diff --git a/rust-toolchain b/rust-toolchain index cb908525..7c7053aa 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -1.69.0 \ No newline at end of file +1.75.0 diff --git a/snark-verifier-sdk/Cargo.toml b/snark-verifier-sdk/Cargo.toml index 2f1ba1a3..c64d3031 100644 --- a/snark-verifier-sdk/Cargo.toml +++ b/snark-verifier-sdk/Cargo.toml @@ -20,12 +20,12 @@ ark-std = { version = "0.3.0", features = ["print-trace"], optional = true } snark-verifier = { path = "../snark-verifier", default-features = false } # system_halo2 -halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v2023_04_20" } # not optional for now -halo2curves = { git = 'https://github.com/privacy-scaling-explorations/halo2curves', tag = "0.3.2" } # must be same version as in halo2_proofs +halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0" } # not optional for now +halo2curves = "0.6.0" # loader_halo2 -halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc", optional = true } -poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2023_04_20", optional = true } +halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true } +poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2024_01_31", optional = true } # loader_evm ethereum-types = { version = "0.14", default-features = false, features = [ diff --git a/snark-verifier/Cargo.toml b/snark-verifier/Cargo.toml index 962a57e0..b0e47c1c 100644 --- a/snark-verifier/Cargo.toml +++ b/snark-verifier/Cargo.toml @@ -11,21 +11,21 @@ num-integer = "0.1.45" num-traits = "0.2.15" rand = "0.8" hex = "0.4" -halo2_curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "0.3.2", package = "halo2curves" } +halo2_curves = { version = "0.6.0", package = "halo2curves" } # parallel rayon = { version = "1.5.3", optional = true } # system_halo2 -halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v2023_04_20", optional = true } +halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0", optional = true } # loader_evm sha3 = { version = "0.10", optional = true } revm = { version = "3.5.0", optional = true, default-features = false } # loader_halo2 -halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc", optional = true } -poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2023_04_20", optional = true } +halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true } +poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2024_01_31", optional = true } # derive_serde serde = { version = "1.0", features = ["derive"], optional = true } @@ -35,7 +35,7 @@ rand_chacha = "0.3.1" paste = "1.0.7" # system_halo2 -halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc" } +halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc" } [features] default = ["loader_evm", "loader_halo2", "system_halo2"] diff --git a/snark-verifier/src/loader/evm/loader.rs b/snark-verifier/src/loader/evm/loader.rs index e3d82cf2..2abb27e3 100644 --- a/snark-verifier/src/loader/evm/loader.rs +++ b/snark-verifier/src/loader/evm/loader.rs @@ -837,7 +837,7 @@ impl> ScalarLoader for Rc { let initial_value = loader.push(products.first().unwrap()); let mut code = format!("let prod := {initial_value}\n"); - for (_, (value, product)) in values.iter().zip(products.iter()).skip(1).enumerate() { + for (value, product) in values.iter().zip(products.iter()).skip(1) { let v = loader.push(value); let ptr = product.ptr(); code.push_str( diff --git a/snark-verifier/src/loader/halo2/shim.rs b/snark-verifier/src/loader/halo2/shim.rs index 7a41f30a..91eb521e 100644 --- a/snark-verifier/src/loader/halo2/shim.rs +++ b/snark-verifier/src/loader/halo2/shim.rs @@ -272,10 +272,11 @@ mod halo2_wrong { )?; let acc = Value::known(*scalar) * lhs.value() * rhs.value() + Value::known(constant); - let output = values.iter().skip(1).fold( - Ok::<_, Error>(acc), - |acc, (scalar, lhs, rhs)| { - acc.and_then(|acc| { + let output = + values + .iter() + .skip(1) + .try_fold(acc, |acc, (scalar, lhs, rhs)| { self.apply( ctx, [ @@ -292,10 +293,10 @@ mod halo2_wrong { ) .into(), )?; - Ok(acc + Value::known(*scalar) * lhs.value() * rhs.value()) - }) - }, - )?; + Ok::<_, Error>( + acc + Value::known(*scalar) * lhs.value() * rhs.value(), + ) + })?; self.apply( ctx, [ @@ -419,10 +420,7 @@ mod halo2_wrong { Ok::<_, Error>((scalar.deref().clone(), self.assign_constant(ctx, *base)?)) }) .collect::, _>>()?; - let pairs = pairs - .iter() - .map(|(scalar, base)| (scalar, base)) - .collect_vec(); + let pairs = pairs.iter().map(|tup| (&tup.0, &tup.1)).collect_vec(); self.variable_base_msm(ctx, &pairs) } diff --git a/snark-verifier/src/pcs/kzg.rs b/snark-verifier/src/pcs/kzg.rs index 8f416ee3..cc8f5c98 100644 --- a/snark-verifier/src/pcs/kzg.rs +++ b/snark-verifier/src/pcs/kzg.rs @@ -1,8 +1,6 @@ //! [KZG]() //! polynomial commitment scheme and accumulation scheme. -use crate::util::arithmetic::CurveAffine; - mod accumulation; mod accumulator; mod decider; @@ -18,19 +16,19 @@ pub use accumulator::LimbsEncodingInstructions; /// KZG succinct verifying key. #[derive(Clone, Copy, Debug)] -pub struct KzgSuccinctVerifyingKey { +pub struct KzgSuccinctVerifyingKey { /// Generator. pub g: C, } -impl KzgSuccinctVerifyingKey { +impl KzgSuccinctVerifyingKey { /// Initialize a [`KzgSuccinctVerifyingKey`]. pub fn new(g: C) -> Self { Self { g } } } -impl From for KzgSuccinctVerifyingKey { +impl From for KzgSuccinctVerifyingKey { fn from(g: C) -> KzgSuccinctVerifyingKey { KzgSuccinctVerifyingKey::new(g) } diff --git a/snark-verifier/src/pcs/kzg/accumulation.rs b/snark-verifier/src/pcs/kzg/accumulation.rs index 5139d49e..54a4176d 100644 --- a/snark-verifier/src/pcs/kzg/accumulation.rs +++ b/snark-verifier/src/pcs/kzg/accumulation.rs @@ -2,7 +2,7 @@ use crate::{ loader::{native::NativeLoader, LoadedScalar, Loader}, pcs::{kzg::KzgAccumulator, AccumulationScheme, AccumulationSchemeProver}, util::{ - arithmetic::{Curve, CurveAffine, Field, MultiMillerLoop, PrimeField}, + arithmetic::{Curve, CurveAffine, Field, MultiMillerLoop}, msm::Msm, transcript::{TranscriptRead, TranscriptWrite}, }, @@ -19,7 +19,7 @@ pub struct KzgAs(PhantomData<(M, MOS)>); impl AccumulationScheme for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, L: Loader, MOS: Clone + Debug, { @@ -46,7 +46,7 @@ where let (lhs, rhs) = instances .iter() .map(|accumulator| (&accumulator.lhs, &accumulator.rhs)) - .chain(proof.blind.as_ref().map(|(lhs, rhs)| (lhs, rhs))) + .chain(proof.blind.as_ref().map(|tup| (&tup.0, &tup.1))) .unzip::<_, _, Vec<_>, Vec<_>>(); let powers_of_r = proof.r.powers(lhs.len()); @@ -140,7 +140,7 @@ where impl AccumulationSchemeProver for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, MOS: Clone + Debug, { type ProvingKey = KzgAsProvingKey; @@ -165,7 +165,7 @@ where let blind = pk .zk() .then(|| { - let s = M::Scalar::random(rng); + let s = M::Fr::random(rng); let (g, s_g) = pk.0.unwrap(); let lhs = (s_g * s).to_affine(); let rhs = (g * s).to_affine(); diff --git a/snark-verifier/src/pcs/kzg/decider.rs b/snark-verifier/src/pcs/kzg/decider.rs index eb7e84a7..73578f05 100644 --- a/snark-verifier/src/pcs/kzg/decider.rs +++ b/snark-verifier/src/pcs/kzg/decider.rs @@ -42,6 +42,9 @@ impl AsRef> for KzgDeci } mod native { + + use halo2_curves::CurveAffine; + use crate::{ loader::native::NativeLoader, pcs::{ @@ -49,7 +52,7 @@ mod native { AccumulationDecider, }, util::{ - arithmetic::{Group, MillerLoopResult, MultiMillerLoop, PrimeField}, + arithmetic::{Group, MillerLoopResult, MultiMillerLoop}, Itertools, }, Error, @@ -59,7 +62,7 @@ mod native { impl AccumulationDecider for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, MOS: Clone + Debug, { type DecidingKey = KzgDecidingKey; @@ -113,7 +116,9 @@ mod evm { impl AccumulationDecider> for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::Fr: PrimeField, + M::G1Affine: CurveAffine, + M::G2Affine: CurveAffine, MOS: Clone + Debug, { type DecidingKey = KzgDecidingKey; @@ -162,7 +167,7 @@ mod evm { loader.code_mut().runtime_append(code); let challenge = loader.scalar(Value::Memory(challenge_ptr)); - let powers_of_challenge = LoadedScalar::::powers(&challenge, lhs.len()); + let powers_of_challenge = LoadedScalar::::powers(&challenge, lhs.len()); let [lhs, rhs] = [lhs, rhs].map(|msms| { msms.iter() .zip(powers_of_challenge.iter()) diff --git a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs index cbfa0000..0321d4ad 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs @@ -1,3 +1,5 @@ +use halo2_curves::ff::PrimeField; + use crate::{ cost::{Cost, CostEstimation}, loader::{LoadedScalar, Loader, ScalarLoader}, @@ -6,7 +8,7 @@ use crate::{ PolynomialCommitmentScheme, Query, }, util::{ - arithmetic::{CurveAffine, Fraction, MultiMillerLoop, PrimeField}, + arithmetic::{CurveAffine, Fraction, MultiMillerLoop}, msm::Msm, transcript::TranscriptRead, Itertools, @@ -27,7 +29,8 @@ pub struct Bdfg21; impl PolynomialCommitmentScheme for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField + Ord, + M::Fr: Ord, + M::G1Affine: CurveAffine, L: Loader, { type VerifyingKey = KzgSuccinctVerifyingKey; @@ -36,7 +39,7 @@ where fn read_proof( _: &KzgSuccinctVerifyingKey, - _: &[Query], + _: &[Query], transcript: &mut T, ) -> Result, Error> where @@ -49,7 +52,7 @@ where svk: &KzgSuccinctVerifyingKey, commitments: &[Msm], z: &L::LoadedScalar, - queries: &[Query], + queries: &[Query], proof: &Bdfg21Proof, ) -> Result { let sets = query_sets(queries); @@ -64,7 +67,7 @@ where .zip(coeffs.iter()) .map(|(set, coeff)| set.msm(coeff, commitments, &powers_of_mu)); - msms.zip(proof.gamma.powers(sets.len()).into_iter()) + msms.zip(proof.gamma.powers(sets.len())) .map(|(msm, power_of_gamma)| msm * &power_of_gamma) .sum::>() - Msm::base(&proof.w) * &coeffs[0].z_s @@ -370,11 +373,10 @@ where impl CostEstimation for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, { - type Input = Vec>; + type Input = Vec>; - fn estimate_cost(_: &Vec>) -> Cost { + fn estimate_cost(_: &Vec>) -> Cost { Cost { num_commitment: 2, num_msm: 2, diff --git a/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs b/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs index b664d536..54cf8b3a 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs @@ -23,7 +23,8 @@ pub struct Gwc19; impl PolynomialCommitmentScheme for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::Fr: Ord, + M::G1Affine: CurveAffine, L: Loader, { type VerifyingKey = KzgSuccinctVerifyingKey; @@ -32,7 +33,7 @@ where fn read_proof( _: &Self::VerifyingKey, - queries: &[Query], + queries: &[Query], transcript: &mut T, ) -> Result where @@ -45,7 +46,7 @@ where svk: &Self::VerifyingKey, commitments: &[Msm], z: &L::LoadedScalar, - queries: &[Query], + queries: &[Query], proof: &Self::Proof, ) -> Result { let sets = query_sets(queries); @@ -161,11 +162,10 @@ where impl CostEstimation for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, { - type Input = Vec>; + type Input = Vec>; - fn estimate_cost(queries: &Vec>) -> Cost { + fn estimate_cost(queries: &Vec>) -> Cost { let num_w = query_sets(queries).len(); Cost { num_commitment: num_w, diff --git a/snark-verifier/src/system/halo2/test/kzg.rs b/snark-verifier/src/system/halo2/test/kzg.rs index 107af76e..2446a749 100644 --- a/snark-verifier/src/system/halo2/test/kzg.rs +++ b/snark-verifier/src/system/halo2/test/kzg.rs @@ -1,8 +1,8 @@ use crate::{ system::halo2::test::{read_or_create_srs, MainGateWithRange}, - util::arithmetic::{fe_to_limbs, CurveAffine, MultiMillerLoop, PrimeField}, + util::arithmetic::{fe_to_limbs, CurveAffine, MultiMillerLoop}, }; -use halo2_curves::serde::SerdeObject; +use halo2_curves::{serde::SerdeObject, CurveExt}; use halo2_proofs::poly::{commitment::ParamsProver, kzg::commitment::ParamsKZG}; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; @@ -21,17 +21,18 @@ pub const BITS: usize = 68; pub fn setup(k: u32) -> ParamsKZG where - M::Scalar: PrimeField, + M::G1Affine: SerdeObject + CurveAffine, + M::G1: CurveExt, { ParamsKZG::::setup(k, ChaCha20Rng::from_seed(Default::default())) } pub fn main_gate_with_range_with_mock_kzg_accumulator( -) -> MainGateWithRange +) -> MainGateWithRange where - M::Scalar: PrimeField, - M::G1Affine: SerdeObject, - M::G2Affine: SerdeObject, + M::G2Affine: CurveAffine + SerdeObject, + M::G1Affine: CurveAffine + SerdeObject, + M::G1: CurveExt, { let srs = read_or_create_srs(TESTDATA_DIR, 1, setup::); let [g1, s_g1] = [srs.get_g()[0], srs.get_g()[1]].map(|point| point.coordinates().unwrap()); diff --git a/snark-verifier/src/util/msm.rs b/snark-verifier/src/util/msm.rs index f68ce6f4..777f8c65 100644 --- a/snark-verifier/src/util/msm.rs +++ b/snark-verifier/src/util/msm.rs @@ -92,7 +92,7 @@ where .as_ref() .map(|constant| (constant, gen.as_ref().unwrap())), ) - .chain(self.scalars.iter().zip(self.bases.into_iter())) + .chain(self.scalars.iter().zip(self.bases)) .collect_vec(); L::multi_scalar_multiplication(&pairs) }