upgrade dependency (#59)

* wip: upgrade dependency

* chores: clippy

* chores: trait bound using where clause

* chores: clippy

* cleanup trait bound

* remove halo2curve patch

* simplify trait bound

rust-toolchain

@@ -1 +1 @@
-1.69.0
+1.75.0

snark-verifier-sdk/Cargo.toml

@@ -20,12 +20,12 @@ ark-std = { version = "0.3.0", features = ["print-trace"], optional = true }
 snark-verifier = { path = "../snark-verifier", default-features = false }
 
 # system_halo2
-halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v2023_04_20" } # not optional for now
-halo2curves = { git = 'https://github.com/privacy-scaling-explorations/halo2curves', tag = "0.3.2" }  # must be same version as in halo2_proofs
+halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0" } # not optional for now
+halo2curves = "0.6.0"
 
 # loader_halo2
-halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc", optional = true }
-poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2023_04_20", optional = true }
+halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true }
+poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2024_01_31", optional = true }
 
 # loader_evm
 ethereum-types = { version = "0.14", default-features = false, features = [

snark-verifier/Cargo.toml

@@ -11,21 +11,21 @@ num-integer = "0.1.45"
 num-traits = "0.2.15"
 rand = "0.8"
 hex = "0.4"
-halo2_curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "0.3.2", package = "halo2curves" }
+halo2_curves = { version = "0.6.0", package = "halo2curves" }
 
 # parallel
 rayon = { version = "1.5.3", optional = true }
 
 # system_halo2
-halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v2023_04_20", optional = true }
+halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0", optional = true }
 
 # loader_evm
 sha3 = { version = "0.10", optional = true }
 revm = { version = "3.5.0", optional = true,   default-features = false }
 
 # loader_halo2
-halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc", optional = true }
-poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2023_04_20", optional = true }
+halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true }
+poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2024_01_31", optional = true }
 
 # derive_serde
 serde = { version = "1.0", features = ["derive"], optional = true }
@@ -35,7 +35,7 @@ rand_chacha = "0.3.1"
 paste = "1.0.7"
 
 # system_halo2
-halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc" }
+halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc" }
 
 [features]
 default = ["loader_evm", "loader_halo2", "system_halo2"]

snark-verifier/src/loader/evm/loader.rs

@@ -837,7 +837,7 @@ impl<F: PrimeField<Repr = [u8; 0x20]>> ScalarLoader<F> for Rc<EvmLoader> {
 
         let initial_value = loader.push(products.first().unwrap());
         let mut code = format!("let prod := {initial_value}\n");
-        for (_, (value, product)) in values.iter().zip(products.iter()).skip(1).enumerate() {
+        for (value, product) in values.iter().zip(products.iter()).skip(1) {
             let v = loader.push(value);
             let ptr = product.ptr();
             code.push_str(

snark-verifier/src/loader/halo2/shim.rs

@@ -272,10 +272,11 @@ mod halo2_wrong {
                     )?;
                     let acc =
                         Value::known(*scalar) * lhs.value() * rhs.value() + Value::known(constant);
-                    let output = values.iter().skip(1).fold(
-                        Ok::<_, Error>(acc),
-                        |acc, (scalar, lhs, rhs)| {
-                            acc.and_then(|acc| {
+                    let output =
+                        values
+                            .iter()
+                            .skip(1)
+                            .try_fold(acc, |acc, (scalar, lhs, rhs)| {
                                 self.apply(
                                     ctx,
                                     [
@@ -292,10 +293,10 @@ mod halo2_wrong {
                                     )
                                     .into(),
                                 )?;
-                                Ok(acc + Value::known(*scalar) * lhs.value() * rhs.value())
-                            })
-                        },
-                    )?;
+                                Ok::<_, Error>(
+                                    acc + Value::known(*scalar) * lhs.value() * rhs.value(),
+                                )
+                            })?;
                     self.apply(
                         ctx,
                         [
@@ -419,10 +420,7 @@ mod halo2_wrong {
                     Ok::<_, Error>((scalar.deref().clone(), self.assign_constant(ctx, *base)?))
                 })
                 .collect::<Result<Vec<_>, _>>()?;
-            let pairs = pairs
-                .iter()
-                .map(|(scalar, base)| (scalar, base))
-                .collect_vec();
+            let pairs = pairs.iter().map(|tup| (&tup.0, &tup.1)).collect_vec();
             self.variable_base_msm(ctx, &pairs)
         }
 

snark-verifier/src/pcs/kzg.rs

@@ -1,8 +1,6 @@
 //! [KZG](<https://www.iacr.org/archive/asiacrypt2010/6477178/6477178.pdf>)
 //! polynomial commitment scheme and accumulation scheme.
 
