diff --git a/Cargo.lock b/Cargo.lock index 8e5093868d..dc9fa0ed5d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -80,7 +80,7 @@ dependencies = [ "fnv", "franklin-crypto", "hex", - "hex-literal 0.2.2", + "hex-literal", "itertools 0.8.2", "log", "num", @@ -97,50 +97,6 @@ dependencies = [ "wasmer", ] -[[package]] -name = "allocator-api2" -version = "0.2.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5" - -[[package]] -name = "alloy-primitives" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0628ec0ba5b98b3370bb6be17b12f23bfce8ee4ad83823325a20546d9b03b78" -dependencies = [ - "alloy-rlp", - "bytes", - "cfg-if 1.0.0", - "const-hex", - "derive_more 0.99.17", - "hex-literal 0.4.1", - "itoa", - "ruint", - "tiny-keccak 2.0.2", -] - -[[package]] -name = "alloy-rlp" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc0fac0fc16baf1f63f78b47c3d24718f3619b0714076f6a02957d808d52cbef" -dependencies = [ - "alloy-rlp-derive", - "bytes", -] - -[[package]] -name = "alloy-rlp-derive" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0391754c09fab4eae3404d19d0d297aa1c670c1775ab51d8a5312afeca23157" -dependencies = [ - "proc-macro2 1.0.70", - "quote 1.0.33", - "syn 2.0.39", -] - [[package]] name = "analysis" version = "0.1.0" @@ -468,18 +424,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "auto_impl" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fee3da8ef1276b0bee5dd1c7258010d8fffd31801447323115a25560e1327b89" -dependencies = [ - "proc-macro-error", - "proc-macro2 1.0.70", - "quote 1.0.33", - "syn 1.0.109", -] - [[package]] name = "autocfg" version = "0.1.8" @@ -502,7 +446,6 @@ dependencies = [ "ast 0.1.0", "bberg", "env_logger", - "halo2", "log", "mktemp", "number 0.1.0", @@ -530,12 +473,6 @@ dependencies = [ "rustc-demangle", ] -[[package]] -name = "base16ct" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" - [[package]] name = "base64" version = "0.10.1" @@ -683,18 +620,7 @@ checksum = "fdc60350286c7c3db13b98e91dbe5c8b6830a6821bc20af5b0c310ce94d74915" dependencies = [ "arrayvec 0.4.12", "byteorder", - "constant_time_eq 0.1.5", -] - -[[package]] -name = "blake2b_simd" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23285ad32269793932e830392f2fe2f83e26488fd3ec778883a93c8323735780" -dependencies = [ - "arrayref", - "arrayvec 0.7.4", - "constant_time_eq 0.3.0", + "constant_time_eq", ] [[package]] @@ -704,7 +630,7 @@ source = "git+https://github.com/matter-labs/bellman?branch=beta#416f79d3f93fc85 dependencies = [ "arrayref", "arrayvec 0.5.2", - "constant_time_eq 0.1.5", + "constant_time_eq", ] [[package]] @@ -715,7 +641,7 @@ checksum = "9e461a7034e85b211a4acb57ee2e6730b32912b06c08cc242243c39fc21ae6a2" dependencies = [ "arrayref", "arrayvec 0.5.2", - "constant_time_eq 0.1.5", + "constant_time_eq", ] [[package]] @@ -978,7 +904,6 @@ dependencies = [ "criterion", "env_logger", "executor", - "halo2", "importer", "itertools 0.10.5", "linker", @@ -994,37 +919,12 @@ dependencies = [ "walkdir", ] -[[package]] -name = "const-hex" -version = "1.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5104de16b218eddf8e34ffe2f86f74bfa4e61e95a1b89732fccf6325efd0557" -dependencies = [ - "cfg-if 1.0.0", - "cpufeatures", - "hex", - "proptest", - "serde", -] - -[[package]] -name = "const-oid" -version = "0.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" - [[package]] name = "constant_time_eq" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" -[[package]] -name = "constant_time_eq" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2" - [[package]] name = "convert_case" version = "0.4.0" @@ -1283,18 +1183,6 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" -[[package]] -name = "crypto-bigint" -version = "0.5.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" -dependencies = [ - "generic-array 0.14.7", - "rand_core 0.6.4", - "subtle", - "zeroize", -] - [[package]] name = "crypto-common" version = "0.1.6" @@ -1317,9 +1205,9 @@ dependencies = [ [[package]] name = "crypto-mac" -version = "0.11.1" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" +checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e" dependencies = [ "generic-array 0.14.7", "subtle", @@ -1393,16 +1281,6 @@ dependencies = [ "parking_lot_core 0.9.9", ] -[[package]] -name = "der" -version = "0.7.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" -dependencies = [ - "const-oid", - "zeroize", -] - [[package]] name = "derivative" version = "2.2.0" @@ -1472,9 +1350,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer 0.10.4", - "const-oid", "crypto-common", - "subtle", ] [[package]] @@ -1498,56 +1374,12 @@ dependencies = [ "winapi", ] -[[package]] -name = "ecc" -version = "0.1.0" -source = "git+https://github.com/privacy-scaling-explorations/halo2wrong?tag=v2023_04_20#f72db265aa3cebe297c9b9816e940d0e1d400886" -dependencies = [ - "integer", - "num-bigint 0.4.4", - "num-integer", - "num-traits", - "rand 0.8.5", - "subtle", -] - -[[package]] -name = "ecdsa" -version = "0.16.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" -dependencies = [ - "der", - "digest 0.10.7", - "elliptic-curve", - "rfc6979", - "signature", -] - [[package]] name = "either" version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" -[[package]] -name = "elliptic-curve" -version = "0.13.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" -dependencies = [ - "base16ct", - "crypto-bigint", - "digest 0.10.7", - "ff", - "generic-array 0.14.7", - "group", - "rand_core 0.6.4", - "sec1", - "subtle", - "zeroize", -] - [[package]] name = "ena" version = "0.14.2" @@ -1577,17 +1409,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "enumn" -version = "0.1.