diff --git a/halo2_backend/src/helpers.rs b/halo2_backend/src/helpers.rs new file mode 100644 index 0000000000..4f2afda00c --- /dev/null +++ b/halo2_backend/src/helpers.rs @@ -0,0 +1,39 @@ +use crate::poly::Polynomial; +pub(crate) use halo2_common::helpers::{SerdeFormat, SerdePrimeField}; +use halo2_middleware::ff::PrimeField; +use std::io; + +pub(crate) use halo2_common::helpers::{pack, unpack, CurveRead, SerdeCurveAffine}; + +/// Reads a vector of polynomials from buffer +pub fn read_polynomial_vec( + reader: &mut R, + format: SerdeFormat, +) -> io::Result>> { + let mut len = [0u8; 4]; + reader.read_exact(&mut len)?; + let len = u32::from_be_bytes(len); + + (0..len) + .map(|_| Polynomial::::read(reader, format)) + .collect::>>() +} + +/// Writes a slice of polynomials to buffer +pub fn write_polynomial_slice( + slice: &[Polynomial], + writer: &mut W, + format: SerdeFormat, +) -> io::Result<()> { + writer.write_all(&(slice.len() as u32).to_be_bytes())?; + for poly in slice.iter() { + poly.write(writer, format)?; + } + Ok(()) +} + +/// Gets the total number of bytes of a slice of polynomials, assuming all polynomials are the same length +pub fn polynomial_slice_byte_length(slice: &[Polynomial]) -> usize { + let field_len = F::default().to_repr().as_ref().len(); + 4 + slice.len() * (4 + field_len * slice.get(0).map(|poly| poly.len()).unwrap_or(0)) +} diff --git a/halo2_backend/src/lib.rs b/halo2_backend/src/lib.rs index 5973dcf661..4183e6425b 100644 --- a/halo2_backend/src/lib.rs +++ b/halo2_backend/src/lib.rs @@ -1,10 +1,10 @@ +mod helpers; pub mod plonk; +pub mod poly; // Internal re-exports pub use halo2_common::arithmetic; pub use halo2_common::circuit; -pub use halo2_common::helpers; pub use halo2_common::multicore; -pub use halo2_common::poly; pub use halo2_common::transcript; pub use halo2_common::SerdeFormat; diff --git a/halo2_backend/src/plonk.rs b/halo2_backend/src/plonk.rs index 1acb0763b8..9a170834cd 100644 --- a/halo2_backend/src/plonk.rs +++ b/halo2_backend/src/plonk.rs @@ -1,22 +1,24 @@ use blake2b_simd::Params as Blake2bParams; use group::ff::{Field, FromUniformBytes, PrimeField}; +use crate::helpers::{ + self, polynomial_slice_byte_length, read_polynomial_vec, write_polynomial_slice, + SerdeCurveAffine, SerdePrimeField, +}; use crate::poly::{ Coeff, EvaluationDomain, ExtendedLagrangeCoeff, LagrangeCoeff, PinnedEvaluationDomain, Polynomial, }; use evaluation::Evaluator; use halo2_common::arithmetic::CurveAffine; -use halo2_common::helpers::{ - self, polynomial_slice_byte_length, read_polynomial_vec, write_polynomial_slice, - SerdeCurveAffine, SerdePrimeField, -}; use halo2_common::plonk::{Circuit, ConstraintSystem, PinnedConstraintSystem}; use halo2_common::transcript::{EncodedChallenge, Transcript}; use halo2_common::SerdeFormat; use std::io; +pub(crate) use halo2_common::plonk::Error; + mod evaluation; pub mod keygen; mod lookup; diff --git a/halo2_backend/src/plonk/permutation.rs b/halo2_backend/src/plonk/permutation.rs index 78f6abf8e7..122236e74d 100644 --- a/halo2_backend/src/plonk/permutation.rs +++ b/halo2_backend/src/plonk/permutation.rs @@ -2,13 +2,11 @@ use crate::{ arithmetic::CurveAffine, - helpers::{ - polynomial_slice_byte_length, read_polynomial_vec, write_polynomial_slice, - SerdeCurveAffine, SerdePrimeField, - }, + helpers::{polynomial_slice_byte_length, read_polynomial_vec, write_polynomial_slice}, poly::{Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial}, SerdeFormat, }; +use