/mod.rs +++ b/halo2-base/src/gates/mod.rs @@ -24,42 +24,42 @@ pub trait GateInstructions { fn pow_of_two(&self) -> &[F]; fn get_field_element(&self, n: u64) -> F; - fn assign_region<'a, 'b: 'a>( + fn assign_region<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator)>, - ) -> Vec> { + ) -> Vec> { self.assign_region_in(ctx, inputs, gate_offsets, ctx.current_phase()) } - fn assign_region_in<'a, 'b: 'a>( + fn assign_region_in<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator)>, phase: usize, - ) -> Vec>; + ) -> Vec>; /// Only returns the last assigned cell /// /// Does not collect the vec, saving heap allocation - fn assign_region_last<'a, 'b: 'a>( + fn assign_region_last<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator)>, - ) -> AssignedValue<'b, F> { + ) -> AssignedValue { self.assign_region_last_in(ctx, inputs, gate_offsets, ctx.current_phase()) } - fn assign_region_last_in<'a, 'b: 'a>( + fn assign_region_last_in<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator)>, phase: usize, - ) -> AssignedValue<'b, F>; + ) -> AssignedValue; /// Only call this if ctx.region is not in shape mode, i.e., if not using simple layouter or ctx.first_pass = false /// @@ -67,14 +67,14 @@ pub trait GateInstructions { /// - `gate_offsets` specifies indices to enable selector for the gate; assume `gate_offsets` is sorted in increasing order /// - `equality_offsets` specifies pairs of indices to constrain equality /// - `external_equality` specifies an existing cell to constrain equality with the cell at a certain index - fn assign_region_smart<'a, 'b: 'a>( + fn assign_region_smart<'a>( &self, ctx: &mut Context<'_, F>, - inputs: impl IntoIterator>, + inputs: impl IntoIterator>, gate_offsets: impl IntoIterator, equality_offsets: impl IntoIterator, external_equality: Vec<(&AssignedValue, usize)>, - ) -> Vec> { + ) -> Vec> { let assignments = self.assign_region(ctx, inputs, gate_offsets.into_iter().map(|i| (i as isize, None))); for (offset1, offset2) in equality_offsets.into_iter() { @@ -88,27 +88,23 @@ pub trait GateInstructions { assignments } - fn assign_witnesses<'v>( + fn assign_witnesses( &self, ctx: &mut Context<'_, F>, witnesses: impl IntoIterator>, - ) -> Vec> { + ) -> Vec> { self.assign_region(ctx, witnesses.into_iter().map(Witness), []) } - fn load_witness<'v>( - &self, - ctx: &mut Context<'_, F>, - witness: Value, - ) -> AssignedValue<'v, F> { + fn load_witness(&self, ctx: &mut Context<'_, F>, witness: Value) -> AssignedValue { self.assign_region_last(ctx, [Witness(witness)], []) } - fn load_constant<'a>(&self, ctx: &mut Context<'_, F>, c: F) -> AssignedValue<'a, F> { + fn load_constant(&self, ctx: &mut Context<'_, F>, c: F) -> AssignedValue { self.assign_region_last(ctx, [Constant(c)], []) } - fn load_zero<'a>(&self, ctx: &mut Context<'a, F>) -> AssignedValue<'a, F> { + fn load_zero(&self, ctx: &mut Context<'_, F>) -> AssignedValue { if let Some(zcell) = &ctx.zero_cell { return zcell.clone(); } @@ -119,12 +115,12 @@ pub trait GateInstructions { /// Copies a, b and constrains `a + b * 1 = out` // | a | b | 1 | a + b | - fn add<'v>( + fn add( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { let out_val = a.value().zip(b.value()).map(|(a, b)| *a + b); self.assign_region_last( ctx, @@ -135,12 +131,12 @@ pub trait GateInstructions { /// Copies a, b and constrains `a + b * (-1) = out` // | a - b | b | 1 | a | - fn sub<'v>( + fn sub( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { let out_val = a.value().zip(b.value()).map(|(a, b)| *a - b); // slightly better to not have to compute -F::ONE since F::ONE is cached let assigned_cells = self.assign_region( @@ -152,7 +148,7 @@ pub trait GateInstructions { } // | a | -a | 1 | 0 | - fn neg<'v>(&self, ctx: &mut Context<'_, F>, a: QuantumCell<'_, 'v, F>) -> AssignedValue<'v, F> { + fn neg(&self, ctx: &mut Context<'_, F>, a: QuantumCell<'_, F>) -> AssignedValue { let out_val = a.value().map(|v| -*v); let assigned_cells = self.assign_region( ctx, @@ -164,12 +160,12 @@ pub trait GateInstructions { /// Copies a, b and constrains `0 + a * b = out` // | 0 | a | b | a * b | - fn mul<'v>( + fn mul( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { let out_val = a.value().zip(b.value()).map(|(a, b)| *a * b); self.assign_region_last( ctx, @@ -179,24 +175,24 @@ pub trait GateInstructions { } /// a * b + c - fn mul_add<'v>( + fn mul_add( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - c: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + c: QuantumCell<'_, F>, + ) -> AssignedValue { let out_val = a.value().zip(b.value()).map(|(a, b)| *a * b) + c.value(); self.assign_region_last(ctx, vec![c, a, b, Witness(out_val)], vec![(0, None)]) } /// (1 - a) * b = b - a * b - fn mul_not<'v>( + fn mul_not( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { let out_val = a.value().zip(b.value()).map(|(a, b)| (F::ONE - a) * b); let assignments = self.assign_region(ctx, vec![Witness(out_val), a, b.clone(), b], vec![(0, None)]); @@ -213,12 +209,12 @@ pub trait GateInstructions { ); } - fn div_unsafe<'v>( + fn div_unsafe( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { // TODO: if really necessary, make `c` of type `Assigned` // this would require the API using `Assigned` instead of `F` everywhere, so leave as last resort let c = a.value().zip(b.value()).map(|(a, b)| b.invert().unwrap() * a); @@ -252,37 +248,37 @@ pub trait GateInstructions { /// Returns `(assignments, output)` where `output` is the inner product of `` /// /// `assignments` is for internal use - fn inner_product<'a, 'b: 'a>( + fn inner_product<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> AssignedValue<'b, F>; + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> AssignedValue; /// very specialized for optimal range check, not for general consumption /// - `a_assigned` is expected to have capacity a.len() /// - we re-use `a_assigned` to save memory allocation - fn inner_product_left<'a, 'b: 'a>( + fn inner_product_left<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - a_assigned: &mut Vec>, - ) -> AssignedValue<'b, F>; + a: impl IntoIterator>, + b: impl IntoIterator>, + a_assigned: &mut Vec>, + ) -> AssignedValue; /// Returns an iterator with the partial sums `sum_{j=0..=i} a[j] * b[j]`. - fn inner_product_with_sums<'a, 'b: 'a>( + fn inner_product_with_sums<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> Box> + 'b>; + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> Box>>; - fn sum<'a, 'b: 'a>( + fn sum<'a>( &self, - ctx: &mut Context<'b, F>, - a: impl IntoIterator>, - ) -> AssignedValue<'b, F> { + ctx: &mut Context<'_, F>, + a: impl IntoIterator>, + ) -> AssignedValue { let mut a = a.into_iter().peekable(); let start = a.next(); if start.is_none() { @@ -304,11 +300,11 @@ pub trait GateInstructions { } /// Returns the assignment trace where `output[3 * i]` has the running sum `sum_{j=0..=i} a[j]` - fn sum_with_assignments<'a, 'b: 'a>( + fn sum_with_assignments<'a>( &self, - ctx: &mut Context<'b, F>, - a: impl IntoIterator>, - ) -> Vec> { + ctx: &mut Context<'_, F>, + a: impl IntoIterator>, + ) -> Vec> { let mut a = a.into_iter().peekable(); let start = a.next(); if start.is_none() { @@ -336,12 +332,12 @@ pub trait GateInstructions { // + ... // + b_i // Returns [x_1, ..., x_{b.len()}] - fn accumulated_product<'a, 'v: 'a>( + fn accumulated_product<'a>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - b: impl IntoIterator>, - ) -> Vec> { + a: impl IntoIterator>, + b: impl IntoIterator>, + ) -> Vec> { let mut b = b.into_iter(); let mut a = a.into_iter(); let b_first = b.next(); @@ -356,20 +352,20 @@ pub trait GateInstructions { } } - fn sum_products_with_coeff_and_var<'a, 'b: 'a>( + fn sum_products_with_coeff_and_var<'a>( &self, ctx: &mut Context<'_, F>, - values: impl IntoIterator, QuantumCell<'a, 'b, F>)>, - var: QuantumCell<'a, 'b, F>, - ) -> AssignedValue<'b, F>; + values: impl IntoIterator, QuantumCell<'a, F>)>, + var: QuantumCell<'a, F>, + ) -> AssignedValue; // | 1 - b | 1 | b | 1 | b | a | 1 - b | out | - fn or<'v>( + fn or( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { let not_b_val = b.value().map(|x| F::ONE - x); let out_val = a.value().zip(b.value()).map(|(a, b)| *a + b) - a.value().zip(b.value()).map(|(a, b)| *a * b); @@ -389,42 +385,42 @@ pub trait GateInstructions { } // | 0 | a | b | out | - fn and<'v>( + fn and( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { self.mul(ctx, a, b) } - fn not<'v>(&self, ctx: &mut Context<'_, F>, a: QuantumCell<'_, 'v, F>) -> AssignedValue<'v, F> { + fn not(&self, ctx: &mut Context<'_, F>, a: QuantumCell<'_, F>) -> AssignedValue { self.sub(ctx, Constant(F::ONE), a) } - fn select<'v>( + fn select( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - sel: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F>; + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + sel: QuantumCell<'_, F>, + ) -> AssignedValue; - fn or_and<'v>( + fn or_and( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - c: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F>; + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + c: QuantumCell<'_, F>, + ) -> AssignedValue; /// assume bits has boolean values /// returns vec[idx] with vec[idx] = 1 if and only if bits == idx as a binary number - fn bits_to_indicator<'v>( + fn bits_to_indicator( &self, ctx: &mut Context<'_, F>, - bits: &[AssignedValue<'v, F>], - ) -> Vec> { + bits: &[AssignedValue], + ) -> Vec> { let k = bits.len(); let (inv_last_bit, last_bit) = { @@ -480,12 +476,12 @@ pub trait GateInstructions { // returns vec with vec.len() == len such that: // vec[i] == 1{i == idx} - fn idx_to_indicator<'v>( + fn idx_to_indicator( &self, ctx: &mut Context<'_, F>, - mut idx: QuantumCell<'_, 'v, F>, + mut idx: QuantumCell<'_, F>, len: usize, - ) -> Vec> { + ) -> Vec> { let ind = self.assign_region( ctx, (0..len).map(|i| { @@ -525,12 +521,12 @@ pub trait GateInstructions { // performs inner product on a, indicator // `indicator` values are all boolean /// Assumes for witness generation that only one element of `indicator` has non-zero value and that value is `F::ONE`. - fn select_by_indicator<'a, 'i, 'b: 'a + 'i>( + fn select_by_indicator<'a, 'i>( &self, ctx: &mut Context<'_, F>, - a: impl IntoIterator>, - indicator: impl IntoIterator>, - ) -> AssignedValue<'b, F> { + a: impl IntoIterator>, + indicator: impl IntoIterator>, + ) -> AssignedValue { let mut sum = Value::known(F::ZERO); let a = a.into_iter(); let (len, hi) = a.size_hint(); @@ -550,12 +546,12 @@ pub trait GateInstructions { self.assign_region_last(ctx, cells, (0..len).map(|i| (3 * i as isize, None))) } - fn select_from_idx<'a, 'v: 'a>( + fn select_from_idx<'a>( &self, ctx: &mut Context<'_, F>, - cells: impl IntoIterator>, - idx: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + cells: impl IntoIterator>, + idx: QuantumCell<'_, F>, + ) -> AssignedValue { let cells = cells.into_iter(); let (len, hi) = cells.size_hint(); debug_assert_eq!(Some(len), hi); @@ -566,11 +562,7 @@ pub trait GateInstructions { } // | out | a | inv | 1 | 0 | a | out | 0 - fn is_zero<'v>( - &self, - ctx: &mut Context<'_, F>, - a: &AssignedValue<'v, F>, - ) -> AssignedValue<'v, F> { + fn is_zero(&self, ctx: &mut Context<'_, F>, a: &AssignedValue) -> AssignedValue { let (is_zero, inv) = a .value() .map(|x| { @@ -596,23 +588,23 @@ pub trait GateInstructions { assigned_cells.into_iter().next().unwrap() } - fn is_equal<'v>( + fn is_equal( &self, ctx: &mut Context<'_, F>, - a: QuantumCell<'_, 'v, F>, - b: QuantumCell<'_, 'v, F>, - ) -> AssignedValue<'v, F> { + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, + ) -> AssignedValue { let diff = self.sub(ctx, a, b); self.is_zero(ctx, &diff) } // returns little-endian bit vectors - fn num_to_bits<'v>( + fn num_to_bits( &self, ctx: &mut Context<'_, F>, - a: &AssignedValue<'v, F>, + a: &AssignedValue, range_bits: usize, - ) -> Vec>; + ) -> Vec>; /// given pairs `coords[i] = (x_i, y_i)`, let `f` be the unique degree `len(coords)` polynomial such that `f(x_i) = y_i` for all `i`. /// @@ -621,12 +613,12 @@ pub trait GateInstructions { /// output: (f(x), Prod_i (x - x_i)) /// /// constrains all x_i and x are distinct - fn lagrange_and_eval<'v>( + fn lagrange_and_eval( &self, ctx: &mut Context<'_, F>, - coords: &[(AssignedValue<'v, F>, AssignedValue<'v, F>)], - x: &AssignedValue<'v, F>, - ) -> (AssignedValue<'v, F>, AssignedValue<'v, F>) { + coords: &[(AssignedValue, AssignedValue)], + x: &AssignedValue, + ) -> (AssignedValue, AssignedValue) { let mut z = self.sub(ctx, Existing(x), Existing(&coords[0].0)); for coord in coords.iter().skip(1) { let sub = self.sub(ctx, Existing(x), Existing(&coord.0)); @@ -669,25 +661,20 @@ pub trait RangeInstructions { fn lookup_bits(&self) -> usize; - fn range_check<'a>( - &self, - ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, - range_bits: usize, - ); + fn range_check<'a>(&self, ctx: &mut Context<'a, F>, a: &AssignedValue, range_bits: usize); fn check_less_than<'a>( &self, ctx: &mut Context<'a, F>, - a: QuantumCell<'_, 'a, F>, - b: QuantumCell<'_, 'a, F>, + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, num_bits: usize, ); /// Checks that `a` is in `[0, b)`. /// /// Does not require bit assumptions on `a, b` because we range check that `a` has