Migrate to new ZAL API

Deprecate pre-ZAL API Insert patch in `Cargo.toml` for `../halo2curves`
privacy-scaling-explorations · Feb 15, 2024 · 3cb3723 · 3cb3723
1 parent 0b75a92
commit 3cb3723
Show file tree

Hide file tree

Showing 13 changed files with 51 additions and 24 deletions.
diff --git a/halo2_backend/Cargo.toml b/halo2_backend/Cargo.toml
@@ -28,7 +28,7 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 backtrace = { version = "0.3", optional = true }
 ff = "0.13"
 group = "0.13"
-halo2curves = { version = "0.6.0", default-features = false }
+halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 tracing = "0.1"
 blake2b_simd = "1" # MSRV 1.66.0

diff --git a/halo2_backend/src/poly/ipa/commitment.rs b/halo2_backend/src/poly/ipa/commitment.rs
@@ -3,13 +3,14 @@
 //!
 //! [halo]: https://eprint.iacr.org/2019/1021
 
-use crate::arithmetic::{best_multiexp, g_to_lagrange, parallelize, CurveAffine, CurveExt};
+use crate::arithmetic::{g_to_lagrange, parallelize, CurveAffine, CurveExt};
 use crate::helpers::CurveRead;
 use crate::poly::commitment::{Blind, CommitmentScheme, Params, ParamsProver, ParamsVerifier};
 use crate::poly::ipa::msm::MSMIPA;
 use crate::poly::{Coeff, LagrangeCoeff, Polynomial};
 
 use group::{Curve, Group};
+use halo2curves::zal::{H2cEngine, MsmAccel};
 use std::marker::PhantomData;
 
 mod prover;
@@ -99,7 +100,8 @@ impl<'params, C: CurveAffine> Params<'params, C> for ParamsIPA<C> {
         tmp_bases.extend(self.g_lagrange.iter());
         tmp_bases.push(self.w);
 
-        best_multiexp::<C>(&tmp_scalars, &tmp_bases)
+        let engine = H2cEngine::new();
+        engine.msm(&tmp_scalars, &tmp_bases)
     }
 
     /// Writes params to a buffer.
@@ -219,7 +221,8 @@ impl<'params, C: CurveAffine> ParamsProver<'params, C> for ParamsIPA<C> {
         tmp_bases.extend(self.g.iter());
         tmp_bases.push(self.w);
 
-        best_multiexp::<C>(&tmp_scalars, &tmp_bases)
+        let engine = H2cEngine::new();
+        engine.msm(&tmp_scalars, &tmp_bases)
     }
 
     fn get_g(&self) -> &[C] {

diff --git a/halo2_backend/src/poly/ipa/commitment/prover.rs b/halo2_backend/src/poly/ipa/commitment/prover.rs
@@ -1,4 +1,5 @@
 use halo2_middleware::ff::Field;
+use halo2curves::zal::{H2cEngine, MsmAccel};
 use rand_core::RngCore;
 
 use super::ParamsIPA;
@@ -98,6 +99,7 @@ pub fn create_proof<
     // this vector into smaller and smaller vectors until it is of length 1.
     let mut g_prime = params.g.clone();
 
+    let engine = H2cEngine::new();
     // Perform the inner product argument, round by round.
     for j in 0..params.k {
         let half = 1 << (params.k - j - 1); // half the length of `p_prime`, `b`, `G'`
@@ -106,14 +108,14 @@ pub fn create_proof<
         //
         // TODO: If we modify multiexp to take "extra" bases, we could speed
         // this piece up a bit by combining the multiexps.
-        let l_j = best_multiexp(&p_prime[half..], &g_prime[0..half]);
-        let r_j = best_multiexp(&p_prime[0..half], &g_prime[half..]);
+        let l_j = engine.msm(&p_prime[half..], &g_prime[0..half]);
+        let r_j = engine.msm(&p_prime[0..half], &g_prime[half..]);
         let value_l_j = compute_inner_product(&p_prime[half..], &b[0..half]);
         let value_r_j = compute_inner_product(&p_prime[0..half], &b[half..]);
         let l_j_randomness = C::Scalar::random(&mut rng);
         let r_j_randomness = C::Scalar::random(&mut rng);
-        let l_j = l_j + best_multiexp(&[value_l_j * z, l_j_randomness], &[params.u, params.w]);
-        let r_j = r_j + best_multiexp(&[value_r_j * z, r_j_randomness], &[params.u, params.w]);
+        let l_j = l_j + &engine.msm(&[value_l_j * z, l_j_randomness], &[params.u, params.w]);
+        let r_j = r_j + &engine.msm(&[value_r_j * z, r_j_randomness], &[params.u, params.w]);
         let l_j = l_j.to_affine();
         let r_j = r_j.to_affine();
 

diff --git a/halo2_backend/src/poly/ipa/msm.rs b/halo2_backend/src/poly/ipa/msm.rs
@@ -2,6 +2,7 @@ use crate::arithmetic::{best_multiexp, CurveAffine};
 use crate::poly::{commitment::MSM, ipa::commitment::ParamsVerifierIPA};
 use group::Group;
 use halo2_middleware::ff::Field;
+use halo2curves::zal::{H2cEngine, MsmAccel};
 use std::collections::BTreeMap;
 