halo2_common::helpers::{SerdeCurveAffine, SerdePrimeField}; pub use halo2_common::plonk::permutation::Argument; use std::io; diff --git a/halo2_backend/src/plonk/prover.rs b/halo2_backend/src/plonk/prover.rs index 8ee3cae307..f6c3cc695d 100644 --- a/halo2_backend/src/plonk/prover.rs +++ b/halo2_backend/src/plonk/prover.rs @@ -8,19 +8,17 @@ use crate::plonk::lookup::prover::lookup_commit_permuted; use crate::plonk::permutation::prover::permutation_commit; use crate::plonk::shuffle::prover::shuffle_commit_product; use crate::plonk::{lookup, permutation, shuffle, vanishing, ProvingKey}; +use crate::poly::{ + commitment::{Blind, CommitmentScheme, Params, Prover}, + Basis, Coeff, LagrangeCoeff, Polynomial, ProverQuery, +}; use halo2_common::plonk::{ circuit::sealed, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, ChallengeY, Error, }; use group::prime::PrimeCurveAffine; +use halo2_common::arithmetic::{eval_polynomial, CurveAffine}; use halo2_common::transcript::{EncodedChallenge, TranscriptWrite}; -use halo2_common::{ - arithmetic::{eval_polynomial, CurveAffine}, - poly::{ - commitment::{Blind, CommitmentScheme, Params, Prover}, - Basis, Coeff, LagrangeCoeff, Polynomial, ProverQuery, - }, -}; /// Collection of instance data used during proving for a single circuit proof. #[derive(Debug)] diff --git a/halo2_common/src/poly.rs b/halo2_backend/src/poly.rs similarity index 86% rename from halo2_common/src/poly.rs rename to halo2_backend/src/poly.rs index e02423be89..6e4befe581 100644 --- a/halo2_common/src/poly.rs +++ b/halo2_backend/src/poly.rs @@ -3,11 +3,10 @@ //! the committed polynomials at arbitrary points. use crate::arithmetic::parallelize; -use crate::helpers::SerdePrimeField; use crate::SerdeFormat; +use halo2_common::helpers::SerdePrimeField; -use crate::plonk::Assigned; -use group::ff::{BatchInvert, Field}; +use group::ff::Field; use halo2_middleware::poly::Rotation; use std::fmt::Debug; use std::io; @@ -197,46 +196,6 @@ impl Polynomial { } } -pub fn batch_invert_assigned(assigned: Vec>>) -> Vec> { - let mut assigned_denominators: Vec<_> = assigned - .iter() - .map(|f| { - f.iter() - .map(|value| value.denominator()) - .collect::>() - }) - .collect(); - - assigned_denominators - .iter_mut() - .flat_map(|f| { - f.iter_mut() - // If the denominator is trivial, we can skip it, reducing the - // size of the batch inversion. - .filter_map(|d| d.as_mut()) - }) - .batch_invert(); - - assigned - .iter() - .zip(assigned_denominators) - .map(|(poly, inv_denoms)| { - poly_invert(poly, inv_denoms.into_iter().map(|d| d.unwrap_or(F::ONE))) - }) - .collect() -} - -pub fn poly_invert( - poly: &[Assigned], - inv_denoms: impl Iterator + ExactSizeIterator, -) -> Vec { - assert_eq!(inv_denoms.len(), poly.len()); - poly.iter() - .zip(inv_denoms) - .map(|(a, inv_den)| a.numerator() * inv_den) - .collect() -} - impl<'a, F: Field, B: Basis> Add<&'a Polynomial> for Polynomial { type Output = Polynomial; diff --git a/halo2_common/src/poly/commitment.rs b/halo2_backend/src/poly/commitment.rs similarity index 100% rename from halo2_common/src/poly/commitment.rs rename to halo2_backend/src/poly/commitment.rs diff --git a/halo2_common/src/poly/domain.rs b/halo2_backend/src/poly/domain.rs similarity index 97% rename from halo2_common/src/poly/domain.rs rename to halo2_backend/src/poly/domain.rs