Merge pull request privacy-scaling-explorations#125 from input-output…

…-hk/dev-feature/refactor-endo-module Consolidate and refactor endoscaling utilities
input-output-hk · Feb 27, 2024 · 5758763 · 5758763
2 parents 41c586b + 856fcf7
commit 5758763
Show file tree

Hide file tree

Showing 14 changed files with 1,240 additions and 908 deletions.
diff --git a/halo2_gadgets/benches/endoscale.rs b/halo2_gadgets/benches/endoscale.rs
@@ -3,15 +3,15 @@ mod utilities;
 use halo2_gadgets::ecc::chip::NonIdentityEccPoint;
 use halo2_gadgets::endoscale::{
     chip::{CurveEndoscale, EndoscaleConfig},
-    util::compute_endoscalar_with_acc,
     EndoscaleInstructions,
 };
 
-use ff::{Field, FromUniformBytes, PrimeFieldBits};
+use ff::{FromUniformBytes, PrimeFieldBits};
 use halo2_proofs::{
     circuit::{Layouter, SimpleFloorPlanner, Value},
     plonk::{Advice, Circuit, Column, ConstraintSystem, Error},
     poly::{commitment::ParamsProver, ipa::commitment::ParamsIPA},
+    transcript::endoscale::{compute_endoscalar, Setting},
 };
 use halo2curves::pasta::{pallas, vesta};
 use halo2curves::{CurveAffine, CurveExt};
@@ -229,7 +229,7 @@ fn bench_endoscale_base<
             .collect::<Vec<_>>();
         bitstring
             .chunks(K)
-            .map(|chunk| compute_endoscalar_with_acc(Some(C1::Base::ZERO), chunk))
+            .map(|chunk| compute_endoscalar(Setting::Chunk, chunk))
             .collect()
     };
 
@@ -288,7 +288,7 @@ fn bench_endoscale_scalar<
             .collect::<Vec<_>>();
         bitstring
             .chunks(K)
-            .map(|chunk| compute_endoscalar_with_acc(Some(C2::Base::ZERO), chunk))
+            .map(|chunk| compute_endoscalar(Setting::Chunk, chunk))
             .collect()
     };
 

diff --git a/halo2_gadgets/src/endoscale.rs b/halo2_gadgets/src/endoscale.rs
@@ -9,7 +9,6 @@ use std::fmt::Debug;
 
 /// TODO: docs
 pub mod chip;
-pub mod util;
 
 /// Instructions to map bitstrings to and from endoscalars.
 pub trait EndoscaleInstructions<C: CurveAffine>

diff --git a/halo2_gadgets/src/endoscale/chip.rs b/halo2_gadgets/src/endoscale/chip.rs
@@ -260,22 +260,23 @@ where
 
 #[cfg(test)]
 mod tests {
-    use super::super::util::compute_endoscalar_with_acc;
     use super::{EndoscaleConfig, EndoscaleInstructions};
     use crate::ecc::chip::NonIdentityEccPoint;
     use crate::endoscale::chip::CurveEndoscale;
     use crate::utilities::cost_model::circuit_to_csv;
 
-    use ff::{Field, FromUniformBytes, PrimeFieldBits};
-    use halo2_proofs::poly::commitment::ParamsProver;
-    use halo2_proofs::poly::ipa::commitment::ParamsIPA;
+    use ff::{FromUniformBytes, PrimeFieldBits};
     use halo2_proofs::{
         arithmetic::CurveAffine,
         circuit::{Layouter, SimpleFloorPlanner, Value},
         plonk::{Advice, Circuit, Column, ConstraintSystem, Error},
+        poly::{commitment::ParamsProver, ipa::commitment::ParamsIPA},
+        transcript::endoscale::{compute_endoscalar, Setting},
+    };
+    use halo2curves::{
+        pasta::{pallas, vesta},
+        CurveExt,
     };
-    use halo2curves::pasta::{pallas, vesta};
-    use halo2curves::CurveExt;
 
     use std::{convert::TryInto, marker::PhantomData};
 
@@ -495,7 +496,7 @@ mod tests {
                 .collect::<Vec<_>>();
             bitstring
                 .chunks(K)
-                .map(|chunk| compute_endoscalar_with_acc(Some(BaseCurve::Base::ZERO), chunk))
+                .map(|chunk| compute_endoscalar(Setting::Chunk, chunk))
                 .collect()
         };
 
@@ -510,7 +511,7 @@ mod tests {
                 .collect::<Vec<_>>();
             bitstring
                 .chunks(K)
-                .map(|chunk| compute_endoscalar_with_acc(Some(ScalarCurve::Base::ZERO), chunk))
+                .map(|chunk| compute_endoscalar(Setting::Chunk, chunk))
                 .collect()
         };
 

diff --git a/halo2_gadgets/src/endoscale/chip/alg_1.rs b/halo2_gadgets/src/endoscale/chip/alg_1.rs
@@ -9,9 +9,9 @@ use halo2_proofs::{
         VirtualCells,
     },
     poly::Rotation,
+    transcript::endoscale::endoscale_point_pair,
 };
 
-use super::super::util::endoscale_point_pair;
 use crate::{
     ecc::chip::{add_incomplete, double, NonIdentityEccPoint},
     utilities::{
@@ -548,7 +548,7 @@ where
 
         #[cfg(test)]
         {
-            use crate::endoscale::util::endoscale_point;
+            use halo2_proofs::transcript::endoscale::endoscale_point;
             let point = base.point();
             let expected_res = bitstring
                 .bitstring()

diff --git a/halo2_gadgets/src/endoscale/chip/alg_2.rs b/halo2_gadgets/src/endoscale/chip/alg_2.rs
@@ -7,16 +7,14 @@ use halo2_proofs::{
         Selector, TableColumn,
     },
     poly::Rotation,
+    transcript::endoscale::{compute_endoscalar, initial_accumulator_multiplier, Setting},
 };
 