at most `bit_length(b)` bits. - fn check_less_than_safe<'a>(&self, ctx: &mut Context<'a, F>, a: &AssignedValue<'a, F>, b: u64) { + fn check_less_than_safe<'a>(&self, ctx: &mut Context<'a, F>, a: &AssignedValue, b: u64) { let range_bits = (bit_length(b) + self.lookup_bits() - 1) / self.lookup_bits() * self.lookup_bits(); @@ -706,7 +693,7 @@ pub trait RangeInstructions { fn check_big_less_than_safe<'a>( &self, ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, + a: &AssignedValue, b: BigUint, ) where F: PrimeField, @@ -724,10 +711,10 @@ pub trait RangeInstructions { fn is_less_than<'a>( &self, ctx: &mut Context<'a, F>, - a: QuantumCell<'_, 'a, F>, - b: QuantumCell<'_, 'a, F>, + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, num_bits: usize, - ) -> AssignedValue<'a, F>; + ) -> AssignedValue; /// Returns whether `a` is in `[0, b)`. /// @@ -735,9 +722,9 @@ pub trait RangeInstructions { fn is_less_than_safe<'a>( &self, ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, + a: &AssignedValue, b: u64, - ) -> AssignedValue<'a, F> { + ) -> AssignedValue { let range_bits = (bit_length(b) + self.lookup_bits() - 1) / self.lookup_bits() * self.lookup_bits(); @@ -751,9 +738,9 @@ pub trait RangeInstructions { fn is_big_less_than_safe<'a>( &self, ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, + a: &AssignedValue, b: BigUint, - ) -> AssignedValue<'a, F> + ) -> AssignedValue where F: PrimeField, { @@ -770,10 +757,10 @@ pub trait RangeInstructions { fn div_mod<'a>( &self, ctx: &mut Context<'a, F>, - a: QuantumCell<'_, 'a, F>, + a: QuantumCell<'_, F>, b: impl Into, a_num_bits: usize, - ) -> (AssignedValue<'a, F>, AssignedValue<'a, F>) + ) -> (AssignedValue, AssignedValue) where F: PrimeField, { @@ -812,11 +799,11 @@ pub trait RangeInstructions { fn div_mod_var<'a>( &self, ctx: &mut Context<'a, F>, - a: QuantumCell<'_, 'a, F>, - b: QuantumCell<'_, 'a, F>, + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, a_num_bits: usize, b_num_bits: usize, - ) -> (AssignedValue<'a, F>, AssignedValue<'a, F>) + ) -> (AssignedValue, AssignedValue) where F: PrimeField, { diff --git a/halo2-base/src/gates/range.rs b/halo2-base/src/gates/range.rs index c0298faf..d67b579e 100644 --- a/halo2-base/src/gates/range.rs +++ b/halo2-base/src/gates/range.rs @@ -40,7 +40,7 @@ pub struct RangeConfig { pub q_lookup: Vec>, pub lookup: TableColumn, pub lookup_bits: usize, - pub limb_bases: Vec>, + pub limb_bases: Vec>, // selector for custom range gate // `q_range[k][i]` stores the selector for a custom range gate of length `k` // pub q_range: HashMap>, @@ -171,7 +171,7 @@ impl RangeConfig { /// assuming this is called when ctx.region is not in shape mode /// `offset` is the offset of the cell in `ctx.region` /// `offset` is only used if there is a single advice column - fn enable_lookup<'a>(&self, ctx: &mut Context<'a, F>, acell: AssignedValue<'a, F>) { + fn enable_lookup<'a>(&self, ctx: &mut Context<'a, F>, acell: AssignedValue) { let phase = ctx.current_phase(); if let Some(q) = &self.q_lookup[phase] { q.enable(&mut ctx.region, acell.row()).expect("enable selector should not fail"); @@ -184,9 +184,9 @@ impl RangeConfig { fn range_check_simple<'a>( &self, ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, + a: &AssignedValue, range_bits: usize, - limbs_assigned: &mut Vec>, + limbs_assigned: &mut Vec>, ) { let k = (range_bits + self.lookup_bits - 1) / self.lookup_bits; // println!("range check {} bits {} len", range_bits, k); @@ -258,9 +258,9 @@ impl RangeConfig { pub fn range_check_limbs<'a>( &self, ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, + a: &AssignedValue, range_bits: usize, - limbs_assigned: &mut Vec>, + limbs_assigned: &mut Vec>, ) { assert_ne!(range_bits, 0); #[cfg(feature = "display")] @@ -283,9 +283,9 @@ impl RangeConfig { pub fn get_last_bit<'a>( &self, ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, + a: &AssignedValue, limb_bits: usize, - ) -> AssignedValue<'a, F> { + ) -> AssignedValue { let a_v = a.value(); let bit_v = a_v.map(|a| { let a = a.to_repr()[0]; @@ -324,12 +324,7 @@ impl RangeInstructions for RangeConfig { self.lookup_bits } - fn range_check<'a>( - &self, - ctx: &mut Context<'a, F>, - a: &AssignedValue<'a, F>, - range_bits: usize, - ) { + fn range_check<'a>(&self, ctx: &mut Context<'a, F>, a: &AssignedValue, range_bits: usize) { let tmp = ctx.preallocated_vec_to_assign(); self.range_check_limbs(ctx, a, range_bits, &mut tmp.as_ref().borrow_mut()); } @@ -338,8 +333,8 @@ impl RangeInstructions for RangeConfig { fn check_less_than<'a>( &self, ctx: &mut Context<'a, F>, - a: QuantumCell<'_, 'a, F>, - b: QuantumCell<'_, 'a, F>, + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, num_bits: usize, ) { let pow_of_two = self.gate.pow_of_two[num_bits]; @@ -382,10 +377,10 @@ impl RangeInstructions for RangeConfig { fn is_less_than<'a>( &self, ctx: &mut Context<'a, F>, - a: QuantumCell<'_, 'a, F>, - b: QuantumCell<'_, 'a, F>, + a: QuantumCell<'_, F>, + b: QuantumCell<'_, F>, num_bits: usize, - ) -> AssignedValue<'a, F> { + ) -> AssignedValue { // TODO: optimize this for PlonkPlus strategy let k = (num_bits + self.lookup_bits - 1) / self.lookup_bits; let padded_bits = k * self.lookup_bits; diff --git a/halo2-base/src/lib.rs b/halo2-base/src/lib.rs index 57b2d568..6de1112c 100644 --- a/halo2-base/src/lib.rs +++ b/halo2-base/src/lib.rs @@ -55,15 +55,15 @@ pub mod utils; pub const SKIP_FIRST_PASS: bool = true; #[derive(Clone, Debug)] -pub enum QuantumCell<'a, 'b: 'a, F: ScalarField> { - Existing(&'a AssignedValue<'b, F>), - ExistingOwned(AssignedValue<'b, F>), // this is similar to the Cow enum +pub enum QuantumCell<'a, F: ScalarField> { + Existing(&'a AssignedValue), + ExistingOwned(AssignedValue), // this is similar to the Cow enum Witness(Value), WitnessFraction(Value>), Constant(F), } -impl QuantumCell<'_, '_, F> { +impl QuantumCell<'_, F> { pub fn value(&self) -> Value<&F> { match self { Self::Existing(a) => a.value(), @@ -78,7 +78,7 @@ impl QuantumCell<'_, '_, F> { } #[derive(Clone, Debug)] -pub struct AssignedValue<'a, F: ScalarField> { +pub struct AssignedValue { // #[cfg(feature = "halo2-axiom")] // pub cell: AssignedCell<&'a Assigned, F>, #[cfg(feature = "halo2-pse")] @@ -88,13 +88,13 @@ pub struct AssignedValue<'a, F: ScalarField> { #[cfg(feature = "halo2-pse")] pub row_offset: usize, #[cfg(feature = "halo2-pse")] - pub _marker: PhantomData<&'a F>, + pub _marker: PhantomData, #[cfg(feature = "display")] pub context_id: usize, } -impl<'a, F: ScalarField> AssignedValue<'a, F> { +impl AssignedValue { #[cfg(feature = "display")] pub fn context_id(&self) -> usize { self.context_id @@ -136,7 +136,7 @@ impl<'a, F: ScalarField> AssignedValue<'a, F> { } // #[cfg(feature = "halo2-axiom")] - // pub fn copy_advice<'v>( + // pub fn copy_advice( // &'a self, // region: &mut Region<'_, F>, // column: Column, @@ -152,7 +152,7 @@ impl<'a, F: ScalarField> AssignedValue<'a, F> { #[cfg(feature = "halo2-pse")] pub fn copy_advice( - &'a self, + &self, region: &mut Region<'_, F>, column: Column, offset: usize, @@ -189,7 +189,7 @@ pub struct Context<'a, F: ScalarField> { // To save time from re-allocating new temporary vectors that get quickly dropped (e.g., for some range checks), we keep a vector with high capacity around that we `clear` before use each time // Need to use RefCell to avoid borrow rules // Need to use Rc to borrow this and mutably borrow self at same time - preallocated_vec_to_assign: Rc>>>, + preallocated_vec_to_assign: Rc>>>, // `assigned_constants` is a HashMap keeping track of all constants that we use throughout // we assign them to fixed columns as we go, re-using a fixed cell if the constant value has been assigned previously @@ -203,10 +203,10 @@ pub struct Context<'a, F: ScalarField> { #[cfg(feature = "halo2-pse")] pub assigned_constants: FxHashMap, Cell>, - pub zero_cell: Option>, + pub zero_cell: Option>, // `cells_to_lookup` is a vector keeping track of all cells that we want to enable lookup for. When there is more than 1 advice column we will copy_advice all of these cells to the single lookup enabled column and do lookups there - pub cells_to_lookup: Vec>, + pub cells_to_lookup: Vec>, current_phase: usize, @@ -273,7 +273,7 @@ impl<'a, F: ScalarField> Context<'a, F> { } } - pub fn preallocated_vec_to_assign(&self) -> Rc>>> { + pub fn preallocated_vec_to_assign(&self) -> Rc>>> { Rc::clone(&self.preallocated_vec_to_assign) } @@ -364,13 +364,13 @@ impl<'a, F: ScalarField> Context<'a, F> { // /// Assuming that this is only called if ctx.region is not in shape mode! // #[cfg(feature = "halo2-axiom")] - // pub fn assign_cell<'v>( + // pub fn assign_cell( // &mut self, // input: QuantumCell<'_, 'v, F>, // column: Column, // #[cfg(feature = "display")] context_id: usize, // row_offset: usize, - // ) -> AssignedValue<'v, F> { + // ) -> AssignedValue { // match input { // QuantumCell::Existing(acell) => { // AssignedValue { @@ -429,14 +429,14 @@ impl<'a, F: ScalarField> Context<'a, F> { // } #[cfg(feature = "halo2-pse")] - pub fn assign_cell<'v>( + pub fn assign_cell( &mut self, - input: QuantumCell<'_, 'v, F>, + input: QuantumCell<'_, F>, column: Column, #[cfg(feature = "display")] context_id: usize, row_offset: usize, _phase: u8, - ) -> AssignedValue<'v, F> { + ) -> AssignedValue { match input { QuantumCell::Existing(acell) => { AssignedValue { @@ -564,7 +564,7 @@ impl<'a, F: ScalarField> Context<'a, F> { } #[derive(Clone, Debug)] -pub struct AssignedPrimitive<'a, T: Into + Copy, F: ScalarField> { +pub struct AssignedPrimitive + Copy, F: ScalarField> { pub value: Value, // #[cfg(feature = "halo2-axiom")] @@ -574,5 +574,5 @@ pub struct AssignedPrimitive<'a, T: Into + Copy, F: ScalarField> { #[cfg(feature = "halo2-pse")] _row_offset: usize, #[cfg(feature = "halo2-pse")] - _marker: PhantomData<&'a F>, + _marker: PhantomData, } diff --git a/halo2-ecc/src/bigint/add_no_carry.rs b/halo2-ecc/src/bigint/add_no_carry.rs index 8cc687d4..330ac87a 100644 --- a/halo2-ecc/src/bigint/add_no_carry.rs +++ b/halo2-ecc/src/bigint/add_no_carry.rs @@ -2,12 +2,12 @@ use super::{CRTInteger, OverflowInteger}; use halo2_base::{gates::GateInstructions, utils::PrimeField, Context, QuantumCell::Existing}; use std::cmp::max; -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, - b: &OverflowInteger<'v, F>, -) -> OverflowInteger<'v, F> { + a: &OverflowInteger, + b: &OverflowInteger, +) -> OverflowInteger { assert_eq!(a.limbs.len(), b.limbs.len()); let out_limbs = a @@ -20,12 +20,12 @@ pub fn assign<'v, F: PrimeField>( OverflowInteger::construct(out_limbs, max(a.max_limb_bits, b.max_limb_bits) + 1) } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, -) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, +) -> CRTInteger { assert_eq!(a.truncation.limbs.len(), b.truncation.limbs.len()); let out_trunc = assign::(gate, ctx, &a.truncation, &b.truncation); let out_native = gate.add(ctx, Existing(&a.native), Existing(&b.native)); diff --git a/halo2-ecc/src/bigint/big_is_equal.rs b/halo2-ecc/src/bigint/big_is_equal.rs index f963937f..4257ac95 100644 --- a/halo2-ecc/src/bigint/big_is_equal.rs +++ b/halo2-ecc/src/bigint/big_is_equal.rs @@ -5,12 +5,12 @@ use halo2_base::{ // given OverflowInteger's `a` and `b` of the same shape, // returns whether `a == b` -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, - b: &OverflowInteger<'v, F>, -) -> AssignedValue<'v, F> { + a: &OverflowInteger, + b: &OverflowInteger, +) -> AssignedValue { let k = a.limbs.len(); assert_eq!(k, b.limbs.len()); assert_ne!(k, 0); @@ -26,21 +26,21 @@ pub fn assign<'v, F: PrimeField>( partial } -pub fn wrapper<'v, F: PrimeField>( +pub fn wrapper( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, -) -> AssignedValue<'v, F> { + a: &CRTInteger, + b: &CRTInteger, +) -> AssignedValue { assign(gate, ctx, &a.truncation, &b.truncation) } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, -) -> AssignedValue<'v, F> { + a: &CRTInteger, + b: &CRTInteger, +) -> AssignedValue { let out_trunc = assign::(gate, ctx, &a.truncation, &b.truncation); let out_native = gate.is_equal(ctx, Existing(&a.native), Existing(&b.native)); gate.and(ctx, Existing(&out_trunc), Existing(&out_native)) diff --git a/halo2-ecc/src/bigint/big_is_zero.rs b/halo2-ecc/src/bigint/big_is_zero.rs index 4ab84fa3..13603e88 100644 --- a/halo2-ecc/src/bigint/big_is_zero.rs +++ b/halo2-ecc/src/bigint/big_is_zero.rs @@ -4,11 +4,11 @@ use halo2_base::{ }; /// assume you know that the limbs of `a` are all in [0, 2^{a.max_limb_bits}) -pub fn positive<'v, F: PrimeField>( +pub fn positive( gate: &impl GateInstructions, - ctx: &mut Context<'v, F>, - a: &OverflowInteger<'v, F>, -) -> AssignedValue<'v, F> { + ctx: &mut Context, + a: &OverflowInteger, +) -> AssignedValue { let k = a.limbs.len(); assert_ne!(k, 0); debug_assert!(a.max_limb_bits as u32 + k.ilog2() < F::CAPACITY); @@ -18,11 +18,11 @@ pub fn positive<'v, F: PrimeField>( } // given OverflowInteger `a`, returns whether `a == 0` -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, -) -> AssignedValue<'v, F> { + a: &OverflowInteger, +) -> AssignedValue { let k = a.limbs.len(); assert_ne!