Merge pull request privacy-scaling-explorations#171 from input-output…

…-hk/fix/endoscale-max-bitstring Improvements for constants in endoscaling gadget and chip
input-output-hk · May 3, 2024 · 29b3798 · 29b3798
2 parents bee2e5c + 17b27f2
commit 29b3798
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 35 deletions.
diff --git a/halo2_gadgets/benches/endoscale.rs b/halo2_gadgets/benches/endoscale.rs
@@ -43,7 +43,7 @@ impl<
 where
     C::Base: PrimeFieldBits,
 {
-    type Config = (EndoscaleConfig<C, K, 248>, Column<Advice>);
+    type Config = (EndoscaleConfig<C, K>, Column<Advice>);
     type FloorPlanner = SimpleFloorPlanner;
 
     #[cfg(feature = "circuit-params")]
@@ -142,7 +142,7 @@ impl<
 where
     C::Base: PrimeFieldBits,
 {
-    type Config = EndoscaleConfig<C, K, 248>;
+    type Config = EndoscaleConfig<C, K>;
     type FloorPlanner = SimpleFloorPlanner;
 
     #[cfg(feature = "circuit-params")]

diff --git a/halo2_gadgets/examples/endoscaling_demo.rs b/halo2_gadgets/examples/endoscaling_demo.rs
@@ -252,10 +252,9 @@ struct ChallengeMultiplicationConfig {
     /// - First parameter is the curve that the base point used in Alg 1 is on.
     /// - Second parameter is the window size used to decompose the challenge into a bitstring in
     ///   Alg 2.
-    /// - Third parameter is the maximum length allowed for a bitstring used in Alg 2.
     ///
-    /// In this example, we don't use Alg 2, so we can set the second and third parameters to 0.
-    endoscale_config: EndoscaleConfig<pallas::Affine, 0, 0>,
+    /// In this example, we don't use Alg 2, so we can set the second parameter to 0.
+    endoscale_config: EndoscaleConfig<pallas::Affine, 0>,
 }
 
 impl Circuit<pallas::Base> for ChallengeMultiplicationCircuit {

diff --git a/halo2_gadgets/src/endoscale.rs b/halo2_gadgets/src/endoscale.rs
@@ -24,8 +24,6 @@ where
     /// When endoscaling with a base, each unique base can only support up to
     /// `MAX_BITSTRING_LENGTH` bits.
     const MAX_BITSTRING_LENGTH: usize;
-    /// The number of fixed bases available.
-    const NUM_FIXED_BASES: usize;
 
     /// Witnesses a slice of bools as a vector of [`Self::Bitstring`]s.
     fn witness_bitstring(
@@ -45,9 +43,6 @@ where
 
     /// Computes commitment (Alg 1) to a variable-length bitstring using the endoscaling
     /// algorithm. Uses the fixed bases defined in [`Self::FixedBases`].
-    ///
-    /// # Panics
-    /// Panics if bitstring.len() exceeds NUM_FIXED_BASES.
     #[allow(clippy::type_complexity)]
     fn endoscale_fixed_base(
         &self,

diff --git a/halo2_gadgets/src/endoscale/chip.rs b/halo2_gadgets/src/endoscale/chip.rs
@@ -39,7 +39,7 @@ pub enum Bitstring<F: PrimeFieldBits, const K: usize> {
 
 /// Config used in processing endoscalars.
 #[derive(Clone, Debug)]
-pub struct EndoscaleConfig<C: CurveAffine, const K: usize, const MAX_BITSTRING_LENGTH: usize>
+pub struct EndoscaleConfig<C: CurveAffine, const K: usize>
 where
     C::Base: PrimeFieldBits,
 {
@@ -51,24 +51,24 @@ where
     ///
     /// That is, given a bitstring, this computes the scalar value that, when scalar-multiplied
     /// by a curve point, provides the same result as endoscaling with the bitstring.
-    alg_2: Alg2Config<C, K, MAX_BITSTRING_LENGTH>,
+    alg_2: Alg2Config<C, K>,
 }
 