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2ad8cef1d801a4686bfd8919f0b30eac4c8e48968c437a6405ded4fb5272d2b" -dependencies = [ - "proc-macro2 1.0.70", - "quote 1.0.33", - "syn 2.0.39", -] - [[package]] name = "enumset" version = "1.1.3" @@ -1673,7 +1494,7 @@ dependencies = [ "hex", "serde", "serde_json", - "sha3 0.9.1", + "sha3", "thiserror", "uint 0.9.5", ] @@ -1769,17 +1590,6 @@ version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" -[[package]] -name = "ff" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" -dependencies = [ - "bitvec 1.0.1", - "rand_core 0.6.4", - "subtle", -] - [[package]] name = "ff_ce" version = "0.11.0" @@ -1891,7 +1701,7 @@ dependencies = [ "byteorder", "digest 0.9.0", "hex", - "hmac 0.11.0", + "hmac", "itertools 0.9.0", "num-bigint 0.3.3", "num-integer", @@ -2033,7 +1843,6 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", - "zeroize", ] [[package]] @@ -2075,96 +1884,12 @@ version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" -[[package]] -name = "group" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" -dependencies = [ - "ff", - "rand_core 0.6.4", - "subtle", -] - [[package]] name = "half" version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" -[[package]] -name = "halo2" -version = "0.1.0" -dependencies = [ - "airgen", - "analysis 0.1.0", - "ast 0.1.0", - "compiler", - "env_logger", - "executor", - "halo2_proofs", - "halo2curves", - "importer", - "itertools 0.10.5", - "linker", - "log", - "num-bigint 0.4.4", - "num-integer", - "num-traits", - "number 0.1.0", - "parser 0.1.0", - "pil_analyzer 0.1.0", - "polyexen", - "rand 0.8.5", - "snark-verifier", - "test-log", -] - -[[package]] -name = "halo2_proofs" -version = "0.2.0" -source = "git+https://github.com/powdr-org/halo2?branch=kilic/shuffle#410bfdfa3ee9b37a990562d2f2639a4b2efe877b" -dependencies = [ - "blake2b_simd", - "ff", - "group", - "halo2curves", - "rand_chacha 0.3.1", - "rand_core 0.6.4", - "rayon", - "sha3 0.9.1", - "tracing", -] - -[[package]] -name = "halo2curves" -version = "0.3.2" -source = "git+https://github.com/privacy-scaling-explorations/halo2curves?tag=0.3.2#9f5c50810bbefe779ee5cf1d852b2fe85dc35d5e" -dependencies = [ - "ff", - "group", - "lazy_static", - "num-bigint 0.4.4", - "num-traits", - "pasta_curves", - "paste", - "rand 0.8.5", - "rand_core 0.6.4", - "static_assertions 1.1.0", - "subtle", -] - -[[package]] -name = "halo2wrong" -version = "0.1.0" -source = "git+https://github.com/privacy-scaling-explorations/halo2wrong?tag=v2023_04_20#f72db265aa3cebe297c9b9816e940d0e1d400886" -dependencies = [ - "halo2_proofs", - "num-bigint 0.4.4", - "num-integer", - "num-traits", -] - [[package]] name = "handlebars" version = "3.5.5" @@ -2202,10 +1927,6 @@ name = "hashbrown" version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" -dependencies = [ - "ahash 0.8.6", - "allocator-api2", -] [[package]] name = "heapsize" @@ -2253,12 +1974,6 @@ dependencies = [ "proc-macro-hack", ] -[[package]] -name = "hex-literal" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46" - [[package]] name = "hex-literal-impl" version = "0.2.3" @@ -2274,19 +1989,10 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" dependencies = [ - "crypto-mac 0.11.1", + "crypto-mac 0.11.0", "digest 0.9.0", ] -[[package]] -name = "hmac" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" -dependencies = [ - "digest 0.10.7", -] - [[package]] name = "humantime" version = "2.1.0" @@ -2415,19 +2121,6 @@ dependencies = [ "hashbrown 0.14.3", ] -[[package]] -name = "integer" -version = "0.1.0" -source = "git+https://github.com/privacy-scaling-explorations/halo2wrong?tag=v2023_04_20#f72db265aa3cebe297c9b9816e940d0e1d400886" -dependencies = [ - "maingate", - "num-bigint 0.4.4", - "num-integer", - "num-traits", - "rand 0.8.5", - "subtle", -] - [[package]] name = "is-terminal" version = "0.4.9" @@ -2503,18 +2196,6 @@ dependencies = [ "serde_json", ] -[[package]] -name = "k256" -version = "0.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f01b677d82ef7a676aa37e099defd83a28e15687112cafdd112d60236b6115b" -dependencies = [ - "cfg-if 1.0.0", - "ecdsa", - "elliptic-curve", - "sha2 0.10.8", -] - [[package]] name = "keccak" version = "0.1.4" @@ -2560,9 +2241,6 @@ name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -dependencies = [ - "spin", -] [[package]] name = "leb128" @@ -2646,19 +2324,6 @@ dependencies = [ "libc", ] -[[package]] -name = "maingate" -version = "0.1.0" -source = "git+https://github.com/privacy-scaling-explorations/halo2wrong?tag=v2023_04_20#f72db265aa3cebe297c9b9816e940d0e1d400886" -dependencies = [ - "halo2wrong", - "num-bigint 0.4.4", - "num-integer", - "num-traits", - "rand 0.8.5", - "subtle", -] - [[package]] name = "matches" version = "0.1.10" @@ -2723,12 +2388,6 @@ dependencies = [ "autocfg 1.1.0", ] -[[package]] -name = "minimal-lexical" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" - [[package]] name = "miniz_oxide" version = "0.7.1" @@ -2765,16 +2424,6 @@ version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72ef4a56884ca558e5ddb05a1d1e7e1bfd9a68d9ed024c21704cc98872dae1bb" -[[package]] -name = "nom" -version = "7.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" -dependencies = [ - "memchr", - "minimal-lexical", -] - [[package]] name = "num" version = "0.4.1" @@ -2820,7 +2469,6 @@ dependencies = [ "autocfg 1.1.0", "num-integer", "num-traits", - "rand 0.8.5", ] [[package]] @@ -3107,21 +2755,6 @@ dependencies = [ "lalrpop-util", ] -[[package]] -name = "pasta_curves" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095" -dependencies = [ - "blake2b_simd", - "ff", - "group", - "lazy_static", - "rand 0.8.5", - "static_assertions 1.1.0", - "subtle", -] - [[package]] name = "paste" version = "1.0.14" @@ -3267,7 +2900,7 @@ dependencies = [ "franklin-crypto", "handlebars", "hex", - "hex-literal 0.2.2", + "hex-literal", "itertools 0.8.2", "log", "num", @@ -3308,34 +2941,6 @@ dependencies = [ "plotters-backend", ] -[[package]] -name = "polyexen" -version = "0.1.0" -source = "git+https://github.com/Dhole/polyexen?branch=feature/shuffles#53c57e072925fbd114957fee5dc0357aaadd462f" -dependencies = [ - "halo2_proofs", - "lazy_static", - "log", - "nom", - "num-bigint 0.4.4", - "num-integer", - "num-traits", - "pest", - "pest_derive", - "rand 0.8.5", - "rand_chacha 0.3.1", - "static_assertions 1.1.0", -] - -[[package]] -name = "poseidon" -version = "0.2.0" -source = "git+https://github.com/privacy-scaling-explorations/poseidon?tag=v2023_04_20#807f8f555313f726ca03bdf941f798098f488ba4" -dependencies = [ - "halo2curves", - "subtle", -] - [[package]] name = "poseidon_hash" version = "0.0.1" @@ -3364,7 +2969,6 @@ dependencies = [ "clap-markdown", "compiler", "env_logger", - "halo2", "log", "number 0.1.0", "parser 0.1.0", @@ -3910,76 +3514,6 @@ dependencies = [ "bytecheck", ] -[[package]] -name = "revm" -version = "3.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68f4ca8ae0345104523b4af1a8a7ea97cfa1865cdb7a7c25d23c1a18d9b48598" -dependencies = [ - "auto_impl", - "revm-interpreter", - "revm-precompile", -] - -[[package]] -name = "revm-interpreter" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f959cafdf64a7f89b014fa73dc2325001cf654b3d9400260b212d19a2ebe3da0" -dependencies = [ - "revm-primitives", -] - -[[package]] -name = "revm-precompile" -version = "2.