make fix point mul general

bobanetwork · Sep 1, 2023 · 4a2f712 · 4a2f712
1 parent 01216a4
commit 4a2f712
Show file tree

Hide file tree

Showing 7 changed files with 203 additions and 159 deletions.
diff --git a/benches/dkg_benchmark.rs b/benches/dkg_benchmark.rs
@@ -107,7 +107,7 @@ mod dkg_benches {
             dkg_proof_verify::<5,9,18>,
     //        dkg_proof_verify::<11,21,19>,
     //        dkg_proof_verify::<22,43,20>,
-    //        dkg_proof_verify::<45,88,21>,
+    //        dkg_proof_verify::<45,89,21>,
     //        dkg_proof_verify::<89,177,22>,
     }
 }

diff --git a/benches/dvrf_benchmark.rs b/benches/dvrf_benchmark.rs
@@ -104,7 +104,7 @@ mod dvrf_benches {
             combine::<5,9>,
             combine::<11,21>,
             combine::<22,43>,
-            combine::<45,88>,
+            combine::<45,89>,
             combine::<89,177>,
             partial_verify,
             pseudo_random_verify,

diff --git a/src/base_field_chip.rs b/src/base_field_chip.rs
@@ -1,24 +1,38 @@
+mod bn256;
 mod fix_mul;
 
 use halo2_ecc::integer::IntegerInstructions;
 use halo2_ecc::{AssignedPoint, BaseFieldEccChip, EccConfig};
 use halo2_maingate::{AssignedCondition, MainGate};
+use halo2wrong::curves::ff::PrimeField;
 use halo2wrong::curves::CurveAffine;
 use halo2wrong::halo2::circuit::Layouter;
 use halo2wrong::halo2::plonk::Error as PlonkError;
 use halo2wrong::RegionCtx;
 
+#[derive(Default)]
+pub(crate) struct Selector<F: PrimeField>(Vec<AssignedCondition<F>>);
+
+pub(crate) struct Windowed<F: PrimeField>(Vec<Selector<F>>);
+
 // windowed fix point multiplication
-pub struct FixedPointChip<C: CurveAffine, const NUMBER_OF_LIMBS: usize, const BIT_LEN_LIMB: usize> {
+pub struct FixedPointChip<
+    C: CurveAffine + AuxGen,
+    const NUMBER_OF_LIMBS: usize,
+    const BIT_LEN_LIMB: usize,
+> {
     base_field_chip: BaseFieldEccChip<C, NUMBER_OF_LIMBS, BIT_LEN_LIMB>,
     assigned_fixed_point: Option<AssignedPoint<C::Base, C::Scalar, NUMBER_OF_LIMBS, BIT_LEN_LIMB>>,
     assigned_table:
         Option<Vec<Vec<AssignedPoint<C::Base, C::Scalar, NUMBER_OF_LIMBS, BIT_LEN_LIMB>>>>,
-    assigned_correction: Option<AssignedPoint<C::Base, C::Scalar, NUMBER_OF_LIMBS, BIT_LEN_LIMB>>,
     window_size: Option<usize>,
 }
 
-impl<C: CurveAffine, const NUMBER_OF_LIMBS: usize, const BIT_LEN_LIMB: usize>
+pub trait AuxGen {
+    fn aux_generator(bytes: &[u8]) -> Self;
+}
+
+impl<C: CurveAffine + AuxGen, const NUMBER_OF_LIMBS: usize, const BIT_LEN_LIMB: usize>
     FixedPointChip<C, NUMBER_OF_LIMBS, BIT_LEN_LIMB>
 {
     pub fn new(config: EccConfig) -> Self {
@@ -27,7 +41,6 @@ impl<C: CurveAffine, const NUMBER_OF_LIMBS: usize, const BIT_LEN_LIMB: usize>
             base_field_chip,
             assigned_fixed_point: None,
             assigned_table: None,
-            assigned_correction: None,
             window_size: None,
         }
     }
@@ -40,6 +53,15 @@ impl<C: CurveAffine, const NUMBER_OF_LIMBS: usize, const BIT_LEN_LIMB: usize>
         self.base_field_chip.main_gate()
     }
 
