Skip to content

Commit

Permalink
update snark verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
@zhenfeizhang
zhenfeizhang committed Nov 8, 2023
1 parent bf523bd commit e12af78
Show file tree
Hide file tree
Showing 14 changed files with 61 additions and 53 deletions.
9 changes: 5 additions & 4 deletions snark-verifier/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,10 @@ serde = { version = "1.0", features = ["derive"] }
# poseidon-axiom = { git = "https://github.com/axiom-crypto/halo2.git", branch = "axiom/faster-witness-generation", package = "poseidon", optional = true }
# poseidon= { git = "https://github.com/privacy-scaling-explorations/poseidon", optional = true }

halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "halo2-ecc-snark-verifier-0220" }
halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220" }
poseidon = { git = "https://github.com/scroll-tech/poseidon", branch = "halo2-ecc-snark-verifier-0220", optional = true }
ff = "0.13"
halo2_proofs = { git = "https://github.com/scroll-tech/halo2.git", branch = "sync-ff-0.13" }
halo2-base = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "sync-ff-0.13" }
poseidon = { git = "https://github.com/scroll-tech/poseidon", branch = "sync-ff-0.13", optional = true }

# parallel
rayon = { version = "1.5.3", optional = true }
Expand All @@ -36,7 +37,7 @@ rlp = { version = "0.5", default-features = false, features = ["std"], optional

# loader_halo2
# halo2-ecc = { git = "https://github.com/axiom-crypto/halo2-lib.git", tag = "v0.2.2", default-features = false, optional = true }
halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "halo2-ecc-snark-verifier-0220", default-features = false, optional = true }
halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib.git", branch = "sync-ff-0.13", default-features = false, optional = true }

[dev-dependencies]
ark-std = { version = "0.3.0", features = ["print-trace"] }
Expand Down
2 changes: 1 addition & 1 deletion snark-verifier/examples/evm-verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use halo2_proofs::{
dev::MockProver,
halo2curves::bn256::{Bn256, Fq, Fr, G1Affine},
plonk::{
create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Circuit, Column,
create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Circuit, Column,
ConstraintSystem, Error, Fixed, Instance, ProvingKey, VerifyingKey,
},
poly::{
Expand Down
32 changes: 16 additions & 16 deletions snark-verifier/examples/recursion.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,8 +369,8 @@ mod recursion {
svk: &Svk,
loader: &Rc<Halo2Loader<'a>>,
snark: &SnarkWitness,
preprocessed_digest: Option<AssignedValue< Fr>>,
) -> (Vec<Vec<AssignedValue< Fr>>>, Vec<KzgAccumulator<G1Affine, Rc<Halo2Loader<'a>>>>) {
preprocessed_digest: Option<AssignedValue<Fr>>,
) -> (Vec<Vec<AssignedValue<Fr>>>, Vec<KzgAccumulator<G1Affine, Rc<Halo2Loader<'a>>>>) {
let protocol = if let Some(preprocessed_digest) = preprocessed_digest {
let preprocessed_digest = loader.scalar_from_assigned(preprocessed_digest);
let protocol = snark.protocol.loaded_preprocessed_as_witness(loader);
Expand Down Expand Up @@ -414,7 +414,7 @@ mod recursion {

fn select_accumulator<'a>(
loader: &Rc<Halo2Loader<'a>>,
condition: &AssignedValue< Fr>,
condition: &AssignedValue<Fr>,
lhs: &KzgAccumulator<G1Affine, Rc<Halo2Loader<'a>>>,
rhs: &KzgAccumulator<G1Affine, Rc<Halo2Loader<'a>>>,
) -> Result<KzgAccumulator<G1Affine, Rc<Halo2Loader<'a>>>, Error> {
Expand Down Expand Up @@ -673,7 +673,7 @@ mod recursion {
main_gate.assign_integer(&mut ctx, Value::known(instance)).unwrap()
});
let first_round = main_gate.is_zero(&mut ctx, &round);
let not_first_round = main_gate.not(&mut ctx, Existing(&first_round));
let not_first_round = main_gate.not(&mut ctx, Existing(first_round));

