From 3cb37232e3158e98ed76119672636db2e9a45aa4 Mon Sep 17 00:00:00 2001 From: Einar Rasmussen Date: Mon, 11 Dec 2023 12:28:10 +0100 Subject: [PATCH] Migrate to new ZAL API Deprecate pre-ZAL API Insert patch in `Cargo.toml` for `../halo2curves` --- halo2_backend/Cargo.toml | 2 +- halo2_backend/src/poly/ipa/commitment.rs | 9 ++++++--- halo2_backend/src/poly/ipa/commitment/prover.rs | 10 ++++++---- halo2_backend/src/poly/ipa/msm.rs | 4 +++- halo2_backend/src/poly/ipa/strategy.rs | 5 +++-- halo2_backend/src/poly/kzg/commitment.rs | 10 ++++++---- halo2_backend/src/poly/kzg/msm.rs | 6 ++++-- halo2_common/Cargo.toml | 2 +- halo2_common/src/arithmetic.rs | 14 ++++++++++++++ halo2_frontend/Cargo.toml | 2 +- halo2_middleware/Cargo.toml | 2 +- halo2_proofs/Cargo.toml | 2 +- halo2_proofs/benches/arithmetic.rs | 7 ++++--- 13 files changed, 51 insertions(+), 24 deletions(-) diff --git a/halo2_backend/Cargo.toml b/halo2_backend/Cargo.toml index 807436a131..5f0476d1ee 100644 --- a/halo2_backend/Cargo.toml +++ b/halo2_backend/Cargo.toml @@ -28,7 +28,7 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"] backtrace = { version = "0.3", optional = true } ff = "0.13" group = "0.13" -halo2curves = { version = "0.6.0", default-features = false } +halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false } rand_core = { version = "0.6", default-features = false } tracing = "0.1" blake2b_simd = "1" # MSRV 1.66.0 diff --git a/halo2_backend/src/poly/ipa/commitment.rs b/halo2_backend/src/poly/ipa/commitment.rs index b77bd18e2a..d62348f8cc 100644 --- a/halo2_backend/src/poly/ipa/commitment.rs +++ b/halo2_backend/src/poly/ipa/commitment.rs @@ -3,13 +3,14 @@ //! //! [halo]: https://eprint.iacr.org/2019/1021 -use crate::arithmetic::{best_multiexp, g_to_lagrange, parallelize, CurveAffine, CurveExt}; +use crate::arithmetic::{g_to_lagrange, parallelize, CurveAffine, CurveExt}; use crate::helpers::CurveRead; use crate::poly::commitment::{Blind, CommitmentScheme, Params, ParamsProver, ParamsVerifier}; use crate::poly::ipa::msm::MSMIPA; use crate::poly::{Coeff, LagrangeCoeff, Polynomial}; use group::{Curve, Group}; +use halo2curves::zal::{H2cEngine, MsmAccel}; use std::marker::PhantomData; mod prover; @@ -99,7 +100,8 @@ impl<'params, C: CurveAffine> Params<'params, C> for ParamsIPA { tmp_bases.extend(self.g_lagrange.iter()); tmp_bases.push(self.w); - best_multiexp::(&tmp_scalars, &tmp_bases) + let engine = H2cEngine::new(); + engine.msm(&tmp_scalars, &tmp_bases) } /// Writes params to a buffer. @@ -219,7 +221,8 @@ impl<'params, C: CurveAffine> ParamsProver<'params, C> for ParamsIPA { tmp_bases.extend(self.g.iter()); tmp_bases.push(self.w); - best_multiexp::(&tmp_scalars, &tmp_bases) + let engine = H2cEngine::new(); + engine.msm(&tmp_scalars, &tmp_bases) } fn get_g(&self) -> &[C] { diff --git a/halo2_backend/src/poly/ipa/commitment/prover.rs b/halo2_backend/src/poly/ipa/commitment/prover.rs index 3a23cd152a..878aa47209 100644 --- a/halo2_backend/src/poly/ipa/commitment/prover.rs +++ b/halo2_backend/src/poly/ipa/commitment/prover.rs @@ -1,4 +1,5 @@ use halo2_middleware::ff::Field; +use halo2curves::zal::{H2cEngine, MsmAccel}; use rand_core::RngCore; use super::ParamsIPA; @@ -98,6 +99,7 @@ pub fn create_proof< // this vector into smaller and smaller vectors until it is of length 1. let mut g_prime = params.g.clone(); + let engine = H2cEngine::new(); // Perform the inner product argument, round by round. for j in 0..params.k { let half = 1 << (params.k - j - 1); // half