(k, 0); @@ -35,11 +35,11 @@ pub fn assign<'v, F: PrimeField>( partial } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, -) -> AssignedValue<'v, F> { + a: &CRTInteger, +) -> AssignedValue { let out_trunc = assign::(gate, ctx, &a.truncation); let out_native = gate.is_zero(ctx, &a.native); gate.and(ctx, Existing(&out_trunc), Existing(&out_native)) diff --git a/halo2-ecc/src/bigint/big_less_than.rs b/halo2-ecc/src/bigint/big_less_than.rs index 52528870..4275348f 100644 --- a/halo2-ecc/src/bigint/big_less_than.rs +++ b/halo2-ecc/src/bigint/big_less_than.rs @@ -3,14 +3,14 @@ use halo2_base::{gates::RangeInstructions, utils::PrimeField, AssignedValue, Con // given OverflowInteger's `a` and `b` of the same shape, // returns whether `a < b` -pub fn assign<'a, F: PrimeField>( +pub fn assign( range: &impl RangeInstructions, - ctx: &mut Context<'a, F>, - a: &OverflowInteger<'a, F>, - b: &OverflowInteger<'a, F>, + ctx: &mut Context<'_, F>, + a: &OverflowInteger, + b: &OverflowInteger, limb_bits: usize, limb_base: F, -) -> AssignedValue<'a, F> { +) -> AssignedValue { // a < b iff a - b has underflow let (_, underflow) = super::sub::assign::(range, ctx, a, b, limb_bits, limb_base); underflow diff --git a/halo2-ecc/src/bigint/carry_mod.rs b/halo2-ecc/src/bigint/carry_mod.rs index a31fd10d..34c48530 100644 --- a/halo2-ecc/src/bigint/carry_mod.rs +++ b/halo2-ecc/src/bigint/carry_mod.rs @@ -20,11 +20,11 @@ use std::{cmp::max, iter}; // We constrain `a = out + modulus * quotient` and range check `out` and `quotient` // // Assumption: the leading two bits (in big endian) are 1, and `abs(a) <= 2^{n * k - 1 + F::NUM_BITS - 2}` (A weaker assumption is also enough, but this is good enough for forseeable use cases) -pub fn crt<'a, F: PrimeField>( +pub fn crt( range: &impl RangeInstructions, // chip: &BigIntConfig, - ctx: &mut Context<'a, F>, - a: &CRTInteger<'a, F>, + ctx: &mut Context<'_, F>, + a: &CRTInteger, k_bits: usize, // = a.len().bits() modulus: &BigInt, mod_vec: &[F], @@ -32,7 +32,7 @@ pub fn crt<'a, F: PrimeField>( limb_bits: usize, limb_bases: &[F], limb_base_big: &BigInt, -) -> CRTInteger<'a, F> { +) -> CRTInteger { let n = limb_bits; let k = a.truncation.limbs.len(); let trunc_len = n * k; diff --git a/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs b/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs index 2f0d298c..2c955722 100644 --- a/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs +++ b/halo2-ecc/src/bigint/check_carry_mod_to_zero.rs @@ -14,11 +14,11 @@ use std::{cmp::max, iter}; // same as carry_mod::crt but `out = 0` so no need to range check // // Assumption: the leading two bits (in big endian) are 1, and `a.max_size <= 2^{n * k - 1 + F::NUM_BITS - 2}` (A weaker assumption is also enough) -pub fn crt<'a, F: PrimeField>( +pub fn crt( range: &impl RangeInstructions, // chip: &BigIntConfig, - ctx: &mut Context<'a, F>, - a: &CRTInteger<'a, F>, + ctx: &mut Context<'_, F>, + a: &CRTInteger, k_bits: usize, // = a.len().bits() modulus: &BigInt, mod_vec: &[F], @@ -139,12 +139,7 @@ pub fn crt<'a, F: PrimeField>( // | quot_cell | 2^n | 1 | quot_cell + 2^n | range.gate().assign_region_last( ctx, - vec![ - Existing(quot_cell), - Constant(limb_base), - Constant(F::ONE), - Witness(out_val), - ], + vec![Existing(quot_cell), Constant(limb_base), Constant(F::ONE), Witness(out_val)], vec![(0, None)], ) }; diff --git a/halo2-ecc/src/bigint/check_carry_to_zero.rs b/halo2-ecc/src/bigint/check_carry_to_zero.rs index 36aad529..284efe8e 100644 --- a/halo2-ecc/src/bigint/check_carry_to_zero.rs +++ b/halo2-ecc/src/bigint/check_carry_to_zero.rs @@ -26,10 +26,10 @@ use num_traits::One; // a_i * 2^{n*w} + a_{i - 1} * 2^{n*(w-1)} + ... + a_{i - w} + c_{i - w - 1} = c_i * 2^{n*(w+1)} // which is valid as long as `(m - n + EPSILON) + n * (w+1) < native_modulus::().bits() - 1` // so we only need to range check `c_i` every `w + 1` steps, starting with `i = w` -pub fn truncate<'a, F: PrimeField>( +pub fn truncate( range: &impl RangeInstructions, - ctx: &mut Context<'a, F>, - a: &OverflowInteger<'a, F>, + ctx: &mut Context<'_, F>, + a: &OverflowInteger, limb_bits: usize, limb_base: F, limb_base_big: &BigInt, diff --git a/halo2-ecc/src/bigint/mod.rs b/halo2-ecc/src/bigint/mod.rs index 44b65a0b..7105db9f 100644 --- a/halo2-ecc/src/bigint/mod.rs +++ b/halo2-ecc/src/bigint/mod.rs @@ -29,8 +29,7 @@ pub mod select_by_indicator; pub mod sub; pub mod sub_no_carry; -#[derive(Clone, Debug, PartialEq)] -#[derive(Default)] +#[derive(Clone, Debug, PartialEq, Default)] pub enum BigIntStrategy { // use existing gates #[default] @@ -40,19 +39,17 @@ pub enum BigIntStrategy { // CustomVerticalShort, } - - #[derive(Clone, Debug)] -pub struct OverflowInteger<'v, F: PrimeField> { - pub limbs: Vec>, +pub struct OverflowInteger { + pub limbs: Vec>, // max bits of a limb, ignoring sign pub max_limb_bits: usize, // the standard limb bit that we use for pow of two limb base - to reduce overhead we just assume this is inferred from context (e.g., the chip stores it), so we stop storing it here // pub limb_bits: usize, } -impl<'v, F: PrimeField> OverflowInteger<'v, F> { - pub fn construct(limbs: Vec>, max_limb_bits: usize) -> Self { +impl OverflowInteger { + pub fn construct(limbs: Vec>, max_limb_bits: usize) -> Self { Self { limbs, max_limb_bits } } @@ -70,9 +67,9 @@ impl<'v, F: PrimeField> OverflowInteger<'v, F> { gate: &impl GateInstructions, // chip: &BigIntConfig, ctx: &mut Context<'_, F>, - limbs: &[AssignedValue<'v, F>], + limbs: &[AssignedValue], limb_bases: impl IntoIterator, - ) -> AssignedValue<'v, F> { + ) -> AssignedValue { // Constrain `out_native = sum_i out_assigned[i] * 2^{n*i}` in `F` gate.inner_product( ctx, @@ -107,24 +104,24 @@ impl FixedOverflowInteger { .fold(BigUint::zero(), |acc, x| (acc << limb_bits) + fe_to_biguint(x)) } - pub fn assign<'v>( + pub fn assign( self, gate: &impl GateInstructions, ctx: &mut Context<'_, F>, limb_bits: usize, - ) -> OverflowInteger<'v, F> { + ) -> OverflowInteger { let assigned_limbs = gate.assign_region(ctx, self.limbs.into_iter().map(Constant), vec![]); OverflowInteger::construct(assigned_limbs, limb_bits) } /// only use case is when coeffs has only a single 1, rest are 0 - pub fn select_by_indicator<'v>( + pub fn select_by_indicator( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, a: &[Self], - coeffs: &[AssignedValue<'v, F>], + coeffs: &[AssignedValue], limb_bits: usize, - ) -> OverflowInteger<'v, F> { + ) -> OverflowInteger { let k = a[0].limbs.len(); let out_limbs = (0..k) @@ -139,7 +136,7 @@ impl FixedOverflowInteger { } #[derive(Clone, Debug)] -pub struct CRTInteger<'v, F: PrimeField> { +pub struct CRTInteger { // keep track of an integer `a` using CRT as `a mod 2^t` and `a mod n` // where `t = truncation.limbs.len() * truncation.limb_bits` // `n = modulus::` @@ -151,25 +148,25 @@ pub struct CRTInteger<'v, F: PrimeField> { // the IMPLICIT ASSUMPTION: `value (mod 2^t) = truncation` && `value (mod n) = native` // this struct should only be used if the implicit assumption above is satisfied - pub truncation: OverflowInteger<'v, F>, - pub native: AssignedValue<'v, F>, + pub truncation: OverflowInteger, + pub native: AssignedValue, pub value: Value, } -impl<'v, F: PrimeField> CRTInteger<'v, F> { +impl CRTInteger { pub fn construct( - truncation: OverflowInteger<'v, F>, - native: AssignedValue<'v, F>, + truncation: OverflowInteger, + native: AssignedValue, value: Value, ) -> Self { Self { truncation, native, value } } - pub fn native(&self) -> &AssignedValue<'v, F> { + pub fn native(&self) -> &AssignedValue { &self.native } - pub fn limbs(&self) -> &[AssignedValue<'v, F>] { + pub fn limbs(&self) -> &[AssignedValue] { self.truncation.limbs.as_slice() } } @@ -210,13 +207,13 @@ impl FixedCRTInteger { Self { truncation, value } } - pub fn assign<'a>( + pub fn assign( self, gate: &impl GateInstructions, ctx: &mut Context<'_, F>, limb_bits: usize, native_modulus: &BigUint, - ) -> CRTInteger<'a, F> { + ) -> CRTInteger { let assigned_truncation = self.truncation.assign(gate, ctx, limb_bits); let assigned_native = { let native_cells = vec![Constant(biguint_to_fe(&(&self.value % native_modulus)))]; @@ -225,13 +222,13 @@ impl FixedCRTInteger { CRTInteger::construct(assigned_truncation, assigned_native, Value::known(self.value.into())) } - pub fn assign_without_caching<'a>( + pub fn assign_without_caching( self, gate: &impl GateInstructions, ctx: &mut Context<'_, F>, limb_bits: usize, native_modulus: &BigUint, - ) -> CRTInteger<'a, F> { + ) -> CRTInteger { let fixed_cells = self .truncation .limbs diff --git a/halo2-ecc/src/bigint/mul_no_carry.rs b/halo2-ecc/src/bigint/mul_no_carry.rs index 637c17e6..71f0a001 100644 --- a/halo2-ecc/src/bigint/mul_no_carry.rs +++ b/halo2-ecc/src/bigint/mul_no_carry.rs @@ -1,14 +1,14 @@ use super::{CRTInteger, OverflowInteger}; use halo2_base::{gates::GateInstructions, utils::PrimeField, Context, QuantumCell::Existing}; -pub fn truncate<'v, F: PrimeField>( +pub fn truncate( gate: &impl GateInstructions, // _chip: &BigIntConfig, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, - b: &OverflowInteger<'v, F>, + a: &OverflowInteger, + b: &OverflowInteger, num_limbs_log2_ceil: usize, -) -> OverflowInteger<'v, F> { +) -> OverflowInteger { let k = a.limbs.len(); assert!(k > 0); assert_eq!(k, b.limbs.len()); @@ -37,14 +37,14 @@ pub fn truncate<'v, F: PrimeField>( OverflowInteger::construct(out_limbs, num_limbs_log2_ceil + a.max_limb_bits + b.max_limb_bits) } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, // chip: &BigIntConfig, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, + a: &CRTInteger, + b: &CRTInteger, num_limbs_log2_ceil: usize, -) -> CRTInteger<'v, F> { +) -> CRTInteger { let out_trunc = truncate::(gate, ctx, &a.truncation, &b.truncation, num_limbs_log2_ceil); let out_native = gate.mul(ctx, Existing(&a.native), Existing(&b.native)); let out_val = a.value.as_ref() * b.value.as_ref(); diff --git a/halo2-ecc/src/bigint/negative.rs b/halo2-ecc/src/bigint/negative.rs index 60183c3f..bad4e4f0 100644 --- a/halo2-ecc/src/bigint/negative.rs +++ b/halo2-ecc/src/bigint/negative.rs @@ -1,11 +1,11 @@ use super::OverflowInteger; use halo2_base::{gates::GateInstructions, utils::PrimeField, Context, QuantumCell::Existing}; -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, -) -> OverflowInteger<'v, F> { + a: &OverflowInteger, +) -> OverflowInteger { let out_limbs = a.limbs.iter().map(|limb| gate.neg(ctx, Existing(limb))).collect(); OverflowInteger::construct(out_limbs, a.max_limb_bits) } diff --git a/halo2-ecc/src/bigint/scalar_mul_and_add_no_carry.rs b/halo2-ecc/src/bigint/scalar_mul_and_add_no_carry.rs index 1c64e24f..0b14dbd1 100644 --- a/halo2-ecc/src/bigint/scalar_mul_and_add_no_carry.rs +++ b/halo2-ecc/src/bigint/scalar_mul_and_add_no_carry.rs @@ -9,14 +9,14 @@ use std::cmp::max; /// compute a * c + b = b + a * c // this is uniquely suited for our simple gate -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, - b: &OverflowInteger<'v, F>, + a: &OverflowInteger, + b: &OverflowInteger, c_f: F, c_log2_ceil: usize, -) -> OverflowInteger<'v, F> { +) -> OverflowInteger { assert_eq!(a.limbs.len(), b.limbs.len()); let out_limbs = a @@ -39,10 +39,10 @@ pub fn assign<'v, F: PrimeField>( pub fn crt<'v, F: PrimeField>( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, + a: &CRTInteger, + b: &CRTInteger, c: i64, -) -> CRTInteger<'v, F> { +) -> CRTInteger { assert_eq!(a.truncation.limbs.len(), b.truncation.limbs.len()); let (c_f, c_abs) = if c >= 0 { diff --git a/halo2-ecc/src/bigint/scalar_mul_no_carry.rs b/halo2-ecc/src/bigint/scalar_mul_no_carry.rs index 4aff4b0c..037d7885 100644 --- a/halo2-ecc/src/bigint/scalar_mul_no_carry.rs +++ b/halo2-ecc/src/bigint/scalar_mul_no_carry.rs @@ -6,24 +6,24 @@ use halo2_base::{ QuantumCell::{Constant, Existing}, }; -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, + a: &OverflowInteger, c_f: F, c_log2_ceil: usize, -) -> OverflowInteger<'v, F> { +) -> OverflowInteger { let out_limbs = a.limbs.iter().map(|limb| gate.mul(ctx, Existing(limb), Constant(c_f))).collect(); OverflowInteger::construct(out_limbs, a.max_limb_bits + c_log2_ceil) } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, + a: &CRTInteger, c: i64, -) -> CRTInteger<'v, F> { +) -> CRTInteger { let (c_f, c_abs) = if c >= 0 { let c_abs = u64::try_from(c).unwrap(); (F::from(c_abs), c_abs) diff --git a/halo2-ecc/src/bigint/select.rs b/halo2-ecc/src/bigint/select.rs index aa296164..e0f04d06 100644 --- a/halo2-ecc/src/bigint/select.rs +++ b/halo2-ecc/src/bigint/select.rs @@ -4,13 +4,13 @@ use halo2_base::{ }; use std::cmp::max; -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, - b: &OverflowInteger<'v, F>, - sel: &AssignedValue<'v, F>, -) -> OverflowInteger<'v, F> { + a: &OverflowInteger, + b: &OverflowInteger, + sel: &AssignedValue, +) -> OverflowInteger { assert_eq!(a.limbs.len(), b.limbs.len()); let out_limbs = a .limbs @@ -22,13 +22,13 @@ pub fn assign<'v, F: PrimeField>( OverflowInteger::construct(out_limbs, max(a.max_limb_bits, b.max_limb_bits)) } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, - sel: &AssignedValue<'v, F>, -) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, + sel: &AssignedValue, +) -> CRTInteger { assert_eq!