Merge pull request #150 from zcash/bump-halo2-again

Migrate to latest `halo2` API

Cargo.toml

@@ -62,5 +62,5 @@ name = "small"
 harness = false
 
 [patch.crates-io]
-halo2 = { git = "https://github.com/zcash/halo2.git", rev = "d5be50a8488a433a9b20f1127ff1e21f121c5a2c" }
+halo2 = { git = "https://github.com/zcash/halo2.git", rev = "dda1be47316c32585c0d974c0b6401108714875d" }
 zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "cc533a9da4f6a7209a7be05f82b12a03969152c9" }

src/circuit.rs

@@ -2,11 +2,10 @@
 
 use std::mem;
 
-use group::Curve;
 use halo2::{
     circuit::{Layouter, SimpleFloorPlanner},
     plonk,
-    poly::{EvaluationDomain, LagrangeCoeff, Polynomial, Rotation},
+    poly::Rotation,
     transcript::{Blake2bRead, Blake2bWrite},
 };
 use pasta_curves::{pallas, vesta};
@@ -40,9 +39,16 @@ impl plonk::Circuit<pallas::Base> for Circuit {
         meta.instance_column();
 
         // Placeholder gate so there is something for the prover to operate on.
+        // We need a selector so that the gate is disabled by default, and doesn't
+        // interfere with the blinding factors.
         let advice = meta.advice_column();
+        let selector = meta.selector();
+
         meta.create_gate("TODO", |meta| {
-            vec![meta.query_advice(advice, Rotation::cur())]
+            let a = meta.query_advice(advice, Rotation::cur());
+            let s = meta.query_selector(selector);
+
+            vec![s * a]
         });
     }
 
@@ -107,21 +113,9 @@ pub struct Instance {
 }
 
 impl Instance {
-    fn to_halo2_instance(
-        &self,
-        domain: &EvaluationDomain<vesta::Scalar>,
-    ) -> [Polynomial<vesta::Scalar, LagrangeCoeff>; 1] {
+    fn to_halo2_instance(&self) -> [[vesta::Scalar; 0]; 1] {
         // TODO
-        [domain.empty_lagrange()]
-    }
-
-    fn to_halo2_instance_commitments(&self, vk: &VerifyingKey) -> [vesta::Affine; 1] {
-        [vk.params
-            .commit_lagrange(
-                &self.to_halo2_instance(vk.vk.get_domain())[0],
-                Default::default(),
-            )
-            .to_affine()]
+        [[]]
     }
 }
 
@@ -149,9 +143,10 @@ impl Proof {
         circuits: &[Circuit],
         instances: &[Instance],
     ) -> Result<Self, plonk::Error> {
-        let instances: Vec<_> = instances
+        let instances: Vec<_> = instances.iter().map(|i| i.to_halo2_instance()).collect();
+        let instances: Vec<Vec<_>> = instances
             .iter()
-            .map(|i| i.to_halo2_instance(pk.pk.get_vk().get_domain()))
+            .map(|i| i.iter().map(|c| &c[..]).collect())
             .collect();
         let instances: Vec<_> = instances.iter().map(|i| &i[..]).collect();
 
@@ -162,9 +157,10 @@ impl Proof {
 
     /// Verifies this proof with the given instances.
     pub fn verify(&self, vk: &VerifyingKey, instances: &[Instance]) -> Result<(), plonk::Error> {
-        let instances: Vec<_> = instances
+        let instances: Vec<_> = instances.iter().map(|i| i.to_halo2_instance()).collect();
+        let instances: Vec<Vec<_>> = instances
             .iter()
-            .map(|i| i.to_halo2_instance_commitments(vk))
+            .map(|i| i.iter().map(|c| &c[..]).collect())
             .collect();
         let instances: Vec<_> = instances.iter().map(|i| &i[..]).collect();
 
@@ -241,9 +237,9 @@ mod tests {
                     K,
                     circuit,
                     instance
-                        .to_halo2_instance(vk.vk.get_domain())
+                        .to_halo2_instance()
                         .iter()
-                        .map(|p| p.iter().cloned().collect())
+                        .map(|p| p.to_vec())
                         .collect()
                 )
                 .unwrap()

src/circuit/gadget/ecc.rs

@@ -422,18 +422,10 @@ mod tests {
                 meta.advice_column(),
                 meta.advice_column(),
             ];
-
             let constants = [meta.fixed_column(), meta.fixed_column()];
-            let perm = meta.permutation(
-                &advices
-                    .iter()
-                    .map(|advice| (*advice).into())
-                    .chain(constants.iter().map(|fixed| (*fixed).into()))
-                    .collect::<Vec<_>>(),
-            );
-
             let lookup_table = meta.fixed_column();
-            EccChip::configure(meta, advices, lookup_table, constants, perm)
+
+            EccChip::configure(meta, advices, lookup_table, constants)
         }
 
         fn synthesize(

src/circuit/gadget/ecc/chip.rs

@@ -12,7 +12,7 @@ use arrayvec::ArrayVec;
 use group::prime::PrimeCurveAffine;
 use halo2::{
     circuit::{Chip, Layouter},
-    plonk::{Advice, Column, ConstraintSystem, Error, Fixed, Permutation, Selector},
+    plonk::{Advice, Column, ConstraintSystem, Error, Fixed, Selector},
 };
 use pasta_curves::{arithmetic::CurveAffine, pallas};
 