-use crate::{
-    endoscale::util::compute_endoscalar_with_acc,
-    utilities::{
-        decompose_running_sum::{RunningSum, RunningSumConfig},
-        i2lebsp, le_bits_to_field_elem,
-        lookup_range_check::LookupRangeCheckConfig,
-        pow2_range_check,
-    },
+use crate::utilities::{
+    decompose_running_sum::{RunningSum, RunningSumConfig},
+    i2lebsp, le_bits_to_field_elem,
+    lookup_range_check::LookupRangeCheckConfig,
+    pow2_range_check,
 };
 use std::marker::PhantomData;
 
@@ -69,8 +67,8 @@ impl<F: WithSmallOrderMulGroup<3>, const K: usize> TableConfig<F, K> {
                         self.endoscalar,
                         index,
                         || {
-                            Value::known(compute_endoscalar_with_acc(
-                                Some(F::ZERO),
+                            Value::known(compute_endoscalar::<F>(
+                                Setting::Chunk,
                                 &i2lebsp::<K>(index as u64),
                             ))
                         },
@@ -166,7 +164,7 @@ where
 
             let neg_q_lookup = Expression::Constant(C::Base::ONE) - q_lookup.clone();
             let default_endo = {
-                let val = compute_endoscalar_with_acc(Some(C::Base::ZERO), &[false; K]);
+                let val = compute_endoscalar(Setting::Chunk, &[false; K]);
                 Expression::Constant(val)
             };
 
@@ -191,7 +189,7 @@ where
             let shifted_endoscalar = padded_endoscalar - shift;
 
             // Initialise the accumulator to 2 * (ζ + 1).
-            let init_acc = Expression::Constant((C::Base::ZETA + C::Base::ONE).double());
+            let init_acc = Expression::Constant(initial_accumulator_multiplier());
             let acc_1 = meta.query_advice(config.acc, Rotation::next());
             // Check that acc_1 = init_acc * 2^{K' / 2} + shifted_endoscalar
             let expected_acc_1 = init_acc * two_pow_k_prime_div2 + shifted_endoscalar;
@@ -326,9 +324,9 @@ where
                     self.q_lookup.enable(&mut region, offset + idx)?;
                     self.q_endoscale_scalar.enable(&mut region, offset + idx)?;
 
-                    let endoscalar = chunk.map(|c| {
-                        compute_endoscalar_with_acc(
-                            Some(C::Base::ZERO),
+                    let endoscalar = chunk.map(|c| -> C::Base {
+                        compute_endoscalar(
+                            Setting::Chunk,
                             &c.to_le_bits().iter().by_vals().take(K).collect::<Vec<_>>(),
                         )
                     });
@@ -355,9 +353,9 @@ where
 
                 #[cfg(test)]
                 {
-                    use crate::endoscale::util::compute_endoscalar;
                     let bitstring = bitstring.bitstring();
-                    let expected_acc: Value<C::Base> = bitstring.map(|b| compute_endoscalar(&b));
+                    let expected_acc: Value<C::Base> =
+                        bitstring.map(|b| compute_endoscalar(Setting::Full, &b));
                     acc.value()
                         .zip(expected_acc)
                         .map(|(&acc, expected_acc)| assert_eq!(acc.evaluate(), expected_acc));
@@ -430,9 +428,9 @@ where
                 padded_chunk.copy_advice(|| "copy padded chunk", &mut region, self.acc, offset)?;
 
                 // Witness the endoscalar corresponding to the padded chunk.
-                let padded_endoscalar = padded_chunk.value().map(|v| {
+                let padded_endoscalar = padded_chunk.value().map(|v| -> C::Base {
                     let bitstring = v.to_le_bits().iter().by_vals().take(K).collect::<Vec<_>>();
-                    compute_endoscalar_with_acc(Some(C::Base::ZERO), &bitstring)
+                    compute_endoscalar(Setting::Chunk, &bitstring)
                 });
                 region.assign_advice(
                     || "padded endoscalar",
@@ -460,7 +458,7 @@ where
                     let shift = two_pow_k_prime_div2 - two_pow_k_div2;
                     let actual_endoscalar = padded_endoscalar - shift;
                     let init_acc: Assigned<C::Base> =
-                        (C::Base::ZETA + C::Base::ONE).double().into();
+                        initial_accumulator_multiplier::<C::Base>().into();
                     init_acc * two_pow_k_prime_div2 + actual_endoscalar
                 });
                 region.assign_advice(
@@ -512,7 +510,7 @@ where
                 )?;
 
                 // Initialise the accumulator to 2 * (ζ + 1).
-                let init_acc = Assigned::from((C::Base::ZETA + C::Base::ONE).double());
+                let init_acc = Assigned::from(initial_accumulator_multiplier::<C::Base>());
                 region.assign_advice_from_constant(
                     || "initialise acc",
                     self.endoscalars_copy,
@@ -528,15 +526,15 @@ where
 
                 // Witness the endoscalar corresponding to the chunk.
                 let endoscalar: Value<Assigned<C::Base>> = chunk
-                    .map(|v| {
+                    .map(|v| -> C::Base {
                         let bitstring = v
                             .evaluate()
                             .to_le_bits()
                             .iter()
                             .by_vals()
                             .take(K)
                             .collect::<Vec<_>>();
-                        compute_endoscalar_with_acc(Some(C::Base::ZERO), &bitstring)
+                        compute_endoscalar(Setting::Chunk, &bitstring)
                     })
                     .into();
                 region.assign_advice(