Tags: sun-shine-chain/zkevm-circuits
Tags
Relicense all packages from BOSL to MIT + Apache2.0 (privacy-scaling-… …explorations#585) * rm BOSL * add standard SPDX license
Implementation of tx circuit (shortcut 1) (privacy-scaling-exploratio… …ns#484) * Implement Tx Circuit (shortcut 1) Implement the Tx Circuit as specified in https://github.com/appliedzkp/zkevm-specs/blob/master/specs/transactions-proof.md#circuit-behaviour-shortcut-1 This implementation uses ~205 columns and ~170k rows per transaction. New dependencies to the zkevm-circuits subcrate: - `halo2wrong` subcrates. This is where the ECDSA verification chip is implemented. This dependency uses `halo2` and this means that we'll require the version of `halo2` used in `halo2wrong` and `zkevm-circuits` to match. - `group`: Required for field and curve traits - `libsecp256k1`: Requiered to perform the ECDSA public key recovery with access to the public key coordinates. - `rlp`: Required to calculate the RLP of the transaction to get the transaction hash (to sign) - `num-bigint`: Used to hold an integer bigger than the field, to latter apply mod Fq (this is required for the message hash in the ECDSA signature operation) - `subtle`: Used to map `CtOption` to `Result` * Split light and heavy tests; run heavy tests serially * Address some comments from Carlos * Document power of randomness expression trick * Reuse geth_types::Transaction in tx_circuit * Remove unused function * Move random_linear_combine fn to utils * Address comments from Adria * Remove unused function * Address comments from Adria v2 * Address comments from ChihChengLiang * Address comments from ChihChengLiang v2 * Fix * Add more tests Co-authored-by: adria0.eth <[email protected]>
Remove biguint to field (privacy-scaling-explorations#283) * remove biguint to field * comment on the assumption
Build keccak all toghether (privacy-scaling-explorations#144) * Add KeccakFConfig & allocation structure def The KeccakFConfig contains all of the gadget configurations of the gadgets plus the logic for the allocations of each of the keccak steps on each of the regions. This is the first design guideline that seems can fit in with the infra we have. Works with privacy-scaling-explorations#105 * Remove biguint_to_pallas duplicity * Add aux functions to switch state repr We need to move from `FieldExt` to `BigUint` Repr in order to execute KeccaK intermediate steps so that we can allocate all the intermediate states of the keccak algorithm inside of the circuit. Therefore we need functions that allow us to swap between both representations. * Add `assign_state` placeholders for Pi and Rho Configs * Add 24-loop state allocation phase in KeccakConfig * Add state_assign minus mixing stage * Add configure initial impl for `KeccakConfig` * Add basic b9 & b13 ROUND_CTANTS allocation * Change gadgets state allocation to add out_state We now also allocate the out_state of the gadget when we allocate the entire witness for the gadget in keccak. * Merge `next_input` and state assigment to single fn We can simply do the assigment of the `out_state`, `state` and `next_input` in a single function reducing the overhead and the verbosity. * Change `q_enable` activations to happen in `assign_state` * Add missing offset increments in KeccakConfig allocation * Set IotaB9Config Selector as generic Expression * Set IotaB13 Selector as Expression * Change AbsorbConfig design and allocation We now allocate the Absorb as: - State Row - Next Mixing Row - Out State Row * Move state transformation fns to arith_helpers mod * Add MixingConfig preliminary design * Externalize state conversion functions * Add out_state computation during `assign_state` runtime for B13 & B9 * Add `State` creation function in arith_helpers * Change AbsorbConfig assigment to compute out_state internally * Add assign_state_and_mixing_flag_and_rc for IotaB9Config * Finalize first MixingConfig configure fn * Change AbsorbConfig to copy_cell strategy * Add IotaB13Config Cell copy constrains strategy & modify tests * Update IotaB9Config assigment functions * Change KeccakF circuit calls to IotaB9 and Mixing configs * Fix `state_bigint_to_pallas` slice copy lengths * Add mixing step to KeccakFArith * test_absorb_gate: Witness input state to get (Cell, Value) tuples. * Fix range of `state_to_state_bigint` * IotaB9:_Fix test_flag wrong assignation_err * iota_b9: Introduce q_last, q_not_last selectors. These are used to differentiate between gates for the steady state, and gates for the final round (where an is_mixing flag is witnessed by the prover). In the final round, q_last * flag is used as a composite selector. * Add IotaB9 missing test cases * IotaB13: Add internal selector + flag setup With the previous setup, the gate was producing `ConstraintPoisoned` due to the usage of `round_ctant_b13` at rotation:next to store the `is_mixing` flag inside. It also was activated/deactivated following the same bool logic as IotaB9, and has been changed. - IotaB13 now activates when `is_mixing = false` so no matter the inputs the verification will pass as the gate is not active. - IotaB13 contains now an internal selector `q_mixing` which is always active and prevents the gate equations to fail due to queriyng `round_ctant_b13` cells that they shouldn't. This completes all the development needed for IotaB9 and IotaB13 in order to add them inside the `MixingConfig` and so work towards closing issue privacy-scaling-explorations#105 * Absorb: Add internal selector + flag setup With the previous setup, the gate was producing `ConstraintPoisoned` due to the usage of `absorb_next_inputs` at rotation:next to store the `is_mixing` flag inside. It also was activated/deactivated following the same bool logic as IotaB9, and has been changed. - Absorb now activates when `is_mixing = false` so no matter the inputs the verification will pass as the gate is not active. - Absorb contains now an internal selector `q_mixing` which is always active and prevents the gate equations to fail due to queriyng `absorb_next_inputs` cells that they shouldn't. ASSIGNATION MAP: - STATE (25 columns) (offset -1) - NEXT_INPUTS (17 columns) + is_mixing flag (1 column) (offset +0) (current rotation) - OUT_STATE (25 columns) (offset +1) This completes all the development needed for `AbsorbConfig` in order to add them inside the `MixingConfig` and so work towards closing issue privacy-scaling-explorations#105 * Add state computation fn's for configs It's much easier, clean and less verbose to compute `in_state`, `out_state` and `next_inputs` with an associated function for the MixingConfig sub-configs. And also makes the tests much less verbose. * Update StateBigint in compute_states signatures * Mixing: Add `MixingConfig` impl + tests lacking base conversion * mixing: Witness flag in state assignation * Rho: Derive `Debug` for all configs * xi: Apply copy_constraints for xi inputs It is critical for the correctness of the keccak circuit to apply copy constraints between the gates while executing the rounds. Works towards solving: privacy-scaling-explorations#219 * Add OFFSET associated consts * Ignore failing Mixing tests * Clippy fixes * Replace pallas by field * Add zeroed_bytes assertion Co-authored-by: ying tong <[email protected]>
udpate toolchain to enable the array_map feature (privacy-scaling-exp… …lorations#157) * udpate toolchain * fix ci lint stable: remove override and use toolchain
udpate toolchain to enable the array_map feature (privacy-scaling-exp… …lorations#157) * udpate toolchain * fix ci lint stable: remove override and use toolchain
[keccak] Theta gate circuit (privacy-scaling-explorations#97) * add theta gate * move to arith helpers * remove allow deadcode * nitpicks