the length of `p_prime`, `b`, `G'` @@ -106,14 +108,14 @@ pub fn create_proof< // // TODO: If we modify multiexp to take "extra" bases, we could speed // this piece up a bit by combining the multiexps. - let l_j = best_multiexp(&p_prime[half..], &g_prime[0..half]); - let r_j = best_multiexp(&p_prime[0..half], &g_prime[half..]); + let l_j = engine.msm(&p_prime[half..], &g_prime[0..half]); + let r_j = engine.msm(&p_prime[0..half], &g_prime[half..]); let value_l_j = compute_inner_product(&p_prime[half..], &b[0..half]); let value_r_j = compute_inner_product(&p_prime[0..half], &b[half..]); let l_j_randomness = C::Scalar::random(&mut rng); let r_j_randomness = C::Scalar::random(&mut rng); - let l_j = l_j + best_multiexp(&[value_l_j * z, l_j_randomness], &[params.u, params.w]); - let r_j = r_j + best_multiexp(&[value_r_j * z, r_j_randomness], &[params.u, params.w]); + let l_j = l_j + &engine.msm(&[value_l_j * z, l_j_randomness], &[params.u, params.w]); + let r_j = r_j + &engine.msm(&[value_r_j * z, r_j_randomness], &[params.u, params.w]); let l_j = l_j.to_affine(); let r_j = r_j.to_affine(); diff --git a/halo2_backend/src/poly/ipa/msm.rs b/halo2_backend/src/poly/ipa/msm.rs index 212ec461a8..54721d6a3b 100644 --- a/halo2_backend/src/poly/ipa/msm.rs +++ b/halo2_backend/src/poly/ipa/msm.rs @@ -2,6 +2,7 @@ use crate::arithmetic::{best_multiexp, CurveAffine}; use crate::poly::{commitment::MSM, ipa::commitment::ParamsVerifierIPA}; use group::Group; use halo2_middleware::ff::Field; +use halo2curves::zal::{H2cEngine, MsmAccel}; use std::collections::BTreeMap; /// A multiscalar multiplication in the polynomial commitment scheme @@ -166,7 +167,8 @@ impl<'a, C: CurveAffine> MSM for MSMIPA<'a, C> { assert_eq!(scalars.len(), len); - best_multiexp(&scalars, &bases) + let engine = H2cEngine::new(); + engine.msm(&scalars, &bases) } fn bases(&self) -> Vec { diff --git a/halo2_backend/src/poly/ipa/strategy.rs b/halo2_backend/src/poly/ipa/strategy.rs index cb8dba6b1c..f73332b04e 100644 --- a/halo2_backend/src/poly/ipa/strategy.rs +++ b/halo2_backend/src/poly/ipa/strategy.rs @@ -2,7 +2,6 @@ use super::commitment::{IPACommitmentScheme, ParamsIPA}; use super::msm::MSMIPA; use super::multiopen::VerifierIPA; use crate::{ - arithmetic::best_multiexp, plonk::Error, poly::{ commitment::MSM, @@ -11,6 +10,7 @@ use crate::{ }; use group::Curve; use halo2_middleware::ff::Field; +use halo2curves::zal::{H2cEngine, MsmAccel}; use halo2curves::CurveAffine; use rand_core::OsRng; @@ -67,7 +67,8 @@ impl<'params, C: CurveAffine> GuardIPA<'params, C> { pub fn compute_g(&self) -> C { let s = compute_s(&self.u, C::Scalar::ONE); - best_multiexp(&s, &self.msm.params.g).to_affine() + let engine = H2cEngine::new(); + engine.msm(&s, &self.msm.params.g).to_affine() } } diff --git a/halo2_backend/src/poly/kzg/commitment.rs b/halo2_backend/src/poly/kzg/commitment.rs index 320efbe780..48e2dca752 100644 --- a/halo2_backend/src/poly/kzg/commitment.rs +++ b/halo2_backend/src/poly/kzg/commitment.rs @@ -1,4 +1,4 @@ -use crate::arithmetic::{best_multiexp, g_to_lagrange, parallelize}; +use crate::arithmetic::{best_fft, g_to_lagrange, parallelize, CurveAffine, CurveExt}; use crate::helpers::SerdeCurveAffine; use crate::poly::commitment::{Blind, CommitmentScheme, Params, ParamsProver, ParamsVerifier}; use crate::poly::{Coeff, LagrangeCoeff, Polynomial}; @@ -7,7 +7,7 @@ use crate::SerdeFormat; use group::{prime::PrimeCurveAffine, Curve, Group}; use halo2_middleware::ff::{Field, PrimeField}; use halo2curves::pairing::Engine; -use halo2curves::CurveExt; +use halo2curves::zal::{H2cEngine, MsmAccel}; use rand_core::{OsRng, RngCore}; use std::fmt::Debug; use std::marker::PhantomData; @@ -308,7 +308,8 @@ where let bases = &self.g_lagrange; let size = scalars.len(); assert!