index 2219ed1a8a..09c9f9c794 100644 --- a/halo2_common/src/poly/domain.rs +++ b/halo2_backend/src/poly/domain.rs @@ -4,7 +4,6 @@ use crate::arithmetic::{best_fft, parallelize}; use super::{Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial}; -use crate::plonk::Assigned; use group::ff::{BatchInvert, Field}; use halo2_middleware::ff::WithSmallOrderMulGroup; use halo2_middleware::poly::Rotation; @@ -183,15 +182,6 @@ impl> EvaluationDomain { } } - /// Returns an empty (zero) polynomial in the Lagrange coefficient basis, with - /// deferred inversions. - pub fn empty_lagrange_assigned(&self) -> Polynomial, LagrangeCoeff> { - Polynomial { - values: vec![F::ZERO.into(); self.n as usize], - _marker: PhantomData, - } - } - /// Returns a constant polynomial in the Lagrange coefficient basis pub fn constant_lagrange(&self, scalar: F) -> Polynomial { Polynomial { @@ -296,7 +286,7 @@ impl> EvaluationDomain { // evaluation domain might be slightly larger than necessary because // it always lies on a power-of-two boundary. a.values - .truncate((&self.n * self.quotient_poly_degree) as usize); + .truncate((self.n * self.quotient_poly_degree) as usize); a.values } diff --git a/halo2_common/src/poly/ipa/commitment.rs b/halo2_backend/src/poly/ipa/commitment.rs similarity index 99% rename from halo2_common/src/poly/ipa/commitment.rs rename to halo2_backend/src/poly/ipa/commitment.rs index b6e0945aab..b77bd18e2a 100644 --- a/halo2_common/src/poly/ipa/commitment.rs +++ b/halo2_backend/src/poly/ipa/commitment.rs @@ -296,11 +296,11 @@ mod test { use super::super::commitment::{Blind, Params}; use crate::arithmetic::eval_polynomial; - use crate::halo2curves::pasta::{EpAffine, Fq}; use crate::poly::EvaluationDomain; use crate::transcript::{ Blake2bRead, Blake2bWrite, Challenge255, Transcript, TranscriptRead, TranscriptWrite, }; + use halo2curves::pasta::{EpAffine, Fq}; use crate::transcript::TranscriptReadBuffer; use crate::transcript::TranscriptWriterBuffer; diff --git a/halo2_common/src/poly/ipa/commitment/prover.rs b/halo2_backend/src/poly/ipa/commitment/prover.rs similarity index 92% rename from halo2_common/src/poly/ipa/commitment/prover.rs rename to halo2_backend/src/poly/ipa/commitment/prover.rs index ee92c7677f..3a23cd152a 100644 --- a/halo2_common/src/poly/ipa/commitment/prover.rs +++ b/halo2_backend/src/poly/ipa/commitment/prover.rs @@ -112,8 +112,8 @@ pub fn create_proof< let value_r_j = compute_inner_product(&p_prime[0..half], &b[half..]); let l_j_randomness = C::Scalar::random(&mut rng); let r_j_randomness = C::Scalar::random(&mut rng); - let l_j = l_j + &best_multiexp(&[value_l_j * &z, l_j_randomness], &[params.u, params.w]); - let r_j = r_j + &best_multiexp(&[value_r_j * &z, r_j_randomness], &[params.u, params.w]); + let l_j = l_j + best_multiexp(&[value_l_j * z, l_j_randomness], &[params.u, params.w]); + let r_j = r_j + best_multiexp(&[value_r_j * z, r_j_randomness], &[params.u, params.w]); let l_j = l_j.to_affine(); let r_j = r_j.to_affine(); @@ -127,8 +127,8 @@ pub fn create_proof< // Collapse `p_prime` and `b`. // TODO: parallelize for i in 0..half { - p_prime[i] = p_prime[i] + &(p_prime[i + half] * &u_j_inv); - b[i] = b[i] + &(b[i + half] * &u_j); + p_prime[i] = p_prime[i] + (p_prime[i + half] * u_j_inv); + b[i] = b[i] + (b[i + half] * u_j); } p_prime.truncate(half); b.truncate(half); @@ -138,8 +138,8 @@ pub fn create_proof< g_prime.truncate(half); // Update