Skip to content

Commit

Permalink
Rebase on Utilities chip
Browse files Browse the repository at this point in the history
  • Loading branch information
@therealyingtong
therealyingtong committed Jun 4, 2021
1 parent 65ac816 commit 9c30463
Show file tree
Hide file tree
Showing 12 changed files with 61 additions and 112 deletions.
22 changes: 3 additions & 19 deletions src/circuit/gadget/ecc/chip.rs
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
use super::EccInstructions;
use crate::circuit::gadget::utilities::{copy, CellValue, Var};
use crate::constants::{self, OrchardFixedBasesFull, ValueCommitV};
use arrayvec::ArrayVec;
use ff::Field;
use halo2::{
arithmetic::CurveAffine,
circuit::{Cell, Chip, Layouter},
circuit::{Chip, Layouter},
plonk::{Advice, Column, ConstraintSystem, Error, Fixed, Permutation, Selector},
};
use std::marker::PhantomData;
Expand All @@ -13,26 +14,9 @@ pub(super) mod add;
pub(super) mod add_incomplete;
pub(super) mod mul;
pub(super) mod mul_fixed;
pub(super) mod util;
pub(super) mod witness_point;
pub(super) mod witness_scalar_fixed;

/// A structure containing a cell and its assigned value.
#[derive(Clone, Debug)]
pub struct CellValue<T> {
/// The cell of this `CellValue`
pub cell: Cell,
/// The value assigned to this `CellValue`
pub value: Option<T>,
}

impl<T> CellValue<T> {
/// Construct a `CellValue`.
pub fn new(cell: Cell, value: Option<T>) -> Self {
CellValue { cell, value }
}
}

/// A curve point represented in affine (x, y) coordinates. Each coordinate is
/// assigned to a cell.
#[derive(Clone, Debug)]
Expand All @@ -46,7 +30,7 @@ pub struct EccPoint<C: CurveAffine> {
impl<C: CurveAffine> EccPoint<C> {
/// Returns the value of this curve point, if known.
pub fn point(&self) -> Option<C> {
match (self.x.value, self.y.value) {
match (self.x.value(), self.y.value()) {
(Some(x), Some(y)) => {
if x == C::Base::zero() && y == C::Base::zero() {
Some(C::identity())
Expand Down
14 changes: 7 additions & 7 deletions src/circuit/gadget/ecc/chip/add.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use super::{util, CellValue, EccConfig, EccPoint};
use super::{copy, CellValue, EccConfig, EccPoint, Var};
use ff::Field;
use halo2::{
arithmetic::{CurveAffine, FieldExt},
Expand Down Expand Up @@ -206,15 +206,15 @@ impl Config {
self.q_add.enable(region, offset)?;

// Copy point `p` into `x_p`, `y_p` columns
util::assign_and_constrain(region, || "x_p", self.x_p, offset, &p.x, &self.perm)?;
util::assign_and_constrain(region, || "y_p", self.y_p, offset, &p.y, &self.perm)?;
copy(region, || "x_p", self.x_p, offset, &p.x, &self.perm)?;
copy(region, || "y_p", self.y_p, offset, &p.y, &self.perm)?;

// Copy point `q` into `x_qr`, `y_qr` columns
util::assign_and_constrain(region, || "x_q", self.x_qr, offset, &q.x, &self.perm)?;
util::assign_and_constrain(region, || "y_q", self.y_qr, offset, &q.y, &self.perm)?;
copy(region, || "x_q", self.x_qr, offset, &q.x, &self.perm)?;
copy(region, || "y_q", self.y_qr, offset, &q.y, &self.perm)?;

let (x_p, y_p) = (p.x.value, p.y.value);
let (x_q, y_q) = (q.x.value, q.y.value);
let (x_p, y_p) = (p.x.value(), p.y.value());
let (x_q, y_q) = (q.x.value(), q.y.value());

// inv0(x) evaluates to 0 if x = 0, and 1/x otherwise.

