From bc73f31dbc79ee5af0c4f1e8575c8826432a942f Mon Sep 17 00:00:00 2001 From: Jonathan Wang <31040440+jonathanpwang@users.noreply.github.com> Date: Tue, 13 Aug 2024 21:24:50 -0400 Subject: [PATCH 1/3] feat: update to halo2-axiom 0.5.0-rc.1 chore: update rust-toolchain for msrv 1.74 --- halo2-base/Cargo.toml | 14 ++++++++++---- rust-toolchain | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/halo2-base/Cargo.toml b/halo2-base/Cargo.toml index 500107b3..a46da0f4 100644 --- a/halo2-base/Cargo.toml +++ b/halo2-base/Cargo.toml @@ -24,9 +24,12 @@ getset = "0.1.2" ark-std = { version = "0.3.0", features = ["print-trace"], optional = true } # Use Axiom's custom halo2 monorepo for faster proving when feature = "halo2-axiom" is on -halo2_proofs_axiom = { version = "0.4", package = "halo2-axiom", optional = true } +halo2_proofs_axiom = { version = "0.5.0-rc.1", package = "halo2-axiom", optional = true } # Use PSE halo2 and halo2curves for compatibility when feature = "halo2-pse" is on -halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v0.3.0", features = ["circuit-params", "derive_serde"], optional = true } +halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v0.3.0", features = [ + "circuit-params", + "derive_serde", +], optional = true } # This is Scroll's audited poseidon circuit. We only use it for the Native Poseidon spec. We do not use the halo2 circuit at all (and it wouldn't even work because the halo2_proofs tag is not compatbile). # We forked it to upgrade to ff v0.13 and removed the circuit module @@ -49,7 +52,7 @@ env_logger = "0.10.0" proptest = "1.1.0" # native poseidon for testing pse-poseidon = { git = "https://github.com/axiom-crypto/pse-poseidon.git" } -clap = "=4.4" # fix clap version to prevent requiring rustc 1.74 +clap = "=4.4" # fix clap version to prevent requiring rustc 1.74 clap_builder = "=4.4" clap_lex = "=0.6.0" @@ -62,7 +65,10 @@ mimalloc = { version = "0.1", default-features = false, optional = true } [features] default = ["halo2-axiom", "display", "test-utils"] asm = ["halo2_proofs_axiom?/asm"] -dev-graph = ["halo2_proofs?/dev-graph", "plotters"] # only works with halo2-pse for now +dev-graph = [ + "halo2_proofs?/dev-graph", + "plotters", +] # only works with halo2-pse for now halo2-pse = ["halo2_proofs/circuit-params"] halo2-axiom = ["halo2_proofs_axiom"] display = [] diff --git a/rust-toolchain b/rust-toolchain index ee2d639b..10cd052b 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -nightly-2023-08-12 \ No newline at end of file +nightly-2024-07-25 From ec22e759ab03d7f67f68a84648979266068f59f2 Mon Sep 17 00:00:00 2001 From: Jonathan Wang <31040440+jonathanpwang@users.noreply.github.com> Date: Tue, 13 Aug 2024 23:31:06 -0400 Subject: [PATCH 2/3] chore: fix clippy --- halo2-base/src/gates/flex_gate/mod.rs | 3 ++- halo2-base/src/poseidon/hasher/mod.rs | 2 ++ halo2-base/src/poseidon/hasher/tests/mod.rs | 2 +- halo2-base/src/virtual_region/copy_constraints.rs | 2 +- halo2-base/src/virtual_region/lookups.rs | 4 ++-- halo2-ecc/src/bn254/final_exp.rs | 3 ++- halo2-ecc/src/ecc/mod.rs | 4 ++-- hashes/zkevm/src/keccak/component/circuit/tests/shard.rs | 2 +- hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs | 1 + hashes/zkevm/src/keccak/vanilla/tests.rs | 2 +- hashes/zkevm/src/sha256/vanilla/columns.rs | 1 + hashes/zkevm/src/sha256/vanilla/witness.rs | 1 + 12 files changed, 17 insertions(+), 10 deletions(-) diff --git a/halo2-base/src/gates/flex_gate/mod.rs b/halo2-base/src/gates/flex_gate/mod.rs index 5dea4228..e1b0856f 100644 --- a/halo2-base/src/gates/flex_gate/mod.rs +++ b/halo2-base/src/gates/flex_gate/mod.rs @@ -33,6 +33,7 @@ pub(super) const MAX_PHASE: usize = 3; /// * `a = value[0], b = value[1], c = value[2], d = value[3]` /// * `q = q_enable[0]` /// * `q` is either 0 or 1 so this is just a simple selector +/// /// We chose `a + b * c` instead of `a * b + c` to allow "chaining" of gates, i.e., the output of one gate because `a` in the next gate. /// /// A configuration for a basic gate chip describing the selector, and advice column values. @@ -137,7 +138,7 @@ impl FlexGateConfig { Self { basic_gates, constants, - /// Warning: this needs to be updated if