randomness (the synthetic blinding factor at the end) - f += &(l_j_randomness * &u_j_inv); - f += &(r_j_randomness * &u_j); + f += l_j_randomness * u_j_inv; + f += r_j_randomness * u_j; } // We have fully collapsed `p_prime`, `b`, `G'` @@ -160,7 +160,7 @@ fn parallel_generator_collapse(g: &mut [C], challenge: C::Scalar let g_hi = &g_hi[start..]; let mut tmp = Vec::with_capacity(g_lo.len()); for (g_lo, g_hi) in g_lo.iter().zip(g_hi.iter()) { - tmp.push(g_lo.to_curve() + &(*g_hi * challenge)); + tmp.push(g_lo.to_curve() + *g_hi * challenge); } C::Curve::batch_normalize(&tmp, g_lo); }); diff --git a/halo2_common/src/poly/ipa/commitment/verifier.rs b/halo2_backend/src/poly/ipa/commitment/verifier.rs similarity index 97% rename from halo2_common/src/poly/ipa/commitment/verifier.rs rename to halo2_backend/src/poly/ipa/commitment/verifier.rs index cf258625d5..5117df25f1 100644 --- a/halo2_common/src/poly/ipa/commitment/verifier.rs +++ b/halo2_backend/src/poly/ipa/commitment/verifier.rs @@ -75,7 +75,7 @@ pub fn verify_proof<'params, C: CurveAffine, E: EncodedChallenge, T: Transcri let f = transcript.read_scalar().map_err(|_| Error::SamplingError)?; let b = compute_b(x, &u); - msm.add_to_u_scalar(neg_c * &b * &z); + msm.add_to_u_scalar(neg_c * b * z); msm.add_to_w_scalar(-f); let guard = GuardIPA { @@ -93,7 +93,7 @@ fn compute_b(x: F, u: &[F]) -> F { let mut tmp = F::ONE; let mut cur = x; for u_j in u.iter().rev() { - tmp *= F::ONE + &(*u_j * &cur); + tmp *= F::ONE + (*u_j * cur); cur *= cur; } tmp diff --git a/halo2_common/src/poly/ipa/mod.rs b/halo2_backend/src/poly/ipa/mod.rs similarity index 100% rename from halo2_common/src/poly/ipa/mod.rs rename to halo2_backend/src/poly/ipa/mod.rs diff --git a/halo2_common/src/poly/ipa/msm.rs b/halo2_backend/src/poly/ipa/msm.rs similarity index 98% rename from halo2_common/src/poly/ipa/msm.rs rename to halo2_backend/src/poly/ipa/msm.rs index b481bc19a4..212ec461a8 100644 --- a/halo2_common/src/poly/ipa/msm.rs +++ b/halo2_backend/src/poly/ipa/msm.rs @@ -126,8 +126,8 @@ impl<'a, C: CurveAffine> MSM for MSMIPA<'a, C> { other.0 *= factor; } - self.w_scalar = self.w_scalar.map(|a| a * &factor); - self.u_scalar = self.u_scalar.map(|a| a * &factor); + self.w_scalar = self.w_scalar.map(|a| a * factor); + self.u_scalar = self.u_scalar.map(|a| a * factor); } fn check(&self) -> bool { @@ -207,12 +207,12 @@ impl<'a, C: CurveAffine> MSMIPA<'a, C> { } /// Add to `w_scalar` pub fn add_to_w_scalar(&mut self, scalar: C::Scalar) { - self.w_scalar = self.w_scalar.map_or(Some(scalar), |a| Some(a + &scalar)); + self.w_scalar = self.w_scalar.map_or(Some(scalar), |a| Some(a + scalar)); } /// Add to `u_scalar` pub fn add_to_u_scalar(&mut self, scalar: C::Scalar) { - self.u_scalar = self.u_scalar.map_or(Some(scalar), |a| Some(a + &scalar)); + self.u_scalar = self.u_scalar.map_or(Some(scalar), |a| Some(a + scalar)); } } diff --git a/halo2_common/src/poly/ipa/multiopen.rs b/halo2_backend/src/poly/ipa/multiopen.rs similarity index 100% rename from halo2_common/src/poly/ipa/multiopen.rs rename to halo2_backend/src/poly/ipa/multiopen.rs diff --git a/halo2_common/src/poly/ipa/multiopen/prover.rs b/halo2_backend/src/poly/ipa/multiopen/prover.rs similarity index 98% rename from halo2_common/src/poly/ipa/multiopen/prover.rs rename to halo2_backend/src/poly/ipa/multiopen/prover.rs index 75494973c5..c72336bf5a 100644 --- a/halo2_common/src/poly/ipa/multiopen/prover.rs +++ b/halo2_backend/src/poly/ipa/multiopen/prover.rs @@ -112,7 +112,7 @@ impl<'params, C: CurveAffine> Prover<'params, IPACommitmentScheme> for Prover |(q_prime_poly, q_prime_blind), (poly, blind)| { ( q_prime_poly * *x_4 + &poly.unwrap(), - Blind((q_prime_blind.0 * &(*x_4)) + &blind.0), + Blind((q_prime_blind.0 * (*x_4)) + blind.0), ) }, ); diff --git a/halo2_common/src/poly/ipa/multiopen/verifier.rs b/halo2_backend/src/poly/ipa/multiopen/verifier.rs similarity index 96% rename from halo2_common/src/poly/ipa/multiopen/verifier.rs rename to halo2_backend/src/poly/ipa/multiopen/verifier.rs index 7910a0662e..62e764d8fd 100644 --- a/halo2_common/src/poly/ipa/multiopen/verifier.rs +++ b/halo2_backend/src/poly/ipa/multiopen/verifier.rs @@ -120,10 +120,10 @@ impl<'params, C: CurveAffine> Verifier<'params, IPACommitmentScheme> |msm_eval, ((points, evals), proof_eval)| { let r_poly = lagrange_interpolate(points, evals); let r_eval = eval_polynomial(&r_poly, *x_3); - let eval = points.iter().fold(*proof_eval - &r_eval, |eval, point| { - eval * &(*x_3 - point).invert().unwrap() + let eval = points.iter().fold(*proof_eval - r_eval, |eval, point| { + eval * (*x_3 - point).invert().unwrap() }); - msm_eval * &(*x_2) + &eval + msm_eval * (*x_2) + eval }, ); @@ -138,7 +138,7 @@ impl<'params, C: CurveAffine> Verifier<'params, IPACommitmentScheme> |(mut msm, msm_eval), ((q_commitment, _), q_eval)| { msm.scale(*x_4); msm.add_msm(&q_commitment); - (msm, msm_eval * &(*x_4) + q_eval) + (msm, msm_eval * (*x_4) + q_eval) }, ); diff --git a/halo2_common/src/poly/ipa/strategy.rs b/halo2_backend/src/poly/ipa/strategy.rs similarity index 100% rename from halo2_common/src/poly/ipa/strategy.rs rename to halo2_backend/src/poly/ipa/strategy.rs diff --git a/halo2_common/src/poly/kzg/commitment.rs b/halo2_backend/src/poly/kzg/commitment.rs similarity index 99% rename from halo2_common/src/poly/kzg/commitment.rs rename to halo2_backend/src/poly/kzg/commitment.rs index 3a223173d5..320efbe780 100644 --- a/halo2_common/src/poly/kzg/commitment.rs +++ b/halo2_backend/src/poly/kzg/commitment.rs @@ -397,7 +397,7 @@ mod test { const K: u32 = 4; use super::super::commitment::Params; - use crate::halo2curves::bn256::Bn256; + use halo2curves::bn256::Bn256; let params0 = ParamsKZG::::new(K); let mut data = vec![]; diff --git a/halo2_common/src/poly/kzg/mod.rs b/halo2_backend/src/poly/kzg/mod.rs similarity index 100% rename from halo2_common/src/poly/kzg/mod.rs rename to halo2_backend/src/poly/kzg/mod.rs diff --git a/halo2_common/src/poly/kzg/msm.rs b/halo2_backend/src/poly/kzg/msm.rs similarity index 100% rename from halo2_common/src/poly/kzg/msm.rs rename to halo2_backend/src/poly/kzg/msm.rs diff --git a/halo2_common/src/poly/kzg/multiopen.rs b/halo2_backend/src/poly/kzg/multiopen.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen.rs rename to halo2_backend/src/poly/kzg/multiopen.rs diff --git a/halo2_common/src/poly/kzg/multiopen/gwc.rs b/halo2_backend/src/poly/kzg/multiopen/gwc.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen/gwc.rs rename to halo2_backend/src/poly/kzg/multiopen/gwc.rs diff --git a/halo2_common/src/poly/kzg/multiopen/gwc/prover.rs b/halo2_backend/src/poly/kzg/multiopen/gwc/prover.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen/gwc/prover.rs rename to halo2_backend/src/poly/kzg/multiopen/gwc/prover.rs diff --git a/halo2_common/src/poly/kzg/multiopen/gwc/verifier.rs b/halo2_backend/src/poly/kzg/multiopen/gwc/verifier.