let loader = Halo2Loader::new(config.ecc_chip(), ctx);
let (mut app_instances, app_accumulators) =
Expand Down Expand Up @@ -715,31 +715,31 @@ mod recursion {
(
&main_gate.mul(
&mut ctx,
Existing(&preprocessed_digest),
Existing(&not_first_round),
Existing(preprocessed_digest),
Existing(not_first_round),
),
&previous_instances[Self::PREPROCESSED_DIGEST_ROW],
),
// Propagate initial_state
(
&main_gate.mul(
&mut ctx,
Existing(&initial_state),
Existing(&not_first_round),
Existing(initial_state),
Existing(not_first_round),
),
&previous_instances[Self::INITIAL_STATE_ROW],
),
// Verify initial_state is same as the first application snark
(
&main_gate.mul(
&mut ctx,
Existing(&initial_state),
Existing(&first_round),
Existing(initial_state),
Existing(first_round),
),
&main_gate.mul(
&mut ctx,
Existing(&app_instances[0]),
Existing(&first_round),
Existing(app_instances[0]),
Existing(first_round),
),
),
// Verify current state is same as the current application snark
Expand All @@ -748,8 +748,8 @@ mod recursion {
(
&main_gate.mul(
&mut ctx,
Existing(&app_instances[0]),
Existing(&not_first_round),
Existing(app_instances[0]),
Existing(not_first_round),
),
&previous_instances[Self::STATE_ROW],
),
Expand All @@ -758,8 +758,8 @@ mod recursion {
&round,
&main_gate.add(
&mut ctx,
Existing(&not_first_round),
Existing(&previous_instances[Self::ROUND_ROW]),
Existing(not_first_round),
Existing(previous_instances[Self::ROUND_ROW]),
),
),
] {
Expand Down
27 changes: 15 additions & 12 deletions snark-verifier/src/loader/halo2/shim.rs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
use crate::halo2_proofs::ff::PrimeField;
use crate::halo2_proofs::{
circuit::{Cell, Value},
plonk::Error,
};
use crate::util::arithmetic::CurveAffine;
use ff::PrimeField;
use std::{fmt::Debug, ops::Deref};

pub trait Context: Debug {
Expand Down Expand Up @@ -141,10 +141,11 @@ mod halo2_lib {
loader::halo2::{Context, EccInstructions, IntegerInstructions},
util::arithmetic::{CurveAffine, Field},
};
use ff::PrimeField;
use halo2_base::{
self,
gates::{flex_gate::FlexGateConfig, GateInstructions, RangeInstructions},
utils::PrimeField,
utils::ScalarField,
AssignedValue,
QuantumCell::{Constant, Existing, Witness},
};
Expand All @@ -158,7 +159,7 @@ mod halo2_lib {
type AssignedInteger<C> = CRTInteger<<C as CurveAffine>::ScalarExt>;
type AssignedEcPoint<C> = EcPoint<<C as CurveAffine>::ScalarExt, AssignedInteger<C>>;

impl<'a, F: PrimeField> Context for halo2_base::Context<'a, F> {
impl<'a, F: ScalarField> Context for halo2_base::Context<'a, F> {
fn constrain_equal(&mut self, lhs: Cell, rhs: Cell) -> Result<(), Error> {
#[cfg(feature = "halo2-axiom")]
self.region.constrain_equal(&lhs, &rhs);
Expand All @@ -172,7 +173,7 @@ mod halo2_lib {
}
}

impl<'a, F: PrimeField> IntegerInstructions<'a, F> for FlexGateConfig<F> {
impl<'a, F: ScalarField> IntegerInstructions<'a, F> for FlexGateConfig<F> {
type Context = halo2_base::Context<'a, F>;
type AssignedCell = AssignedValue<F>;
type AssignedInteger = AssignedValue<F>;
Expand Down Expand Up @@ -205,7 +206,7 @@ mod halo2_lib {
a.push(Constant(constant));
b.push(Constant(F::ONE));
}
a.extend(values.iter().map(|(_, a)| Existing(a)));
a.extend(values.iter().map(|(_, a)| Existing(*a.deref())));
b.extend(values.iter().map(|(c, _)| Constant(*c)));
Ok(self.inner_product(ctx, a, b))
}
Expand All @@ -224,7 +225,7 @@ mod halo2_lib {
0 => self.assign_constant(ctx, constant),
_ => Ok(self.sum_products_with_coeff_and_var(
ctx,
values.iter().map(|(c, a, b)| (*c, Existing(a), Existing(b))),
values.iter().map(|(c, a, b)| (*c, Existing(*a.deref()), Existing(*b.deref()))),
Constant(constant),
)),
}
Expand All @@ -236,15 +237,15 @@ mod halo2_lib {
a: &Self::AssignedInteger,
b: &Self::AssignedInteger,
) -> Result<Self::AssignedInteger, Error> {
Ok(GateInstructions::sub(self, ctx, Existing(a), Existing(b)))
Ok(GateInstructions::sub(self, ctx, Existing(*a), Existing(*b)))
}