@@ -111,12 +111,8 @@ pub struct EccConfig {
     /// Witness point
     pub q_point: Selector,
 
-    /// Shared fixed column used for loading constants. This is included in
-    /// the permutation so that cells in advice columns can be constrained to
-    /// equal cells in this fixed column.
+    /// Shared fixed column used for loading constants.
     pub constants: Column<Fixed>,
-    /// Permutation over all advice columns and the `constants` fixed column.
-    pub perm: Permutation,
     /// Lookup range check using 10-bit lookup table
     pub lookup_config: LookupRangeCheckConfig<pallas::Base, { sinsemilla::K }>,
     /// Running sum decomposition.
@@ -151,25 +147,58 @@ impl EccChip {
         Self { config }
     }
 
+    /// # Side effects
+    ///
+    /// All columns in `advices` and `constants` will be equality-enabled.
     #[allow(non_snake_case)]
     pub fn configure(
         meta: &mut ConstraintSystem<pallas::Base>,
         advices: [Column<Advice>; 10],
         lookup_table: Column<Fixed>,
         // TODO: Replace with public inputs API
         constants: [Column<Fixed>; 2],
-        perm: Permutation,
     ) -> <Self as Chip<pallas::Base>>::Config {
-        let lookup_config = LookupRangeCheckConfig::configure(
-            meta,
-            advices[9],
-            constants[0],
-            lookup_table,
-            perm.clone(),
-        );
+        // The following columns need to be equality-enabled for their use in sub-configs:
+        //
+        // add::Config and add_incomplete::Config:
+        // - advices[0]: x_p,
+        // - advices[1]: y_p,
+        // - advices[2]: x_qr,
+        // - advices[3]: y_qr,
+        //
+        // mul_fixed::Config:
+        // - advices[4]: window
+        // - advices[5]: u
+        //
+        // mul_fixed::base_field_element::Config:
+        // - [advices[6], advices[7], advices[8]]: canon_advices
+        //
+        // mul::overflow::Config:
+        // - [advices[0], advices[1], advices[2]]: advices
+        //
+        // mul::incomplete::Config
+        // - advices[4]: lambda1
+        // - advices[9]: z
+        //
+        // mul::complete::Config:
+        // - advices[9]: z_complete
+        //
+        // mul::Config:
+        // - constants[1]: Setting `z_init` to zero.
+        //
+        // TODO: Refactor away from `impl From<EccConfig> for _` so that sub-configs can
+        // equality-enable the columns they need to.
+        for column in &advices {
+            meta.enable_equality((*column).into());
+        }
+        // constants[0] is also equality-enabled here.
+        let lookup_config =
+            LookupRangeCheckConfig::configure(meta, advices[9], constants[0], lookup_table);
+        meta.enable_equality(constants[1].into());
+
         let q_mul_fixed_running_sum = meta.selector();
         let running_sum_config =
-            RunningSumConfig::configure(meta, q_mul_fixed_running_sum, advices[4], perm.clone());
+            RunningSumConfig::configure(meta, q_mul_fixed_running_sum, advices[4]);
 
         let config = EccConfig {
             advices,
@@ -197,7 +226,6 @@ impl EccChip {
             q_mul_fixed_running_sum,
             q_point: meta.selector(),
             constants: constants[1],
-            perm,
             lookup_config,
             running_sum_config,
         };
@@ -323,14 +351,13 @@ impl EccInstructions<pallas::Affine> for EccChip {
         a: &Self::Point,
         b: &Self::Point,
     ) -> Result<(), Error> {
-        let config = self.config().clone();
         layouter.assign_region(
             || "constrain equal",
             |mut region| {
                 // Constrain x-coordinates
-                region.constrain_equal(&config.perm, a.x().cell(), b.x().cell())?;
+                region.constrain_equal(a.x().cell(), b.x().cell())?;
                 // Constrain x-coordinates
-                region.constrain_equal(&config.perm, a.y().cell(), b.y().cell())
+                region.constrain_equal(a.y().cell(), b.y().cell())
             },
         )
     }

src/circuit/gadget/ecc/chip/add.rs

@@ -5,7 +5,7 @@ use ff::Field;
 use halo2::{
     arithmetic::BatchInvert,
     circuit::Region,
-    plonk::{Advice, Column, ConstraintSystem, Error, Expression, Permutation, Selector},
+    plonk::{Advice, Column, ConstraintSystem, Error, Expression, Selector},
     poly::Rotation,
 };
 use pasta_curves::{arithmetic::FieldExt, pallas};
@@ -32,8 +32,6 @@ pub struct Config {
     gamma: Column<Advice>,
     // δ = inv0(y_p + y_q) if x_q = x_p, 0 otherwise
     delta: Column<Advice>,
-    // Permutation
-    perm: Permutation,
 }
 
 impl From<&EccConfig> for Config {
@@ -49,7 +47,6 @@ impl From<&EccConfig> for Config {
             beta: ecc_config.advices[6],
             gamma: ecc_config.advices[7],
             delta: ecc_config.advices[8],
-            perm: ecc_config.perm.clone(),
         }
     }
 }
@@ -208,12 +205,12 @@ impl Config {
         self.q_add.enable(region, offset)?;
 