Expand Down
14 changes: 7 additions & 7 deletions src/circuit/gadget/ecc/chip/add_incomplete.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use super::{util, CellValue, EccConfig, EccPoint};
use super::{copy, CellValue, EccConfig, EccPoint, Var};
use ff::Field;
use group::Curve;
use halo2::{
Expand Down Expand Up @@ -76,8 +76,8 @@ impl Config {
self.q_add_incomplete.enable(region, offset)?;

// Handle exceptional cases
let (x_p, y_p) = (p.x.value, p.y.value);
let (x_q, y_q) = (q.x.value, q.y.value);
let (x_p, y_p) = (p.x.value(), p.y.value());
let (x_q, y_q) = (q.x.value(), q.y.value());
x_p.zip(y_p)
.zip(x_q)
.zip(y_q)
Expand All @@ -97,12 +97,12 @@ impl Config {
.transpose()?;

// Copy point `p` into `x_p`, `y_p` columns
util::assign_and_constrain(region, || "x_p", self.x_p, offset, &p.x, &self.perm)?;
util::assign_and_constrain(region, || "y_p", self.y_p, offset, &p.y, &self.perm)?;
copy(region, || "x_p", self.x_p, offset, &p.x, &self.perm)?;
copy(region, || "y_p", self.y_p, offset, &p.y, &self.perm)?;

// Copy point `q` into `x_qr`, `y_qr` columns
util::assign_and_constrain(region, || "x_q", self.x_qr, offset, &q.x, &self.perm)?;
util::assign_and_constrain(region, || "y_q", self.y_qr, offset, &q.y, &self.perm)?;
copy(region, || "x_q", self.x_qr, offset, &q.x, &self.perm)?;
copy(region, || "y_q", self.y_qr, offset, &q.y, &self.perm)?;

// Compute the sum `P + Q = R`
let r = {
Expand Down
18 changes: 9 additions & 9 deletions src/circuit/gadget/ecc/chip/mul.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use super::{add, util, CellValue, EccConfig, EccPoint};
use super::{add, copy, CellValue, EccConfig, EccPoint, Var};
use crate::constants::NUM_COMPLETE_BITS;
use std::ops::{Deref, Range};

Expand Down Expand Up @@ -113,7 +113,7 @@ impl<C: CurveAffine> Config<C> {
let offset = offset + 1;

// Decompose the scalar bitwise (big-endian bit order).
let bits = decompose_for_scalar_mul::<C>(scalar.value);
let bits = decompose_for_scalar_mul::<C>(scalar.value());

// Initialize the running sum for scalar decomposition to zero
let z_val = C::Base::zero();
Expand All @@ -131,7 +131,7 @@ impl<C: CurveAffine> Config<C> {
offset,
&base,
bits_incomplete_hi,
(X(acc.x.clone()), Y(acc.y.value), Z(z)),
(X(acc.x.clone()), Y(acc.y.value()), Z(z)),
)?;

// Double-and-add (incomplete addition) for the `lo` half of the scalar decomposition
Expand Down Expand Up @@ -164,7 +164,7 @@ impl<C: CurveAffine> Config<C> {
};

// Initialize `z` running sum for complete addition
util::assign_and_constrain(
copy(
region,
|| "Initialize `z` running sum for complete addition",
self.z_complete,
Expand All @@ -182,7 +182,7 @@ impl<C: CurveAffine> Config<C> {
// Bits used in complete addition. k_{3} to k_{1} inclusive
// The LSB k_{0} is handled separately.
let bits_complete = &bits[complete_range::<C>()];
complete_config.assign_region(region, offset, bits_complete, base, acc, z.value)?
complete_config.assign_region(region, offset, bits_complete, base, acc, z.value())?
};

let offset = offset + complete_len::<C>() * 2;
Expand All @@ -198,7 +198,7 @@ impl<C: CurveAffine> Config<C> {