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d360a88223d85709d2e95d4609eb1e19c649c47e28954bfabae5e92bb37e83e" -dependencies = [ - "k256", - "num", - "once_cell", - "revm-primitives", - "ripemd", - "sha2 0.10.8", - "substrate-bn", -] - -[[package]] -name = "revm-primitives" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51187b852d9e458816a2e19c81f1dd6c924077e1a8fccd16e4f044f865f299d7" -dependencies = [ - "alloy-primitives", - "alloy-rlp", - "auto_impl", - "bitflags 2.4.1", - "bitvec 1.0.1", - "enumn", - "hashbrown 0.14.3", - "hex", -] - -[[package]] -name = "rfc6979" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" -dependencies = [ - "hmac 0.12.1", - "subtle", -] - -[[package]] -name = "ripemd" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" -dependencies = [ - "digest 0.10.7", -] - [[package]] name = "riscv" version = "0.1.0" @@ -4062,27 +3596,6 @@ dependencies = [ "rustc-hex", ] -[[package]] -name = "ruint" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608a5726529f2f0ef81b8fde9873c4bb829d6b5b5ca6be4d97345ddf0749c825" -dependencies = [ - "alloy-rlp", - "proptest", - "rand 0.8.5", - "ruint-macro", - "serde", - "valuable", - "zeroize", -] - -[[package]] -name = "ruint-macro" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e666a5496a0b2186dbcd0ff6106e29e093c15591bde62c20d3842007c6978a09" - [[package]] name = "rustc-demangle" version = "0.1.23" @@ -4171,19 +3684,6 @@ version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b" -[[package]] -name = "sec1" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" -dependencies = [ - "base16ct", - "der", - "generic-array 0.14.7", - "subtle", - "zeroize", -] - [[package]] name = "semver" version = "0.9.0" @@ -4295,26 +3795,6 @@ dependencies = [ "opaque-debug 0.3.0", ] -[[package]] -name = "sha3" -version = "0.10.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" -dependencies = [ - "digest 0.10.7", - "keccak", -] - -[[package]] -name = "signature" -version = "2.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" -dependencies = [ - "digest 0.10.7", - "rand_core 0.6.4", -] - [[package]] name = "simdutf8" version = "0.1.4" @@ -4363,32 +3843,6 @@ version = "1.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" -[[package]] -name = "snark-verifier" -version = "0.1.1" -source = "git+https://github.com/privacy-scaling-explorations/snark-verifier#9feead7d4dbad951e6aa1d572230b1c098ec8040" -dependencies = [ - "ecc", - "halo2_proofs", - "halo2curves", - "hex", - "itertools 0.10.5", - "lazy_static", - "num-bigint 0.4.4", - "num-integer", - "num-traits", - "poseidon", - "rand 0.8.5", - "revm", - "sha3 0.10.8", -] - -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "splitmut" version = "0.2.1" @@ -4480,24 +3934,11 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "substrate-bn" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b5bbfa79abbae15dd642ea8176a21a635ff3c00059961d1ea27ad04e5b441c" -dependencies = [ - "byteorder", - "crunchy", - "lazy_static", - "rand 0.8.5", - "rustc-hex", -] - [[package]] name = "subtle" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" @@ -4861,12 +4302,6 @@ dependencies = [ "getrandom 0.2.11", ] -[[package]] -name = "valuable" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" - [[package]] name = "version_check" version = "0.9.4" diff --git a/Cargo.toml b/Cargo.toml index 4b1cca2075..5c622095d0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,6 @@ members = [ "compiler", "pilopt", "asm_to_pil", - "halo2", "backend", "bberg", "bberg_pil_cli", @@ -26,15 +25,6 @@ members = [ "riscv_executor", ] -[patch."https://github.com/privacy-scaling-explorations/halo2.git"] -# TODO change back to this once the PR is merged -#halo2_proofs = { git = "https://github.com/appliedzkp/halo2.git", rev = "d3746109d7d38be53afc8ddae8fdfaf1f02ad1d7" } -halo2_proofs = { git = "https://github.com/powdr-org/halo2", branch = "kilic/shuffle" } - -[patch.crates-io] -# TODO change back to this once the PR is merged -#halo2_proofs = { git = "https://github.com/appliedzkp/halo2.git", rev = "d3746109d7d38be53afc8ddae8fdfaf1f02ad1d7" } -halo2_proofs = { git = "https://github.com/powdr-org/halo2", branch = "kilic/shuffle" } [profile.pr-tests] inherits = "dev" diff --git a/backend/Cargo.toml b/backend/Cargo.toml index 9c958ff4c5..2114a0bdae 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -4,12 +4,8 @@ version = "0.1.0" edition = "2021" [features] -halo2 = ["dep:halo2"] -# TODO: enable feature flag for bberg backend -# bberg = ["dep:bberg"] [dependencies] -halo2 = { path = "../halo2", optional = true } bberg = { path = "../bberg"} pil_analyzer = { path = "../pil_analyzer" } diff --git a/backend/src/BBergCodegen::assert_field_is_compatible:: b/backend/src/BBergCodegen::assert_field_is_compatible:: deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/backend/src/halo2_impl.rs b/backend/src/halo2_impl.rs deleted file mode 100644 index 0368e9516d..0000000000 --- a/backend/src/halo2_impl.rs +++ /dev/null @@ -1,64 +0,0 @@ -use std::io::{self}; - -use crate::{BackendImpl, BackendImplWithSetup, Proof}; -use ast::analyzed::Analyzed; -use halo2::Halo2Prover; -use number::{DegreeType, FieldElement}; - -impl BackendImpl for Halo2Prover { - fn new(degree: DegreeType) -> Self { - Halo2Prover::assert_field_is_compatible::(); - Halo2Prover::new(degree) - } - - fn prove( - &self, - pil: &Analyzed, - fixed: &[(String, Vec)], - witness: &[(String, Vec)], - prev_proof: Option, - _name: Option, - ) -> (Option, Option) { - let proof = match prev_proof { - Some(proof) => self.prove_aggr(pil, fixed, witness, proof), - None => self.prove_ast(pil, fixed, witness), - }; - - (Some(proof), None) - } -} - -impl BackendImplWithSetup for Halo2Prover { - fn new_from_setup(mut input: &mut dyn io::Read) -> Result { - Halo2Prover::assert_field_is_compatible::(); - Halo2Prover::new_from_setup(&mut input) - } - - fn write_setup(&self, mut output: &mut dyn io::Write) -> Result<(), io::Error> { - self.write_setup(&mut output) - } -} - -pub struct Halo2Mock; -impl BackendImpl for Halo2Mock { - fn new(_degree: DegreeType) -> Self { - Self - } - - fn prove( - &self, - pil: &Analyzed, - fixed: &[(String, Vec)], - witness: &[(String, Vec)], - prev_proof: Option, - _name: Option, - ) -> (Option, Option) { - if prev_proof.is_some() { - unimplemented!