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen/gwc/verifier.rs rename to halo2_backend/src/poly/kzg/multiopen/gwc/verifier.rs diff --git a/halo2_common/src/poly/kzg/multiopen/shplonk.rs b/halo2_backend/src/poly/kzg/multiopen/shplonk.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen/shplonk.rs rename to halo2_backend/src/poly/kzg/multiopen/shplonk.rs diff --git a/halo2_common/src/poly/kzg/multiopen/shplonk/prover.rs b/halo2_backend/src/poly/kzg/multiopen/shplonk/prover.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen/shplonk/prover.rs rename to halo2_backend/src/poly/kzg/multiopen/shplonk/prover.rs diff --git a/halo2_common/src/poly/kzg/multiopen/shplonk/verifier.rs b/halo2_backend/src/poly/kzg/multiopen/shplonk/verifier.rs similarity index 100% rename from halo2_common/src/poly/kzg/multiopen/shplonk/verifier.rs rename to halo2_backend/src/poly/kzg/multiopen/shplonk/verifier.rs diff --git a/halo2_common/src/poly/kzg/strategy.rs b/halo2_backend/src/poly/kzg/strategy.rs similarity index 100% rename from halo2_common/src/poly/kzg/strategy.rs rename to halo2_backend/src/poly/kzg/strategy.rs diff --git a/halo2_common/src/poly/multiopen_test.rs b/halo2_backend/src/poly/multiopen_test.rs similarity index 100% rename from halo2_common/src/poly/multiopen_test.rs rename to halo2_backend/src/poly/multiopen_test.rs diff --git a/halo2_common/src/poly/query.rs b/halo2_backend/src/poly/query.rs similarity index 100% rename from halo2_common/src/poly/query.rs rename to halo2_backend/src/poly/query.rs diff --git a/halo2_common/src/poly/strategy.rs b/halo2_backend/src/poly/strategy.rs similarity index 100% rename from halo2_common/src/poly/strategy.rs rename to halo2_backend/src/poly/strategy.rs diff --git a/halo2_common/src/helpers.rs b/halo2_common/src/helpers.rs index aaae481ccc..45d3f59f2a 100644 --- a/halo2_common/src/helpers.rs +++ b/halo2_common/src/helpers.rs @@ -1,4 +1,3 @@ -use crate::poly::Polynomial; use halo2_middleware::ff::PrimeField; use halo2curves::{serde::SerdeObject, CurveAffine}; use std::io; @@ -119,36 +118,3 @@ pub fn unpack(byte: u8, bits: &mut [bool]) { *bit = (byte >> bit_index) & 1 == 1; } } - -/// Reads a vector of polynomials from buffer -pub fn read_polynomial_vec( - reader: &mut R, - format: SerdeFormat, -) -> io::Result>> { - let mut len = [0u8; 4]; - reader.read_exact(&mut len)?; - let len = u32::from_be_bytes(len); - - (0..len) - .map(|_| Polynomial::::read(reader, format)) - .collect::>>() -} - -/// Writes a slice of polynomials to buffer -pub fn write_polynomial_slice( - slice: &[Polynomial], - writer: &mut W, - format: SerdeFormat, -) -> io::Result<()> { - writer.write_all(&(slice.len() as u32).to_be_bytes())?; - for poly in slice.iter() { - poly.write(writer, format)?; - } - Ok(()) -} - -/// Gets the total number of bytes of a slice of polynomials, assuming all polynomials are the same length -pub fn polynomial_slice_byte_length(slice: &[Polynomial]) -> usize { - let field_len = F::default().to_repr().as_ref().len(); - 4 + slice.len() * (4 + field_len * slice.get(0).map(|poly| poly.len()).unwrap_or(0)) -} diff --git a/halo2_common/src/lib.rs b/halo2_common/src/lib.rs index 38e30e00f7..8bd60e0f49 100644 --- a/halo2_common/src/lib.rs +++ b/halo2_common/src/lib.rs @@ -11,9 +11,6 @@ pub mod circuit; pub use