let base = base.point();
let scalar = scalar
.value
.value()
.map(|scalar| C::Scalar::from_bytes(&scalar.to_bytes()).unwrap());
let real_mul = base.zip(scalar).map(|(base, scalar)| base * scalar);
let result = result.point();
Expand Down Expand Up @@ -241,7 +241,7 @@ impl<C: CurveAffine> Config<C> {
// is in deriving diversified addresses `[ivk] g_d`, and `ivk` is guaranteed
// to be in the base field of the curve. (See non-normative notes in
// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents.)
util::assign_and_constrain(
copy(
region,
|| "original scalar",
self.scalar,
Expand All @@ -254,7 +254,7 @@ impl<C: CurveAffine> Config<C> {
// If `lsb` is 0, return `Acc + (-P)`. If `lsb` is 1, simply return `Acc + 0`.
let x_p = if let Some(lsb) = lsb {
if !lsb {
base.x.value
base.x.value()
} else {
Some(C::Base::zero())
}
Expand All @@ -263,7 +263,7 @@ impl<C: CurveAffine> Config<C> {
};
let y_p = if let Some(lsb) = lsb {
if !lsb {
base.y.value.map(|y_p| -y_p)
base.y.value().map(|y_p| -y_p)
} else {
Some(C::Base::zero())
}
Expand Down
10 changes: 5 additions & 5 deletions src/circuit/gadget/ecc/chip/mul/complete.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use super::super::{add, util, CellValue, EccPoint};
use super::super::{add, copy, CellValue, EccPoint, Var};
use super::complete_len;
use ff::Field;

Expand Down Expand Up @@ -102,7 +102,7 @@ impl<C: CurveAffine> Config<C> {
)?;

// Assign `x_p` for complete addition
let x_p = base.x.value;
let x_p = base.x.value();
let x_p_cell = region.assign_advice(
|| "x_p",
self.add_config.x_p,
Expand All @@ -112,7 +112,7 @@ impl<C: CurveAffine> Config<C> {

// Assign `y_p` for complete addition.
// If the bit is set, use `y`; if the bit is not set, use `-y`
let y_p = base.y.value;
let y_p = base.y.value();
let y_p = y_p
.zip(k.as_ref())
.map(|(y_p, k)| if !k { -y_p } else { y_p });
Expand All @@ -134,15 +134,15 @@ impl<C: CurveAffine> Config<C> {
.assign_region(&p, &acc, row + offset, region)?;

// Copy acc from `x_a`, `y_a` over to `x_p`, `y_p` on the next row
let acc_x = util::assign_and_constrain(
let acc_x = copy(
region,
|| "copy acc x_a",
self.add_config.x_p,
row + offset + 1,
&acc.x,
&self.perm,
)?;
let acc_y = util::assign_and_constrain(
let acc_y = copy(
region,
|| "copy acc y_a",
self.add_config.y_p,
Expand Down
33 changes: 13 additions & 20 deletions src/circuit/gadget/ecc/chip/mul/incomplete.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use super::super::{util, CellValue, EccConfig, EccPoint};
use super::super::{copy, CellValue, EccConfig, EccPoint, Var};
use super::{incomplete_hi_len, incomplete_lo_len, X, Y, Z};
use ff::Field;
use halo2::{
Expand Down Expand Up @@ -161,8 +161,8 @@ impl<C: CurveAffine> Config<C> {
assert_eq!(bits.len(), self.num_bits);

// Handle exceptional cases
let (x_p, y_p) = (base.x.value, base.y.value);
let (x_a, y_a) = (acc.0.value, acc.1 .0);
let (x_p, y_p) = (base.x.value(), base.y.value());
let (x_a, y_a) = (acc.0.value(), acc.1 .0);
x_p.zip(y_p)
.zip(x_a)
.zip(y_a)
Expand All @@ -186,24 +186,17 @@ impl<C: CurveAffine> Config<C> {
}

// Initialise the running `z` sum for the scalar bits.
let mut z = util::assign_and_constrain(
region,
|| "starting z",
self.z,
offset,
&acc.2,
&self.perm,
)?;
let mut z = copy(region, || "starting z", self.z, offset, &acc.2, &self.perm)?;

// Increase offset by 1; we used row 0 for initializing `z`.
let offset = offset + 1;

// Define `x_p`, `y_p`
let x_p = base.x.value;
let y_p = base.y.value;
let x_p = base.x.value();
let y_p = base.y.value();