("Halo2Mock backend does not support aggregation"); - } - - halo2::mock_prove(pil, fixed, witness); - - (None, None) - } -} diff --git a/backend/src/lib.rs b/backend/src/lib.rs index d318484b5a..9b69baa76d 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -2,8 +2,6 @@ // #[cfg(feature = "bberg")] mod bberg_impl; -#[cfg(feature = "halo2")] -mod halo2_impl; mod pilstark; use ast::analyzed::Analyzed; @@ -16,12 +14,6 @@ pub enum BackendType { // #[cfg(feature = "bberg")] #[strum(serialize = "bberg")] BBerg, - #[cfg(feature = "halo2")] - #[strum(serialize = "halo2")] - Halo2, - #[cfg(feature = "halo2")] - #[strum(serialize = "halo2-mock")] - Halo2Mock, #[strum(serialize = "estark")] EStark, #[strum(serialize = "pil-stark-cli")] @@ -30,11 +22,6 @@ pub enum BackendType { impl BackendType { pub fn factory(&self) -> &'static dyn BackendFactory { - #[cfg(feature = "halo2")] - const HALO2_FACTORY: WithSetupFactory = WithSetupFactory(PhantomData); - #[cfg(feature = "halo2")] - const HALO2_MOCK_FACTORY: WithoutSetupFactory = - WithoutSetupFactory(PhantomData); const ESTARK_FACTORY: WithoutSetupFactory = WithoutSetupFactory(PhantomData); const PIL_STARK_CLI_FACTORY: WithoutSetupFactory = @@ -43,10 +30,6 @@ impl BackendType { WithoutSetupFactory(PhantomData); match self { - #[cfg(feature = "halo2")] - BackendType::Halo2 => &HALO2_FACTORY, - #[cfg(feature = "halo2")] - BackendType::Halo2Mock => &HALO2_MOCK_FACTORY, BackendType::PilStarkCli => &PIL_STARK_CLI_FACTORY, BackendType::EStark => &ESTARK_FACTORY, BackendType::BBerg => &BBERG_FACTORY, diff --git a/compiler/Cargo.toml b/compiler/Cargo.toml index 15295e7094..22c4a58eb0 100644 --- a/compiler/Cargo.toml +++ b/compiler/Cargo.toml @@ -3,9 +3,6 @@ name = "compiler" version = "0.1.0" edition = "2021" -[features] -halo2 = ["dep:halo2", "backend/halo2"] - [dependencies] backend = { path = "../backend" } itertools = "^0.10" @@ -18,7 +15,6 @@ executor = { path = "../executor" } pilopt = { path = "../pilopt" } asm_to_pil = { path = "../asm_to_pil" } pil_analyzer = { path = "../pil_analyzer" } -halo2 = { path = "../halo2", optional = true } ast = { path = "../ast" } analysis = { path = "../analysis" } linker = { path = "../linker" } diff --git a/halo2/Cargo.toml b/halo2/Cargo.toml deleted file mode 100644 index 6072a3a366..0000000000 --- a/halo2/Cargo.toml +++ /dev/null @@ -1,30 +0,0 @@ -[package] -name = "halo2" -version = "0.1.0" -edition = "2021" - -[dependencies] -number = { path = "../number" } -pil_analyzer = { path = "../pil_analyzer" } -ast = { path = "../ast" } -polyexen = { git = "https://github.com/Dhole/polyexen", branch = "feature/shuffles" } -halo2_proofs = "0.2" -halo2_curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "0.3.2", package = "halo2curves" } -snark-verifier = { git = "https://github.com/privacy-scaling-explorations/snark-verifier" } -num-traits = "0.2.15" -num-integer = "0.1.45" -itertools = "^0.10" -num-bigint = "^0.4" -log = "0.4.17" -rand = "0.8.5" - -[dev-dependencies] -importer = { path = "../importer" } -analysis = { path = "../analysis" } -compiler = { path = "../compiler" } -executor = { path = "../executor" } -parser = { path = "../parser" } -airgen = { path = "../airgen" } -test-log = "0.2.12" -env_logger = "0.10.0" -linker = { path = "../linker" } diff --git a/halo2/src/aggregation.rs b/halo2/src/aggregation.rs deleted file mode 100644 index 99ba13a94b..0000000000 --- a/halo2/src/aggregation.rs +++ /dev/null @@ -1,397 +0,0 @@ -use halo2_proofs::{ - circuit::{Layouter, SimpleFloorPlanner, Value}, - halo2curves::{ - bn256::{Bn256, Fq, Fr, G1Affine}, - ff::Field, - }, - plonk::{self, Circuit, ConstraintSystem, Error, VerifyingKey}, - poly::{commitment::ParamsProver, kzg::commitment::ParamsKZG}, -}; -use halo2_wrong_ecc::{ - integer::rns::Rns, - maingate::{ - MainGate, MainGateConfig, MainGateInstructions, RangeChip, RangeConfig, RangeInstructions, - RegionCtx, - }, - EccConfig, -}; -use snark_verifier::{ - loader::{ - self, - evm::{self, deploy_and_call, encode_calldata, EvmLoader}, - halo2::halo2_wrong_ecc, - native::NativeLoader, - }, - pcs::{ - kzg::{ - Gwc19, KzgAccumulator, KzgAs, KzgSuccinctVerifyingKey, LimbsEncoding, - LimbsEncodingInstructions, - }, - AccumulationScheme, AccumulationSchemeProver, - }, - system::{ - self, - halo2::{compile, transcript::evm::EvmTranscript, Config}, - }, - util::arithmetic::{fe_to_limbs, PrimeField}, - verifier::{self, plonk::PlonkProtocol, SnarkVerifier}, -}; - -use itertools::Itertools; -use rand::rngs::OsRng; -use std::rc::Rc; - -// Comment copied/adjusted from snark-verifier: -// """ -// Since in circuit everything is in scalar field, but `Accumulator` might contain base field -// elements, we split them into limbs. -// LIMBS and BITS represent how many limbs a base field element is split into and how many bits -// each limb has. -// """ -const LIMBS: usize = 4; -const BITS: usize = 68; - -type As = KzgAs; -type PlonkSuccinctVerifier = verifier::plonk::PlonkSuccinctVerifier>; -type PlonkVerifier = verifier::plonk::PlonkVerifier>; - -const T: usize = 5; -const RATE: usize = 4; -const R_F: usize = 8; -const R_P: usize = 60; - -type Svk = KzgSuccinctVerifyingKey; -type BaseFieldEccChip = halo2_wrong_ecc::BaseFieldEccChip; -type Halo2Loader<'a> = loader::halo2::Halo2Loader<'a, G1Affine, BaseFieldEccChip>; -pub type PoseidonTranscript = - system::halo2::transcript::halo2::PoseidonTranscript; - -#[derive(Clone)] -pub struct Snark { - protocol: PlonkProtocol, - instances: Vec>, - proof: Vec, -} - -impl Snark { - pub fn new(protocol: PlonkProtocol, instances: Vec>, proof: Vec) -> Self { - Self { - protocol, - instances, - proof, - } - } - - pub fn new_without_witness(protocol: PlonkProtocol) -> Self { - let instances = protocol - .num_instance - .iter() - .map(|n| vec![Fr::ZERO; *n]) - .collect_vec(); - Self { - protocol, - instances, - proof: Default::default(), - } - } -} - -impl From for SnarkWitness { - fn from(snark: Snark) -> Self { - Self { - protocol: snark.protocol, - instances: snark - .instances - .into_iter() - .map(|instances| instances.into_iter().map(Value::known).collect_vec()) - .collect(), - proof: Value::known(snark.proof), - } - } -} - -#[derive(Clone)] -pub struct SnarkWitness { - protocol: PlonkProtocol, - instances: Vec>>, - proof: Value>, -} - -impl SnarkWitness { - fn without_witnesses(&self) -> Self { - SnarkWitness { - protocol: self.protocol.clone(), - instances: self - .instances - .iter() - .map(|instances| vec![Value::unknown(); instances.len()]) - .collect(), - proof: Value::unknown(), - } - } - - fn proof(&self) -> Value<&[u8]> { - self.proof.as_ref().map(Vec::as_slice) - } -} - -pub fn aggregate<'a>( - svk: &Svk, - loader: &Rc>, - snarks: &[SnarkWitness], - as_proof: Value<&'_ [u8]>, -) -> KzgAccumulator>> { - let assign_instances = |instances: &[Vec>]| { - instances - .iter() - .map(|instances| { - instances - .iter() - .map(|instance| loader.assign_scalar(*instance)) - .collect_vec() - }) - .collect_vec() - }; - - let accumulators = snarks - .iter() - .flat_map(|snark| { - let protocol = snark.protocol.loaded(loader); - let instances = assign_instances(&snark.instances); - let mut transcript = - PoseidonTranscript::, _>::new(loader, snark.proof()); - let proof = - PlonkSuccinctVerifier::read_proof(svk, &protocol, &instances, &mut transcript) - .unwrap(); - PlonkSuccinctVerifier::verify(svk, &protocol, &instances, &proof).unwrap() - }) - .collect_vec(); - - let accumulator = { - let mut transcript = PoseidonTranscript::, _>::new(loader, as_proof); - let proof = As::read_proof(&Default::default(), &accumulators, &mut transcript).unwrap(); - As::verify(&Default::default(), &accumulators, &proof).unwrap() - }; - - accumulator -} - -#[derive(Clone)] -pub struct AggregationConfig { - main_gate_config: MainGateConfig, - range_config: RangeConfig, -} - -impl AggregationConfig { - pub fn configure( - meta: &mut ConstraintSystem, - composition_bits: Vec, - overflow_bits: Vec, - ) -> Self { - let main_gate_config = MainGate::::configure(meta); - let range_config = - RangeChip::::configure(meta, &main_gate_config, composition_bits, overflow_bits); - AggregationConfig { - main_gate_config, - range_config, - } - } - - pub fn main_gate(&self) -> MainGate { - MainGate::new(self.main_gate_config.clone()) - } - - pub fn range_chip(&self) -> RangeChip { - RangeChip::new(self.range_config.clone()) - } - - pub fn ecc_chip(&self) -> BaseFieldEccChip { - BaseFieldEccChip::new(EccConfig::new( - self.range_config.clone(), - self.main_gate_config.clone(), - )) - } -} - -#[derive(Clone)] -pub struct AggregationCircuit { - svk: Svk, - snarks: Vec, - instances: Vec, - as_proof: Value>, -} - -impl AggregationCircuit { - pub fn new(params: &ParamsKZG, snarks: impl IntoIterator) -> Self { - let svk = params.get_g()[0].into(); - let snarks = snarks.into_iter().collect_vec(); - - let accumulators = snarks - .iter() - .flat_map(|snark| { - let mut transcript = - PoseidonTranscript::::new(snark.proof.as_slice()); - let proof = PlonkSuccinctVerifier::read_proof( - &svk, - &snark.protocol, - &snark.instances, - &mut transcript, - ) - .unwrap(); - PlonkSuccinctVerifier::verify(&svk, &snark.protocol, &snark.instances, &proof) - .unwrap() - }) - .collect_vec(); - - let (accumulator, as_proof) = { - let mut transcript = PoseidonTranscript::::new(Vec::new()); - let accumulator = - As::create_proof(&Default::default(), &accumulators, &mut transcript, OsRng) - .unwrap(); - (accumulator, transcript.finalize()) - }; - - let KzgAccumulator { lhs, rhs } = accumulator; - let instances = [lhs.x, lhs.y, rhs.x, rhs.y] - .map(fe_to_limbs::<_, _, LIMBS, BITS>) - .concat(); - - Self { - svk, - snarks: snarks.into_iter().map_into().collect(), - instances, - as_proof: Value::known(as_proof), - } - } - - pub fn new_without_witness( - params: &ParamsKZG, - snarks: impl IntoIterator, - ) -> Self { - let svk = params.get_g()[0].into(); - let snarks = snarks.into_iter().collect_vec(); - - Self { - svk, - snarks: snarks.into_iter().map_into().collect(), - instances: vec![], - as_proof: Value::unknown(), - } - } - - pub fn accumulator_indices() -> Vec<(usize, usize)> { - (0..4 * LIMBS).map(|idx| (0, idx)).collect() - } - - pub fn num_instance() -> Vec { - vec![4 * LIMBS] - } - - pub fn instances(&self) -> Vec> { - vec![self.instances.clone()] - } - - pub fn as_proof(&self) -> Value<&[u8]> { - self.as_proof.as_ref().map(Vec::as_slice) - } -} - -impl Circuit for AggregationCircuit { - type Config = AggregationConfig; - type FloorPlanner = SimpleFloorPlanner; - type Params = (); - - fn without_witnesses(&self) -> Self { - Self { - svk: self.svk, - snarks: self - .snarks - .iter() - .map(SnarkWitness::without_witnesses) - .collect(), - instances: Vec::new(), - as_proof: Value::unknown(), - } - } - - fn configure(meta: &mut plonk::ConstraintSystem) -> Self::Config { - AggregationConfig::configure( - meta, - vec![BITS / LIMBS], - Rns::::construct().overflow_lengths(), - ) - } - - fn synthesize( - &self, - config: Self::Config, - mut layouter: impl Layouter, - ) -> Result<(), plonk::Error> { - let main_gate = config.main_gate(); - let range_chip = config.range_chip(); - - range_chip.load_table(&mut layouter)?; - - let accumulator_limbs = layouter.assign_region( - || "", - |region| { - let ctx = RegionCtx::new(region, 0); - - let ecc_chip = config.ecc_chip(); - let loader = Halo2Loader::new(ecc_chip, ctx); - let accumulator = aggregate(&self.svk, &loader, &self.snarks, self.as_proof()); - - let accumulator_limbs = [accumulator.lhs, accumulator.rhs] - .iter() - .map(|ec_point| { - loader - .ecc_chip() - .assign_ec_point_to_limbs(&mut loader.ctx_mut(), ec_point.assigned()) - }) - .collect::, Error>>()? - .into_iter() - .flatten(); - - Ok(accumulator_limbs) - }, - )?; - - for (row, limb) in accumulator_limbs.enumerate() { - main_gate.expose_public(layouter.namespace(|| ""), limb, row)?; - } - - Ok(()) - } -} - -pub fn gen_aggregation_evm_verifier( - params: &ParamsKZG, - vk: &VerifyingKey, - num_instance: Vec, - accumulator_indices: Vec<(usize, usize)>, -) -> Vec { - let protocol = compile( - params, - vk, - Config::kzg() - .with_num_instance(num_instance.clone()) - .with_accumulator_indices(Some(accumulator_indices)), - ); - let vk = (params.get_g()[0], params.g2(), params.s_g2()).into(); - - let loader = EvmLoader::new::(); - let protocol = protocol.loaded(&loader); - let mut transcript = EvmTranscript::<_, Rc, _, _>::new(&loader); - - let instances = transcript.load_instances(num_instance); - let proof = PlonkVerifier::read_proof(&vk, &protocol, &instances, &mut transcript).unwrap(); - PlonkVerifier::verify(&vk, &protocol, &instances, &proof).unwrap(); - - evm::compile_solidity(&loader.solidity_code()) -} - -pub fn evm_verify(deployment_code: Vec, instances: Vec>, proof: &[u8]) { - let calldata = encode_calldata(&instances, proof); - let gas_cost = deploy_and_call(deployment_code, calldata).unwrap(); - dbg!