(a.truncation.limbs.len(), b.truncation.limbs.len()); let out_limbs = a .truncation diff --git a/halo2-ecc/src/bigint/select_by_indicator.rs b/halo2-ecc/src/bigint/select_by_indicator.rs index 87597804..38543f6d 100644 --- a/halo2-ecc/src/bigint/select_by_indicator.rs +++ b/halo2-ecc/src/bigint/select_by_indicator.rs @@ -8,12 +8,12 @@ use num_traits::Zero; use std::cmp::max; /// only use case is when coeffs has only a single 1, rest are 0 -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &[OverflowInteger<'v, F>], - coeffs: &[AssignedValue<'v, F>], -) -> OverflowInteger<'v, F> { + a: &[OverflowInteger], + coeffs: &[AssignedValue], +) -> OverflowInteger { let k = a[0].limbs.len(); let out_limbs = (0..k) @@ -29,13 +29,13 @@ pub fn assign<'v, F: PrimeField>( } /// only use case is when coeffs has only a single 1, rest are 0 -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &[CRTInteger<'v, F>], - coeffs: &[AssignedValue<'v, F>], + a: &[CRTInteger], + coeffs: &[AssignedValue], limb_bases: &[F], -) -> CRTInteger<'v, F> { +) -> CRTInteger { assert_eq!(a.len(), coeffs.len()); let k = a[0].truncation.limbs.len(); diff --git a/halo2-ecc/src/bigint/sub.rs b/halo2-ecc/src/bigint/sub.rs index 92357297..365051ff 100644 --- a/halo2-ecc/src/bigint/sub.rs +++ b/halo2-ecc/src/bigint/sub.rs @@ -7,14 +7,14 @@ use halo2_base::{ }; /// Should only be called on integers a, b in proper representation with all limbs having at most `limb_bits` number of bits -pub fn assign<'a, F: PrimeField>( +pub fn assign( range: &impl RangeInstructions, - ctx: &mut Context<'a, F>, - a: &OverflowInteger<'a, F>, - b: &OverflowInteger<'a, F>, + ctx: &mut Context<'_, F>, + a: &OverflowInteger, + b: &OverflowInteger, limb_bits: usize, limb_base: F, -) -> (OverflowInteger<'a, F>, AssignedValue<'a, F>) { +) -> (OverflowInteger, AssignedValue) { assert!(a.max_limb_bits <= limb_bits); assert!(b.max_limb_bits <= limb_bits); assert_eq!(a.limbs.len(), b.limbs.len()); @@ -65,14 +65,14 @@ pub fn assign<'a, F: PrimeField>( } // returns (a-b, underflow), where underflow is nonzero iff a < b -pub fn crt<'a, F: PrimeField>( +pub fn crt( range: &impl RangeInstructions, - ctx: &mut Context<'a, F>, - a: &CRTInteger<'a, F>, - b: &CRTInteger<'a, F>, + ctx: &mut Context<'_, F>, + a: &CRTInteger, + b: &CRTInteger, limb_bits: usize, limb_base: F, -) -> (CRTInteger<'a, F>, AssignedValue<'a, F>) { +) -> (CRTInteger, AssignedValue) { let (out_trunc, underflow) = assign::(range, ctx, &a.truncation, &b.truncation, limb_bits, limb_base); let out_native = range.gate().sub(ctx, Existing(&a.native), Existing(&b.native)); diff --git a/halo2-ecc/src/bigint/sub_no_carry.rs b/halo2-ecc/src/bigint/sub_no_carry.rs index 2226027d..7d856827 100644 --- a/halo2-ecc/src/bigint/sub_no_carry.rs +++ b/halo2-ecc/src/bigint/sub_no_carry.rs @@ -2,12 +2,12 @@ use super::{CRTInteger, OverflowInteger}; use halo2_base::{gates::GateInstructions, utils::PrimeField, Context, QuantumCell::Existing}; use std::cmp::max; -pub fn assign<'v, F: PrimeField>( +pub fn assign( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &OverflowInteger<'v, F>, - b: &OverflowInteger<'v, F>, -) -> OverflowInteger<'v, F> { + a: &OverflowInteger, + b: &OverflowInteger, +) -> OverflowInteger { assert_eq!(a.limbs.len(), b.limbs.len()); let out_limbs = a .limbs @@ -19,12 +19,12 @@ pub fn assign<'v, F: PrimeField>( OverflowInteger::construct(out_limbs, max(a.max_limb_bits, b.max_limb_bits) + 1) } -pub fn crt<'v, F: PrimeField>( +pub fn crt( gate: &impl GateInstructions, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, -) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, +) -> CRTInteger { let out_trunc = assign::(gate, ctx, &a.truncation, &b.truncation); let out_native = gate.sub(ctx, Existing(&a.native), Existing(&b.native)); let out_val = a.value.as_ref().zip(b.value.as_ref()).map(|(a, b)| a - b); diff --git a/halo2-ecc/src/bn254/final_exp.rs b/halo2-ecc/src/bn254/final_exp.rs index 3c9518b7..2b2f729d 100644 --- a/halo2-ecc/src/bn254/final_exp.rs +++ b/halo2-ecc/src/bn254/final_exp.rs @@ -20,12 +20,12 @@ const XI_0: i64 = 9; impl<'a, F: PrimeField> Fp12Chip<'a, F> { // computes a ** (p ** power) // only works for p = 3 (mod 4) and p = 1 (mod 6) - pub fn frobenius_map<'v>( + pub fn frobenius_map( &self, - ctx: &mut Context<'v, F>, - a: &>::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &>::FieldPoint, power: usize, - ) -> >::FieldPoint<'v> { + ) -> >::FieldPoint { assert_eq!(modulus::() % 4u64, BigUint::from(3u64)); assert_eq!(modulus::() % 6u64, BigUint::from(1u64)); assert_eq!(a.coeffs.len(), 12); @@ -68,12 +68,12 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { } // exp is in little-endian - pub fn pow<'v>( + pub fn pow( &self, - ctx: &mut Context<'v, F>, - a: &>::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &>::FieldPoint, exp: Vec, - ) -> >::FieldPoint<'v> { + ) -> >::FieldPoint { let mut res = a.clone(); let mut is_started = false; let naf = get_naf(exp); @@ -106,10 +106,10 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { /// in = g0 + g2 w + g4 w^2 + g1 w^3 + g3 w^4 + g5 w^5 where g_i = g_i0 + g_i1 * u are elements of Fp2 /// out = Compress(in) = [ g2, g3, g4, g5 ] - pub fn cyclotomic_compress<'v>( + pub fn cyclotomic_compress( &self, - a: &FieldExtPoint>, - ) -> Vec>> { + a: &FieldExtPoint>, + ) -> Vec>> { let g2 = FieldExtPoint::construct(vec![a.coeffs[1].clone(), a.coeffs[1 + 6].clone()]); let g3 = FieldExtPoint::construct(vec![a.coeffs[4].clone(), a.coeffs[4 + 6].clone()]); let g4 = FieldExtPoint::construct(vec![a.coeffs[2].clone(), a.coeffs[2 + 6].clone()]); @@ -129,12 +129,12 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { /// if g2 = 0: /// g1 = (2 g4 * g5)/g3 /// g0 = (2 g1^2 - 3 g3 * g4) * c + 1 - pub fn cyclotomic_decompress<'v>( + pub fn cyclotomic_decompress( &self, - ctx: &mut Context<'v, F>, - compression: Vec>>, - ) -> FieldExtPoint> { - let [g2, g3, g4, g5]: [FieldExtPoint>; 4] = compression.try_into().unwrap(); + ctx: &mut Context<'_, F>, + compression: Vec>>, + ) -> FieldExtPoint> { + let [g2, g3, g4, g5]: [FieldExtPoint>; 4] = compression.try_into().unwrap(); let fp2_chip = Fp2Chip::::construct(self.fp_chip); let g5_sq = fp2_chip.mul_no_carry(ctx, &g5, &g5); @@ -217,11 +217,11 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { // A_ij = (g_i + g_j)(g_i + c g_j) // B_ij = g_i g_j - pub fn cyclotomic_square<'v>( + pub fn cyclotomic_square( &self, - ctx: &mut Context<'v, F>, - compression: &[FieldExtPoint>], - ) -> Vec>> { + ctx: &mut Context<'_, F>, + compression: &[FieldExtPoint>], + ) -> Vec>> { assert_eq!(compression.len(), 4); let g2 = &compression[0]; let g3 = &compression[1]; @@ -266,12 +266,12 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { } // exp is in little-endian - pub fn cyclotomic_pow<'v>( + pub fn cyclotomic_pow( &self, - ctx: &mut Context<'v, F>, - a: FieldExtPoint>, + ctx: &mut Context<'_, F>, + a: FieldExtPoint>, exp: Vec, - ) -> FieldExtPoint> { + ) -> FieldExtPoint> { let mut compression = self.cyclotomic_compress(&a); let mut out = None; let mut is_started = false; @@ -304,11 +304,11 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { #[allow(non_snake_case)] // use equation for (p^4 - p^2 + 1)/r in Section 5 of https://eprint.iacr.org/2008/490.pdf for BN curves - pub fn hard_part_BN<'v>( + pub fn hard_part_BN( &self, - ctx: &mut Context<'v, F>, - m: >::FieldPoint<'v>, - ) -> >::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + m: >::FieldPoint, + ) -> >::FieldPoint { // x = BN_X // m^p @@ -372,11 +372,11 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { } // out = in^{ (q^6 - 1)*(q^2 + 1) } - pub fn easy_part<'v>( + pub fn easy_part( &self, - ctx: &mut Context<'v, F>, - a: &>::FieldPoint<'v>, - ) -> >::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &>::FieldPoint, + ) -> >::FieldPoint { // a^{q^6} = conjugate of a let f1 = self.conjugate(ctx, a); let f2 = self.divide(ctx, &f1, a); @@ -386,11 +386,11 @@ impl<'a, F: PrimeField> Fp12Chip<'a, F> { } // out = in^{(q^12 - 1)/r} - pub fn final_exp<'v>( + pub fn final_exp( &self, - ctx: &mut Context<'v, F>, - a: &>::FieldPoint<'v>, - ) -> >::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &>::FieldPoint, + ) -> >::FieldPoint { let f0 = self.easy_part(ctx, a); let f = self.hard_part_BN(ctx, f0); f diff --git a/halo2-ecc/src/bn254/mod.rs b/halo2-ecc/src/bn254/mod.rs index 5f5db57b..e1f344f7 100644 --- a/halo2-ecc/src/bn254/mod.rs +++ b/halo2-ecc/src/bn254/mod.rs @@ -8,8 +8,8 @@ pub mod final_exp; pub mod pairing; type FpChip = fp::FpConfig; -type FpPoint<'v, F> = CRTInteger<'v, F>; -type FqPoint<'v, F> = FieldExtPoint>; +type FpPoint = CRTInteger; +type FqPoint = FieldExtPoint>; type Fp2Chip<'a, F> = fp2::Fp2Chip<'a, F, FpChip, Fq2>; type Fp12Chip<'a, F> = fp12::Fp12Chip<'a, F, FpChip, Fq12, 9>; diff --git a/halo2-ecc/src/bn254/pairing.rs b/halo2-ecc/src/bn254/pairing.rs index 2502ea48..921d3e7d 100644 --- a/halo2-ecc/src/bn254/pairing.rs +++ b/halo2-ecc/src/bn254/pairing.rs @@ -30,9 +30,9 @@ const XI_0: i64 = 9; pub fn sparse_line_function_unequal<'a, F: PrimeField>( fp2_chip: &Fp2Chip, ctx: &mut Context<'a, F>, - Q: (&EcPoint>, &EcPoint>), - P: &EcPoint>, -) -> Vec>> { + Q: (&EcPoint>, &EcPoint>), + P: &EcPoint>, +) -> Vec>> { let (x_1, y_1) = (&Q.0.x, &Q.0.y); let (x_2, y_2) = (&Q.1.x, &Q.1.y); let (X, Y) = (&P.x, &P.y); @@ -69,9 +69,9 @@ pub fn sparse_line_function_unequal<'a, F: PrimeField>( pub fn sparse_line_function_equal<'a, F: PrimeField>( fp2_chip: &Fp2Chip, ctx: &mut Context<'a, F>, - Q: &EcPoint>, - P: &EcPoint>, -) -> Vec>> { + Q: &EcPoint>, + P: &EcPoint>, +) -> Vec>> { let (x, y) = (&Q.x, &Q.y); assert_eq!(x.coeffs.len(), 2); assert_eq!(y.coeffs.len(), 2); @@ -104,9 +104,9 @@ pub fn sparse_line_function_equal<'a, F: PrimeField>( pub fn sparse_fp12_multiply<'a, F: PrimeField>( fp2_chip: &Fp2Chip, ctx: &mut Context<'a, F>, - a: &FqPoint<'a, F>, - b_fp2_coeffs: &Vec>>, -) -> FieldExtPoint> { + a: &FqPoint, + b_fp2_coeffs: &Vec>>, +) -> FieldExtPoint> { assert_eq!(a.coeffs.len(), 12); assert_eq!(b_fp2_coeffs.len(), 6); let mut a_fp2_coeffs = Vec::with_capacity(6); @@ -171,10 +171,10 @@ pub fn sparse_fp12_multiply<'a, F: PrimeField>( pub fn fp12_multiply_with_line_unequal<'a, F: PrimeField>( fp2_chip: &Fp2Chip, ctx: &mut Context<'a, F>, - g: &FqPoint<'a, F>, - Q: (&EcPoint>, &EcPoint>), - P: &EcPoint>, -) -> FqPoint<'a, F> { + g: &FqPoint, + Q: (&EcPoint>, &EcPoint>), + P: &EcPoint>, +) -> FqPoint { let line = sparse_line_function_unequal::(fp2_chip, ctx, Q, P); sparse_fp12_multiply::(fp2_chip, ctx, g, &line) } @@ -188,10 +188,10 @@ pub fn fp12_multiply_with_line_unequal<'a, F: PrimeField>( pub fn fp12_multiply_with_line_equal<'a, F: PrimeField>( fp2_chip: &Fp2Chip, ctx: &mut Context<'a, F>, - g: &FqPoint<'a, F>, - Q: &EcPoint>, - P: &EcPoint>, -) -> FqPoint<'a, F> { + g: &FqPoint, + Q: &EcPoint>, + P: &EcPoint>, +) -> FqPoint { let line = sparse_line_function_equal::(fp2_chip, ctx, Q, P); sparse_fp12_multiply::(fp2_chip, ctx, g, &line) } @@ -217,10 +217,10 @@ pub fn fp12_multiply_with_line_equal<'a, F: PrimeField>( pub fn miller_loop_BN<'a, 'b, F: PrimeField>( ecc_chip: &EccChip>, ctx: &mut Context<'b, F>, - Q: &EcPoint>, - P: &EcPoint>, + Q: &EcPoint>, + P: &EcPoint>, pseudo_binary_encoding: &[i8], -) -> FqPoint<'b, F> { +) -> FqPoint { let mut i = pseudo_binary_encoding.len() - 1; while pseudo_binary_encoding[i] == 0 { i -= 1; @@ -302,9 +302,9 @@ pub fn miller_loop_BN<'a, 'b, F: PrimeField>( pub fn multi_miller_loop_BN<'a, 'b, F: PrimeField>( ecc_chip: &EccChip>, ctx: &mut Context<'b, F>, - pairs: Vec<(&EcPoint>, &EcPoint>)>, + pairs: Vec<(&EcPoint>, &EcPoint>)>, pseudo_binary_encoding: &[i8], -) -> FqPoint<'b, F> { +) -> FqPoint { let mut i = pseudo_binary_encoding.len() - 1; while pseudo_binary_encoding[i] == 0 { i -= 1; @@ -404,10 +404,10 @@ pub fn multi_miller_loop_BN<'a, 'b, F: PrimeField>( pub fn twisted_frobenius<'a, 'b, F: PrimeField>( ecc_chip: &EccChip>, ctx: &mut Context<'b, F>, - Q: &EcPoint>, - c2: &FqPoint<'b, F>, - c3: &FqPoint<'b, F>, -) -> EcPoint> { + Q: &EcPoint>, + c2: &FqPoint, + c3: &FqPoint, +) -> EcPoint> { assert_eq!(c2.coeffs.len(), 2); assert_eq!(c3.coeffs.len(), 2); @@ -427,10 +427,10 @@ pub fn twisted_frobenius<'a, 'b, F: PrimeField>( pub fn neg_twisted_frobenius<'a, 'b, F: PrimeField>( ecc_chip: &EccChip>, ctx: &mut Context<'b, F>, - Q: &EcPoint>, - c2: &FqPoint<'b, F>, - c3: &FqPoint<'b, F>, -) -> EcPoint> { + Q: &EcPoint>, + c2: &FqPoint, + c3: &FqPoint, +) -> EcPoint> { assert_eq!(c2.coeffs.len(), 2); assert_eq!