diff --git a/Cargo.toml b/Cargo.toml index 31bbef5c..24af7417 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,3 +3,10 @@ members = [ "snark-verifier", "snark-verifier-sdk" ] + +[patch.crates-io] +halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v0.3.0" } +halo2curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "v0.6.0" } + +[patch."https://github.com/privacy-scaling-explorations/halo2wrong"] +halo2_wrong_ecc = { git = "https://www.github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true} diff --git a/rust-toolchain b/rust-toolchain index cb908525..7c7053aa 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -1.69.0 \ No newline at end of file +1.75.0 diff --git a/snark-verifier-sdk/Cargo.toml b/snark-verifier-sdk/Cargo.toml index 2f1ba1a3..a51fb46e 100644 --- a/snark-verifier-sdk/Cargo.toml +++ b/snark-verifier-sdk/Cargo.toml @@ -20,11 +20,11 @@ ark-std = { version = "0.3.0", features = ["print-trace"], optional = true } snark-verifier = { path = "../snark-verifier", default-features = false } # system_halo2 -halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v2023_04_20" } # not optional for now -halo2curves = { git = 'https://github.com/privacy-scaling-explorations/halo2curves', tag = "0.3.2" } # must be same version as in halo2_proofs +halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0" } # not optional for now +halo2curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "v0.6.0" } # loader_halo2 -halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc", optional = true } +halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true } poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2023_04_20", optional = true } # loader_evm diff --git a/snark-verifier-sdk/src/evm.rs b/snark-verifier-sdk/src/evm.rs index 8cb703ce..3ec21ff0 100644 --- a/snark-verifier-sdk/src/evm.rs +++ b/snark-verifier-sdk/src/evm.rs @@ -18,6 +18,7 @@ use halo2_proofs::{ }, transcript::{TranscriptReadBuffer, TranscriptWriterBuffer}, }; +use halo2curves::pairing::Engine; use itertools::Itertools; use rand::{rngs::StdRng, SeedableRng}; pub use snark_verifier::loader::evm::encode_calldata; @@ -127,7 +128,11 @@ where Rc, VerifyingKey = KzgAsVerifyingKey, Accumulator = KzgAccumulator>, - > + AccumulationDecider, DecidingKey = KzgDecidingKey>, + > + AccumulationDecider< + G1Affine, + Rc, + DecidingKey = KzgDecidingKey::G1Affine>, + >, { let protocol = compile( params, diff --git a/snark-verifier/Cargo.toml b/snark-verifier/Cargo.toml index 962a57e0..26cc9734 100644 --- a/snark-verifier/Cargo.toml +++ b/snark-verifier/Cargo.toml @@ -11,20 +11,20 @@ num-integer = "0.1.45" num-traits = "0.2.15" rand = "0.8" hex = "0.4" -halo2_curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "0.3.2", package = "halo2curves" } +halo2_curves = { git = "https://github.com/privacy-scaling-explorations/halo2curves", tag = "v0.6.0", package = "halo2curves" } # parallel rayon = { version = "1.5.3", optional = true } # system_halo2 -halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v2023_04_20", optional = true } +halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0", optional = true } # loader_evm sha3 = { version = "0.10", optional = true } revm = { version = "3.5.0", optional = true, default-features = false } # loader_halo2 -halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc", optional = true } +halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc", optional = true } poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon", tag = "v2023_04_20", optional = true } # derive_serde @@ -35,7 +35,7 @@ rand_chacha = "0.3.1" paste = "1.0.7" # system_halo2 -halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_04_20", package = "ecc" } +halo2_wrong_ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2024_01_31", package = "ecc" } [features] default = ["loader_evm", "loader_halo2", "system_halo2"] diff --git a/snark-verifier/src/pcs/kzg/accumulation.rs b/snark-verifier/src/pcs/kzg/accumulation.rs index 5139d49e..1f9bbb9f 100644 --- a/snark-verifier/src/pcs/kzg/accumulation.rs +++ b/snark-verifier/src/pcs/kzg/accumulation.rs @@ -19,7 +19,8 @@ pub struct KzgAs(PhantomData<(M, MOS)>); impl AccumulationScheme for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, + M::Fr: PrimeField, L: Loader, MOS: Clone + Debug, { @@ -140,7 +141,8 @@ where impl AccumulationSchemeProver for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, + M::Fr: PrimeField, MOS: Clone + Debug, { type ProvingKey = KzgAsProvingKey; @@ -165,7 +167,7 @@ where let blind = pk .zk() .then(|| { - let s = M::Scalar::random(rng); + let s = M::Fr::random(rng); let (g, s_g) = pk.0.unwrap(); let lhs = (s_g * s).to_affine(); let rhs = (g * s).to_affine(); diff --git a/snark-verifier/src/pcs/kzg/decider.rs b/snark-verifier/src/pcs/kzg/decider.rs index eb7e84a7..dbdb4172 100644 --- a/snark-verifier/src/pcs/kzg/decider.rs +++ b/snark-verifier/src/pcs/kzg/decider.rs @@ -1,11 +1,13 @@ +use halo2_curves::CurveAffine; + use crate::{pcs::kzg::KzgSuccinctVerifyingKey, util::arithmetic::MultiMillerLoop}; use std::marker::PhantomData; /// KZG deciding key. #[derive(Debug, Clone, Copy)] -pub struct KzgDecidingKey { +pub struct KzgDecidingKey { /// KZG succinct verifying key. - pub svk: KzgSuccinctVerifyingKey, + pub svk: KzgSuccinctVerifyingKey, /// Generator on G2. pub g2: M::G2Affine, /// Generator to the trusted-setup secret on G2. @@ -13,7 +15,11 @@ pub struct KzgDecidingKey { _marker: PhantomData, } -impl KzgDecidingKey { +impl> KzgDecidingKey +where + M::G1Affine: CurveAffine, + M::G2Affine: CurveAffine, +{ /// Initialize a [`KzgDecidingKey`] pub fn new( svk: impl Into>, @@ -29,19 +35,29 @@ impl KzgDecidingKey { } } -impl From<(M::G1Affine, M::G2Affine, M::G2Affine)> for KzgDecidingKey { - fn from((g1, g2, s_g2): (M::G1Affine, M::G2Affine, M::G2Affine)) -> KzgDecidingKey { +impl> From<(M::G1Affine, M::G2Affine, M::G2Affine)> + for KzgDecidingKey +where + M::G1Affine: CurveAffine, + M::G2Affine: CurveAffine, +{ + fn from((g1, g2, s_g2): (M::G1Affine, M::G2Affine, M::G2Affine)) -> KzgDecidingKey { KzgDecidingKey::new(g1, g2, s_g2) } } -impl AsRef> for KzgDecidingKey { +impl> AsRef> + for KzgDecidingKey +{ fn as_ref(&self) -> &KzgSuccinctVerifyingKey { &self.svk } } mod native { + + use halo2_curves::CurveAffine; + use crate::{ loader::native::NativeLoader, pcs::{ @@ -59,10 +75,11 @@ mod native { impl AccumulationDecider for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, + M::Fr: PrimeField, MOS: Clone + Debug, { - type DecidingKey = KzgDecidingKey; + type DecidingKey = KzgDecidingKey; fn