Skip to content

Commit

Permalink
Remove IPA / Part1 (#377)
Browse files Browse the repository at this point in the history 
* Remove IPA base
* No longer commitments to instance in transcript.
* Remove binding from powerquery, fix docs
  • Loading branch information
@adria0
adria0 authored Nov 11, 2024
1 parent 433dfbb commit 0661f46
Show file tree
Hide file tree
Showing 32 changed files with 242 additions and 2,817 deletions.
1 change: 0 additions & 1 deletion halo2_backend/src/helpers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ pub enum SerdeFormat {
RawBytesUnchecked,
}

// Keep this trait for compatibility with IPA serialization
pub trait CurveRead: CurveAffine {
/// Reads a compressed element from the buffer and attempts to parse it
/// using `from_bytes`.
Expand Down
21 changes: 3 additions & 18 deletions halo2_backend/src/plonk/lookup/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,21 +30,16 @@ pub(in crate::plonk) struct Permuted<C: CurveAffine> {
compressed_input_expression: Polynomial<C::Scalar, LagrangeCoeff>,
permuted_input_expression: Polynomial<C::Scalar, LagrangeCoeff>,
permuted_input_poly: Polynomial<C::Scalar, Coeff>,
permuted_input_blind: Blind<C::Scalar>,
compressed_table_expression: Polynomial<C::Scalar, LagrangeCoeff>,
permuted_table_expression: Polynomial<C::Scalar, LagrangeCoeff>,
permuted_table_poly: Polynomial<C::Scalar, Coeff>,
permuted_table_blind: Blind<C::Scalar>,
}

#[derive(Debug)]
pub(in crate::plonk) struct Committed<C: CurveAffine> {
pub(in crate::plonk) permuted_input_poly: Polynomial<C::Scalar, Coeff>,
permuted_input_blind: Blind<C::Scalar>,
pub(in crate::plonk) permuted_table_poly: Polynomial<C::Scalar, Coeff>,
permuted_table_blind: Blind<C::Scalar>,
pub(in crate::plonk) product_poly: Polynomial<C::Scalar, Coeff>,
product_blind: Blind<C::Scalar>,
}

pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
Expand Down Expand Up @@ -130,15 +125,15 @@ where
let poly = pk.vk.domain.lagrange_to_coeff(values.clone());
let blind = Blind(C::Scalar::random(&mut rng));
let commitment = params.commit_lagrange(&engine.msm_backend, values, blind);
(poly, blind, commitment)
(poly, commitment)
};

// Commit to permuted input expression
let (permuted_input_poly, permuted_input_blind, permuted_input_commitment_projective) =
let (permuted_input_poly, permuted_input_commitment_projective) =
commit_values(&permuted_input_expression);

// Commit to permuted table expression
let (permuted_table_poly, permuted_table_blind, permuted_table_commitment_projective) =
let (permuted_table_poly, permuted_table_commitment_projective) =
commit_values(&permuted_table_expression);

let [permuted_input_commitment, permuted_table_commitment] = {
Expand All @@ -163,11 +158,9 @@ where
compressed_input_expression,
permuted_input_expression,
permuted_input_poly,
permuted_input_blind,
compressed_table_expression,
permuted_table_expression,
permuted_table_poly,
permuted_table_blind,
})
}