(bases.len() >= size); - best_multiexp(&scalars, &bases[0..size]) + let engine = H2cEngine::new(); + engine.msm(&scalars, &bases[0..size]) } /// Writes params to a buffer. @@ -352,7 +353,8 @@ where let bases = &self.g; let size = scalars.len(); assert!(bases.len() >= size); - best_multiexp(&scalars, &bases[0..size]) + let engine = H2cEngine::new(); + engine.msm(&scalars, &bases[0..size]) } fn get_g(&self) -> &[E::G1Affine] { diff --git a/halo2_backend/src/poly/kzg/msm.rs b/halo2_backend/src/poly/kzg/msm.rs index b45dfe2a99..f8ede6e060 100644 --- a/halo2_backend/src/poly/kzg/msm.rs +++ b/halo2_backend/src/poly/kzg/msm.rs @@ -2,13 +2,14 @@ use std::fmt::Debug; use super::commitment::ParamsKZG; use crate::{ - arithmetic::{best_multiexp, parallelize}, + arithmetic::parallelize, poly::commitment::MSM, }; use group::{Curve, Group}; use halo2curves::{ pairing::{Engine, MillerLoopResult, MultiMillerLoop}, CurveAffine, CurveExt, + zal::{H2cEngine, MsmAccel}, }; /// A multiscalar multiplication in the polynomial commitment scheme @@ -81,7 +82,8 @@ where use group::prime::PrimeCurveAffine; let mut bases = vec![E::G1Affine::identity(); self.scalars.len()]; E::G1::batch_normalize(&self.bases, &mut bases); - best_multiexp(&self.scalars, &bases) + let engine = H2cEngine::new(); + engine.msm(&self.scalars, &bases) } fn bases(&self) -> Vec { diff --git a/halo2_common/Cargo.toml b/halo2_common/Cargo.toml index 4f60dbfa11..cf5e26a698 100644 --- a/halo2_common/Cargo.toml +++ b/halo2_common/Cargo.toml @@ -27,7 +27,7 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"] [dependencies] backtrace = { version = "0.3", optional = true } group = "0.13" -halo2curves = { version = "0.6.0", default-features = false } +halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false } rand_core = { version = "0.6", default-features = false } blake2b_simd = "1" # MSRV 1.66.0 sha3 = "0.9.1" diff --git a/halo2_common/src/arithmetic.rs b/halo2_common/src/arithmetic.rs index d6b546e852..430462ac3e 100644 --- a/halo2_common/src/arithmetic.rs +++ b/halo2_common/src/arithmetic.rs @@ -25,6 +25,10 @@ where { } +#[deprecated( + since = "0.3.2", + note = "please use ZAL api engine instead,\nsee: https://github.com/privacy-scaling-explorations/halo2/issues/216" +)] fn multiexp_serial(coeffs: &[C::Scalar], bases: &[C], acc: &mut C::Curve) { let coeffs: Vec<_> = coeffs.iter().map(|a| a.to_repr()).collect(); @@ -117,6 +121,10 @@ fn multiexp_serial(coeffs: &[C::Scalar], bases: &[C], acc: &mut /// Performs a small multi-exponentiation operation. /// Uses the double-and-add algorithm with doublings shared across points. +#[deprecated( + since = "0.3.2", + note = "please use ZAL api engine instead,\nsee: https://github.com/privacy-scaling-explorations/halo2/issues/216" +)] pub fn small_multiexp(coeffs: &[C::Scalar], bases: &[C]) -> C::Curve { let coeffs: Vec<_> = coeffs.iter().map(|a| a.to_repr()).collect(); let mut acc = C::Curve::identity(); @@ -144,6 +152,10 @@ pub fn small_multiexp(coeffs: &[C::Scalar], bases: &[C]) -> C::C /// This function will panic if coeffs and bases have a different length. /// /// This will use multithreading if beneficial. +#[deprecated( + since = "0.3.2", + note = "please use ZAL api engine instead,\nsee: https://github.com/privacy-scaling-explorations/halo2/issues/216" +)] pub fn best_multiexp(coeffs: &[C::Scalar], bases: &[C]) -> C::Curve { assert_eq!