-use crate::util::arithmetic::CurveAffine;
-
 mod accumulation;
 mod accumulator;
 mod decider;
@@ -18,19 +16,19 @@ pub use accumulator::LimbsEncodingInstructions;
 
 /// KZG succinct verifying key.
 #[derive(Clone, Copy, Debug)]
-pub struct KzgSuccinctVerifyingKey<C: CurveAffine> {
+pub struct KzgSuccinctVerifyingKey<C> {
     /// Generator.
     pub g: C,
 }
 
-impl<C: CurveAffine> KzgSuccinctVerifyingKey<C> {
+impl<C> KzgSuccinctVerifyingKey<C> {
     /// Initialize a [`KzgSuccinctVerifyingKey`].
     pub fn new(g: C) -> Self {
         Self { g }
     }
 }
 
-impl<C: CurveAffine> From<C> for KzgSuccinctVerifyingKey<C> {
+impl<C> From<C> for KzgSuccinctVerifyingKey<C> {
     fn from(g: C) -> KzgSuccinctVerifyingKey<C> {
         KzgSuccinctVerifyingKey::new(g)
     }

snark-verifier/src/pcs/kzg/accumulation.rs

@@ -2,7 +2,7 @@ use crate::{
     loader::{native::NativeLoader, LoadedScalar, Loader},
     pcs::{kzg::KzgAccumulator, AccumulationScheme, AccumulationSchemeProver},
     util::{
-        arithmetic::{Curve, CurveAffine, Field, MultiMillerLoop, PrimeField},
+        arithmetic::{Curve, CurveAffine, Field, MultiMillerLoop},
         msm::Msm,
         transcript::{TranscriptRead, TranscriptWrite},
     },
@@ -19,7 +19,7 @@ pub struct KzgAs<M, MOS>(PhantomData<(M, MOS)>);
 impl<M, L, MOS> AccumulationScheme<M::G1Affine, L> for KzgAs<M, MOS>
 where
     M: MultiMillerLoop,
-    M::Scalar: PrimeField,
+    M::G1Affine: CurveAffine,
     L: Loader<M::G1Affine>,
     MOS: Clone + Debug,
 {
@@ -46,7 +46,7 @@ where
         let (lhs, rhs) = instances
             .iter()
             .map(|accumulator| (&accumulator.lhs, &accumulator.rhs))
-            .chain(proof.blind.as_ref().map(|(lhs, rhs)| (lhs, rhs)))
+            .chain(proof.blind.as_ref().map(|tup| (&tup.0, &tup.1)))
             .unzip::<_, _, Vec<_>, Vec<_>>();
 
         let powers_of_r = proof.r.powers(lhs.len());
@@ -140,7 +140,7 @@ where
 impl<M, MOS> AccumulationSchemeProver<M::G1Affine> for KzgAs<M, MOS>
 where
     M: MultiMillerLoop,
-    M::Scalar: PrimeField,
+    M::G1Affine: CurveAffine,
     MOS: Clone + Debug,
 {
     type ProvingKey = KzgAsProvingKey<M::G1Affine>;
@@ -165,7 +165,7 @@ where
         let blind = pk
             .zk()
             .then(|| {
-                let s = M::Scalar::random(rng);
+                let s = M::Fr::random(rng);
                 let (g, s_g) = pk.0.unwrap();
                 let lhs = (s_g * s).to_affine();
                 let rhs = (g * s).to_affine();

snark-verifier/src/pcs/kzg/decider.rs

@@ -42,14 +42,17 @@ impl<M: MultiMillerLoop> AsRef<KzgSuccinctVerifyingKey<M::G1Affine>> for KzgDeci
 }
 