Expand Down Expand Up @@ -313,11 +306,8 @@ impl<C: CurveAffine> Permuted<C> {

Ok(Committed::<C> {
permuted_input_poly: self.permuted_input_poly,
permuted_input_blind: self.permuted_input_blind,
permuted_table_poly: self.permuted_table_poly,
permuted_table_blind: self.permuted_table_blind,
product_poly: z,
product_blind,
})
}
}
Expand Down Expand Up @@ -368,31 +358,26 @@ impl<C: CurveAffine> Evaluated<C> {
.chain(Some(ProverQuery {
point: *x,
poly: &self.constructed.product_poly,
blind: self.constructed.product_blind,
}))
// Open lookup input commitments at x
.chain(Some(ProverQuery {
point: *x,
poly: &self.constructed.permuted_input_poly,
blind: self.constructed.permuted_input_blind,
}))
// Open lookup table commitments at x
.chain(Some(ProverQuery {
point: *x,
poly: &self.constructed.permuted_table_poly,
blind: self.constructed.permuted_table_blind,
}))
// Open lookup input commitments at x_inv
.chain(Some(ProverQuery {
point: x_inv,
poly: &self.constructed.permuted_input_poly,
blind: self.constructed.permuted_input_blind,
}))
// Open lookup product commitments at x_next
.chain(Some(ProverQuery {
point: x_next,
poly: &self.constructed.product_poly,
blind: self.constructed.product_blind,
}))
}
}
Expand Down
14 changes: 3 additions & 11 deletions halo2_backend/src/plonk/permutation/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ use halo2_middleware::poly::Rotation;
/// It stores a single `Z_P` in [permutation argument specification](https://zcash.github.io/halo2/design/proving-system/permutation.html#argument-specification).
pub(crate) struct CommittedSet<C: CurveAffine> {
pub(crate) permutation_product_poly: Polynomial<C::Scalar, Coeff>,
permutation_product_blind: Blind<C::Scalar>,
}

/// Set of permutation product polynomials, which have been **committed**.
Expand Down Expand Up @@ -181,15 +180,13 @@ pub(in crate::plonk) fn permutation_commit<
let permutation_product_commitment = params
.commit_lagrange(&engine.msm_backend, &z, blind)
.to_affine();
let permutation_product_blind = blind;
let permutation_product_poly = domain.lagrange_to_coeff(z);

// Hash the permutation product commitment
transcript.write_point(permutation_product_commitment)?;

sets.push(CommittedSet {
permutation_product_poly,
permutation_product_blind,
});
}

Expand All @@ -201,11 +198,9 @@ impl<C: CurveAffine> super::ProvingKey<C> {
&self,
x: ChallengeX<C>,
) -> impl Iterator<Item = ProverQuery<'_, C>> + Clone {
self.polys.iter().map(move |poly| ProverQuery {
point: *x,
poly,
blind: Blind::default(),
})
self.polys
.iter()
.map(move |poly| ProverQuery { point: *x, poly })
}

pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
Expand Down Expand Up @@ -289,12 +284,10 @@ impl<C: CurveAffine> Evaluated<C> {
.chain(Some(ProverQuery {
point: *x,
poly: &set.permutation_product_poly,
blind: set.permutation_product_blind,
}))
.chain(Some(ProverQuery {
point: x_next,
poly: &set.permutation_product_poly,
blind: set.permutation_product_blind,
}))
}))
// Open it at \omega^{last} x for all but the last set. This rotation is only
Expand All @@ -310,7 +303,6 @@ impl<C: CurveAffine> Evaluated<C> {
Some(ProverQuery {
point: x_last,
poly: &set.permutation_product_poly,
blind: set.permutation_product_blind,
})
}),
)
Expand Down
87 changes: 6 additions & 81 deletions halo2_backend/src/plonk/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,39 +207,14 @@ impl<
return Err(Error::InstanceTooLarge);
}
for (poly, value) in poly.iter_mut().zip(values.iter()) {
if !P::QUERY_INSTANCE {
// Add to the transcript the instance polynomials lagrange value.
transcript.common_scalar(*value)?;
}
// Add to the transcript the instance polynomials lagrange value.
transcript.common_scalar(*value)?;
*poly = *value;
}
Ok(poly)
})
.collect::<Result<Vec<_>, _>>()?;

if P::QUERY_INSTANCE {
// Add to the transcript the commitments of the instance lagrange polynomials

let instance_commitments_projective: Vec<_> = instance_values
.iter()
.map(|poly| {
params.commit_lagrange(&engine.msm_backend, poly, Blind::default())
})
.collect();
let mut instance_commitments =
vec![Scheme::Curve::identity(); instance_commitments_projective.len()];
<Scheme::Curve as CurveAffine>::CurveExt::batch_normalize(
&instance_commitments_projective,
&mut instance_commitments,
);
let instance_commitments = instance_commitments;
drop(instance_commitments_projective);

for commitment in &instance_commitments {
transcript.common_point(*commitment)?;
}
}

// Convert from evaluation to coefficient form.

let instance_polys: Vec<_> = instance_values
Expand Down Expand Up @@ -587,9 +562,6 @@ impl<

let x_pow_n = x.pow([self.params.n()]);