(gas_cost); -} diff --git a/halo2/src/circuit_builder.rs b/halo2/src/circuit_builder.rs deleted file mode 100644 index 3ca6177e78..0000000000 --- a/halo2/src/circuit_builder.rs +++ /dev/null @@ -1,271 +0,0 @@ -use ast::parsed::SelectedExpressions; -use num_bigint::BigUint; -use polyexen::expr::{ColumnKind, ColumnQuery, Expr, PlonkVar}; -use polyexen::plaf::backends::halo2::PlafH2Circuit; -use polyexen::plaf::{ - ColumnFixed, ColumnWitness, Columns, Info, Lookup, Plaf, Poly, Shuffle, Witness, -}; - -use ast::analyzed::{ - AlgebraicBinaryOperator, AlgebraicExpression as Expression, Analyzed, IdentityKind, -}; -use num_traits::{One, ToPrimitive}; -use number::{BigInt, FieldElement}; - -use super::circuit_data::CircuitData; - -pub(crate) fn analyzed_to_circuit( - analyzed: &Analyzed, - fixed: &[(String, Vec)], - witness: &[(String, Vec)], -) -> PlafH2Circuit { - // The structure of the table is as following - // - // | constant columns | __enable_cur | __enable_next | witness columns | \ - // | c[0] | 1 | 1 | w[0] | | - // | c[1] | 1 | 1 | w[1] | |> N actual circuit rows - // | ... | ... | ... | ... | | - // | c[N - 2] | 1 | 1 | w[N - 2] | | - // | c[N - 1] | 1 | 0 | w[N - 1] | / <- __enable_next == 0 since there's no state transition - // | 0 | 0 | 0 | 0 | \ - // | 0 | 0 | 0 | 0 | | - // | ... | ... | ... | ... | |> (2**(ceil(log2(N)) + 1) - N) padding rows to fit the halo2 unusable rows - // | 0 | 0 | 0 | 0 | | - // | 0 | 0 | 0 | | | - // | 0 | 0 | 0 | | / - - // generate fixed and witness (witness). - - let query = |column, rotation| Expr::Var(PlonkVar::Query(ColumnQuery { column, rotation })); - - let mut cd = CircuitData::from(fixed.to_owned(), witness); - - // append two fixed columns: - // - one that enables constraints that do not have rotations (__enable_cur) in the actual circuit - // - and another that enables constraints that have a rotation (__enable_next) in the actual circuit except in the last actual row - - let num_rows = cd.len(); - - let q_enable_cur = query( - cd.insert_constant("__enable_cur", itertools::repeat_n(T::from(1), num_rows)), - 0, - ); - - let q_enable_next = query( - cd.insert_constant( - "__enable_next", - itertools::repeat_n(T::from(1), num_rows - 1).chain(std::iter::once(T::from(0))), - ), - 0, - ); - - let mut lookups = vec![]; - let mut shuffles = vec![]; - let mut polys = vec![]; - - // build Plaf columns ------------------------------------------------- - - let columns = Columns { - fixed: cd - .fixed - .iter() - .map(|(name, _)| ColumnFixed::new(name.to_string())) - .collect(), - witness: cd - .witness - .iter() - .map(|(name, _)| ColumnWitness::new(name.to_string(), 0)) - .collect(), - public: vec![], - }; - - // build Plaf info. ------------------------------------------------------------------------- - - let info = Info { - p: T::modulus().to_arbitrary_integer(), - num_rows: cd.len(), - challenges: vec![], - }; - - // build Plaf polys. ------------------------------------------------------------------------- - - let apply_selectors_to_set = |set: &SelectedExpressions>| { - let selector = set - .selector - .clone() - .map_or(Expr::Const(BigUint::one()), |expr| { - expression_2_expr(&cd, &expr) - }); - - let contains_next_ref = set.expressions.iter().any(|exp| exp.contains_next_ref()); - - let selector = Expr::Mul(vec![ - selector, - if contains_next_ref { - q_enable_next.clone() - } else { - q_enable_cur.clone() - }, - ]); - - set.expressions - .iter() - .map(|expr| selector.clone() * expression_2_expr(&cd, expr)) - .collect() - }; - - let identities = analyzed.identities_with_inlined_intermediate_polynomials(); - for id in &identities { - match id.kind { - // for the case of normal poly everything is in the left - IdentityKind::Polynomial => { - // polynomial identities. - - assert_eq!(id.right.expressions.len(), 0); - assert_eq!(id.right.selector, None); - assert_eq!(id.left.expressions.len(), 0); - - let exp = id.expression_for_poly_id(); - let contains_next_ref = exp.contains_next_ref(); - - let exp = expression_2_expr(&cd, exp); - - // depending whether this polynomial contains a rotation, - // enable for all rows or all except the last one. - - let exp = Expr::Mul(vec![ - exp, - if contains_next_ref { - q_enable_next.clone() - } else { - q_enable_cur.clone() - }, - ]); - polys.push(Poly { - name: "".to_string(), - exp, - }); - } - IdentityKind::Plookup => { - let left = apply_selectors_to_set(&id.left); - let right = apply_selectors_to_set(&id.right); - - lookups.push(Lookup { - name: "".to_string(), - exps: (left, right), - }); - } - IdentityKind::Permutation => { - let left = apply_selectors_to_set(&id.left); - let right = apply_selectors_to_set(&id.right); - - shuffles.push(Shuffle { - name: "".to_string(), - exps: (left, right), - }); - } - _ => unimplemented!(), - } - } - if lookups.is_empty() { - // TODO something inside halo2 breaks (only in debug mode) if lookups is empty, - // so just add an empty lookup. - lookups.push(Lookup { - name: "".to_string(), - exps: (vec![], vec![]), - }); - } - - // build Plaf fixed. ------------------------------------------------------------------------- - - let fixed: Vec> = cd - .fixed - .iter() - .map(|(_, row)| { - row.iter() - .map(|value| Some(value.to_arbitrary_integer())) - .collect() - }) - .collect(); - - // build witness. ------------------------------------------------------------------------- - - let witness: Vec> = cd - .witness - .iter() - .map(|(_, row)| { - row.iter() - .map(|value| Some(value.to_arbitrary_integer())) - .collect() - }) - .collect(); - - let witness_cols = cd - .witness - .iter() - .enumerate() - .map(|(n, (name, _))| (name.to_string(), (ColumnKind::Fixed, n))); - - let wit = Witness { - num_rows: cd.witness.len(), - columns: witness_cols - .map(|(name, _)| ColumnWitness::new(name, 0)) - .collect(), - witness, - }; - - let copys = vec![]; - - // build plaf. ------------------------------------------------------------------------- - - let plaf = Plaf { - info, - columns, - polys, - metadata: Default::default(), - lookups, - shuffles, - copys, - fixed, - }; - - // return circuit description + witness. ------------- - - PlafH2Circuit { plaf, wit } -} - -fn expression_2_expr(cd: &CircuitData, expr: &Expression) -> Expr { - match expr { - Expression::Number(n) => Expr::Const(n.to_arbitrary_integer()), - Expression::Reference(polyref) => { - let plonkvar = PlonkVar::Query(ColumnQuery { - column: cd.col(&polyref.name), - rotation: polyref.next as i32, - }); - - Expr::Var(plonkvar) - } - Expression::BinaryOperation(lhe, op, rhe_powdr) => { - let lhe = expression_2_expr(cd, lhe); - let rhe = expression_2_expr(cd, rhe_powdr); - match op { - AlgebraicBinaryOperator::Add => Expr::Sum(vec![lhe, rhe]), - AlgebraicBinaryOperator::Sub => Expr::Sum(vec![lhe, Expr::Neg(Box::new(rhe))]), - AlgebraicBinaryOperator::Mul => Expr::Mul(vec![lhe, rhe]), - AlgebraicBinaryOperator::Pow => { - let Expression::Number(e) = rhe_powdr.as_ref() else { - panic!