(c3.coeffs.len(), 2); @@ -482,7 +482,7 @@ impl<'a, F: PrimeField> PairingChip<'a, F> { &self, ctx: &mut Context<'_, F>, point: Value, - ) -> EcPoint> { + ) -> EcPoint> { // go from pse/pairing::bn256::Fq to forked Fq let convert_fp = |x: bn256::Fq| biguint_to_fe(&fe_to_biguint(&x)); let g1_chip = EccChip::construct(self.fp_chip.clone()); @@ -494,7 +494,7 @@ impl<'a, F: PrimeField> PairingChip<'a, F> { &self, ctx: &mut Context<'_, F>, point: Value, - ) -> EcPoint>> { + ) -> EcPoint>> { let fp2_chip = Fp2Chip::::construct(self.fp_chip); let g2_chip = EccChip::construct(fp2_chip); // go from pse/pairing::bn256::Fq2 to forked public Fq2 @@ -510,10 +510,10 @@ impl<'a, F: PrimeField> PairingChip<'a, F> { pub fn miller_loop<'v>( &self, - ctx: &mut Context<'v, F>, - Q: &EcPoint>, - P: &EcPoint>, - ) -> FqPoint<'v, F> { + ctx: &mut Context<'_, F>, + Q: &EcPoint>, + P: &EcPoint>, + ) -> FqPoint { let fp2_chip = Fp2Chip::::construct(self.fp_chip); let g2_chip = EccChip::construct(fp2_chip); miller_loop_BN::( @@ -527,9 +527,9 @@ impl<'a, F: PrimeField> PairingChip<'a, F> { pub fn multi_miller_loop<'v>( &self, - ctx: &mut Context<'v, F>, - pairs: Vec<(&EcPoint>, &EcPoint>)>, - ) -> FqPoint<'v, F> { + ctx: &mut Context<'_, F>, + pairs: Vec<(&EcPoint>, &EcPoint>)>, + ) -> FqPoint { let fp2_chip = Fp2Chip::::construct(self.fp_chip); let g2_chip = EccChip::construct(fp2_chip); multi_miller_loop_BN::( @@ -540,7 +540,7 @@ impl<'a, F: PrimeField> PairingChip<'a, F> { ) } - pub fn final_exp<'v>(&self, ctx: &mut Context<'v, F>, f: &FqPoint<'v, F>) -> FqPoint<'v, F> { + pub fn final_exp<'v>(&self, ctx: &mut Context<'_, F>, f: &FqPoint) -> FqPoint { let fp12_chip = Fp12Chip::::construct(self.fp_chip); fp12_chip.final_exp(ctx, f) } @@ -548,10 +548,10 @@ impl<'a, F: PrimeField> PairingChip<'a, F> { // optimal Ate pairing pub fn pairing<'v>( &self, - ctx: &mut Context<'v, F>, - Q: &EcPoint>, - P: &EcPoint>, - ) -> FqPoint<'v, F> { + ctx: &mut Context<'_, F>, + Q: &EcPoint>, + P: &EcPoint>, + ) -> FqPoint { let f0 = self.miller_loop(ctx, Q, P); let fp12_chip = Fp12Chip::::construct(self.fp_chip); // final_exp implemented in final_exp module diff --git a/halo2-ecc/src/bn254/tests/ec_add.rs b/halo2-ecc/src/bn254/tests/ec_add.rs index c2a5954b..d4ce200a 100644 --- a/halo2-ecc/src/bn254/tests/ec_add.rs +++ b/halo2-ecc/src/bn254/tests/ec_add.rs @@ -4,8 +4,8 @@ use std::{env::var, fs::File}; use super::*; use crate::fields::FieldChip; -use crate::halo2_proofs::halo2curves::{bn256::G2Affine}; use crate::halo2_proofs::group::cofactor::CofactorCurveAffine; +use crate::halo2_proofs::halo2curves::bn256::G2Affine; use halo2_base::SKIP_FIRST_PASS; use rand_core::OsRng; diff --git a/halo2-ecc/src/bn254/tests/fixed_base_msm.rs b/halo2-ecc/src/bn254/tests/fixed_base_msm.rs index 1b6ae189..b3edf6bf 100644 --- a/halo2-ecc/src/bn254/tests/fixed_base_msm.rs +++ b/halo2-ecc/src/bn254/tests/fixed_base_msm.rs @@ -4,7 +4,8 @@ use std::{env::var, fs::File}; use crate::ecc::fixed_base::FixedEcPoint; use super::*; -use halo2_base::{halo2_proofs::halo2curves::bn256::G1, SKIP_FIRST_PASS};use halo2_base::halo2_proofs::group::Curve; +use halo2_base::halo2_proofs::group::Curve; +use halo2_base::{halo2_proofs::halo2curves::bn256::G1, SKIP_FIRST_PASS}; #[derive(Serialize, Deserialize, Debug)] struct MSMCircuitParams { diff --git a/halo2-ecc/src/bn254/tests/mod.rs b/halo2-ecc/src/bn254/tests/mod.rs index 28f8d0e1..a362a374 100644 --- a/halo2-ecc/src/bn254/tests/mod.rs +++ b/halo2-ecc/src/bn254/tests/mod.rs @@ -1,6 +1,6 @@ #![allow(non_snake_case)] -use ark_std::{end_timer, start_timer}; use crate::halo2_proofs::group::Curve; +use ark_std::{end_timer, start_timer}; use serde::{Deserialize, Serialize}; use std::io::Write; use std::marker::PhantomData; diff --git a/halo2-ecc/src/ecc/ecdsa.rs b/halo2-ecc/src/ecc/ecdsa.rs index 005f5c39..d7646bf2 100644 --- a/halo2-ecc/src/ecc/ecdsa.rs +++ b/halo2-ecc/src/ecc/ecdsa.rs @@ -16,14 +16,14 @@ use super::{ec_add_unequal, scalar_multiply, EcPoint}; // Only valid when p is very close to n in size (e.g. for Secp256k1) pub fn ecdsa_verify_no_pubkey_check<'v, F: PrimeField, CF: PrimeField, SF: PrimeField, GA>( base_chip: &FpConfig, - ctx: &mut Context<'v, F>, - pubkey: &EcPoint as FieldChip>::FieldPoint<'v>>, - r: &CRTInteger<'v, F>, - s: &CRTInteger<'v, F>, - msghash: &CRTInteger<'v, F>, + ctx: &mut Context<'_, F>, + pubkey: &EcPoint as FieldChip>::FieldPoint>, + r: &CRTInteger, + s: &CRTInteger, + msghash: &CRTInteger, var_window_bits: usize, fixed_window_bits: usize, -) -> AssignedValue<'v, F> +) -> AssignedValue where GA: CurveAffineExt, { diff --git a/halo2-ecc/src/ecc/fixed_base.rs b/halo2-ecc/src/ecc/fixed_base.rs index fe6cb5cd..e0b33795 100644 --- a/halo2-ecc/src/ecc/fixed_base.rs +++ b/halo2-ecc/src/ecc/fixed_base.rs @@ -1,11 +1,11 @@ #![allow(non_snake_case)] use super::{ec_add_unequal, ec_select, ec_select_from_bits, EcPoint, EccChip}; use crate::halo2_proofs::arithmetic::CurveAffine; +use crate::halo2_proofs::group::Curve; use crate::{ bigint::{CRTInteger, FixedCRTInteger}, fields::{PrimeFieldChip, Selectable}, }; -use crate::halo2_proofs::group::Curve; use halo2_base::{ gates::{GateInstructions, RangeInstructions}, utils::{fe_to_biguint, CurveAffineExt, PrimeField}, @@ -44,9 +44,9 @@ where chip: &FC, ctx: &mut Context<'_, F>, native_modulus: &BigUint, - ) -> EcPoint> + ) -> EcPoint where - FC: PrimeFieldChip = CRTInteger<'v, F>>, + FC: PrimeFieldChip>, { let assigned_x = self.x.assign(chip.range().gate(), ctx, chip.limb_bits(), native_modulus); let assigned_y = self.y.assign(chip.range().gate(), ctx, chip.limb_bits(), native_modulus); @@ -58,9 +58,9 @@ where chip: &FC, ctx: &mut Context<'_, F>, native_modulus: &BigUint, - ) -> EcPoint> + ) -> EcPoint where - FC: PrimeFieldChip = CRTInteger<'v, F>>, + FC: PrimeFieldChip>, { let assigned_x = self.x.assign_without_caching( chip.range().gate(), @@ -88,18 +88,18 @@ where pub fn scalar_multiply<'v, F, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, point: &C, - scalar: &[AssignedValue<'v, F>], + scalar: &[AssignedValue], max_bits: usize, window_bits: usize, -) -> EcPoint> +) -> EcPoint where F: PrimeField, C: CurveAffineExt, C::Base: PrimeField, - FC: PrimeFieldChip = CRTInteger<'v, F>> - + Selectable = FC::FieldPoint<'v>>, + FC: PrimeFieldChip> + + Selectable, { if point.is_identity().into() { let point = FixedEcPoint::from_curve(*point, chip.num_limbs(), chip.limb_bits()); @@ -187,18 +187,18 @@ where // we also use the random accumulator for some extra efficiency (which also works in scalar multiply case but that is TODO) pub fn msm<'v, F, FC, C>( chip: &EccChip, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, points: &[C], - scalars: &[Vec>], + scalars: &[Vec>], max_scalar_bits_per_cell: usize, window_bits: usize, -) -> EcPoint> +) -> EcPoint where F: PrimeField, C: CurveAffineExt, C::Base: PrimeField, - FC: PrimeFieldChip = CRTInteger<'v, F>> - + Selectable = FC::FieldPoint<'v>>, + FC: PrimeFieldChip> + + Selectable, { assert!((max_scalar_bits_per_cell as u32) <= F::NUM_BITS); let scalar_len = scalars[0].len(); @@ -263,8 +263,7 @@ where .chunks(cached_points.len() / points.len()) .zip(bits.chunks(total_bits)) .map(|(cached_points, bits)| { - let cached_point_window_rev = - cached_points.chunks(1usize << window_bits).rev(); + let cached_point_window_rev = cached_points.chunks(1usize << window_bits).rev(); let bit_window_rev = bits.chunks(window_bits).rev(); let mut curr_point = None; // `is_started` is just a way to deal with if `curr_point` is actually identity diff --git a/halo2-ecc/src/ecc/fixed_base_pippenger.rs b/halo2-ecc/src/ecc/fixed_base_pippenger.rs index 1e36bfd1..b8998b93 100644 --- a/halo2-ecc/src/ecc/fixed_base_pippenger.rs +++ b/halo2-ecc/src/ecc/fixed_base_pippenger.rs @@ -22,12 +22,12 @@ use rand_chacha::ChaCha20Rng; // * new_bool_scalars: 2d array `ceil(scalar_bits / radix)` by `points.len() * radix` pub fn decompose<'v, F, C>( gate: &impl GateInstructions, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, points: &[C], - scalars: &Vec>>, + scalars: &Vec>>, max_scalar_bits_per_cell: usize, radix: usize, -) -> (Vec, Vec>>) +) -> (Vec, Vec>>) where F: PrimeField, C: CurveAffine, @@ -68,13 +68,13 @@ where // output is [ G'[j] + rand_point ]_{j=0..bool_scalars.len()}, rand_point pub fn multi_product<'v, F: PrimeField, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, points: Vec, - bool_scalars: Vec>>, + bool_scalars: Vec>>, clumping_factor: usize, -) -> (Vec>>, EcPoint>) +) -> (Vec>, EcPoint) where - FC: PrimeFieldChip = CRTInteger<'v, F>>, + FC: PrimeFieldChip>, FC::FieldType: PrimeField, C: CurveAffine, { @@ -189,15 +189,15 @@ where pub fn multi_exp<'v, F: PrimeField, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, points: &[C], - scalars: &Vec>>, + scalars: &Vec>>, max_scalar_bits_per_cell: usize, radix: usize, clump_factor: usize, -) -> EcPoint> +) -> EcPoint where - FC: PrimeFieldChip = CRTInteger<'v, F>>, + FC: PrimeFieldChip>, FC::FieldType: PrimeField, C: CurveAffine, { diff --git a/halo2-ecc/src/ecc/mod.rs b/halo2-ecc/src/ecc/mod.rs index 49799f73..43ed396f 100644 --- a/halo2-ecc/src/ecc/mod.rs +++ b/halo2-ecc/src/ecc/mod.rs @@ -1,8 +1,8 @@ #![allow(non_snake_case)] use crate::bigint::CRTInteger; use crate::fields::{fp::FpConfig, FieldChip, PrimeFieldChip, Selectable}; -use crate::halo2_proofs::{arithmetic::CurveAffine, circuit::Value}; use crate::halo2_proofs::group::{Curve, Group}; +use crate::halo2_proofs::{arithmetic::CurveAffine, circuit::Value}; use halo2_base::{ gates::{GateInstructions, RangeInstructions}, utils::{modulus, CurveAffineExt, PrimeField}, @@ -60,11 +60,11 @@ impl EcPoint { /// For optimization reasons, we assume that if you are using this with `is_strict = true`, then you have already called `chip.enforce_less_than_p` on both `P.x` and `P.y` pub fn ec_add_unequal<'v, F: PrimeField, FC: FieldChip>( chip: &FC, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - Q: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + Q: &EcPoint, is_strict: bool, -) -> EcPoint> { +) -> EcPoint { if is_strict { // constrains that P.x != Q.x let x_is_equal = chip.is_equal_unenforced(ctx, &P.x, &Q.x); @@ -102,11 +102,11 @@ pub fn ec_add_unequal<'v, F: PrimeField, FC: FieldChip>( /// For optimization reasons, we assume that if you are using this with `is_strict = true`, then you have already called `chip.enforce_less_than_p` on both `P.x` and `P.y` pub fn ec_sub_unequal<'v, F: PrimeField, FC: FieldChip>( chip: &FC, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - Q: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + Q: &EcPoint, is_strict: bool, -) -> EcPoint> { +) -> EcPoint { if is_strict { // constrains that P.x != Q.x let x_is_equal = chip.is_equal_unenforced(ctx, &P.x, &Q.x); @@ -152,9 +152,9 @@ pub fn ec_sub_unequal<'v, F: PrimeField, FC: FieldChip>( // y_3 = lambda (x - x_3) - y (mod p) pub fn ec_double<'v, F: PrimeField, FC: FieldChip>( chip: &FC, - ctx: &mut Context<'v, F>, - P: &EcPoint>, -) -> EcPoint> { + ctx: &mut Context<'_, F>, + P: &EcPoint, +) -> EcPoint { // removed optimization that computes `2 * lambda` while assigning witness to `lambda` simultaneously, in favor of readability. The difference is just copying `lambda` once let two_y = chip.scalar_mul_no_carry(ctx, &P.y, 2); let three_x = chip.scalar_mul_no_carry(ctx, &P.x, 3); @@ -179,12 +179,12 @@ pub fn ec_double<'v, F: PrimeField, FC: FieldChip>( pub fn ec_select<'v, F: PrimeField, FC>( chip: &FC, ctx: &mut Context<'_, F>, - P: &EcPoint>, - Q: &EcPoint>, - sel: &AssignedValue<'v, F>, -) -> EcPoint> + P: &EcPoint, + Q: &EcPoint, + sel: &AssignedValue, +) -> EcPoint where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, { let Rx = chip.select(ctx, &P.x, &Q.x, sel); let Ry = chip.select(ctx, &P.y, &Q.y, sel); @@ -196,11 +196,11 @@ where pub fn ec_select_by_indicator<'v, F: PrimeField, FC>( chip: &FC, ctx: &mut Context<'_, F>, - points: &[EcPoint>], - coeffs: &[AssignedValue<'v, F>], -) -> EcPoint> + points: &[EcPoint], + coeffs: &[AssignedValue], +) -> EcPoint where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, { let x_coords = points.iter().map(|P| P.x.clone()).collect::>(); let y_coords = points.iter().map(|P| P.y.clone()).collect::>(); @@ -213,11 +213,11 @@ where pub fn ec_select_from_bits<'v, F: PrimeField, FC>( chip: &FC, ctx: &mut Context<'_, F>, - points: &[EcPoint>], - sel: &[AssignedValue<'v, F>], -) -> EcPoint> + points: &[EcPoint], + sel: &[AssignedValue], +) -> EcPoint where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, { let w = sel.len(); let num_points = points.len(); @@ -236,14 +236,14 @@ where // * P has order given by the scalar field modulus pub fn scalar_multiply<'v, F: PrimeField, FC>( chip: &FC, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - scalar: &Vec>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + scalar: &Vec>, max_bits: usize, window_bits: usize, -) -> EcPoint> +) -> EcPoint where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, { assert!(!scalar.is_empty()); assert!