 mod native {
+
+    use halo2_curves::CurveAffine;
+
     use crate::{
         loader::native::NativeLoader,
         pcs::{
             kzg::{KzgAccumulator, KzgAs, KzgDecidingKey},
             AccumulationDecider,
         },
         util::{
-            arithmetic::{Group, MillerLoopResult, MultiMillerLoop, PrimeField},
+            arithmetic::{Group, MillerLoopResult, MultiMillerLoop},
             Itertools,
         },
         Error,
@@ -59,7 +62,7 @@ mod native {
     impl<M, MOS> AccumulationDecider<M::G1Affine, NativeLoader> for KzgAs<M, MOS>
     where
         M: MultiMillerLoop,
-        M::Scalar: PrimeField,
+        M::G1Affine: CurveAffine,
         MOS: Clone + Debug,
     {
         type DecidingKey = KzgDecidingKey<M>;
@@ -113,7 +116,9 @@ mod evm {
     impl<M, MOS> AccumulationDecider<M::G1Affine, Rc<EvmLoader>> for KzgAs<M, MOS>
     where
         M: MultiMillerLoop,
-        M::Scalar: PrimeField<Repr = [u8; 0x20]>,
+        M::Fr: PrimeField<Repr = [u8; 0x20]>,
+        M::G1Affine: CurveAffine<ScalarExt = M::Fr>,
+        M::G2Affine: CurveAffine,
         MOS: Clone + Debug,
     {
         type DecidingKey = KzgDecidingKey<M>;
@@ -162,7 +167,7 @@ mod evm {
                 loader.code_mut().runtime_append(code);
                 let challenge = loader.scalar(Value::Memory(challenge_ptr));
 
-                let powers_of_challenge = LoadedScalar::<M::Scalar>::powers(&challenge, lhs.len());
+                let powers_of_challenge = LoadedScalar::<M::Fr>::powers(&challenge, lhs.len());
                 let [lhs, rhs] = [lhs, rhs].map(|msms| {
                     msms.iter()
                         .zip(powers_of_challenge.iter())

snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs

@@ -1,3 +1,5 @@
+use halo2_curves::ff::PrimeField;
+
 use crate::{
     cost::{Cost, CostEstimation},
     loader::{LoadedScalar, Loader, ScalarLoader},
@@ -6,7 +8,7 @@ use crate::{
         PolynomialCommitmentScheme, Query,
     },
     util::{
-        arithmetic::{CurveAffine, Fraction, MultiMillerLoop, PrimeField},
+        arithmetic::{CurveAffine, Fraction, MultiMillerLoop},
         msm::Msm,
         transcript::TranscriptRead,
         Itertools,
@@ -27,7 +29,8 @@ pub struct Bdfg21;
 impl<M, L> PolynomialCommitmentScheme<M::G1Affine, L> for KzgAs<M, Bdfg21>
 where
     M: MultiMillerLoop,
-    M::Scalar: PrimeField + Ord,
+    M::Fr: Ord,
+    M::G1Affine: CurveAffine<ScalarExt = M::Fr>,
     L: Loader<M::G1Affine>,
 {
     type VerifyingKey = KzgSuccinctVerifyingKey<M::G1Affine>;
@@ -36,7 +39,7 @@ where
 
     fn read_proof<T>(
         _: &KzgSuccinctVerifyingKey<M::G1Affine>,
-        _: &[Query<M::Scalar>],
+        _: &[Query<M::Fr>],
         transcript: &mut T,
     ) -> Result<Bdfg21Proof<M::G1Affine, L>, Error>
     where
@@ -49,7 +52,7 @@ where
         svk: &KzgSuccinctVerifyingKey<M::G1Affine>,
         commitments: &[Msm<M::G1Affine, L>],
         z: &L::LoadedScalar,
-        queries: &[Query<M::Scalar, L::LoadedScalar>],
+        queries: &[Query<M::Fr, L::LoadedScalar>],
         proof: &Bdfg21Proof<M::G1Affine, L>,
     ) -> Result<Self::Output, Error> {
         let sets = query_sets(queries);
@@ -64,7 +67,7 @@ where
                 .zip(coeffs.iter())
                 .map(|(set, coeff)| set.msm(coeff, commitments, &powers_of_mu));
 
-            msms.zip(proof.gamma.powers(sets.len()).into_iter())
+            msms.zip(proof.gamma.powers(sets.len()))
                 .map(|(msm, power_of_gamma)| msm * &power_of_gamma)
                 .sum::<Msm<_, _>>()
                 - Msm::base(&proof.w) * &coeffs[0].z_s
@@ -370,11 +373,10 @@ where
 impl<M> CostEstimation<M::G1Affine> for KzgAs<M, Bdfg21>
 where
     M: MultiMillerLoop,
-    M::Scalar: PrimeField,
 {
-    type Input = Vec<Query<M::Scalar>>;
+    type Input = Vec<Query<M::Fr>>;
 