         // Copy point `p` into `x_p`, `y_p` columns
-        copy(region, || "x_p", self.x_p, offset, &p.x, &self.perm)?;
-        copy(region, || "y_p", self.y_p, offset, &p.y, &self.perm)?;
+        copy(region, || "x_p", self.x_p, offset, &p.x)?;
+        copy(region, || "y_p", self.y_p, offset, &p.y)?;
 
         // Copy point `q` into `x_qr`, `y_qr` columns
-        copy(region, || "x_q", self.x_qr, offset, &q.x, &self.perm)?;
-        copy(region, || "y_q", self.y_qr, offset, &q.y, &self.perm)?;
+        copy(region, || "x_q", self.x_qr, offset, &q.x)?;
+        copy(region, || "y_q", self.y_qr, offset, &q.y)?;
 
         let (x_p, y_p) = (p.x.value(), p.y.value());
         let (x_q, y_q) = (q.x.value(), q.y.value());

src/circuit/gadget/ecc/chip/add_incomplete.rs

@@ -4,7 +4,7 @@ use super::{copy, CellValue, EccConfig, EccPoint, Var};
 use group::Curve;
 use halo2::{
     circuit::Region,
-    plonk::{Advice, Column, ConstraintSystem, Error, Permutation, Selector},
+    plonk::{Advice, Column, ConstraintSystem, Error, Selector},
     poly::Rotation,
 };
 use pasta_curves::{arithmetic::CurveAffine, pallas};
@@ -20,8 +20,6 @@ pub struct Config {
     pub x_qr: Column<Advice>,
     // y-coordinate of Q or R in P + Q = R
     pub y_qr: Column<Advice>,
-    // Permutation
-    perm: Permutation,
 }
 
 impl From<&EccConfig> for Config {
@@ -32,7 +30,6 @@ impl From<&EccConfig> for Config {
             y_p: ecc_config.advices[1],
             x_qr: ecc_config.advices[2],
             y_qr: ecc_config.advices[3],
-            perm: ecc_config.perm.clone(),
         }
     }
 }
@@ -99,12 +96,12 @@ impl Config {
             .transpose()?;
 
         // Copy point `p` into `x_p`, `y_p` columns
-        copy(region, || "x_p", self.x_p, offset, &p.x, &self.perm)?;
-        copy(region, || "y_p", self.y_p, offset, &p.y, &self.perm)?;
+        copy(region, || "x_p", self.x_p, offset, &p.x)?;
+        copy(region, || "y_p", self.y_p, offset, &p.y)?;
 
         // Copy point `q` into `x_qr`, `y_qr` columns
-        copy(region, || "x_q", self.x_qr, offset, &q.x, &self.perm)?;
-        copy(region, || "y_q", self.y_qr, offset, &q.y, &self.perm)?;
+        copy(region, || "x_q", self.x_qr, offset, &q.x)?;
+        copy(region, || "y_q", self.y_qr, offset, &q.y)?;
 
         // Compute the sum `P + Q = R`
         let r = {

src/circuit/gadget/ecc/chip/mul.rs

@@ -7,7 +7,7 @@ use ff::PrimeField;
 use halo2::{
     arithmetic::FieldExt,
     circuit::{Layouter, Region},
-    plonk::{Column, ConstraintSystem, Error, Expression, Fixed, Permutation, Selector},
+    plonk::{Column, ConstraintSystem, Error, Expression, Fixed, Selector},
     poly::Rotation,
 };
 
@@ -44,8 +44,6 @@ pub struct Config {
     constants: Column<Fixed>,
     // Selector used to check switching logic on LSB
     q_mul_lsb: Selector,
-    // Permutation
-    perm: Permutation,
     // Configuration used in complete addition
     add_config: add::Config,
     // Configuration used for `hi` bits of the scalar
@@ -63,7 +61,6 @@ impl From<&EccConfig> for Config {
         let config = Self {
             constants: ecc_config.constants,
             q_mul_lsb: ecc_config.q_mul_lsb,
-            perm: ecc_config.perm.clone(),
             add_config: ecc_config.into(),
             hi_config: ecc_config.into(),
             lo_config: ecc_config.into(),
@@ -318,15 +315,13 @@ impl Config {
             self.add_config.x_p,
             offset + 1,
             &base.x(),
-            &self.perm,
         )?;
         copy(
             region,
             || "copy base_y",
             self.add_config.y_p,
             offset + 1,
             &base.y(),
-            &self.perm,
         )?;
 
         // If `lsb` is 0, return `Acc + (-P)`. If `lsb` is 1, simply return `Acc + 0`.