((max_bits as u64) <= modulus::().bits()); @@ -337,8 +337,8 @@ where pub fn is_on_curve<'v, F, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, - P: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, ) where F: PrimeField, FC: FieldChip, @@ -356,8 +356,8 @@ pub fn is_on_curve<'v, F, FC, C>( pub fn load_random_point<'v, F, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, -) -> EcPoint> + ctx: &mut Context<'_, F>, +) -> EcPoint where F: PrimeField, FC: FieldChip, @@ -385,14 +385,14 @@ where // - each `scalar` in `scalars` satisfies same assumptions as in `scalar_multiply` above pub fn multi_scalar_multiply<'v, F: PrimeField, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, - P: &[EcPoint>], - scalars: &[Vec>], + ctx: &mut Context<'_, F>, + P: &[EcPoint], + scalars: &[Vec>], max_bits: usize, window_bits: usize, -) -> EcPoint> +) -> EcPoint where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, C: CurveAffineExt, { let k = P.len(); @@ -481,9 +481,8 @@ where for _ in 0..window_bits { curr_point = ec_double(chip, ctx, &curr_point); } - for (cached_points, rounded_bits) in cached_points - .chunks(cache_size) - .zip(rounded_bits.chunks(rounded_bitlen)) + for (cached_points, rounded_bits) in + cached_points.chunks(cache_size).zip(rounded_bits.chunks(rounded_bitlen)) { let add_point = ec_select_from_bits::( chip, @@ -566,11 +565,11 @@ impl> EccChip { &self.field_chip } - pub fn load_private<'v>( + pub fn load_private( &self, ctx: &mut Context<'_, F>, point: (Value, Value), - ) -> EcPoint> { + ) -> EcPoint { let (x, y) = (FC::fe_to_witness(&point.0), FC::fe_to_witness(&point.1)); let x_assigned = self.field_chip.load_private(ctx, x); @@ -584,7 +583,7 @@ impl> EccChip { &self, ctx: &mut Context<'_, F>, g: Value, - ) -> EcPoint> + ) -> EcPoint where C: CurveAffineExt, { @@ -596,7 +595,7 @@ impl> EccChip { &self, ctx: &mut Context<'_, F>, g: C, - ) -> EcPoint> + ) -> EcPoint where C: CurveAffineExt, { @@ -608,10 +607,7 @@ impl> EccChip { EcPoint::construct(x, y) } - pub fn load_random_point<'v, C>( - &self, - ctx: &mut Context<'v, F>, - ) -> EcPoint> + pub fn load_random_point<'v, C>(&self, ctx: &mut Context<'_, F>) -> EcPoint where C: CurveAffineExt, { @@ -620,8 +616,8 @@ impl> EccChip { pub fn assert_is_on_curve<'v, C>( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, ) where C: CurveAffine, { @@ -630,9 +626,9 @@ impl> EccChip { pub fn is_on_curve_or_infinity<'v, C>( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - ) -> AssignedValue<'v, F> + ctx: &mut Context<'_, F>, + P: &EcPoint, + ) -> AssignedValue where C: CurveAffine, C::Base: crate::halo2_proofs::ff::PrimeField, @@ -659,63 +655,63 @@ impl> EccChip { ) } - pub fn negate<'v>( + pub fn negate( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - ) -> EcPoint> { + ctx: &mut Context<'_, F>, + P: &EcPoint, + ) -> EcPoint { EcPoint::construct(P.x.clone(), self.field_chip.negate(ctx, &P.y)) } /// Assumes that P.x != Q.x /// If `is_strict == true`, then actually constrains that `P.x != Q.x` - pub fn add_unequal<'v>( + pub fn add_unequal( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - Q: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + Q: &EcPoint, is_strict: bool, - ) -> EcPoint> { + ) -> EcPoint { ec_add_unequal(&self.field_chip, ctx, P, Q, is_strict) } /// Assumes that P.x != Q.x /// Otherwise will panic - pub fn sub_unequal<'v>( + pub fn sub_unequal( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - Q: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + Q: &EcPoint, is_strict: bool, - ) -> EcPoint> { + ) -> EcPoint { ec_sub_unequal(&self.field_chip, ctx, P, Q, is_strict) } - pub fn double<'v>( + pub fn double( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - ) -> EcPoint> { + ctx: &mut Context<'_, F>, + P: &EcPoint, + ) -> EcPoint { ec_double(&self.field_chip, ctx, P) } - pub fn is_equal<'v>( + pub fn is_equal( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - Q: &EcPoint>, - ) -> AssignedValue<'v, F> { + ctx: &mut Context<'_, F>, + P: &EcPoint, + Q: &EcPoint, + ) -> AssignedValue { // TODO: optimize let x_is_equal = self.field_chip.is_equal(ctx, &P.x, &Q.x); let y_is_equal = self.field_chip.is_equal(ctx, &P.y, &Q.y); self.field_chip.range().gate().and(ctx, Existing(&x_is_equal), Existing(&y_is_equal)) } - pub fn assert_equal<'v>( + pub fn assert_equal( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - Q: &EcPoint>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + Q: &EcPoint, ) { self.field_chip.assert_equal(ctx, &P.x, &Q.x); self.field_chip.assert_equal(ctx, &P.y, &Q.y); @@ -723,12 +719,12 @@ impl> EccChip { pub fn sum<'b, 'v: 'b, C>( &self, - ctx: &mut Context<'v, F>, - points: impl Iterator>>, - ) -> EcPoint> + ctx: &mut Context<'_, F>, + points: impl Iterator>, + ) -> EcPoint where C: CurveAffineExt, - FC::FieldPoint<'v>: 'b, + FC::FieldPoint: 'b, { let rand_point = self.load_random_point::(ctx); self.field_chip.enforce_less_than(ctx, rand_point.x()); @@ -744,38 +740,38 @@ impl> EccChip { impl> EccChip where - for<'v> FC: Selectable = FC::FieldPoint<'v>>, + FC: Selectable, { - pub fn select<'v>( + pub fn select( &self, ctx: &mut Context<'_, F>, - P: &EcPoint>, - Q: &EcPoint>, - condition: &AssignedValue<'v, F>, - ) -> EcPoint> { + P: &EcPoint, + Q: &EcPoint, + condition: &AssignedValue, + ) -> EcPoint { ec_select(&self.field_chip, ctx, P, Q, condition) } - pub fn scalar_mult<'v>( + pub fn scalar_mult( &self, - ctx: &mut Context<'v, F>, - P: &EcPoint>, - scalar: &Vec>, + ctx: &mut Context<'_, F>, + P: &EcPoint, + scalar: &Vec>, max_bits: usize, window_bits: usize, - ) -> EcPoint> { + ) -> EcPoint { scalar_multiply::(&self.field_chip, ctx, P, scalar, max_bits, window_bits) } // TODO: put a check in place that scalar is < modulus of C::Scalar pub fn variable_base_msm<'v, C>( &self, - ctx: &mut Context<'v, F>, - P: &[EcPoint>], - scalars: &[Vec>], + ctx: &mut Context<'_, F>, + P: &[EcPoint], + scalars: &[Vec>], max_bits: usize, window_bits: usize, - ) -> EcPoint> + ) -> EcPoint where C: CurveAffineExt, C::Base: crate::halo2_proofs::ff::PrimeField, @@ -821,16 +817,16 @@ where // TODO: put a check in place that scalar is < modulus of C::Scalar pub fn fixed_base_scalar_mult<'v, C>( &self, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, point: &C, - scalar: &[AssignedValue<'v, F>], + scalar: &[AssignedValue], max_bits: usize, window_bits: usize, - ) -> EcPoint> + ) -> EcPoint where C: CurveAffineExt, - FC: PrimeFieldChip = CRTInteger<'v, F>> - + Selectable = FC::FieldPoint<'v>>, + FC: PrimeFieldChip> + + Selectable, { fixed_base::scalar_multiply::( &self.field_chip, @@ -849,17 +845,17 @@ where /// The user should filter out base points that are identity beforehand; we do not separately do this here pub fn fixed_base_msm<'v, C>( &self, - ctx: &mut Context<'v, F>, + ctx: &mut Context<'_, F>, points: &[C], - scalars: &[Vec>], + scalars: &[Vec>], max_scalar_bits_per_cell: usize, _radix: usize, clump_factor: usize, - ) -> EcPoint> + ) -> EcPoint where C: CurveAffineExt, - FC: PrimeFieldChip = CRTInteger<'v, F>> - + Selectable = FC::FieldPoint<'v>>, + FC: PrimeFieldChip> + + Selectable, { assert_eq!(points.len(), scalars.len()); #[cfg(feature = "display")] diff --git a/halo2-ecc/src/ecc/pippenger.rs b/halo2-ecc/src/ecc/pippenger.rs index 4598ab1a..4c2c47e0 100644 --- a/halo2-ecc/src/ecc/pippenger.rs +++ b/halo2-ecc/src/ecc/pippenger.rs @@ -17,12 +17,12 @@ use halo2_base::{ // * new_bool_scalars: 2d array `ceil(scalar_bits / radix)` by `points.len() * radix` pub fn decompose<'v, F, FC>( chip: &FC, - ctx: &mut Context<'v, F>, - points: &[EcPoint>], - scalars: &[Vec>], + ctx: &mut Context<'_, F>, + points: &[EcPoint], + scalars: &[Vec>], max_scalar_bits_per_cell: usize, radix: usize, -) -> (Vec>>, Vec>>) +) -> (Vec>, Vec>>) where F: PrimeField, FC: FieldChip, @@ -64,13 +64,13 @@ where // output is [ G'[j] + rand_point ]_{j=0..bool_scalars.len()}, rand_point pub fn multi_product<'v, F: PrimeField, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, - points: &[EcPoint>], - bool_scalars: &[Vec>], + ctx: &mut Context<'_, F>, + points: &[EcPoint], + bool_scalars: &[Vec>], clumping_factor: usize, -) -> (Vec>>, EcPoint>) +) -> (Vec>, EcPoint) where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, C: CurveAffineExt, { let c = clumping_factor; // this is `b` in Section 3 of Bootle @@ -140,15 +140,15 @@ where pub fn multi_exp<'v, F: PrimeField, FC, C>( chip: &FC, - ctx: &mut Context<'v, F>, - points: &[EcPoint>], - scalars: &[Vec>], + ctx: &mut Context<'_, F>, + points: &[EcPoint], + scalars: &[Vec>], max_scalar_bits_per_cell: usize, radix: usize, clump_factor: usize, -) -> EcPoint> +) -> EcPoint where - FC: FieldChip + Selectable = FC::FieldPoint<'v>>, + FC: FieldChip + Selectable, C: CurveAffineExt, { let (points, bool_scalars) = diff --git a/halo2-ecc/src/ecc/tests.rs b/halo2-ecc/src/ecc/tests.rs index 230db7a2..7dd075f9 100644 --- a/halo2-ecc/src/ecc/tests.rs +++ b/halo2-ecc/src/ecc/tests.rs @@ -2,13 +2,13 @@ use super::*; use crate::fields::fp::{FpConfig, FpStrategy}; use crate::fields::fp2::Fp2Chip; +use crate::halo2_proofs::group::Group; use crate::halo2_proofs::{ circuit::*, dev::MockProver, halo2curves::bn256::{Fq, Fr, G1Affine, G2Affine, G1, G2}, plonk::*, }; -use crate::halo2_proofs::group::Group; use halo2_base::utils::bigint_to_fe; use halo2_base::SKIP_FIRST_PASS; use halo2_base::{ diff --git a/halo2-ecc/src/fields/fp.rs b/halo2-ecc/src/fields/fp.rs index 17a00d2f..16473afb 100644 --- a/halo2-ecc/src/fields/fp.rs +++ b/halo2-ecc/src/fields/fp.rs @@ -138,7 +138,7 @@ impl FpConfig { self.range.load_lookup_table(layouter) } - pub fn enforce_less_than_p<'v>(&self, ctx: &mut Context<'v, F>, a: &CRTInteger<'v, F>) { + pub fn enforce_less_than_p(&self, ctx: &mut Context, a: &CRTInteger) { // a < p iff a - p has underflow let mut borrow: Option> = None; for (p_limb, a_limb) in self.p_limbs.iter().zip(a.truncation.limbs.iter()) { @@ -186,7 +186,7 @@ impl FieldChip for FpConfig { const PRIME_FIELD_NUM_BITS: u32 = Fp::NUM_BITS; type ConstantType = BigUint; type WitnessType = Value; - type FieldPoint<'v> = CRTInteger<'v, F>; + type FieldPoint = CRTInteger; type FieldType = Fp; type RangeChip = RangeConfig; @@ -212,7 +212,7 @@ impl FieldChip for FpConfig { x.map(|x| BigInt::from(fe_to_biguint(&x))) } - fn load_private<'v>(&self, ctx: &mut Context<'_, F>, a: Value) -> CRTInteger<'v, F> { + fn load_private(&self, ctx: &mut Context<'_, F>, a: Value) -> CRTInteger { let a_vec = decompose_bigint_option::(a.as_ref(), self.num_limbs, self.limb_bits); let limbs = self.range.gate().assign_witnesses(ctx, a_vec); @@ -232,7 +232,7 @@ impl FieldChip for FpConfig { a_loaded } - fn load_constant<'v>(&self, ctx: &mut Context<'_, F>, a: BigUint) -> CRTInteger<'v, F> { + fn load_constant(&self, ctx: &mut Context<'_, F>, a: BigUint) -> CRTInteger { let a_native = self.range.gate.assign_region_last( ctx, vec![Constant(biguint_to_fe(&(&a % modulus::())))], @@ -252,21 +252,21 @@ impl FieldChip for FpConfig { } // signed overflow BigInt functions - fn add_no_carry<'v>( + fn add_no_carry( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, - ) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, + ) -> CRTInteger { add_no_carry::crt::(self.range.gate(), ctx, a, b) } - fn add_constant_no_carry<'v>( + fn add_constant_no_carry( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, + a: &CRTInteger, c: BigUint, - ) -> CRTInteger<'v, F> { + ) -> CRTInteger { let c = FixedCRTInteger::from_native(c, self.num_limbs, self.limb_bits); let c_native = biguint_to_fe::(&(&c.value % modulus::())); let mut limbs = Vec::with_capacity(a.truncation.limbs.len()); @@ -282,12 +282,12 @@ impl FieldChip for FpConfig { CRTInteger::construct(trunc, native, value) } - fn sub_no_carry<'v>( + fn sub_no_carry( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, - ) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, + ) -> CRTInteger { sub_no_carry::crt::(self.range.gate(), ctx, a, b) } @@ -295,7 +295,7 @@ impl FieldChip for FpConfig { // Output: p - a if a != 0, else a // Assume the actual value of `a` equals `a.truncation` // Constrains a.truncation <= p using subtraction with carries - fn negate<'v>(&self, ctx: &mut Context<'v, F>, a: &CRTInteger<'v, F>) -> CRTInteger<'v, F> { + fn negate(&self, ctx: &mut Context, a: &CRTInteger) -> CRTInteger { // Compute p - a.truncation using carries let p = self.load_constant(ctx, self.p.to_biguint().unwrap()); let (out_or_p, underflow) = @@ -307,35 +307,35 @@ impl FieldChip for FpConfig { select::crt::(self.range.gate(), ctx, a, &out_or_p, &a_is_zero) } - fn scalar_mul_no_carry<'v>( + fn scalar_mul_no_carry( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, + a: &CRTInteger, c: i64, - ) -> CRTInteger<'v, F> { + ) -> CRTInteger { scalar_mul_no_carry::crt::(self.range.gate(), ctx, a, c) } - fn scalar_mul_and_add_no_carry<'v>( + fn scalar_mul_and_add_no_carry( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, + a: &CRTInteger, + b: &CRTInteger, c: i64, - ) -> CRTInteger<'v, F> { + ) -> CRTInteger { scalar_mul_and_add_no_carry::crt::(self.range.gate(), ctx, a, b, c) } - fn mul_no_carry<'v>( + fn mul_no_carry( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, - ) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, + ) -> CRTInteger { mul_no_carry::crt::(self.range.gate(), ctx, a, b, self.num_limbs_log2_ceil) } - fn check_carry_mod_to_zero<'v>(&self, ctx: &mut Context<'v, F>, a: &CRTInteger<'v, F>) { + fn check_carry_mod_to_zero(&self, ctx: &mut Context, a: &CRTInteger) { check_carry_mod_to_zero::crt::( self.range(), // &self.bigint_chip, @@ -351,7 +351,7 @@ impl FieldChip for FpConfig { ) } - fn carry_mod<'v>(&self, ctx: &mut Context<'v, F>, a: &CRTInteger<'v, F>) -> CRTInteger<'v, F> { + fn carry_mod(&self, ctx: &mut Context, a: &CRTInteger) -> CRTInteger { carry_mod::crt::( self.range(), // &self.bigint_chip, @@ -367,10 +367,10 @@ impl FieldChip for FpConfig { ) } - fn range_check<'v>( + fn range_check( &self, - ctx: &mut Context<'v, F>, - a: &CRTInteger<'v, F>, + ctx: &mut Context, + a: &CRTInteger, max_bits: usize, // the maximum bits that a.value could take ) { let n = self.limb_bits; @@ -390,15 +390,11 @@ impl FieldChip for FpConfig { } } - fn enforce_less_than<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>) { + fn