you create more advice columns after this `FlexGateConfig` is created + // Warning: this needs to be updated if you create more advice columns after this `FlexGateConfig` is created max_rows: (1 << params.k) - meta.minimum_rows(), } } diff --git a/halo2-base/src/poseidon/hasher/mod.rs b/halo2-base/src/poseidon/hasher/mod.rs index b477edcf..333ab7ce 100644 --- a/halo2-base/src/poseidon/hasher/mod.rs +++ b/halo2-base/src/poseidon/hasher/mod.rs @@ -147,6 +147,7 @@ impl PoseidonHasher PoseidonHasher::new::<8, 57, 0>(); - let mds = vec![ + let mds = [ vec![ "7511745149465107256748700652201246547602992235352608707588321460060273774987", "10370080108974718697676803824769673834027675643658433702224577712625900127200", diff --git a/halo2-base/src/virtual_region/copy_constraints.rs b/halo2-base/src/virtual_region/copy_constraints.rs index 11a77944..3e7895f7 100644 --- a/halo2-base/src/virtual_region/copy_constraints.rs +++ b/halo2-base/src/virtual_region/copy_constraints.rs @@ -145,7 +145,7 @@ impl VirtualRegionManager for SharedCopyConstraintManager let mut fixed_col = 0; let mut fixed_offset = 0; for (c, _) in manager.constant_equalities.iter() { - if manager.assigned_constants.get(c).is_none() { + if !manager.assigned_constants.contains_key(c) { // this will panic if you run out of rows let cell = raw_assign_fixed(region, config[fixed_col], fixed_offset, *c); manager.assigned_constants.insert(*c, cell); diff --git a/halo2-base/src/virtual_region/lookups.rs b/halo2-base/src/virtual_region/lookups.rs index 7823a573..c350373e 100644 --- a/halo2-base/src/virtual_region/lookups.rs +++ b/halo2-base/src/virtual_region/lookups.rs @@ -25,9 +25,9 @@ pub mod basic; /// If we have a lookup argument that uses `ADVICE_COLS` advice columns and `TABLE_COLS` table columns, where /// the table is either fixed or dynamic (advice), then we want to dynamically allocate chunks of `ADVICE_COLS` columns /// that have the lookup into the table **always on** so that: -/// - every time we want to lookup [_; ADVICE_COLS] values, we copy them over to a row in the special +/// - every time we want to lookup [_; ADVICE_COLS] values, we copy them over to a row in the special /// lookup-enabled advice columns. -/// - note that just for assignment, we don't need to know anything about the table itself. +/// - note that just for assignment, we don't need to know anything about the table itself. /// Note: the manager does not need to know the value of `TABLE_COLS`. /// /// We want this manager to be CPU thread safe, while ensuring that the resulting circuit is diff --git a/halo2-ecc/src/bn254/final_exp.rs b/halo2-ecc/src/bn254/final_exp.rs index ae2ecac9..fcdf5d8c 100644 --- a/halo2-ecc/src/bn254/final_exp.rs +++ b/halo2-ecc/src/bn254/final_exp.rs @@ -123,6 +123,7 @@ impl<'chip, F: BigPrimeField> Fp12Chip<'chip, F> { /// Input: /// * `compression = [g2, g3, g4, g5]` where g_i are proper elements of Fp2 + /// /// Output: /// * `Decompress(compression) = g0 + g2 w + g4 w^2 + g1 w^3 + g3 w^4 + g5 w^5` where /// * All elements of output are proper elements of Fp2 and: @@ -132,7 +133,7 @@ impl<'chip, F: BigPrimeField> Fp12Chip<'chip, F> { /// g0 = (2 g1^2 + g2 * g5 - 3 g3*g4) * c + 1 /// if g2 = 0: /// g1 = (2 g4 * g5)/g3 - /// g0 = (2 g1^2 - 3 g3 * g4) * c + 1 + /// g0 = (2 g1^2 - 3 g3 * g4) * c + 1 pub fn cyclotomic_decompress( &self, ctx: &mut Context, diff --git a/halo2-ecc/src/ecc/mod.rs b/halo2-ecc/src/ecc/mod.rs index bef0ac15..3322121a 100644 --- a/halo2-ecc/src/ecc/mod.rs +++ b/halo2-ecc/src/ecc/mod.rs @@ -250,14 +250,14 @@ pub fn ec_sub_unequal>( /// /// Assumptions /// # Neither P or Q is the point at infinity -pub fn ec_sub_strict>( +pub fn ec_sub_strict( chip: &FC, ctx: &mut Context, P: impl Into>, Q: impl Into>, ) -> EcPoint where - FC: Selectable, + FC: FieldChip + Selectable, { let mut P = P.into(); let Q = Q.into(); diff --git a/hashes/zkevm/src/keccak/component/circuit/tests/shard.rs b/hashes/zkevm/src/keccak/component/circuit/tests/shard.rs index 17726327..06c81389 100644 --- a/hashes/zkevm/src/keccak/component/circuit/tests/shard.rs +++ b/hashes/zkevm/src/keccak/component/circuit/tests/shard.rs @@ -175,7 +175,7 @@ fn