+    pub fn fixed_point(
+        &self,
+    ) -> Result<&AssignedPoint<C::Base, C::Scalar, NUMBER_OF_LIMBS, BIT_LEN_LIMB>, PlonkError> {
+        match &self.assigned_fixed_point {
+            Some(w) => Ok(w),
+            None => Err(PlonkError::Synthesis),
+        }
+    }
+
     pub fn expose_public(
         &self,
         mut layouter: impl Layouter<C::Scalar>,
@@ -86,27 +108,4 @@ impl<C: CurveAffine, const NUMBER_OF_LIMBS: usize, const BIT_LEN_LIMB: usize>
 
         Ok(p_0)
     }
-
-    // algorithm from https://github.com/privacy-scaling-explorations/halo2wrong/blob/v2023_04_20/ecc/src/base_field_ecc/mul.rs#L69
-    fn select_multi(
-        &self,
-        ctx: &mut RegionCtx<'_, C::Scalar>,
-        selector: &[AssignedCondition<C::Scalar>],
-        table: &[AssignedPoint<C::Base, C::Scalar, NUMBER_OF_LIMBS, BIT_LEN_LIMB>],
-    ) -> Result<AssignedPoint<C::Base, C::Scalar, NUMBER_OF_LIMBS, BIT_LEN_LIMB>, PlonkError> {
-        let number_of_points = table.len();
-        let number_of_selectors = selector.len();
-        assert_eq!(number_of_points, 1 << number_of_selectors);
-
-        let ecc_chip = self.base_field_chip();
-        let mut reducer = table.to_vec();
-        for (i, selector) in selector.iter().enumerate() {
-            let n = 1 << (number_of_selectors - 1 - i);
-            for j in 0..n {
-                let k = 2 * j;
-                reducer[j] = ecc_chip.select(ctx, selector, &reducer[k + 1], &reducer[k])?;
-            }
-        }
-        Ok(reducer[0].clone())
-    }
 }
diff --git a/src/base_field_chip/bn256.rs b/src/base_field_chip/bn256.rs
@@ -0,0 +1,47 @@
+use crate::base_field_chip::AuxGen;
+use crate::hash_to_curve_bn;
+use halo2wrong::curves::bn256::G1Affine;
+use halo2wrong::curves::group::Curve;
+
+impl AuxGen for G1Affine {
+    fn aux_generator(bytes: &[u8]) -> Self {
+        let hasher =
+            hash_to_curve_bn("auxiliary generator for windowed scalar multiplication on bn256");
+        let aux_generator = hasher(bytes).to_affine();
+        aux_generator
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::hash_to_curve_bn;
+    use ark_std::{end_timer, start_timer};
+    use halo2wrong::curves::bn256::{Bn256, Fq, Fr};
+    use halo2wrong::curves::CurveAffine;
+
+    const AUX_GENERATOR: G1Affine = G1Affine {
+        x: Fq::from_raw([
+            0xc552bb41dfa2ba0d,
+            0x691f7d5660b8fa62,
+            0xbee345f4407f92ee,
+            0x16097d51a463fa51,
+        ]),
+        y: Fq::from_raw([
+            0x5bed59dd2ef9fb53,
+            0xa0f30dda198abe8b,
+            0x82ba6900b8e98ee8,
+            0x1be3e56d90c3a2cb,
+        ]),
+    };
+
+    #[test]
+    fn test_bn_aux_generator() {
+        let hasher = hash_to_curve_bn("another generator for Bn256 curve");
+        let input = b"auxiliary generator reserved for scalar multiplication; please do not use it for anything else";
+        let h: G1Affine = hasher(input).to_affine();
+        assert!(bool::from(h.is_on_curve()));
+
+        assert_eq!(h, AUX_GENERATOR);
+    }
+}