halo2curves; pub mod multicore; pub mod plonk; -// TODO: Try to move this to backend and use a lightweight Polynomial type in the frontend -// https://github.com/privacy-scaling-explorations/halo2/issues/257 -pub mod poly; pub mod transcript; pub mod helpers; diff --git a/halo2_frontend/src/circuit.rs b/halo2_frontend/src/circuit.rs index 2c3db93a6e..18a8f917a7 100644 --- a/halo2_frontend/src/circuit.rs +++ b/halo2_frontend/src/circuit.rs @@ -7,9 +7,8 @@ use halo2_common::plonk::{ Assigned, Assignment, Circuit, ConstraintSystem, Error, FirstPhase, FloorPlanner, SecondPhase, Selector, ThirdPhase, }; -use halo2_common::poly::batch_invert_assigned; use halo2_middleware::circuit::{Advice, Any, CompiledCircuitV2, Fixed, Instance, PreprocessingV2}; -use halo2_middleware::ff::Field; +use halo2_middleware::ff::{BatchInvert, Field}; use std::collections::BTreeSet; use std::collections::HashMap; use std::fmt::Debug; @@ -342,3 +341,48 @@ impl<'a, F: Field, ConcreteCircuit: Circuit> WitnessCalculator<'a, F, Concret .collect()) } } + +// Turn vectors of `Assigned` into vectors of `F` by evaluation the divisions in `Assigned` +// using batched inversions. +fn batch_invert_assigned(assigned: Vec>>) -> Vec> { + let mut assigned_denominators: Vec<_> = assigned + .iter() + .map(|f| { + f.iter() + .map(|value| value.denominator()) + .collect::>() + }) + .collect(); + + assigned_denominators + .iter_mut() + .flat_map(|f| { + f.iter_mut() + // If the denominator is trivial, we can skip it, reducing the + // size of the batch inversion. + .filter_map(|d| d.as_mut()) + }) + .batch_invert(); + + assigned + .iter() + .zip(assigned_denominators) + .map(|(poly, inv_denoms)| { + poly_invert(poly, inv_denoms.into_iter().map(|d| d.unwrap_or(F::ONE))) + }) + .collect() +} + +// Turn a slice of `Assigned` into a vector of F by multiplying each numerator with the elements +// from `inv_denoms`, assuming that `inv_denoms` are the inverted denominators of the +// `Assigned`. +fn poly_invert( + poly: &[Assigned], + inv_denoms: impl Iterator + ExactSizeIterator, +) -> Vec { + assert_eq!(inv_denoms.len(), poly.len()); + poly.iter() + .zip(inv_denoms) + .map(|(a, inv_den)| a.numerator() * inv_den) + .collect() +} diff --git a/halo2_proofs/src/lib.rs b/halo2_proofs/src/lib.rs index 31c9ca41c4..dbe5899cc2 100644 --- a/halo2_proofs/src/lib.rs +++ b/halo2_proofs/src/lib.rs @@ -42,7 +42,7 @@ pub mod dev { /// the committed polynomials at arbitrary points. pub mod poly { pub use halo2_backend::poly::VerificationStrategy; - pub use halo2_common::poly::{commitment, ipa, kzg}; + pub use halo2_backend::poly::{commitment, ipa, kzg}; pub use halo2_middleware::poly::Rotation; } /// This module contains utilities and traits for dealing with Fiat-Shamir diff --git a/halo2_proofs/src/plonk/prover.rs b/halo2_proofs/src/plonk/prover.rs index 6562d998d6..4a22afc18c 100644 --- a/halo2_proofs/src/plonk/prover.rs +++ b/halo2_proofs/src/plonk/prover.rs @@ -1,6 +1,6 @@ +use crate::poly::commitment::{CommitmentScheme, Params, Prover}; use halo2_backend::plonk::{prover::ProverV2, ProvingKey}; use halo2_common::plonk::{circuit::Circuit, Error}; -use halo2_common::poly::commitment::{CommitmentScheme, Params, Prover}; use halo2_common::transcript::{EncodedChallenge, TranscriptWrite}; use halo2_frontend::circuit::{compile_circuit, WitnessCalculator}; use halo2_middleware::ff::{FromUniformBytes, WithSmallOrderMulGroup};