halo2_gadgets::poseidon: Fix loading of padding words.

halo2_gadgets/src/poseidon/pow5.rs

@@ -341,24 +341,30 @@
 
                 // Load the input into this region.
                 let load_input_word = |i: usize| {
-                    let constraint_var = match input.0[i].clone() {
-                        Some(PaddedWord::Message(word)) => word,
-                        Some(PaddedWord::Padding(padding_value)) => region.assign_fixed(
-                            || format!("load pad_{}", i),
-                            config.rc_b[i],
-                            1,
-                            || Value::known(padding_value),
-                        )?,
+                    let (cell, value) = match input.0[i].clone() {
+                        Some(PaddedWord::Message(word)) => (word.cell(), word.value().copied()),
+                        Some(PaddedWord::Padding(padding_value)) => {
+                            let cell = region
+                                .assign_fixed(
+                                    || format!("load pad_{}", i),
+                                    config.rc_b[i],
+                                    1,
+                                    || Value::known(padding_value),
+                                )?
+                                .cell();
+                            (cell, Value::known(padding_value))
+                        }
                         _ => panic!("Input is not padded"),
                     };
-                    constraint_var
-                        .copy_advice(
-                            || format!("load input_{}", i),
-                            &mut region,
-                            config.state[i],
-                            1,
-                        )
-                        .map(StateWord)
+                    let var = region.assign_advice(
+                        || format!("load input_{}", i),
+                        config.state[i],
+                        1,
+                        || value,
+                    )?;
+                    region.constrain_equal(cell, var.cell())?;
+
+                    Ok(StateWord(var))
                 };
                 let input: Result<Vec<_>, Error> = (0..RATE).map(load_input_word).collect();
                 let input = input?;
@@ -442,7 +448,7 @@
                     .value()
                     .map(|v| *v + config.round_constants[round][idx])
             });
             let r: Value<Vec<F>> = q.map(|q| q.map(|q| q.pow(&config.alpha))).collect();
             let m = &config.m_reg;
             let state = m.iter().map(|m_i| {
                 r.as_ref().map(|r| {
@@ -468,7 +474,7 @@
             let p: Value<Vec<_>> = self.0.iter().map(|word| word.0.value().cloned()).collect();
 
             let r: Value<Vec<_>> = p.map(|p| {
                 let r_0 = (p[0] + config.round_constants[round][0]).pow(&config.alpha);
                 let r_i = p[1..]
                     .iter()
                     .enumerate()
@@ -508,7 +514,7 @@
             }
 
             let r_mid: Value<Vec<_>> = p_mid.map(|p| {
                 let r_0 = (p[0] + config.round_constants[round + 1][0]).pow(&config.alpha);
                 let r_i = p[1..]
                     .iter()
                     .enumerate()
@@ -597,9 +603,11 @@
         circuit::{Layouter, SimpleFloorPlanner, Value},
         dev::MockProver,
         pasta::Fp,
-        plonk::{Circuit, ConstraintSystem, Error},
+        plonk::{self, Circuit, ConstraintSystem, Error, SingleVerifier},
+        poly::commitment::Params,
+        transcript::{Blake2bRead, Blake2bWrite, Challenge255},
     };
-    use pasta_curves::pallas;
+    use pasta_curves::{pallas, EqAffine};
     use rand::rngs::OsRng;
 
     use super::{PoseidonInstructions, Pow5Chip, Pow5Config, StateWord};
@@ -840,7 +848,29 @@
             _spec: PhantomData,
         };
         let prover = MockProver::run(k, &circuit, vec![]).unwrap();
-        assert_eq!(prover.verify(), Ok(()))
+        assert_eq!(prover.verify(), Ok(()));
+
+        let params = Params::new(k);
+        let vk = plonk::keygen_vk(&params, &circuit).unwrap();
+        let pk = plonk::keygen_pk(&params, vk, &circuit).unwrap();
+
+        let mut transcript = Blake2bWrite::<_, EqAffine, _>::init(vec![]);
+        plonk::create_proof(
+            &params,
+            &pk,
+            &[circuit],
+            &[&[]],
+            &mut OsRng,
+            &mut transcript,
+        )
+        .unwrap();
+        let proof = transcript.finalize();
+
+        let strategy = SingleVerifier::new(&params);
+        let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
+        assert!(
+            plonk::verify_proof(&params, pk.get_vk(), strategy, &[&[]], &mut transcript).is_ok()
+        );
     }
 
     #[test]