fn neg(
&self,
ctx: &mut Self::Context,
a: &Self::AssignedInteger,
) -> Result<Self::AssignedInteger, Error> {
Ok(GateInstructions::neg(self, ctx, Existing(a)))
Ok(GateInstructions::neg(self, ctx, Existing(*a)))
}

fn invert(
Expand All @@ -255,7 +256,7 @@ mod halo2_lib {
// make sure scalar != 0
let is_zero = self.is_zero(ctx, a);
self.assert_is_const(ctx, &is_zero, F::ZERO);
Ok(GateInstructions::div_unsafe(self, ctx, Constant(F::ONE), Existing(a)))
Ok(GateInstructions::div_unsafe(self, ctx, Constant(F::ONE), Existing(*a)))
}

fn assert_equal(
Expand All @@ -271,8 +272,8 @@ mod halo2_lib {

impl<'a, C: CurveAffineExt> EccInstructions<'a, C> for BaseFieldEccChip<C>
where
C::ScalarExt: PrimeField,
C::Base: PrimeField,
C::ScalarExt: ScalarField + PrimeField<Repr = [u8; 32]>,
C::Base: ScalarField + PrimeField<Repr = [u8; 32]>,
{
type Context = halo2_base::Context<'a, C::Scalar>;
type ScalarChip = FlexGateConfig<C::Scalar>;
Expand Down Expand Up @@ -325,7 +326,9 @@ mod halo2_lib {
let constant = EccInstructions::<C>::assign_constant(self, ctx, constant).unwrap();
Some(constant)
};
Ok(self.sum::<C>(ctx, constant.iter().chain(values.iter().map(Deref::deref))))
let values = constant.iter().chain(values.iter().map(Deref::deref)).cloned();

Ok(self.sum::<C>(ctx, values))
}

fn variable_base_msm(
Expand Down
7 changes: 4 additions & 3 deletions snark-verifier/src/pcs/kzg/accumulator.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,15 +214,16 @@ mod halo2 {

mod halo2_lib {
use super::*;
use halo2_base::{halo2_proofs::halo2curves::CurveAffineExt, utils::PrimeField};
use ff::PrimeField;
use halo2_base::{halo2_proofs::halo2curves::CurveAffineExt, utils::ScalarField};
use halo2_ecc::ecc::BaseFieldEccChip;

impl<'a, C, const LIMBS: usize, const BITS: usize>
LimbsEncodingInstructions<'a, C, LIMBS, BITS> for BaseFieldEccChip<C>
where
C: CurveAffineExt,
C::ScalarExt: PrimeField,
C::Base: PrimeField,
C::ScalarExt: ScalarField + PrimeField<Repr = [u8; 32]>,
C::Base: ScalarField + PrimeField<Repr = [u8; 32]>,
{
fn assign_ec_point_from_limbs(
&self,
Expand Down
2 changes: 1 addition & 1 deletion snark-verifier/src/pcs/kzg/decider.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ impl<M: MultiMillerLoop> From<(M::G2Affine, M::G2Affine)> for KzgDecidingKey<M>
}

mod native {
use halo2_proofs::ff::PrimeField;
use ff::PrimeField;

use crate::{
loader::native::NativeLoader,
Expand Down
2 changes: 1 addition & 1 deletion snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
use crate::{
cost::{Cost, CostEstimation},
halo2_proofs::ff::PrimeField,
loader::{LoadedScalar, Loader, ScalarLoader},
pcs::{
kzg::{Kzg, KzgAccumulator, KzgSuccinctVerifyingKey},
Expand All @@ -13,6 +12,7 @@ use crate::{
Itertools,
},
};
use ff::PrimeField;
use std::{
collections::{BTreeMap, BTreeSet},
marker::PhantomData,
Expand Down
4 changes: 2 additions & 2 deletions snark-verifier/src/system/halo2.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
use crate::halo2_proofs::ff::PrimeField;
use crate::halo2_proofs::{
plonk::{self, Any, ConstraintSystem, FirstPhase, SecondPhase, ThirdPhase, VerifyingKey},
poly::{self, commitment::Params},
Expand All @@ -14,7 +13,8 @@ use crate::{
},
Protocol,
};
use halo2_proofs::ff::FromUniformBytes;
use ff::FromUniformBytes;
use ff::PrimeField;
use num_integer::Integer;
use std::{io, iter, mem::size_of};