 /// Chip implementing [`EndoscaleInstructions`]
 #[derive(Debug)]
-pub struct EndoscaleChip<C: CurveAffine, const K: usize, const MAX_BITSTRING_LENGTH: usize>
+pub struct EndoscaleChip<C: CurveAffine, const K: usize>
 where
     C::Base: PrimeFieldBits,
 {
-    config: EndoscaleConfig<C, K, MAX_BITSTRING_LENGTH>,
+    config: EndoscaleConfig<C, K>,
 }
 
-impl<C: CurveAffine + CurveEndoscale, const K: usize, const N: usize> EndoscaleChip<C, K, N>
+impl<C: CurveAffine + CurveEndoscale, const K: usize> EndoscaleChip<C, K>
 where
     C::Base: PrimeFieldBits,
 {
     /// Construct chip from inner config
-    pub fn construct(config: EndoscaleConfig<C, K, N>) -> Self {
+    pub fn construct(config: EndoscaleConfig<C, K>) -> Self {
         Self { config }
     }
 
@@ -82,7 +82,7 @@ where
         // Running sum column shared across alg_1 and alg_2
         running_sum: Column<Advice>,
         endoscalars: Column<Instance>,
-    ) -> EndoscaleConfig<C, K, N> {
+    ) -> EndoscaleConfig<C, K> {
         let running_sum_pairs = {
             let q_pairs = meta.selector();
             RunningSumConfig::configure(meta, q_pairs, running_sum)
@@ -126,13 +126,12 @@ where
         self.config.alg_1()
     }
 
-    fn alg_2(&self) -> &Alg2Config<C, K, N> {
+    fn alg_2(&self) -> &Alg2Config<C, K> {
         self.config.alg_2()
     }
 }
 
-impl<C: CurveAffine, const K: usize, const MAX_BITSTRING_LENGTH: usize>
-    EndoscaleConfig<C, K, MAX_BITSTRING_LENGTH>
+impl<C: CurveAffine, const K: usize> EndoscaleConfig<C, K>
 where
     C::Base: PrimeFieldBits,
 {
@@ -142,7 +141,7 @@ where
     }
 
     /// Get the config for algorithm 2 .
-    pub fn alg_2(&self) -> &Alg2Config<C, K, MAX_BITSTRING_LENGTH> {
+    pub fn alg_2(&self) -> &Alg2Config<C, K> {
         &self.alg_2
     }
 }
@@ -173,12 +172,11 @@ impl CurveEndoscale for pluto_eris::ErisAffine {
     const MAX_BITSTRING_LENGTH: usize = 442;
 }
 
-impl<C: CurveAffine + CurveEndoscale, const K: usize, const N: usize> Chip<C::Base>
-    for EndoscaleChip<C, K, N>
+impl<C: CurveAffine + CurveEndoscale, const K: usize> Chip<C::Base> for EndoscaleChip<C, K>
 where
     C::Base: PrimeFieldBits,
 {
-    type Config = EndoscaleConfig<C, K, N>;
+    type Config = EndoscaleConfig<C, K>;
     type Loaded = ();
 
     fn config(&self) -> &Self::Config {
@@ -190,16 +188,15 @@ where
     }
 }
 
-impl<C: CurveAffine + CurveEndoscale, const K: usize, const N: usize> EndoscaleInstructions<C>
-    for EndoscaleChip<C, K, N>
+impl<C: CurveAffine + CurveEndoscale, const K: usize> EndoscaleInstructions<C>
+    for EndoscaleChip<C, K>
 where
     C::Base: PrimeFieldBits,
 {
     type NonIdentityPoint = NonIdentityEccPoint<C>;
     type Bitstring = Bitstring<C::Base, K>;
     type FixedBases = C;
     const MAX_BITSTRING_LENGTH: usize = C::MAX_BITSTRING_LENGTH;
-    const NUM_FIXED_BASES: usize = N;
 
     fn witness_bitstring(
         &self,
@@ -364,7 +361,7 @@ mod tests {
     where
         C::Base: PrimeFieldBits,
     {
-        type Config = (EndoscaleConfig<C, K, 248>, Column<Advice>);
+        type Config = (EndoscaleConfig<C, K>, Column<Advice>);
         type FloorPlanner = SimpleFloorPlanner;
 