// [TRANSCRIPT-16]
self.write_instance_evals(x)?;

// 10. Compute and hash advice evals for the circuit instance ------------------------------------
// [TRANSCRIPT-17]
self.write_advice_evals(x, &advice)?;
Expand Down Expand Up @@ -622,30 +594,15 @@ impl<
let shuffles_evaluated = self.evaluate_shuffles(x, shuffles_committed)?;

// 13. Generate all queries ([`ProverQuery`]) that needs to be sent to prover --------------------
let instances = std::mem::take(&mut self.instances);
let queries = instances
// group the instance, advice, permutation, lookups and shuffles
// group the advice, permutation, lookups and shuffles
let queries = advice
.iter()
.zip(advice.iter())
.zip(permutations_evaluated.iter())
.zip(lookups_evaluated.iter())
.zip(shuffles_evaluated.iter())
.flat_map(|((((instance, advice), permutation), lookups), shuffles)| {
.flat_map(|(((advice, permutation), lookups), shuffles)| {
// Build a (an iterator) over a set of ProverQueries for each instance, advice, permutatiom, lookup and shuffle
iter::empty()
// Instances
.chain(
P::QUERY_INSTANCE
.then_some(self.pk.vk.cs.instance_queries.iter().map(
move |&(column, at)| ProverQuery {
point: self.pk.vk.domain.rotate_omega(*x, at),
poly: &instance.instance_polys[column.index],
blind: Blind::default(),
},
))
.into_iter()
.flatten(),
)
// Advices
.chain(
self.pk
Expand All @@ -656,7 +613,6 @@ impl<
.map(move |&(column, at)| ProverQuery {
point: self.pk.vk.domain.rotate_omega(*x, at),
poly: &advice.advice_polys[column.index],
blind: advice.advice_blinds[column.index],
}),
)
// Permutations
Expand All @@ -676,7 +632,7 @@ impl<
.map(|&(column, at)| ProverQuery {
point: self.pk.vk.domain.rotate_omega(*x, at),
poly: &self.pk.fixed_polys[column.index],
blind: Blind::default(),
// blind: Blind::default(),
}),
)
// Copy constraints
Expand Down Expand Up @@ -909,37 +865,6 @@ impl<
Ok(vanishing)
}

fn write_instance_evals(&mut self, x: ChallengeX<Scheme::Curve>) -> Result<(), Error>
where
Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
{
if P::QUERY_INSTANCE {
// Compute and hash instance evals for the circuit instance
for instance in self.instances.iter() {
// Evaluate polynomials at omega^i x
let instance_evals: Vec<_> = self
.pk
.vk
.cs
.instance_queries
.iter()
.map(|&(column, at)| {
eval_polynomial(
&instance.instance_polys[column.index],
self.pk.vk.domain.rotate_omega(*x, at),
)
})
.collect();

// Hash each instance column evaluation
for eval in instance_evals.iter() {
self.transcript.write_scalar(*eval)?;
}
}
}
Ok(())
}

fn write_advice_evals(
&mut self,
x: ChallengeX<Scheme::Curve>,
Expand Down
8 changes: 1 addition & 7 deletions halo2_backend/src/plonk/shuffle/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ struct Compressed<C: CurveAffine> {
#[derive(Debug)]
pub(in crate::plonk) struct Committed<C: CurveAffine> {
pub(in crate::plonk) product_poly: Polynomial<C::Scalar, Coeff>,
product_blind: Blind<C::Scalar>,
}

pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
Expand Down Expand Up @@ -198,10 +197,7 @@ where
// Hash product commitment
transcript.write_point(product_commitment)?;

Ok(Committed::<C> {
product_poly: z,
product_blind,
})
Ok(Committed::<C> { product_poly: z })
}

impl<C: CurveAffine> Committed<C> {
Expand Down Expand Up @@ -242,13 +238,11 @@ impl<C: CurveAffine> Evaluated<C> {
.chain(Some(ProverQuery {
point: *x,
poly: &self.constructed.product_poly,
blind: self.constructed.product_blind,
}))
// Open shuffle product commitments at x_next
.chain(Some(ProverQuery {
point: x_next,
poly: &self.constructed.product_poly,
blind: self.constructed.product_blind,
}))
}
}
Loading

0 comments on commit 0661f46

Please sign in to comment.