Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Recursive verifier API #666

Draft
wants to merge 24 commits into
base: endoscale
Choose a base branch
from
Draft
Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
c2a524b
Add RunningSumConfig::window_expr() method.
therealyingtong Jun 1, 2022
9e2ed52
Add WINDOW_NUM_BITS const generic to RunningSum struct
therealyingtong Jun 1, 2022
96c7c5b
Add RunningSum::windows() method.
therealyingtong Jun 1, 2022
8c1c9f5
decompose_running_sum::RunningSum: Add num_bits, strict fields.
therealyingtong Jun 9, 2022
c8c745c
decompose_running_sum: Move range_check gate outside the helper.
therealyingtong Jun 10, 2022
a193258
Make EccPoint and NonIdentityEccPoint generic over the curve.
therealyingtong Jun 7, 2022
48d75ea
Make add_incomplete helper generic over the curve.
therealyingtong Jun 7, 2022
e259ae4
Introduce incomplete point doubling helper.
therealyingtong Jun 7, 2022
38aae08
Fix expected test output in mul_fixed::short.
therealyingtong Jun 7, 2022
274635a
halo2_gadgets::utilities: Add double_and_add helper.
therealyingtong Jul 5, 2022
789eeef
[book] Add double-and-add description.
therealyingtong Jul 5, 2022
99e7872
Utilities for endoscaling.
therealyingtong Dec 8, 2021
a816b74
recursion::endoscale: Add EndoscaleInstructions.
therealyingtong Dec 17, 2021
6b0fb68
endoscale::chip: Add skeleton EndoscaleConfig configuration.
therealyingtong Feb 28, 2022
211de0f
endoscale::chip: Implement witness_bitstring instruction.
therealyingtong Jun 8, 2022
32c2655
endoscale::chip::alg_1: Implement endoscale_fixed_base, endoscale_var…
therealyingtong Feb 28, 2022
92d8ae5
endoscale::chip::alg_2: Implement compute_endoscalar
therealyingtong Feb 28, 2022
a9bd1c0
compute_endoscalar: Implement support for partial chunks.
therealyingtong Mar 19, 2022
f3cb22a
endoscale::chip::alg_2: constrain_bitstring
therealyingtong Jul 3, 2022
1075246
Test endoscale chip.
therealyingtong Feb 9, 2022
6a2ba5e
Add description of endoscaling and public input handling (#599)
daira Jul 7, 2022
ddf48b3
utilities::bitstring: Introduce BitstringInstructions
therealyingtong Sep 27, 2022
f66d77c
[WIP] recursive_verifier::transcript: Introduce Transcript gadget
therealyingtong Sep 27, 2022
0124fdd
recursive_verifier: Introduce Verifier gadget
therealyingtong Sep 27, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
recursion::endoscale: Add EndoscaleInstructions.
therealyingtong committed Oct 24, 2022
commit a816b74e872b0ae8794af75ad9bcdd43cb550bba
77 changes: 77 additions & 0 deletions halo2_gadgets/src/endoscale.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,80 @@
//! Gadget for endoscaling.
use ff::PrimeFieldBits;
use halo2_proofs::{
circuit::{AssignedCell, Layouter, Value},
plonk::{Assigned, Error},
};
use pasta_curves::arithmetic::CurveAffine;
use std::fmt::Debug;

pub mod util;

/// Instructions to map bitstrings to and from endoscalars.
pub trait EndoscaleInstructions<C: CurveAffine>
where
C::Base: PrimeFieldBits,
{
/// A non-identity point.
type NonIdentityPoint: Clone + Debug;
/// A bitstring up to `MAX_BITSTRING_LENGTH` bits.
type Bitstring: Clone + Debug;
/// Enumeration of fixed bases used in endoscaling.
type FixedBases;
/// The maximum number of bits that can be represented by [`Self::Bitstring`].
/// When endoscaling with a base, each unique base can only support up to
/// `MAX_BITSTRING_LENGTH` bits.
const MAX_BITSTRING_LENGTH: usize;
/// The number of fixed bases available.
const NUM_FIXED_BASES: usize;

/// Witnesses a slice of bools as a vector of [`Self::Bitstring`]s.
fn witness_bitstring(
&self,
layouter: &mut impl Layouter<C::Base>,
bits: &[Value<bool>],
for_base: bool,
) -> Result<Vec<Self::Bitstring>, Error>;

/// Computes commitment (Alg 1) to a variable-length bitstring using the endoscaling
/// algorithm. Uses the fixed bases defined in [`Self::FixedBases`].
///
/// # Panics
/// Panics if bitstring.len() exceeds NUM_FIXED_BASES.
#[allow(clippy::type_complexity)]
fn endoscale_fixed_base(
&self,
layouter: &mut impl Layouter<C::Base>,
bitstring: Vec<Self::Bitstring>,
bases: Vec<Self::FixedBases>,
) -> Result<Vec<Self::NonIdentityPoint>, Error>;

/// Computes commitment (Alg 1) to a variable-length bitstring using the endoscaling
/// algorithm. Uses variable bases witnessed elsewhere in the circuit.
///
/// # Panics
/// Panics if bitstring.len() exceeds bases.len().
#[allow(clippy::type_complexity)]
fn endoscale_var_base(
&self,
layouter: &mut impl Layouter<C::Base>,
bitstring: Vec<Self::Bitstring>,
bases: Vec<Self::NonIdentityPoint>,
) -> Result<Vec<Self::NonIdentityPoint>, Error>;

/// Computes endoscalar (Alg 2) mapping to a variable-length bitstring using
/// the endoscaling algorithm.
fn compute_endoscalar(
&self,
layouter: &mut impl Layouter<C::Base>,
bitstring: &Self::Bitstring,
) -> Result<AssignedCell<Assigned<C::Base>, C::Base>, Error>;

/// Check that a witnessed bitstring corresponds to a range of endoscalars
/// provided as public inputs.
fn constrain_bitstring(
&self,
layouter: &mut impl Layouter<C::Base>,
bitstring: &Self::Bitstring,
pub_input_rows: Vec<usize>,
) -> Result<(), Error>;
}