(coeffs.len(), bases.len()); @@ -161,6 +173,7 @@ pub fn best_multiexp(coeffs: &[C::Scalar], bases: &[C]) -> C::Cu .zip(results.iter_mut()) { scope.spawn(move |_| { + #[allow(deprecated)] multiexp_serial(coeffs, bases, acc); }); } @@ -168,6 +181,7 @@ pub fn best_multiexp(coeffs: &[C::Scalar], bases: &[C]) -> C::Cu results.iter().fold(C::Curve::identity(), |a, b| a + b) } else { let mut acc = C::Curve::identity(); + #[allow(deprecated)] multiexp_serial(coeffs, bases, &mut acc); acc } diff --git a/halo2_frontend/Cargo.toml b/halo2_frontend/Cargo.toml index 6a35d66652..a8496aedc1 100644 --- a/halo2_frontend/Cargo.toml +++ b/halo2_frontend/Cargo.toml @@ -28,7 +28,7 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"] backtrace = { version = "0.3", optional = true } ff = "0.13" group = "0.13" -halo2curves = { version = "0.6.0", default-features = false } +halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false } tracing = "0.1" blake2b_simd = "1" # MSRV 1.66.0 serde = { version = "1", optional = true, features = ["derive"] } diff --git a/halo2_middleware/Cargo.toml b/halo2_middleware/Cargo.toml index 66ec0b5105..eee59a3458 100644 --- a/halo2_middleware/Cargo.toml +++ b/halo2_middleware/Cargo.toml @@ -33,7 +33,7 @@ rayon = "1.8" [dev-dependencies] proptest = "1" group = "0.13" -halo2curves = { version = "0.6.0", default-features = false } +halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false } [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dev-dependencies] getrandom = { version = "0.2", features = ["js"] } diff --git a/halo2_proofs/Cargo.toml b/halo2_proofs/Cargo.toml index 8bf059790b..e6c5ae6170 100644 --- a/halo2_proofs/Cargo.toml +++ b/halo2_proofs/Cargo.toml @@ -53,7 +53,7 @@ halo2_middleware = { path = "../halo2_middleware" } halo2_common = { path = "../halo2_common" } halo2_backend = { path = "../halo2_backend" } halo2_frontend = { path = "../halo2_frontend" } -halo2curves = { version = "0.6.0", default-features = false } +halo2curves = { git = 'https://github.com/taikoxyz/halo2curves', branch = "pr-pse-exec-engine", default-features = false } rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } plotters = { version = "0.3.0", default-features = false, optional = true } diff --git a/halo2_proofs/benches/arithmetic.rs b/halo2_proofs/benches/arithmetic.rs index 4ae88af137..659caa10da 100644 --- a/halo2_proofs/benches/arithmetic.rs +++ b/halo2_proofs/benches/arithmetic.rs @@ -1,10 +1,10 @@ #[macro_use] extern crate criterion; -use crate::arithmetic::small_multiexp; -use crate::halo2curves::pasta::{EqAffine, Fp}; use group::ff::Field; use halo2_proofs::*; +use halo2curves::pasta::{EqAffine, Fp}; +use halo2curves::zal::{H2cEngine, MsmAccel}; use halo2_proofs::poly::{commitment::ParamsProver, ipa::commitment::ParamsIPA}; @@ -16,6 +16,7 @@ fn criterion_benchmark(c: &mut Criterion) { // small multiexp { + let engine = H2cEngine::new(); let params: ParamsIPA = ParamsIPA::new(5); let g = &mut params.get_g().to_vec(); let len = g.len() / 2; @@ -27,7 +28,7 @@ fn criterion_benchmark(c: &mut Criterion) { c.bench_function("double-and-add", |b| { b.iter(|| { for (g_lo, g_hi) in g_lo.iter().zip(g_hi.iter()) { - small_multiexp(&[black_box(coeff_1), black_box(coeff_2)], &[*g_lo, *g_hi]); + engine.msm(&[black_box(coeff_1), black_box(coeff_2)], &[*g_lo, *g_hi]); } }) });