ZAL: ZK Accel Layer (#277)

* Implement ZAL API (Zk Acceleration Layer)

* Update halo2_backend/src/poly/ipa/commitment.rs

* zal: cargo fmt

halo2_backend/src/plonk/keygen.rs

@@ -6,6 +6,7 @@
 
 use group::Curve;
 use halo2_middleware::ff::{Field, FromUniformBytes};
+use halo2_middleware::zal::impls::H2cEngine;
 
 use super::{evaluation::Evaluator, permutation, Polynomial, ProvingKey, VerifyingKey};
 use crate::{
@@ -70,6 +71,7 @@ where
         .map(|poly| {
             params
                 .commit_lagrange(
+                    &H2cEngine::new(),
                     &Polynomial::new_lagrange_from_vec(poly.clone()),
                     Blind::default(),
                 )

halo2_backend/src/plonk/lookup/prover.rs

@@ -17,6 +17,7 @@ use group::{
 };
 use halo2_middleware::ff::WithSmallOrderMulGroup;
 use halo2_middleware::poly::Rotation;
+use halo2_middleware::zal::{impls::PlonkEngine, traits::MsmAccel};
 use rand_core::RngCore;
 use std::{
     collections::BTreeMap,
@@ -69,7 +70,9 @@ pub(in crate::plonk) fn lookup_commit_permuted<
     E: EncodedChallenge<C>,
     R: RngCore,
     T: TranscriptWrite<C, E>,
+    M: MsmAccel<C>,
 >(
+    engine: &PlonkEngine<C, M>,
     arg: &Argument<F>,
     pk: &ProvingKey<C>,
     params: &P,
@@ -127,7 +130,9 @@ where
     let mut commit_values = |values: &Polynomial<C::Scalar, LagrangeCoeff>| {
         let poly = pk.vk.domain.lagrange_to_coeff(values.clone());
         let blind = Blind(C::Scalar::random(&mut rng));
-        let commitment = params.commit_lagrange(values, blind).to_affine();
+        let commitment = params
+            .commit_lagrange(&engine.msm_backend, values, blind)
+            .to_affine();
         (poly, blind, commitment)
     };
 
@@ -163,14 +168,17 @@ impl<C: CurveAffine> Permuted<C> {
     /// grand product polynomial over the lookup. The grand product polynomial
     /// is used to populate the [`Committed<C>`] struct. The [`Committed<C>`] struct is
     /// added to the Lookup and finally returned by the method.
+    #[allow(clippy::too_many_arguments)]
     pub(in crate::plonk) fn commit_product<
         'params,
         P: Params<'params, C>,
         E: EncodedChallenge<C>,
         R: RngCore,
         T: TranscriptWrite<C, E>,
+        M: MsmAccel<C>,
     >(
         self,
+        engine: &PlonkEngine<C, M>,
         pk: &ProvingKey<C>,
         params: &P,
         beta: ChallengeBeta<C>,
@@ -287,7 +295,9 @@ impl<C: CurveAffine> Permuted<C> {
         }
 
         let product_blind = Blind(C::Scalar::random(rng));
-        let product_commitment = params.commit_lagrange(&z, product_blind).to_affine();
+        let product_commitment = params
+            .commit_lagrange(&engine.msm_backend, &z, product_blind)
+            .to_affine();
         let z = pk.vk.domain.lagrange_to_coeff(z);
 
         // Hash product commitment

halo2_backend/src/plonk/permutation/keygen.rs

@@ -1,5 +1,6 @@
 use group::Curve;
 use halo2_middleware::ff::{Field, PrimeField};
+use halo2_middleware::zal::impls::H2cEngine;
 
 use super::{Argument, ProvingKey, VerifyingKey};
 use crate::{
@@ -265,7 +266,7 @@ pub(crate) fn build_vk<'params, C: CurveAffine, P: Params<'params, C>>(
         // Compute commitment to permutation polynomial
         commitments.push(
             params
-                .commit_lagrange(permutation, Blind::default())
+                .commit_lagrange(&H2cEngine::new(), permutation, Blind::default())
                 .to_affine(),
         );
     }

halo2_backend/src/plonk/permutation/prover.rs

@@ -2,7 +2,8 @@ use group::{
     ff::{BatchInvert, Field},
     Curve,
 };
-use halo2_middleware::ff::PrimeField;
+use halo2_middleware::zal::traits::MsmAccel;
+use halo2_middleware::{ff::PrimeField, zal::impls::PlonkEngine};
 use rand_core::RngCore;
 use std::iter::{self, ExactSizeIterator};
 
@@ -53,7 +54,9 @@ pub(in crate::plonk) fn permutation_commit<
     E: EncodedChallenge<C>,
     R: RngCore,
     T: TranscriptWrite<C, E>,
+    M: MsmAccel<C>,
 >(
+    engine: &PlonkEngine<C, M>,
     arg: &Argument,
     params: &P,
     pk: &plonk::ProvingKey<C>,
@@ -171,7 +174,8 @@ pub(in crate::plonk) fn permutation_commit<
 
         let blind = Blind(C::Scalar::random(&mut rng));
 
-        let permutation_product_commitment_projective = params.commit_lagrange(&z, blind);
+        let permutation_product_commitment_projective =
+            params.commit_lagrange(&engine.msm_backend, &z, blind);
         let permutation_product_blind = blind;
         let z = domain.lagrange_to_coeff(z);
         let permutation_product_poly = z.clone();