enforce_less_than(&self, ctx: &mut Context, a: &Self::FieldPoint) { self.enforce_less_than_p(ctx, a) } - fn is_soft_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &CRTInteger<'v, F>, - ) -> AssignedValue<'v, F> { + fn is_soft_zero(&self, ctx: &mut Context, a: &CRTInteger) -> AssignedValue { let is_zero = big_is_zero::crt::(self.gate(), ctx, a); // underflow != 0 iff carry < p @@ -411,11 +407,7 @@ impl FieldChip for FpConfig { self.gate().and(ctx, Existing(&is_zero), Existing(&range_check)) } - fn is_soft_nonzero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &CRTInteger<'v, F>, - ) -> AssignedValue<'v, F> { + fn is_soft_nonzero(&self, ctx: &mut Context, a: &CRTInteger) -> AssignedValue { let is_zero = big_is_zero::crt::(self.gate(), ctx, a); let is_nonzero = self.gate().not(ctx, Existing(&is_zero)); @@ -432,30 +424,25 @@ impl FieldChip for FpConfig { // assuming `a` has been range checked to be a proper BigInt // constrain the witness `a` to be `< p` // then check if `a` is 0 - fn is_zero<'v>(&self, ctx: &mut Context<'v, F>, a: &CRTInteger<'v, F>) -> AssignedValue<'v, F> { + fn is_zero(&self, ctx: &mut Context, a: &CRTInteger) -> AssignedValue { self.enforce_less_than_p(ctx, a); // just check truncated limbs are all 0 since they determine the native value big_is_zero::positive::(self.gate(), ctx, &a.truncation) } - fn is_equal_unenforced<'v>( + fn is_equal_unenforced( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + ctx: &mut Context, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> AssignedValue { big_is_equal::assign::(self.gate(), ctx, &a.truncation, &b.truncation) } // assuming `a, b` have been range checked to be a proper BigInt // constrain the witnesses `a, b` to be `< p` // then assert `a == b` as BigInts - fn assert_equal<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) { + fn assert_equal(&self, ctx: &mut Context, a: &Self::FieldPoint, b: &Self::FieldPoint) { self.enforce_less_than_p(ctx, a); self.enforce_less_than_p(ctx, b); // a.native and b.native are derived from `a.truncation, b.truncation`, so no need to check if they're equal @@ -466,24 +453,24 @@ impl FieldChip for FpConfig { } impl Selectable for FpConfig { - type Point<'v> = CRTInteger<'v, F>; + type Point = CRTInteger; - fn select<'v>( + fn select( &self, ctx: &mut Context<'_, F>, - a: &CRTInteger<'v, F>, - b: &CRTInteger<'v, F>, - sel: &AssignedValue<'v, F>, - ) -> CRTInteger<'v, F> { + a: &CRTInteger, + b: &CRTInteger, + sel: &AssignedValue, + ) -> CRTInteger { select::crt::(self.range.gate(), ctx, a, b, sel) } - fn select_by_indicator<'v>( + fn select_by_indicator( &self, ctx: &mut Context<'_, F>, - a: &[CRTInteger<'v, F>], - coeffs: &[AssignedValue<'v, F>], - ) -> CRTInteger<'v, F> { + a: &[CRTInteger], + coeffs: &[AssignedValue], + ) -> CRTInteger { select_by_indicator::crt::(self.range.gate(), ctx, a, coeffs, &self.limb_bases) } } diff --git a/halo2-ecc/src/fields/fp12.rs b/halo2-ecc/src/fields/fp12.rs index f130fd52..a4721e26 100644 --- a/halo2-ecc/src/fields/fp12.rs +++ b/halo2-ecc/src/fields/fp12.rs @@ -38,12 +38,12 @@ where Self { fp_chip, _f: PhantomData, _fp12: PhantomData } } - pub fn fp2_mul_no_carry<'v>( + pub fn fp2_mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &FieldExtPoint>, - fp2_pt: &FieldExtPoint>, - ) -> FieldExtPoint> { + ctx: &mut Context<'_, F>, + a: &FieldExtPoint, + fp2_pt: &FieldExtPoint, + ) -> FieldExtPoint { assert_eq!(a.coeffs.len(), 12); assert_eq!(fp2_pt.coeffs.len(), 2); @@ -64,11 +64,11 @@ where } // for \sum_i (a_i + b_i u) w^i, returns \sum_i (-1)^i (a_i + b_i u) w^i - pub fn conjugate<'v>( + pub fn conjugate( &self, - ctx: &mut Context<'v, F>, - a: &FieldExtPoint>, - ) -> FieldExtPoint> { + ctx: &mut Context<'_, F>, + a: &FieldExtPoint, + ) -> FieldExtPoint { assert_eq!(a.coeffs.len(), 12); let coeffs = a @@ -84,9 +84,9 @@ where /// multiply (a0 + a1 * u) * (XI0 + u) without carry pub fn mul_no_carry_w6<'v, F: PrimeField, FC: FieldChip, const XI_0: i64>( fp_chip: &FC, - ctx: &mut Context<'v, F>, - a: &FieldExtPoint>, -) -> FieldExtPoint> { + ctx: &mut Context<'_, F>, + a: &FieldExtPoint, +) -> FieldExtPoint { assert_eq!(a.coeffs.len(), 2); let (a0, a1) = (&a.coeffs[0], &a.coeffs[1]); // (a0 + a1 u) * (XI_0 + u) = (a0 * XI_0 - a1) + (a1 * XI_0 + a0) u with u^2 = -1 @@ -107,7 +107,7 @@ where const PRIME_FIELD_NUM_BITS: u32 = FpChip::FieldType::NUM_BITS; type ConstantType = Fp12; type WitnessType = Vec>; - type FieldPoint<'v> = FieldExtPoint>; + type FieldPoint = FieldExtPoint; type FieldType = Fp12; type RangeChip = FpChip::RangeChip; @@ -122,7 +122,7 @@ where self.fp_chip.limb_bits() } - fn get_assigned_value(&self, x: &Self::FieldPoint<'_>) -> Value { + fn get_assigned_value(&self, x: &Self::FieldPoint) -> Value { assert_eq!(x.coeffs.len(), 12); let values = x.coeffs.iter().map(|v| self.fp_chip.get_assigned_value(v)); let values_collected: Value> = values.into_iter().collect(); @@ -141,11 +141,11 @@ where } } - fn load_private<'v>( + fn load_private( &self, ctx: &mut Context<'_, F>, coeffs: Vec>, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { assert_eq!(coeffs.len(), 12); let mut assigned_coeffs = Vec::with_capacity(12); for a in coeffs { @@ -155,7 +155,7 @@ where Self::FieldPoint::construct(assigned_coeffs) } - fn load_constant<'v>(&self, ctx: &mut Context<'_, F>, c: Fp12) -> Self::FieldPoint<'v> { + fn load_constant(&self, ctx: &mut Context<'_, F>, c: Fp12) -> Self::FieldPoint { let mut assigned_coeffs = Vec::with_capacity(12); for a in &c.coeffs() { let assigned_coeff = self.fp_chip.load_constant(ctx, fe_to_biguint(a)); @@ -165,12 +165,12 @@ where } // signed overflow BigInt functions - fn add_no_carry<'v>( + fn add_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { assert_eq!(a.coeffs.len(), b.coeffs.len()); let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { @@ -180,12 +180,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn add_constant_no_carry<'v>( + fn add_constant_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, c: Self::ConstantType, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { let c_coeffs = c.coeffs(); assert_eq!(a.coeffs.len(), c_coeffs.len()); let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); @@ -196,12 +196,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn sub_no_carry<'v>( + fn sub_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { assert_eq!(a.coeffs.len(), b.coeffs.len()); let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { @@ -211,11 +211,7 @@ where Self::FieldPoint::construct(out_coeffs) } - fn negate<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + fn negate(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for a_coeff in &a.coeffs { let out_coeff = self.fp_chip.negate(ctx, a_coeff); @@ -224,12 +220,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn scalar_mul_no_carry<'v>( + fn scalar_mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, c: i64, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { let coeff = self.fp_chip.scalar_mul_no_carry(ctx, &a.coeffs[i], c); @@ -238,13 +234,13 @@ where Self::FieldPoint::construct(out_coeffs) } - fn scalar_mul_and_add_no_carry<'v>( + fn scalar_mul_and_add_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, c: i64, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { let coeff = @@ -255,12 +251,12 @@ where } // w^6 = u + xi for xi = 9 - fn mul_no_carry<'v>( + fn mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { assert_eq!(a.coeffs.len(), 12); assert_eq!(b.coeffs.len(), 12); @@ -341,17 +337,13 @@ where Self::FieldPoint::construct(out_coeffs) } - fn check_carry_mod_to_zero<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>) { + fn check_carry_mod_to_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) { for coeff in &a.coeffs { self.fp_chip.check_carry_mod_to_zero(ctx, coeff); } } - fn carry_mod<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + fn carry_mod(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for a_coeff in &a.coeffs { let coeff = self.fp_chip.carry_mod(ctx, a_coeff); @@ -360,23 +352,19 @@ where Self::FieldPoint::construct(out_coeffs) } - fn range_check<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>, max_bits: usize) { + fn range_check(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint, max_bits: usize) { for a_coeff in &a.coeffs { self.fp_chip.range_check(ctx, a_coeff, max_bits); } } - fn enforce_less_than<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>) { + fn enforce_less_than(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) { for a_coeff in &a.coeffs { self.fp_chip.enforce_less_than(ctx, a_coeff) } } - fn is_soft_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + fn is_soft_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue { let mut prev = None; for a_coeff in &a.coeffs { let coeff = self.fp_chip.is_soft_zero(ctx, a_coeff); @@ -390,11 +378,7 @@ where prev.unwrap() } - fn is_soft_nonzero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + fn is_soft_nonzero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue { let mut prev = None; for a_coeff in &a.coeffs { let coeff = self.fp_chip.is_soft_nonzero(ctx, a_coeff); @@ -408,11 +392,7 @@ where prev.unwrap() } - fn is_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + fn is_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue { let mut prev = None; for a_coeff in &a.coeffs { let coeff = self.fp_chip.is_zero(ctx, a_coeff); @@ -426,12 +406,12 @@ where prev.unwrap() } - fn is_equal<'v>( + fn is_equal( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> AssignedValue { let mut acc = None; for (a_coeff, b_coeff) in a.coeffs.iter().zip(b.coeffs.iter()) { let coeff = self.fp_chip.is_equal(ctx, a_coeff, b_coeff); @@ -444,12 +424,12 @@ where acc.unwrap() } - fn is_equal_unenforced<'v>( + fn is_equal_unenforced( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> AssignedValue { let mut acc = None; for (a_coeff, b_coeff) in a.coeffs.iter().zip(b.coeffs.iter()) { let coeff = self.fp_chip.is_equal_unenforced(ctx, a_coeff, b_coeff); @@ -462,12 +442,7 @@ where acc.unwrap() } - fn assert_equal<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) { + fn assert_equal(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint, b: &Self::FieldPoint) { for (a_coeff, b_coeff) in a.coeffs.iter().zip(b.coeffs.iter()) { self.fp_chip.assert_equal(ctx, a_coeff, b_coeff); } diff --git a/halo2-ecc/src/fields/fp2.rs b/halo2-ecc/src/fields/fp2.rs index 633ae6fa..2cdc035f 100644 --- a/halo2-ecc/src/fields/fp2.rs +++ b/halo2-ecc/src/fields/fp2.rs @@ -37,12 +37,12 @@ where Self { fp_chip, _f: PhantomData, _fp2: PhantomData } } - pub fn fp_mul_no_carry<'v>( + pub fn fp_mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &FieldExtPoint>, - fp_point: &FpChip::FieldPoint<'v>, - ) -> FieldExtPoint> { + ctx: &mut Context<'_, F>, + a: &FieldExtPoint, + fp_point: &FpChip::FieldPoint, + ) -> FieldExtPoint { assert_eq!(a.coeffs.len(), 2); let mut out_coeffs = Vec::with_capacity(2); @@ -53,37 +53,37 @@ where FieldExtPoint::construct(out_coeffs) } - pub fn conjugate<'v>( + pub fn conjugate( &self, - ctx: &mut Context<'v, F>, - a: &FieldExtPoint>, - ) -> FieldExtPoint> { + ctx: &mut Context<'_, F>, + a: &FieldExtPoint, + ) -> FieldExtPoint { assert_eq!(a.coeffs.len(), 2); let neg_a1 = self.fp_chip.negate(ctx, &a.coeffs[1]); FieldExtPoint::construct(vec![a.coeffs[0].clone(), neg_a1]) } - pub fn neg_conjugate<'v>( + pub fn neg_conjugate( &self, - ctx: &mut Context<'v, F>, - a: &FieldExtPoint>, - ) -> FieldExtPoint> { + ctx: &mut Context<'_, F>, + a: &FieldExtPoint, + ) -> FieldExtPoint { assert_eq!(a.coeffs.len(), 2); let neg_a0 = self.fp_chip.negate(ctx, &a.coeffs[0]); FieldExtPoint::construct(vec![neg_a0, a.coeffs[1].clone()]) } - pub fn select<'v>( + pub fn select( &self, ctx: &mut Context<'_, F>, - a: &FieldExtPoint>, - b: &FieldExtPoint>, - sel: &AssignedValue<'v, F>, - ) -> FieldExtPoint> + a: &FieldExtPoint, + b: &FieldExtPoint, + sel: &AssignedValue, + ) -> FieldExtPoint where - FpChip: Selectable = FpChip::FieldPoint<'v>>, + FpChip: Selectable, { let coeffs: Vec<_> = a .coeffs @@ -105,7 +105,7 @@ where const PRIME_FIELD_NUM_BITS: u32 = FpChip::FieldType::NUM_BITS; type ConstantType = Fp2; type WitnessType = Vec>; - type FieldPoint<'v> = FieldExtPoint>; + type FieldPoint = FieldExtPoint; type FieldType = Fp2; type RangeChip = FpChip::RangeChip; @@ -120,7 +120,7 @@ where self.fp_chip.limb_bits() } - fn get_assigned_value(&self, x: &Self::FieldPoint<'_>) -> Value { + fn get_assigned_value(&self, x: &Self::FieldPoint) -> Value { assert_eq!(x.coeffs.len(), 2); let c0 = self.fp_chip.get_assigned_value(&x.coeffs[0]); let c1 = self.fp_chip.get_assigned_value(&x.coeffs[1]); @@ -142,11 +142,11 @@ where } } - fn load_private<'v>( + fn load_private( &self, ctx: &mut Context<'_, F>, coeffs: Vec>, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { assert_eq!(coeffs.len(), 2); let mut assigned_coeffs = Vec::with_capacity(2); for a in coeffs { @@ -156,7 +156,7 @@ where Self::FieldPoint::construct(assigned_coeffs) } - fn load_constant<'v>(&self, ctx: &mut Context<'_, F>, c: Fp2) -> Self::FieldPoint<'v> { + fn load_constant(&self, ctx: &mut Context<'_, F>, c: Fp2) -> Self::FieldPoint { let mut assigned_coeffs = Vec::with_capacity(2); for a in &c.coeffs() { let assigned_coeff = self.fp_chip.load_constant(ctx, fe_to_biguint(a)); @@ -166,12 +166,12 @@ where } // signed overflow BigInt functions - fn add_no_carry<'v>( + fn add_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { assert_eq!