decide( dk: &Self::DecidingKey, @@ -113,10 +130,12 @@ mod evm { impl AccumulationDecider> for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, + M::G2Affine: CurveAffine, + ::ScalarExt: PrimeField, MOS: Clone + Debug, { - type DecidingKey = KzgDecidingKey; + type DecidingKey = KzgDecidingKey; fn decide( dk: &Self::DecidingKey, @@ -162,7 +181,11 @@ mod evm { loader.code_mut().runtime_append(code); let challenge = loader.scalar(Value::Memory(challenge_ptr)); - let powers_of_challenge = LoadedScalar::::powers(&challenge, lhs.len()); + let powers_of_challenge = + LoadedScalar::<::ScalarExt>::powers( + &challenge, + lhs.len(), + ); let [lhs, rhs] = [lhs, rhs].map(|msms| { msms.iter() .zip(powers_of_challenge.iter()) diff --git a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs index cbfa0000..f3ab7547 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/bdfg21.rs @@ -1,3 +1,5 @@ +use halo2_curves::group::prime::PrimeCurveAffine; + use crate::{ cost::{Cost, CostEstimation}, loader::{LoadedScalar, Loader, ScalarLoader}, @@ -27,7 +29,8 @@ pub struct Bdfg21; impl PolynomialCommitmentScheme for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField + Ord, + M::G1Affine: CurveAffine, + M::Fr: PrimeField + Ord, L: Loader, { type VerifyingKey = KzgSuccinctVerifyingKey; @@ -36,7 +39,7 @@ where fn read_proof( _: &KzgSuccinctVerifyingKey, - _: &[Query], + _: &[Query<::Scalar>], transcript: &mut T, ) -> Result, Error> where @@ -49,7 +52,7 @@ where svk: &KzgSuccinctVerifyingKey, commitments: &[Msm], z: &L::LoadedScalar, - queries: &[Query], + queries: &[Query<::Scalar, L::LoadedScalar>], proof: &Bdfg21Proof, ) -> Result { let sets = query_sets(queries); @@ -370,11 +373,11 @@ where impl CostEstimation for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::Fr: PrimeField, { - type Input = Vec>; + type Input = Vec>; - fn estimate_cost(_: &Vec>) -> Cost { + fn estimate_cost(_: &Vec>) -> Cost { Cost { num_commitment: 2, num_msm: 2, diff --git a/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs b/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs index b664d536..288f1aba 100644 --- a/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs +++ b/snark-verifier/src/pcs/kzg/multiopen/gwc19.rs @@ -1,3 +1,5 @@ +use halo2_curves::group::prime::PrimeCurveAffine; + use crate::{ cost::{Cost, CostEstimation}, loader::{LoadedScalar, Loader}, @@ -23,7 +25,8 @@ pub struct Gwc19; impl PolynomialCommitmentScheme for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::G1Affine: CurveAffine, + M::Fr: PrimeField, L: Loader, { type VerifyingKey = KzgSuccinctVerifyingKey; @@ -32,7 +35,7 @@ where fn read_proof( _: &Self::VerifyingKey, - queries: &[Query], + queries: &[Query<::Scalar>], transcript: &mut T, ) -> Result where @@ -45,7 +48,7 @@ where svk: &Self::VerifyingKey, commitments: &[Msm], z: &L::LoadedScalar, - queries: &[Query], + queries: &[Query<::Scalar, L::LoadedScalar>], proof: &Self::Proof, ) -> Result { let sets = query_sets(queries); @@ -161,11 +164,11 @@ where impl CostEstimation for KzgAs where M: MultiMillerLoop, - M::Scalar: PrimeField, + M::Fr: PrimeField, { - type Input = Vec>; + type Input = Vec>; - fn estimate_cost(queries: &Vec>) -> Cost { + fn estimate_cost(queries: &Vec>) -> Cost { let num_w = query_sets(queries).len(); Cost { num_commitment: num_w, diff --git a/snark-verifier/src/system/halo2/test/kzg.rs b/snark-verifier/src/system/halo2/test/kzg.rs index 107af76e..2340e624 100644 --- a/snark-verifier/src/system/halo2/test/kzg.rs +++ b/snark-verifier/src/system/halo2/test/kzg.rs @@ -2,7 +2,7 @@ use crate::{ system::halo2::test::{read_or_create_srs, MainGateWithRange}, util::arithmetic::{fe_to_limbs, CurveAffine, MultiMillerLoop, PrimeField}, }; -use halo2_curves::serde::SerdeObject; +use halo2_curves::{serde::SerdeObject, CurveExt}; use halo2_proofs::poly::{commitment::ParamsProver, kzg::commitment::ParamsKZG}; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; @@ -21,17 +21,20 @@ pub const BITS: usize = 68; pub fn setup(k: u32) -> ParamsKZG where - M::Scalar: PrimeField, + M::Fr: PrimeField, + M::G1Affine: SerdeObject + CurveAffine, + M::G1: CurveExt, { ParamsKZG::::setup(k, ChaCha20Rng::from_seed(Default::default())) } -pub fn main_gate_with_range_with_mock_kzg_accumulator( -) -> MainGateWithRange +pub fn main_gate_with_range_with_mock_kzg_accumulator< + C: CurveAffine, + M: MultiMillerLoop, +>() -> MainGateWithRange<::ScalarExt> where - M::Scalar: PrimeField, - M::G1Affine: SerdeObject, - M::G2Affine: SerdeObject, + M::G2Affine: CurveAffine + SerdeObject, + M::G1Affine: CurveAffine + SerdeObject, { let srs = read_or_create_srs(TESTDATA_DIR, 1, setup::); let [g1, s_g1] = [srs.get_g()[0], srs.get_g()[1]].map(|point| point.coordinates().unwrap()); diff --git a/snark-verifier/src/system/halo2/test/kzg/evm.rs b/snark-verifier/src/system/halo2/test/kzg/evm.rs index 3ec00032..55215f43 100644 --- a/snark-verifier/src/system/halo2/test/kzg/evm.rs +++ b/snark-verifier/src/system/halo2/test/kzg/evm.rs @@ -13,7 +13,10 @@ use crate::{ }, verifier::plonk::PlonkVerifier, }; -use halo2_curves::bn256::{Bn256, G1Affine}; +use halo2_curves::{ + bn256::{Bn256, G1Affine}, + pairing::Engine, +}; use halo2_proofs::poly::kzg::multiopen::{ProverGWC, ProverSHPLONK, VerifierGWC, VerifierSHPLONK}; use paste::paste; use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng}; @@ -120,7 +123,7 @@ test!( zk_main_gate_with_range_with_mock_kzg_accumulator, 9, halo2_kzg_config!(true, 1, (0..4 * LIMBS).map(|idx| (0, idx)).collect()), - main_gate_with_range_with_mock_kzg_accumulator::() + main_gate_with_range_with_mock_kzg_accumulator::<::G1Affine, Bn256>() ); test!( #[cfg(feature = "loader_halo2")], diff --git a/snark-verifier/src/system/halo2/test/kzg/native.rs b/snark-verifier/src/system/halo2/test/kzg/native.rs index b1d38e06..ebdd9fcb 100644 --- a/snark-verifier/src/system/halo2/test/kzg/native.rs +++ b/snark-verifier/src/system/halo2/test/kzg/native.rs @@ -9,7 +9,10 @@ use crate::{ }, verifier::plonk::PlonkVerifier, }; -use halo2_curves::bn256::{Bn256, G1Affine}; +use halo2_curves::{ + bn256::{Bn256, G1Affine}, + pairing::Engine, +}; use halo2_proofs::{ poly::kzg::multiopen::{ProverGWC, ProverSHPLONK, VerifierGWC, VerifierSHPLONK}, transcript::{Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer}, @@ -64,5 +67,5 @@ test!( zk_main_gate_with_range_with_mock_kzg_accumulator, 9, halo2_kzg_config!(true, 2, (0..4 * LIMBS).map(|idx| (0, idx)).collect()), - main_gate_with_range_with_mock_kzg_accumulator::() + main_gate_with_range_with_mock_kzg_accumulator::<::G1Affine, Bn256>() );