("Expected number in exponent.") - }; - Expr::Pow( - Box::new(lhe), - e.to_arbitrary_integer() - .to_u32() - .unwrap_or_else(|| panic!("Exponent has to fit 32 bits.")), - ) - } - } - } - - _ => unimplemented!("{:?}", expr), - } -} diff --git a/halo2/src/circuit_data.rs b/halo2/src/circuit_data.rs deleted file mode 100644 index 0f6640506e..0000000000 --- a/halo2/src/circuit_data.rs +++ /dev/null @@ -1,79 +0,0 @@ -#![allow(unused)] - -use std::collections::HashMap; - -use num_bigint::BigInt; -use number::{AbstractNumberType, FieldElement}; -use polyexen::expr::{Column, ColumnKind}; - -pub(crate) struct CircuitData<'a, T> { - pub(crate) fixed: Vec<(String, Vec)>, - pub(crate) witness: &'a [(String, Vec)], - columns: HashMap, -} - -impl<'a, T: FieldElement> CircuitData<'a, T> { - pub fn from(fixed: Vec<(String, Vec)>, witness: &'a [(String, Vec)]) -> Self { - if !fixed.is_empty() && !witness.is_empty() { - assert_eq!( - fixed.get(0).unwrap().1.len(), - witness.get(0).unwrap().1.len() - ); - } - - let const_cols = fixed.iter().enumerate().map(|(index, (name, _))| { - ( - name.to_string(), - Column { - kind: ColumnKind::Fixed, - index, - }, - ) - }); - - let witness_cols = witness.iter().enumerate().map(|(index, (name, _))| { - ( - name.to_string(), - Column { - kind: ColumnKind::Witness, - index, - }, - ) - }); - - let columns = const_cols.chain(witness_cols).collect(); - - Self { - fixed, - witness, - columns, - } - } - - pub fn col(&self, name: &str) -> Column { - *self - .columns - .get(name) - .unwrap_or_else(|| panic!("{name} column not found")) - } - - pub fn len(&self) -> usize { - self.witness.get(0).unwrap().1.len() - } - - pub fn insert_constant>( - &mut self, - name: &'a str, - values: IT, - ) -> Column { - let values = values.into_iter().collect::>(); - assert_eq!(values.len(), self.len()); - self.fixed.push((name.to_string(), values)); - let column = Column { - kind: ColumnKind::Fixed, - index: self.fixed.len() - 1, - }; - self.columns.insert(name.to_string(), column); - column - } -} diff --git a/halo2/src/lib.rs b/halo2/src/lib.rs deleted file mode 100644 index 731b8c75f3..0000000000 --- a/halo2/src/lib.rs +++ /dev/null @@ -1,10 +0,0 @@ -#![deny(clippy::print_stdout)] - -pub(crate) mod aggregation; -pub(crate) mod circuit_builder; -pub(crate) mod circuit_data; -pub(crate) mod mock_prover; -pub(crate) mod prover; - -pub use mock_prover::mock_prove; -pub use prover::*; diff --git a/halo2/src/mock_prover.rs b/halo2/src/mock_prover.rs deleted file mode 100644 index fcebab12ea..0000000000 --- a/halo2/src/mock_prover.rs +++ /dev/null @@ -1,108 +0,0 @@ -use ast::analyzed::Analyzed; -use polyexen::plaf::PlafDisplayBaseTOML; - -use super::circuit_builder::analyzed_to_circuit; -use halo2_proofs::{dev::MockProver, halo2curves::bn256::Fr}; -use number::{BigInt, FieldElement}; - -pub fn mock_prove( - pil: &Analyzed, - fixed: &[(String, Vec)], - witness: &[(String, Vec)], -) { - if polyexen::expr::get_field_p::() != T::modulus().to_arbitrary_integer() { - panic!("powdr modulus doesn't match halo2 modulus. Make sure you are using Bn254"); - } - - let circuit = analyzed_to_circuit(pil, fixed, witness); - - // double the row count in order to make space for the cells introduced by the backend - // TODO: use a precise count of the extra rows needed to avoid using so many rows - - let circuit_row_count_log = usize::BITS - circuit.plaf.info.num_rows.leading_zeros(); - - let expanded_row_count_log = circuit_row_count_log + 1; - - log::debug!("{}", PlafDisplayBaseTOML(&circuit.plaf)); - - let inputs = vec![]; - - let mock_prover = MockProver::::run(expanded_row_count_log, &circuit, inputs).unwrap(); - mock_prover.assert_satisfied(); -} - -#[cfg(test)] -mod test { - use std::{fs, path::PathBuf}; - - use analysis::convert_asm_to_pil; - use executor::witgen::unused_query_callback; - use number::Bn254Field; - use parser::parse_asm; - use test_log::test; - - use super::*; - - #[allow(clippy::print_stdout)] - fn mock_prove_asm(file_name: &str, inputs: &[Bn254Field]) { - // read and compile PIL. - - let location = format!( - "{}/../test_data/asm/{file_name}", - env!("CARGO_MANIFEST_DIR") - ); - - let contents = fs::read_to_string(&location).unwrap(); - let parsed = parse_asm::(Some(&location), &contents).unwrap(); - let resolved = importer::resolve(Some(PathBuf::from(location)), parsed).unwrap(); - let analysed = convert_asm_to_pil(resolved).unwrap(); - let graph = airgen::compile(analysed); - let pil = linker::link(graph).unwrap(); - - let query_callback = compiler::inputs_to_query_callback(inputs.to_vec()); - - let analyzed = pil_analyzer::analyze_string(&format!("{pil}")); - - let fixed = executor::constant_evaluator::generate(&analyzed); - let witness = - executor::witgen::WitnessGenerator::new(&analyzed, &fixed, query_callback).generate(); - - let fixed = to_owned_values(fixed); - - mock_prove(&analyzed, &fixed, &witness); - } - - #[test] - fn simple_pil_halo2() { - let content = "namespace Global(8); pol fixed z = [0]*; pol witness a; a = 0;"; - let analyzed: Analyzed = pil_analyzer::analyze_string(content); - let fixed = executor::constant_evaluator::generate(&analyzed); - - let witness = - executor::witgen::WitnessGenerator::new(&analyzed, &fixed, unused_query_callback()) - .generate(); - - let fixed = to_owned_values(fixed); - - mock_prove(&analyzed, &fixed, &witness); - } - - #[test] - fn simple_sum() { - let inputs = [165, 5, 11, 22, 33, 44, 55].map(From::from); - mock_prove_asm("simple_sum.asm", &inputs); - } - - #[test] - fn palindrome() { - let inputs = [3, 11, 22, 11].map(From::from); - mock_prove_asm("palindrome.asm", &inputs); - } - - fn to_owned_values(values: Vec<(&str, Vec)>) -> Vec<(String, Vec)> { - values - .into_iter() - .map(|(s, fields)| (s.to_string(), fields.clone())) - .collect::>() - } -} diff --git a/halo2/src/prover.rs b/halo2/src/prover.rs deleted file mode 100644 index b0e5d7b6aa..0000000000 --- a/halo2/src/prover.rs +++ /dev/null @@ -1,229 +0,0 @@ -use ast::analyzed::Analyzed; -use halo2_proofs::{ - dev::MockProver, - halo2curves::bn256::{Fr, G1Affine}, - plonk::{create_proof, keygen_pk, keygen_vk, verify_proof, Circuit, ProvingKey}, - poly::{ - commitment::{Params, ParamsProver}, - kzg::{ - commitment::KZGCommitmentScheme, - multiopen::{ProverGWC, VerifierGWC}, - strategy::AccumulatorStrategy, - }, - VerificationStrategy, - }, - transcript::{EncodedChallenge, TranscriptReadBuffer, TranscriptWriterBuffer}, -}; -use number::{BigInt, DegreeType, FieldElement}; -use polyexen::plaf::PlafDisplayBaseTOML; -use snark_verifier::{ - loader::native::NativeLoader, - system::halo2::{compile, transcript::evm::EvmTranscript, Config}, -}; - -use crate::aggregation; -use crate::circuit_builder::analyzed_to_circuit; - -use itertools::Itertools; -use rand::rngs::OsRng; -use std::{ - io::{self, Cursor}, - time::Instant, -}; - -pub use halo2_proofs::halo2curves::bn256::Bn256; -pub use halo2_proofs::poly::kzg::commitment::ParamsKZG; - -/// Create a halo2 proof for a given PIL, fixed column values and witness column values -/// We use KZG ([GWC variant](https://eprint.iacr.org/2019/953)) and Keccak256 -pub struct Halo2Prover { - params: ParamsKZG, -} - -impl Halo2Prover { - pub fn new(size: DegreeType) -> Self { - let degree = DegreeType::BITS - size.leading_zeros() + 1; - Self { - params: ParamsKZG::::new(degree), - } - } - - pub fn new_from_setup(input: &mut impl io::Read) -> Result { - let params = ParamsKZG::::read(input)?; - - Ok(Self { params }) - } - - pub fn write_setup(&self, output: &mut impl io::Write) -> Result<(), io::Error> { - self.params.write(output) - } - - pub fn prove_ast( - &self, - pil: &Analyzed, - fixed: &[(String, Vec)], - witness: &[(String, Vec)], - ) -> Vec { - // TODO this is hacky - let degree = usize::BITS - pil.degree().leading_zeros() + 1; - let params = { - let mut params = self.params.clone(); - params.downsize(degree); - params - }; - - log::info!("Starting proof generation..."); - - let circuit = analyzed_to_circuit(pil, fixed, witness); - - log::debug!("{}", PlafDisplayBaseTOML(&circuit.plaf)); - - log::info!("Generating VK and PK for snark..."); - let vk = keygen_vk(¶ms, &circuit).unwrap(); - let pk = keygen_pk(¶ms, vk, &circuit).unwrap(); - - log::info!("Generating proof..."); - let start = Instant::now(); - - let inputs = vec![]; - let proof = gen_proof::< - _, - _, - aggregation::PoseidonTranscript, - aggregation::PoseidonTranscript, - >(¶ms, &pk, circuit, inputs); - - let duration = start.elapsed(); - log::info!("Time taken: {:?}", duration); - - log::info!("Proof generation done."); - - proof - } - - pub fn prove_aggr( - &self, - pil: &Analyzed, - fixed: &[(String, Vec)], - witness: &[(String, Vec)], - proof: Vec, - ) -> Vec { - log::info!("Starting proof aggregation..."); - - // TODO this is hacky - let degree = usize::BITS - pil.degree().leading_zeros() + 1; - let params_app = { - let mut params = self.params.clone(); - params.downsize(degree); - params - }; - - log::info!("Generating circuit for app snark..."); - let circuit_app = analyzed_to_circuit(pil, fixed, witness); - - log::debug!("{}", PlafDisplayBaseTOML(&circuit_app.plaf)); - - log::info!("Generating VK for app snark..."); - let vk_app = keygen_vk(¶ms_app, &circuit_app).unwrap(); - - log::info!("Generating circuit for compression snark..."); - let protocol_app = compile( - ¶ms_app, - &vk_app, - Config::kzg().with_num_instance(vec![]), - ); - let empty_snark = aggregation::Snark::new_without_witness(protocol_app.clone()); - let agg_circuit = - aggregation::AggregationCircuit::new_without_witness(¶ms_app, [empty_snark]); - - log::info!("Generating VK and PK for compression snark..."); - let vk_aggr = keygen_vk(&self.params, &agg_circuit).unwrap(); - let pk_aggr = keygen_pk(&self.params, vk_aggr, &agg_circuit).unwrap(); - - log::info!("Generating compressed snark verifier..."); - let deployment_code = aggregation::gen_aggregation_evm_verifier( - &self.params, - pk_aggr.get_vk(), - aggregation::AggregationCircuit::num_instance(), - aggregation::AggregationCircuit::accumulator_indices(), - ); - - log::info!("Generating aggregated proof..."); - let start = Instant::now(); - let snark = aggregation::Snark::new(protocol_app, vec![], proof); - let agg_circuit_with_proof = aggregation::AggregationCircuit::new(¶ms_app, [snark]); - let proof = - gen_proof::<_, _, EvmTranscript, EvmTranscript>( - &self.params, - &pk_aggr, - agg_circuit_with_proof.clone(), - agg_circuit_with_proof.instances(), - ); - let duration = start.elapsed(); - log::info!("Time taken: {:?}", duration); - - log::info!("Verifying aggregated proof in the EVM..."); - aggregation::evm_verify(deployment_code, agg_circuit_with_proof.instances(), &proof); - - log::info!("Proof aggregation done."); - - proof - } - - pub fn assert_field_is_compatible() { - if polyexen::expr::get_field_p::() != F::modulus().to_arbitrary_integer() { - panic!("powdr modulus doesn't match halo2 modulus. Make sure you are using Bn254"); - } - } -} - -fn gen_proof< - C: Circuit, - E: EncodedChallenge, - TR: TranscriptReadBuffer>, G1Affine, E>, - TW: TranscriptWriterBuffer, G1Affine, E>, ->( - params: &ParamsKZG, - pk: &ProvingKey, - circuit: C, - instances: Vec>, -) -> Vec { - MockProver::run(params.k(), &circuit, instances.clone()) - .unwrap() - .assert_satisfied(); - - let instances = instances - .iter() - .map(|instances| instances.as_slice()) - .collect_vec(); - let proof = { - let mut transcript = TW::init(Vec::new()); - create_proof::, ProverGWC<_>, _, _, TW, _>( - params, - pk, - &[circuit], - &[instances.as_slice()], - OsRng, - &mut transcript, - ) - .unwrap(); - transcript.finalize() - }; - - let accept = { - let mut transcript = TR::init(Cursor::new(proof.clone())); - VerificationStrategy::<_, VerifierGWC<_>>::finalize( - verify_proof::<_, VerifierGWC<_>, _, TR, _>( - params.verifier_params(), - pk.get_vk(), - AccumulatorStrategy::new(params.verifier_params()), - &[instances.as_slice()], - &mut transcript, - ) - .unwrap(), - ) - }; - assert!(accept); - - proof -} diff --git a/powdr_cli/Cargo.toml b/powdr_cli/Cargo.toml index 98f6c75af1..9ec824c9df 100644 --- a/powdr_cli/Cargo.toml +++ b/powdr_cli/Cargo.toml @@ -5,7 +5,6 @@ edition = "2021" [features] default = [] # halo2 is disabled by default -halo2 = ["dep:halo2", "backend/halo2", "compiler/halo2"] [dependencies] clap = { version = "^4.3", features = ["derive"] } @@ -16,7 +15,6 @@ parser = { path = "../parser" } riscv = { path = "../riscv" } riscv_executor = { path = "../riscv_executor" } number = { path = "../number" } -halo2 = { path = "../halo2", optional = true } backend = { path = "../backend" } pilopt = { path = "../pilopt" } strum = { version = "0.24.1", features = ["derive"] }