-    fn estimate_cost(_: &Vec<Query<M::Scalar>>) -> Cost {
+    fn estimate_cost(_: &Vec<Query<M::Fr>>) -> Cost {
         Cost {
             num_commitment: 2,
             num_msm: 2,

snark-verifier/src/pcs/kzg/multiopen/gwc19.rs

@@ -23,7 +23,8 @@ pub struct Gwc19;
 impl<M, L> PolynomialCommitmentScheme<M::G1Affine, L> for KzgAs<M, Gwc19>
 where
     M: MultiMillerLoop,
-    M::Scalar: PrimeField,
+    M::Fr: Ord,
+    M::G1Affine: CurveAffine<ScalarExt = M::Fr>,
     L: Loader<M::G1Affine>,
 {
     type VerifyingKey = KzgSuccinctVerifyingKey<M::G1Affine>;
@@ -32,7 +33,7 @@ where
 
     fn read_proof<T>(
         _: &Self::VerifyingKey,
-        queries: &[Query<M::Scalar>],
+        queries: &[Query<M::Fr>],
         transcript: &mut T,
     ) -> Result<Self::Proof, Error>
     where
@@ -45,7 +46,7 @@ where
         svk: &Self::VerifyingKey,
         commitments: &[Msm<M::G1Affine, L>],
         z: &L::LoadedScalar,
-        queries: &[Query<M::Scalar, L::LoadedScalar>],
+        queries: &[Query<M::Fr, L::LoadedScalar>],
         proof: &Self::Proof,
     ) -> Result<Self::Output, Error> {
         let sets = query_sets(queries);
@@ -161,11 +162,10 @@ where
 impl<M> CostEstimation<M::G1Affine> for KzgAs<M, Gwc19>
 where
     M: MultiMillerLoop,
-    M::Scalar: PrimeField,
 {
-    type Input = Vec<Query<M::Scalar>>;
+    type Input = Vec<Query<M::Fr>>;
 
-    fn estimate_cost(queries: &Vec<Query<M::Scalar>>) -> Cost {
+    fn estimate_cost(queries: &Vec<Query<M::Fr>>) -> Cost {
         let num_w = query_sets(queries).len();
         Cost {
             num_commitment: num_w,

snark-verifier/src/system/halo2/test/kzg.rs

@@ -1,8 +1,8 @@
 use crate::{
     system::halo2::test::{read_or_create_srs, MainGateWithRange},
-    util::arithmetic::{fe_to_limbs, CurveAffine, MultiMillerLoop, PrimeField},
+    util::arithmetic::{fe_to_limbs, CurveAffine, MultiMillerLoop},
 };
-use halo2_curves::serde::SerdeObject;
+use halo2_curves::{serde::SerdeObject, CurveExt};
 use halo2_proofs::poly::{commitment::ParamsProver, kzg::commitment::ParamsKZG};
 use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng};
 
@@ -21,17 +21,18 @@ pub const BITS: usize = 68;
 
 pub fn setup<M: MultiMillerLoop>(k: u32) -> ParamsKZG<M>
 where
-    M::Scalar: PrimeField,
+    M::G1Affine: SerdeObject + CurveAffine,
+    M::G1: CurveExt<AffineExt = M::G1Affine>,
 {
     ParamsKZG::<M>::setup(k, ChaCha20Rng::from_seed(Default::default()))
 }
 
 pub fn main_gate_with_range_with_mock_kzg_accumulator<M: MultiMillerLoop>(
-) -> MainGateWithRange<M::Scalar>
+) -> MainGateWithRange<M::Fr>
 where
-    M::Scalar: PrimeField,
-    M::G1Affine: SerdeObject,
-    M::G2Affine: SerdeObject,
+    M::G2Affine: CurveAffine + SerdeObject,
+    M::G1Affine: CurveAffine<CurveExt = M::G1, ScalarExt = M::Fr> + SerdeObject,
+    M::G1: CurveExt<AffineExt = M::G1Affine>,
 {
     let srs = read_or_create_srs(TESTDATA_DIR, 1, setup::<M>);
     let [g1, s_g1] = [srs.get_g()[0], srs.get_g()[1]].map(|point| point.coordinates().unwrap());

snark-verifier/src/util/msm.rs

@@ -92,7 +92,7 @@ where
                     .as_ref()
                     .map(|constant| (constant, gen.as_ref().unwrap())),
             )
-            .chain(self.scalars.iter().zip(self.bases.into_iter()))
+            .chain(self.scalars.iter().zip(self.bases))
             .collect_vec();
         L::multi_scalar_multiplication(&pairs)
     }