         #[cfg(feature = "circuit-params")]
@@ -464,7 +461,7 @@ mod tests {
     where
         C::Base: PrimeFieldBits,
     {
-        type Config = EndoscaleConfig<C, K, 248>;
+        type Config = EndoscaleConfig<C, K>;
         type FloorPlanner = SimpleFloorPlanner;
 
         #[cfg(feature = "circuit-params")]

diff --git a/halo2_gadgets/src/endoscale/chip/alg_2.rs b/halo2_gadgets/src/endoscale/chip/alg_2.rs
@@ -18,6 +18,8 @@ use crate::utilities::{
 };
 use std::marker::PhantomData;
 
+use super::CurveEndoscale;
+
 #[derive(Clone, Debug)]
 pub struct Bitstring<F: PrimeFieldBits, const K: usize> {
     running_sum: RunningSum<F, K>,
@@ -86,7 +88,7 @@ impl<F: WithSmallOrderMulGroup<3>, const K: usize> TableConfig<F, K> {
 
 /// Config used in Algorithm 2 (endoscaling in the field).
 #[derive(Clone, Debug)]
-pub struct Alg2Config<C: CurveAffine, const K: usize, const MAX_BITSTRING_LENGTH: usize>
+pub struct Alg2Config<C: CurveAffine, const K: usize>
 where
     C::Base: PrimeFieldBits,
 {
@@ -114,8 +116,7 @@ where
     pow2_config: pow2_range_check::Config<C::Base, K>,
 }
 
-impl<C: CurveAffine, const K: usize, const MAX_BITSTRING_LENGTH: usize>
-    Alg2Config<C, K, MAX_BITSTRING_LENGTH>
+impl<C: CurveAffine + CurveEndoscale, const K: usize> Alg2Config<C, K>
 where
     C::Base: PrimeFieldBits,
 {
@@ -271,7 +272,7 @@ where
         let pad_len = bitstring.pad_len;
         let num_bits = bitstring.running_sum.num_bits() - pad_len;
         // num_bits must be an even number not greater than MAX_BITSTRING_LENGTH.
-        assert!(num_bits <= MAX_BITSTRING_LENGTH);
+        assert!(num_bits <= C::MAX_BITSTRING_LENGTH);
 
         // The bitstring will be broken into K-bit chunks with the first chunk
         // being a padded k_prime-bit partial chunk

diff --git a/halo2_gadgets/src/recursive_chip.rs b/halo2_gadgets/src/recursive_chip.rs
@@ -89,7 +89,7 @@ type C = pasta::pallas::Affine; // Limitation of `EccChip` (will be generalized
 const K: usize = 0; // We won't be using Algorithm 2 yet, so no reason to have this table
 const MAX_BITSTRING_LENGTH: usize = <C as CurveEndoscale>::MAX_BITSTRING_LENGTH;
 
-type Endo = EndoscaleChip<C, K, MAX_BITSTRING_LENGTH>;
+type Endo = EndoscaleChip<C, K>;
 type P = Pow5Chip<<C as CurveAffine>::Base, { P128Pow5T3::WIDTH }, { P128Pow5T3::RATE }>;
 type TR<FP, P, D, const L: usize, R> =
     TranscriptReaderChip<C, EccChip<C, FP>, TranscriptChipP128Pow5T3<C, P, D, L>, R>;
@@ -266,7 +266,6 @@ impl<
     type Bitstring = Endo::Bitstring;
     type FixedBases = Endo::FixedBases;
     const MAX_BITSTRING_LENGTH: usize = Endo::MAX_BITSTRING_LENGTH;
-    const NUM_FIXED_BASES: usize = Endo::NUM_FIXED_BASES;
 
     fn witness_bitstring(
         &self,