 /// A multiscalar multiplication in the polynomial commitment scheme
@@ -166,7 +167,8 @@ impl<'a, C: CurveAffine> MSM<C> for MSMIPA<'a, C> {
 
         assert_eq!(scalars.len(), len);
 
-        best_multiexp(&scalars, &bases)
+        let engine = H2cEngine::new();
+        engine.msm(&scalars, &bases)
     }
 
     fn bases(&self) -> Vec<C::CurveExt> {

diff --git a/halo2_backend/src/poly/ipa/strategy.rs b/halo2_backend/src/poly/ipa/strategy.rs
@@ -2,7 +2,6 @@ use super::commitment::{IPACommitmentScheme, ParamsIPA};
 use super::msm::MSMIPA;
 use super::multiopen::VerifierIPA;
 use crate::{
-    arithmetic::best_multiexp,
     plonk::Error,
     poly::{
         commitment::MSM,
@@ -11,6 +10,7 @@ use crate::{
 };
 use group::Curve;
 use halo2_middleware::ff::Field;
+use halo2curves::zal::{H2cEngine, MsmAccel};
 use halo2curves::CurveAffine;
 use rand_core::OsRng;
 
@@ -67,7 +67,8 @@ impl<'params, C: CurveAffine> GuardIPA<'params, C> {
     pub fn compute_g(&self) -> C {
         let s = compute_s(&self.u, C::Scalar::ONE);
 
-        best_multiexp(&s, &self.msm.params.g).to_affine()
+        let engine = H2cEngine::new();
+        engine.msm(&s, &self.msm.params.g).to_affine()
     }
 }
 

diff --git a/halo2_backend/src/poly/kzg/commitment.rs b/halo2_backend/src/poly/kzg/commitment.rs
@@ -1,4 +1,4 @@
-use crate::arithmetic::{best_multiexp, g_to_lagrange, parallelize};
+use crate::arithmetic::{best_fft, g_to_lagrange, parallelize, CurveAffine, CurveExt};
 use crate::helpers::SerdeCurveAffine;
 use crate::poly::commitment::{Blind, CommitmentScheme, Params, ParamsProver, ParamsVerifier};
 use crate::poly::{Coeff, LagrangeCoeff, Polynomial};
@@ -7,7 +7,7 @@ use crate::SerdeFormat;
 use group::{prime::PrimeCurveAffine, Curve, Group};
 use halo2_middleware::ff::{Field, PrimeField};
 use halo2curves::pairing::Engine;
-use halo2curves::CurveExt;
+use halo2curves::zal::{H2cEngine, MsmAccel};
 use rand_core::{OsRng, RngCore};
 use std::fmt::Debug;
 use std::marker::PhantomData;
@@ -308,7 +308,8 @@ where
         let bases = &self.g_lagrange;
         let size = scalars.len();
         assert!(bases.len() >= size);
-        best_multiexp(&scalars, &bases[0..size])
+        let engine = H2cEngine::new();
+        engine.msm(&scalars, &bases[0..size])
     }
 
     /// Writes params to a buffer.
@@ -352,7 +353,8 @@ where
         let bases = &self.g;
         let size = scalars.len();
         assert!(bases.len() >= size);
-        best_multiexp(&scalars, &bases[0..size])
+        let engine = H2cEngine::new();
+        engine.msm(&scalars, &bases[0..size])
     }
 
     fn get_g(&self) -> &[E::G1Affine] {

diff --git a/halo2_backend/src/poly/kzg/msm.rs b/halo2_backend/src/poly/kzg/msm.rs
@@ -2,13 +2,14 @@ use std::fmt::Debug;
 
 use super::commitment::ParamsKZG;
 use crate::{
-    arithmetic::{best_multiexp, parallelize},
+    arithmetic::parallelize,
     poly::commitment::MSM,
 };
 use group::{Curve, Group};
 use halo2curves::{
     pairing::{Engine, MillerLoopResult, MultiMillerLoop},
     CurveAffine, CurveExt,
+    zal::{H2cEngine, MsmAccel},
 };
 
 /// A multiscalar multiplication in the polynomial commitment scheme
@@ -81,7 +82,8 @@ where
         use group::prime::PrimeCurveAffine;
         let mut bases = vec![E::G1Affine::identity(); self.scalars.len()];
         E::G1::batch_normalize(&self.bases, &mut bases);
-        best_multiexp(&self.scalars, &bases)
+        let engine = H2cEngine::new();
+        engine.msm(&self.scalars, &bases)
     }
 
     fn bases(&self) -> Vec<E::G1> {

diff --git a/halo2_common/Cargo.toml b/halo2_common/Cargo.toml
@@ -27,7 +27,7 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 [dependencies]
 backtrace = { version = "0.3", optional = true }
 group = "0.13"
-halo2curves = { version = "0.6.0", default-features = false }
+halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 blake2b_simd = "1" # MSRV 1.66.0
 sha3 = "0.9.1"

diff --git a/halo2_common/src/arithmetic.rs b/halo2_common/src/arithmetic.rs
@@ -25,6 +25,10 @@ where
 {
 }
 
