-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose mod permutation
and re-export permutation::keygen::Assembly
#147
Expose mod permutation
and re-export permutation::keygen::Assembly
#147
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for picking this up quickly @han0110 !
Just fix clippy and we're good to go!
Perhaps I would need to Clone Assembly in order to compare all the results from different tests. |
Added in 3d3856b. |
Close in favor of #149 |
…-hk/dev-feature/98-gen-fbsm Generalize fbsm part of Ecc Chip # Project Context Part of the SOW task of generalizing the Ecc Chip to Pluto. This builds on top of privacy-scaling-explorations#144. The corresponding Galois internal issue is [Galois#98](https://gitlab-ext.galois.com/iog-midnight/halo2/-/issues/98). # Issue Description This issue is concerned with generalizing the fixed-base scalar-mul (fbsm) part of the Ecc Chip to arbitrary curves. Besides generalizing all of the types, and adding tests for all supported curves, the major technical task is to generalize the canonicity check on the windowed scalar decomposition: this canonicity check ensures that the decomposition of the scalar into 3-bit windows is correct. This is a "range check" type task, similar to existing range checks in variable-base scalar mul. See the Halo 2 Book [chapter on fbsm](http://localhost:3000/design/gadgets/ecc/fixed-base-scalar-mul.html) for details. # Notes to Reviewers * The canonicity check is generalized in ["Generalize canonicity check using 3-high-low decomp"](input-output-hk/galois_recursion@f8d2927) (with corresponding book updates in ["[book] fbsm: generalize, and document simplified canonicity check"](560a7d3b9af6df3031584acce4d80c119388df60)). This is the second example application of the [$K$-high-low decomp](privacy-scaling-explorations#114), and again we see a bunch of complex, bespoke range checking being replaced by a conceptually simple use of the decomp gadget :) * The fbsm works by precomputing a table of multiples of a fixed base, and then using the values to improve the efficiency (constraint complexity / proof burden) of multiplying the fixed base by scalars. This precomputation is very expensive, already taking 1+ hours for Pallas. For Pluto/Eris the precomputation time jumps to 17+ hours, which makes running the tests impractical. However, in a later PR (privacy-scaling-explorations#147), we cache the precomputation for the test bases to disk, which reduces the test time to a few minutes. * This PR includes a simple custom gate, that replaces the more complex custom gate for the old canonicity check. The new custom gate should be replaced by calls to the [gen arith gate](input-output-hk/galois_recursion#58) once that's available.
…-hk/dev-feature/99-cache-fbsm-test-bases Speed up testing of fixed-base scalar mul # Project Context This builds on top of privacy-scaling-explorations#146. The corresponding Galois internal issue is [Galois#99](https://gitlab-ext.galois.com/iog-midnight/halo2/-/issues/99). # Issue Description For Pallas the fbsm tests already took 1+ hours, and blew up to 17+ hours for Pluto/Eris, when support for those curves was added in privacy-scaling-explorations#145. The goal of this issue is to greatly reduce the test times by caching to disk the expensive data that takes 17+ hours to compute. The end result is that the test times are back down to a few minutes :)
Expose module
plonk::permutation
and re-exportplonk::permutation::keygen::Assembly
. Also update the field ofAssembly
to be private to avoid misuse, and instead add getter for thecolumns
andmapping
.Resolves #146