(a.coeffs.len(), b.coeffs.len()); let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { @@ -181,12 +181,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn add_constant_no_carry<'v>( + fn add_constant_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, c: Self::ConstantType, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { let c_coeffs = c.coeffs(); assert_eq!(a.coeffs.len(), c_coeffs.len()); let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); @@ -197,12 +197,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn sub_no_carry<'v>( + fn sub_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { assert_eq!(a.coeffs.len(), b.coeffs.len()); let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { @@ -212,11 +212,7 @@ where Self::FieldPoint::construct(out_coeffs) } - fn negate<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + fn negate(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for a_coeff in &a.coeffs { let out_coeff = self.fp_chip.negate(ctx, a_coeff); @@ -225,12 +221,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn scalar_mul_no_carry<'v>( + fn scalar_mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, c: i64, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { let coeff = self.fp_chip.scalar_mul_no_carry(ctx, &a.coeffs[i], c); @@ -239,13 +235,13 @@ where Self::FieldPoint::construct(out_coeffs) } - fn scalar_mul_and_add_no_carry<'v>( + fn scalar_mul_and_add_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, c: i64, - ) -> Self::FieldPoint<'v> { + ) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for i in 0..a.coeffs.len() { let coeff = @@ -255,12 +251,12 @@ where Self::FieldPoint::construct(out_coeffs) } - fn mul_no_carry<'v>( + fn mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { assert_eq!(a.coeffs.len(), b.coeffs.len()); // (a_0 + a_1 * u) * (b_0 + b_1 * u) = (a_0 b_0 - a_1 b_1) + (a_0 b_1 + a_1 b_0) * u let mut ab_coeffs = Vec::with_capacity(a.coeffs.len() * b.coeffs.len()); @@ -282,17 +278,13 @@ where Self::FieldPoint::construct(out_coeffs) } - fn check_carry_mod_to_zero<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>) { + fn check_carry_mod_to_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) { for coeff in &a.coeffs { self.fp_chip.check_carry_mod_to_zero(ctx, coeff); } } - fn carry_mod<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + fn carry_mod(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> Self::FieldPoint { let mut out_coeffs = Vec::with_capacity(a.coeffs.len()); for a_coeff in &a.coeffs { let coeff = self.fp_chip.carry_mod(ctx, a_coeff); @@ -301,23 +293,19 @@ where Self::FieldPoint::construct(out_coeffs) } - fn range_check<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>, max_bits: usize) { + fn range_check(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint, max_bits: usize) { for a_coeff in &a.coeffs { self.fp_chip.range_check(ctx, a_coeff, max_bits); } } - fn enforce_less_than<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>) { + fn enforce_less_than(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) { for a_coeff in &a.coeffs { self.fp_chip.enforce_less_than(ctx, a_coeff) } } - fn is_soft_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + fn is_soft_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue { let mut prev = None; for a_coeff in &a.coeffs { let coeff = self.fp_chip.is_soft_zero(ctx, a_coeff); @@ -331,11 +319,7 @@ where prev.unwrap() } - fn is_soft_nonzero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + fn is_soft_nonzero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue { let mut prev = None; for a_coeff in &a.coeffs { let coeff = self.fp_chip.is_soft_nonzero(ctx, a_coeff); @@ -349,11 +333,7 @@ where prev.unwrap() } - fn is_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + fn is_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue { let mut prev = None; for a_coeff in &a.coeffs { let coeff = self.fp_chip.is_zero(ctx, a_coeff); @@ -367,12 +347,12 @@ where prev.unwrap() } - fn is_equal_unenforced<'v>( + fn is_equal_unenforced( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> AssignedValue { let mut acc = None; for (a_coeff, b_coeff) in a.coeffs.iter().zip(b.coeffs.iter()) { let coeff = self.fp_chip.is_equal_unenforced(ctx, a_coeff, b_coeff); @@ -385,12 +365,7 @@ where acc.unwrap() } - fn assert_equal<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) { + fn assert_equal(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint, b: &Self::FieldPoint) { for (a_coeff, b_coeff) in a.coeffs.iter().zip(b.coeffs.iter()) { self.fp_chip.assert_equal(ctx, a_coeff, b_coeff) } diff --git a/halo2-ecc/src/fields/mod.rs b/halo2-ecc/src/fields/mod.rs index e5e65f16..a6b3ceb0 100644 --- a/halo2-ecc/src/fields/mod.rs +++ b/halo2-ecc/src/fields/mod.rs @@ -33,7 +33,7 @@ pub trait FieldChip { type ConstantType: Debug; type WitnessType: Debug; - type FieldPoint<'v>: Clone + Debug; + type FieldPoint: Clone + Debug; // a type implementing `Field` trait to help with witness generation (for example with inverse) type FieldType: Field; type RangeChip: RangeInstructions; @@ -45,155 +45,127 @@ pub trait FieldChip { fn range(&self) -> &Self::RangeChip; fn limb_bits(&self) -> usize; - fn get_assigned_value(&self, x: &Self::FieldPoint<'_>) -> Value; + fn get_assigned_value(&self, x: &Self::FieldPoint) -> Value; fn fe_to_constant(x: Self::FieldType) -> Self::ConstantType; fn fe_to_witness(x: &Value) -> Self::WitnessType; - fn load_private<'v>( - &self, - ctx: &mut Context<'_, F>, - coeffs: Self::WitnessType, - ) -> Self::FieldPoint<'v>; + fn load_private(&self, ctx: &mut Context<'_, F>, coeffs: Self::WitnessType) + -> Self::FieldPoint; - fn load_constant<'v>( + fn load_constant( &self, ctx: &mut Context<'_, F>, coeffs: Self::ConstantType, - ) -> Self::FieldPoint<'v>; + ) -> Self::FieldPoint; - fn add_no_carry<'v>( + fn add_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v>; + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint; /// output: `a + c` - fn add_constant_no_carry<'v>( + fn add_constant_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, c: Self::ConstantType, - ) -> Self::FieldPoint<'v>; + ) -> Self::FieldPoint; - fn sub_no_carry<'v>( + fn sub_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v>; + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint; - fn negate<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v>; + fn negate(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> Self::FieldPoint; /// a * c - fn scalar_mul_no_carry<'v>( + fn scalar_mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, c: i64, - ) -> Self::FieldPoint<'v>; + ) -> Self::FieldPoint; /// a * c + b - fn scalar_mul_and_add_no_carry<'v>( + fn scalar_mul_and_add_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, c: i64, - ) -> Self::FieldPoint<'v>; + ) -> Self::FieldPoint; - fn mul_no_carry<'v>( + fn mul_no_carry( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v>; + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint; - fn check_carry_mod_to_zero<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>); + fn check_carry_mod_to_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint); - fn carry_mod<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v>; + fn carry_mod(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> Self::FieldPoint; - fn range_check<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>, max_bits: usize); + fn range_check(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint, max_bits: usize); - fn enforce_less_than<'v>(&self, ctx: &mut Context<'v, F>, a: &Self::FieldPoint<'v>); + fn enforce_less_than(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint); // Assumes the witness for a is 0 // Constrains that the underlying big integer is 0 and < p. // For field extensions, checks coordinate-wise. - fn is_soft_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F>; + fn is_soft_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue; // Constrains that the underlying big integer is in [1, p - 1]. // For field extensions, checks coordinate-wise. - fn is_soft_nonzero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F>; + fn is_soft_nonzero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue; - fn is_zero<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F>; + fn is_zero(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint) -> AssignedValue; // assuming `a, b` have been range checked to be a proper BigInt // constrain the witnesses `a, b` to be `< p` // then check `a == b` as BigInts - fn is_equal<'v>( + fn is_equal( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> AssignedValue { self.enforce_less_than(ctx, a); self.enforce_less_than(ctx, b); // a.native and b.native are derived from `a.truncation, b.truncation`, so no need to check if they're equal self.is_equal_unenforced(ctx, a, b) } - fn is_equal_unenforced<'v>( + fn is_equal_unenforced( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> AssignedValue<'v, F>; + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> AssignedValue; - fn assert_equal<'v>( - &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ); + fn assert_equal(&self, ctx: &mut Context<'_, F>, a: &Self::FieldPoint, b: &Self::FieldPoint); - fn mul<'v>( + fn mul( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { let no_carry = self.mul_no_carry(ctx, a, b); self.carry_mod(ctx, &no_carry) } - fn divide<'v>( + fn divide( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { let a_val = self.get_assigned_value(a); let b_val = self.get_assigned_value(b); let b_inv = b_val.map(|bv| bv.invert().unwrap()); @@ -211,12 +183,12 @@ pub trait FieldChip { // constrain and output -a / b // this is usually cheaper constraint-wise than computing -a and then (-a) / b separately - fn neg_divide<'v>( + fn neg_divide( &self, - ctx: &mut Context<'v, F>, - a: &Self::FieldPoint<'v>, - b: &Self::FieldPoint<'v>, - ) -> Self::FieldPoint<'v> { + ctx: &mut Context<'_, F>, + a: &Self::FieldPoint, + b: &Self::FieldPoint, + ) -> Self::FieldPoint { let a_val = self.get_assigned_value(a); let b_val = self.get_assigned_value(b); let b_inv = b_val.map(|bv| bv.invert().unwrap()); @@ -235,22 +207,22 @@ pub trait FieldChip { } pub trait Selectable { - type Point<'v>; + type Point; - fn select<'v>( + fn select( &self, ctx: &mut Context<'_, F>, - a: &Self::Point<'v>, - b: &Self::Point<'v>, - sel: &AssignedValue<'v, F>, - ) -> Self::Point<'v>; + a: &Self::Point, + b: &Self::Point, + sel: &AssignedValue, + ) -> Self::Point; - fn select_by_indicator<'v>( + fn select_by_indicator( &self, ctx: &mut Context<'_, F>, - a: &[Self::Point<'v>], - coeffs: &[AssignedValue<'v, F>], - ) -> Self::Point<'v>; + a: &[Self::Point], + coeffs: &[AssignedValue], + ) -> Self::Point; } // Common functionality for prime field chips diff --git a/halo2-ecc/src/fields/tests.rs b/halo2-ecc/src/fields/tests.rs index 75cee2a3..63e74597 100644 --- a/halo2-ecc/src/fields/tests.rs +++ b/halo2-ecc/src/fields/tests.rs @@ -3,13 +3,13 @@ mod fp { fp::{FpConfig, FpStrategy}, FieldChip, }; + use crate::halo2_proofs::group::ff::Field; use crate::halo2_proofs::{ circuit::*, dev::MockProver, halo2curves::bn256::{Fq, Fr}, plonk::*, }; - use crate::halo2_proofs::group::ff::Field; use halo2_base::{ utils::{fe_to_biguint, modulus, PrimeField}, SKIP_FIRST_PASS, @@ -89,9 +89,7 @@ mod fp { #[cfg(feature = "display")] { - println!( - "Using {NUM_ADVICE} advice columns and {NUM_FIXED} fixed columns" - ); + println!("Using {NUM_ADVICE} advice columns and {NUM_FIXED} fixed columns"); println!("total cells: {}", ctx.total_advice); let (const_rows, _) = ctx.fixed_stats(); @@ -222,9 +220,7 @@ mod fp12 { #[cfg(feature = "display")] { - println!( - "Using {NUM_ADVICE} advice columns and {NUM_FIXED} fixed columns" - ); + println!("Using {NUM_ADVICE} advice columns and {NUM_FIXED} fixed columns"); println!("total advice cells: {}", ctx.total_advice); let (const_rows, _) = ctx.fixed_stats(); diff --git a/hashes/zkevm-keccak/src/keccak_packed_multi.rs b/hashes/zkevm-keccak/src/keccak_packed_multi.rs index 06d40121..50af5b62 100644 --- a/hashes/zkevm-keccak/src/keccak_packed_multi.rs +++ b/hashes/zkevm-keccak/src/keccak_packed_multi.rs @@ -387,7 +387,7 @@ pub fn assign_advice_custom<'v, F: Field>( column: Column, offset: usize, value: Value, -) -> AssignedValue<'v, F> { +) -> AssignedValue { #[cfg(feature = "halo2-axiom")] { AssignedValue { @@ -1604,7 +1604,7 @@ pub fn keccak_phase1<'v, F: Field>( keccak_table: &KeccakTable, bytes: &[u8], challenge: Value, - input_rlcs: &mut Vec>, + input_rlcs: &mut Vec>, offset: &mut usize, ) { let num_chunks = get_num_keccak_f(bytes.len()); @@ -1967,7 +1967,7 @@ pub fn multi_keccak_phase1<'a, 'v, F: Field>( bytes: impl IntoIterator, challenge: Value, squeeze_digests: Vec<[F; NUM_WORDS_TO_SQUEEZE]>, -) -> (Vec>, Vec>) { +) -> (Vec>, Vec>) { let mut input_rlcs = Vec::with_capacity(squeeze_digests.len()); let mut output_rlcs = Vec::with_capacity(squeeze_digests.len());