Expand Down
5 changes: 3 additions & 2 deletions snark-verifier/src/system/halo2/test.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ use crate::halo2_proofs::{
transcript::{EncodedChallenge, TranscriptReadBuffer, TranscriptWriterBuffer},
};
use crate::util::arithmetic::CurveAffine;
use halo2_proofs::ff::FromUniformBytes;
use ff::{PrimeField, WithSmallOrderMulGroup};
use halo2_base::utils::ScalarField;
use rand_chacha::rand_core::RngCore;
use std::{fs, io::Cursor};

Expand Down Expand Up @@ -47,7 +48,7 @@ pub fn create_proof_checked<'a, S, C, P, V, VS, TW, TR, EC, R>(
) -> Vec<u8>
where
S: CommitmentScheme,
S::Scalar: FromUniformBytes<64> + Ord,
S::Scalar: ScalarField + PrimeField<Repr = [u8; 32]> + WithSmallOrderMulGroup<3>,
S::ParamsVerifier: 'a,
C: Circuit<S::Scalar>,
P: Prover<'a, S>,
Expand Down
2 changes: 1 addition & 1 deletion snark-verifier/src/system/halo2/test/circuit/standard.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use crate::halo2_proofs::{
plonk::{Advice, Circuit, Column, ConstraintSystem, Error, Fixed, Instance},
poly::Rotation,
};
use halo2_proofs::ff::PrimeField;
use ff::PrimeField;
use rand::RngCore;

#[allow(dead_code)]
Expand Down
2 changes: 1 addition & 1 deletion snark-verifier/src/system/halo2/test/kzg.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::halo2_proofs::poly::kzg::commitment::ParamsKZG;
use crate::util::arithmetic::MultiMillerLoop;
use halo2_proofs::ff::PrimeField;
use ff::PrimeField;
use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng};

mod native;
Expand Down
2 changes: 1 addition & 1 deletion snark-verifier/src/system/halo2/transcript.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use crate::{
},
Error,
};
use halo2_proofs::ff::FromUniformBytes;
use ff::FromUniformBytes;
use halo2_proofs::transcript::{Blake2bRead, Blake2bWrite, Challenge255};
use std::io::{Read, Write};

Expand Down
14 changes: 8 additions & 6 deletions snark-verifier/src/system/halo2/transcript/halo2.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ use crate::{
},
Error,
};
use halo2_proofs::curves::serde::SerdeObject;
use halo2_proofs::ff::FromUniformBytes;
use ff::FromUniformBytes;
use halo2_proofs::halo2curves::serde::SerdeObject;
use halo2_proofs::{circuit::Value, transcript::EncodedChallenge};
use std::{
io::{self, Read, Write},
Expand Down Expand Up @@ -318,7 +318,8 @@ impl<C: CurveAffine> EncodedChallenge<C> for ChallengeScalar<C> {

impl<C: CurveAffine, S, const T: usize, const RATE: usize, const R_F: usize, const R_P: usize>
halo2_proofs::transcript::Transcript<C, ChallengeScalar<C>>
for PoseidonTranscript<C, NativeLoader, S, T, RATE, R_F, R_P> where
for PoseidonTranscript<C, NativeLoader, S, T, RATE, R_F, R_P>
where
C::ScalarExt: SerdeObject + FromUniformBytes<64>,
{
fn squeeze_challenge(&mut self) -> ChallengeScalar<C> {
Expand Down Expand Up @@ -423,13 +424,14 @@ where
mod halo2_lib {
use crate::halo2_curves::CurveAffineExt;
use crate::system::halo2::transcript::halo2::NativeEncoding;
use halo2_base::utils::PrimeField;
use ff::PrimeField;
use halo2_base::utils::ScalarField;
use halo2_ecc::ecc::BaseFieldEccChip;

impl<'a, C: CurveAffineExt> NativeEncoding<'a, C> for BaseFieldEccChip<C>
where
C::Scalar: PrimeField,
C::Base: PrimeField,
C::ScalarExt: ScalarField + PrimeField<Repr = [u8; 32]>,
C::Base: ScalarField + PrimeField<Repr = [u8; 32]>,
{
fn encode(
&self,
Expand Down
4 changes: 2 additions & 2 deletions snark-verifier/src/util/hash/poseidon.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ use crate::{
loader::{LoadedScalar, ScalarLoader},
util::Itertools,
};
use halo2_proofs::curves::serde::SerdeObject;
use halo2_proofs::ff::{FromUniformBytes, PrimeField};
use ff::{FromUniformBytes, PrimeField};
use halo2_proofs::halo2curves::serde::SerdeObject;
use std::{iter, marker::PhantomData, mem};

#[derive(Clone)]
Expand Down

0 comments on commit e12af78

Please sign in to comment.