// Initialise acc
let mut x_a = util::assign_and_constrain(
let mut x_a = copy(
region,
|| "starting x_a",
self.x_a,
Expand All @@ -217,7 +210,7 @@ impl<C: CurveAffine> Config<C> {
for (row, k) in bits.iter().enumerate() {
// z_{i} = 2 * z_{i+1} + k_i
let z_val = z
.value
.value()
.zip(k.as_ref())
.map(|(z_val, k)| C::Base::from_u64(2) * z_val + C::Base::from_u64(*k as u64));
let z_cell = region.assign_advice(
Expand Down Expand Up @@ -250,7 +243,7 @@ impl<C: CurveAffine> Config<C> {
// Compute and assign λ1⋅(x_A − x_P) = y_A − y_P
let lambda1 = y_a
.zip(y_p)
.zip(x_a.value)
.zip(x_a.value())
.zip(x_p)
.map(|(((y_a, y_p), x_a), x_p)| (y_a - y_p) * (x_a - x_p).invert().unwrap());
region.assign_advice(
Expand All @@ -262,15 +255,15 @@ impl<C: CurveAffine> Config<C> {

// x_R = λ1^2 - x_A - x_P
let x_r = lambda1
.zip(x_a.value)
.zip(x_a.value())
.zip(x_p)
.map(|((lambda1, x_a), x_p)| lambda1 * lambda1 - x_a - x_p);

// λ2 = (2(y_A) / (x_A - x_R)) - λ1
let lambda2 =
lambda1
.zip(y_a)
.zip(x_a.value)
.zip(x_a.value())
.zip(x_r)
.map(|(((lambda1, y_a), x_a), x_r)| {
C::Base::from_u64(2) * y_a * (x_a - x_r).invert().unwrap() - lambda1
Expand All @@ -284,11 +277,11 @@ impl<C: CurveAffine> Config<C> {

// Compute and assign `x_a` for the next row
let x_a_new = lambda2
.zip(x_a.value)
.zip(x_a.value())
.zip(x_r)
.map(|((lambda2, x_a), x_r)| lambda2 * lambda2 - x_a - x_r);
y_a = lambda2
.zip(x_a.value)
.zip(x_a.value())
.zip(x_a_new)
.zip(y_a)
.map(|(((lambda2, x_a), x_a_new), y_a)| lambda2 * (x_a - x_a_new) - y_a);
Expand Down
14 changes: 7 additions & 7 deletions src/circuit/gadget/ecc/chip/mul_fixed.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use super::{
add, add_incomplete, util, witness_point, CellValue, EccConfig, EccPoint, EccScalarFixed,
EccScalarFixedShort,
add, add_incomplete, copy, witness_point, CellValue, EccConfig, EccPoint, EccScalarFixed,
EccScalarFixedShort, Var,
};
use crate::constants::{
self,
Expand Down Expand Up @@ -281,7 +281,7 @@ impl<C: CurveAffine, const NUM_WINDOWS: usize> Config<C, NUM_WINDOWS> {
) -> Result<(), Error> {
// Copy the scalar decomposition (`k`-bit windows)
for (window_idx, window) in scalar.windows().iter().enumerate() {
util::assign_and_constrain(
copy(
region,
|| format!("k[{:?}]", window),
self.window,
Expand Down Expand Up @@ -320,15 +320,15 @@ impl<C: CurveAffine, const NUM_WINDOWS: usize> Config<C, NUM_WINDOWS> {
}

// Copy `m0` into `x_qr`, `y_qr` cells on row 1
let x = util::assign_and_constrain(
let x = copy(
region,
|| "initialize acc x",
self.add_incomplete_config.x_qr,
offset + 1,
&m0.x,
&self.perm,
)?;
let y = util::assign_and_constrain(
let y = copy(
region,
|| "initialize acc y",
self.add_incomplete_config.y_qr,
Expand Down Expand Up @@ -465,7 +465,7 @@ impl<C: CurveAffine> ScalarFixed<C> {
self.windows()
.iter()
.map(|bits| {
bits.value
bits.value()
.map(|value| C::Scalar::from_bytes(&value.to_bytes()).unwrap())
})
.collect::<Vec<_>>()
Expand All @@ -477,7 +477,7 @@ impl<C: CurveAffine> ScalarFixed<C> {
fn windows_usize(&self) -> Vec<Option<usize>> {
self.windows()
.iter()
.map(|bits| bits.value.map(|value| value.to_bytes()[0] as usize))
.map(|bits| bits.value().map(|value| value.to_bytes()[0] as usize))
.collect::<Vec<_>>()
}
}
Loading

0 comments on commit 9c30463

Please sign in to comment.