+#[deprecated(
+    since = "0.3.2",
+    note = "please use ZAL api engine instead,\nsee: https://github.com/privacy-scaling-explorations/halo2/issues/216"
+)]
 fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut C::Curve) {
     let coeffs: Vec<_> = coeffs.iter().map(|a| a.to_repr()).collect();
 
@@ -117,6 +121,10 @@ fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut
 
 /// Performs a small multi-exponentiation operation.
 /// Uses the double-and-add algorithm with doublings shared across points.
+#[deprecated(
+    since = "0.3.2",
+    note = "please use ZAL api engine instead,\nsee: https://github.com/privacy-scaling-explorations/halo2/issues/216"
+)]
 pub fn small_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Curve {
     let coeffs: Vec<_> = coeffs.iter().map(|a| a.to_repr()).collect();
     let mut acc = C::Curve::identity();
@@ -144,6 +152,10 @@ pub fn small_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::C
 /// This function will panic if coeffs and bases have a different length.
 ///
 /// This will use multithreading if beneficial.
+#[deprecated(
+    since = "0.3.2",
+    note = "please use ZAL api engine instead,\nsee: https://github.com/privacy-scaling-explorations/halo2/issues/216"
+)]
 pub fn best_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Curve {
     assert_eq!(coeffs.len(), bases.len());
 
@@ -161,13 +173,15 @@ pub fn best_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Cu
                 .zip(results.iter_mut())
             {
                 scope.spawn(move |_| {
+                    #[allow(deprecated)]
                     multiexp_serial(coeffs, bases, acc);
                 });
             }
         });
         results.iter().fold(C::Curve::identity(), |a, b| a + b)
     } else {
         let mut acc = C::Curve::identity();
+        #[allow(deprecated)]
         multiexp_serial(coeffs, bases, &mut acc);
         acc
     }

diff --git a/halo2_frontend/Cargo.toml b/halo2_frontend/Cargo.toml
@@ -28,7 +28,7 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 backtrace = { version = "0.3", optional = true }
 ff = "0.13"
 group = "0.13"
-halo2curves = { version = "0.6.0", default-features = false }
+halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false }
 tracing = "0.1"
 blake2b_simd = "1" # MSRV 1.66.0
 serde = { version = "1", optional = true, features = ["derive"] }

diff --git a/halo2_middleware/Cargo.toml b/halo2_middleware/Cargo.toml
@@ -33,7 +33,7 @@ rayon = "1.8"
 [dev-dependencies]
 proptest = "1"
 group = "0.13"
-halo2curves = { version = "0.6.0", default-features = false }
+halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false }
 
 [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dev-dependencies]
 getrandom = { version = "0.2", features = ["js"] }

diff --git a/halo2_proofs/Cargo.toml b/halo2_proofs/Cargo.toml
@@ -53,7 +53,7 @@ halo2_middleware = { path = "../halo2_middleware" }
 halo2_common = { path = "../halo2_common" }
 halo2_backend = { path = "../halo2_backend" }
 halo2_frontend = { path = "../halo2_frontend" }
-halo2curves = { version = "0.6.0", default-features = false }
+halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false }
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
 plotters = { version = "0.3.0", default-features = false, optional = true }
 

diff --git a/halo2_proofs/benches/arithmetic.rs b/halo2_proofs/benches/arithmetic.rs
@@ -1,10 +1,10 @@
 #[macro_use]
 extern crate criterion;
 
-use crate::arithmetic::small_multiexp;
-use crate::halo2curves::pasta::{EqAffine, Fp};
 use group::ff::Field;
 use halo2_proofs::*;
+use halo2curves::pasta::{EqAffine, Fp};
+use halo2curves::zal::{H2cEngine, MsmAccel};
 
 use halo2_proofs::poly::{commitment::ParamsProver, ipa::commitment::ParamsIPA};
 
@@ -16,6 +16,7 @@ fn criterion_benchmark(c: &mut Criterion) {
 
     // small multiexp
     {
+        let engine = H2cEngine::new();
         let params: ParamsIPA<EqAffine> = ParamsIPA::new(5);
         let g = &mut params.get_g().to_vec();
         let len = g.len() / 2;
@@ -27,7 +28,7 @@ fn criterion_benchmark(c: &mut Criterion) {
         c.bench_function("double-and-add", |b| {
             b.iter(|| {
                 for (g_lo, g_hi) in g_lo.iter().zip(g_hi.iter()) {
-                    small_multiexp(&[black_box(coeff_1), black_box(coeff_2)], &[*g_lo, *g_hi]);
+                    engine.msm(&[black_box(coeff_1), black_box(coeff_2)], &[*g_lo, *g_hi]);
                 }
             })
         });