test_prove_shard_circuit_commit() { circuit.set_base_circuit_break_points(break_points); let circuit_outputs = multi_inputs_to_circuit_outputs::(&inputs, circuit_params.capacity()); - let instances = vec![vec![calculate_circuit_outputs_commit(&circuit_outputs)]]; + let instances = [vec![calculate_circuit_outputs_commit(&circuit_outputs)]]; let proof = gen_proof_with_instances( ¶ms, diff --git a/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs b/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs index 6a78efc9..196dff0d 100644 --- a/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs +++ b/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs @@ -49,6 +49,7 @@ pub(crate) struct AbsorbData { pub(crate) result: F, } +#[allow(dead_code)] /// SqueezeData #[derive(Clone, Default, Debug, PartialEq)] pub(crate) struct SqueezeData { diff --git a/hashes/zkevm/src/keccak/vanilla/tests.rs b/hashes/zkevm/src/keccak/vanilla/tests.rs index efade6c7..5831e6f3 100644 --- a/hashes/zkevm/src/keccak/vanilla/tests.rs +++ b/hashes/zkevm/src/keccak/vanilla/tests.rs @@ -36,7 +36,7 @@ pub struct KeccakCircuit { _marker: PhantomData, } -#[cfg(any(feature = "test", test))] +#[cfg(test)] impl Circuit for KeccakCircuit { type Config = KeccakCircuitConfig; type FloorPlanner = SimpleFloorPlanner; diff --git a/hashes/zkevm/src/sha256/vanilla/columns.rs b/hashes/zkevm/src/sha256/vanilla/columns.rs index 844beecd..63ab561c 100644 --- a/hashes/zkevm/src/sha256/vanilla/columns.rs +++ b/hashes/zkevm/src/sha256/vanilla/columns.rs @@ -16,6 +16,7 @@ pub struct ShaTable { /// a SHA256 input block ([SHA256_NUM_ROWS] = 72 rows): If offset is in /// Encoded input: /// - [NUM_START_ROWS]..[NUM_START_ROWS] + [NUM_WORDS_TO_ABSORB]: Raw SHA256 word([NUM_BYTES_PER_WORD] bytes) of inputs + /// /// SHA256 hash of input in hi-lo format: /// - [SHA256_NUM_ROWS] - 2: output.hi() /// - [SHA256_NUM_ROWS] - 1: output.lo() diff --git a/hashes/zkevm/src/sha256/vanilla/witness.rs b/hashes/zkevm/src/sha256/vanilla/witness.rs index db95d9e6..0e70eaae 100644 --- a/hashes/zkevm/src/sha256/vanilla/witness.rs +++ b/hashes/zkevm/src/sha256/vanilla/witness.rs @@ -43,6 +43,7 @@ struct AssignedShaTableRow<'v, F: Field> { /// This cell contains different IO data depending on the `offset` of the row within /// a SHA256 input block ([SHA256_NUM_ROWS] = 72 rows): /// - When `q_input` is true (offset in [NUM_START_ROWS]..[NUM_START_ROWS] + [NUM_WORDS_TO_ABSORB]): Raw SHA256 word([NUM_BYTES_PER_WORD] bytes) of inputs. u32 input word, little-endian. + /// /// SHA256 hash of input in hi-lo format: /// - When offset is [SHA256_NUM_ROWS] - 2: output.hi() /// - When `q_squeeze` (offset equals [SHA256_NUM_ROWS] - 1): output.lo() From 2b70938069f85f7b8e39bfc7d9008e09b74f3fa2 Mon Sep 17 00:00:00 2001 From: Jonathan Wang <31040440+jonathanpwang@users.noreply.github.com> Date: Tue, 13 Aug 2024 23:33:43 -0400 Subject: [PATCH 3/3] chore: update should_panic message --- halo2-ecc/src/secp256k1/tests/ecdsa_tests.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/halo2-ecc/src/secp256k1/tests/ecdsa_tests.rs b/halo2-ecc/src/secp256k1/tests/ecdsa_tests.rs index d3d47da7..c4002722 100644 --- a/halo2-ecc/src/secp256k1/tests/ecdsa_tests.rs +++ b/halo2-ecc/src/secp256k1/tests/ecdsa_tests.rs @@ -28,14 +28,18 @@ fn custom_parameters_ecdsa(sk: u64, msg_hash: u64, k: u64) -> ECDSAInput { } #[test] -#[should_panic(expected = "assertion failed: `(left == right)`")] +#[should_panic( + expected = "assertion `left == right` failed\n left: 0x0000000000000000000000000000000000000000000000000000000000000000\n right: 0x0000000000000000000000000000000000000000000000000000000000000001" +)] fn test_ecdsa_msg_hash_zero() { let input = custom_parameters_ecdsa(random::(), 0, random::()); run_test(input); } #[test] -#[should_panic(expected = "assertion failed: `(left == right)`")] +#[should_panic( + expected = "assertion `left == right` failed\n left: 0x0000000000000000000000000000000000000000000000000000000000000000\n right: 0x0000000000000000000000000000000000000000000000000000000000000001" +)] fn test_ecdsa_private_key_zero() { let input = custom_parameters_ecdsa(0, random::(), random::()); run_test(input);