feat: public cells to allow for implementations of custom Layouter (p…

…rivacy-scaling-explorations#192)

* feat: public cells

* Update mds.rs

* Update mds.rs

* Update single_pass.rs

Co-authored-by: Han <tinghan0110@gmail.com>

* bump toolchain to resolve errors

* fix clippy errors for CI run

* rustfmt post clippy

* plz let it be the last lint

* patch clippy lints in gadgets

* clippy lints for sha256 bench

* patch halo2proof benches

* Update assigned.rs

* Update halo2_gadgets/src/poseidon/primitives/mds.rs

Co-authored-by: Han <tinghan0110@gmail.com>

* Update halo2_gadgets/src/poseidon/primitives/mds.rs

Co-authored-by: Han <tinghan0110@gmail.com>

---------

Co-authored-by: Han <tinghan0110@gmail.com>

halo2_gadgets/benches/poseidon.rs

@@ -135,7 +135,7 @@ impl<const WIDTH: usize, const RATE: usize> Spec<Fp, WIDTH, RATE> for MySpec<WID
     }
 
     fn sbox(val: Fp) -> Fp {
-        val.pow_vartime(&[5])
+        val.pow_vartime([5])
     }
 
     fn secure_mds() -> usize {

halo2_gadgets/benches/sha256.rs

@@ -90,18 +90,18 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
 
     // Initialize the polynomial commitment parameters
     let params_path = Path::new("./benches/sha256_assets/sha256_params");
-    if File::open(&params_path).is_err() {
+    if File::open(params_path).is_err() {
         let params: ParamsIPA<EqAffine> = ParamsIPA::new(k);
         let mut buf = Vec::new();
 
         params.write(&mut buf).expect("Failed to write params");
-        let mut file = File::create(&params_path).expect("Failed to create sha256_params");
+        let mut file = File::create(params_path).expect("Failed to create sha256_params");
 
         file.write_all(&buf[..])
             .expect("Failed to write params to file");
     }
 
-    let params_fs = File::open(&params_path).expect("couldn't load sha256_params");
+    let params_fs = File::open(params_path).expect("couldn't load sha256_params");
     let params: ParamsIPA<EqAffine> =
         ParamsIPA::read::<_>(&mut BufReader::new(params_fs)).expect("Failed to read params");
 
@@ -128,7 +128,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
 
     // Create a proof
     let proof_path = Path::new("./benches/sha256_assets/sha256_proof");
-    if File::open(&proof_path).is_err() {
+    if File::open(proof_path).is_err() {
         let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
         create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _>(
             &params,
@@ -140,11 +140,11 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
         )
         .expect("proof generation should not fail");
         let proof: Vec<u8> = transcript.finalize();
-        let mut file = File::create(&proof_path).expect("Failed to create sha256_proof");
+        let mut file = File::create(proof_path).expect("Failed to create sha256_proof");
         file.write_all(&proof[..]).expect("Failed to write proof");
     }
 
-    let mut proof_fs = File::open(&proof_path).expect("couldn't load sha256_proof");
+    let mut proof_fs = File::open(proof_path).expect("couldn't load sha256_proof");
     let mut proof = Vec::<u8>::new();
     proof_fs
         .read_to_end(&mut proof)

halo2_gadgets/src/ecc/chip/constants.rs

@@ -49,7 +49,7 @@ fn compute_window_table<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C;
                 .map(|k| {
                     // scalar = (k+2)*(8^w)
                     let scalar = C::Scalar::from(k as u64 + 2)
-                        * C::Scalar::from(H as u64).pow(&[w as u64, 0, 0, 0]);
+                        * C::Scalar::from(H as u64).pow([w as u64, 0, 0, 0]);
                     (base * scalar).to_affine()
                 })
                 .collect::<ArrayVec<C, H>>()
@@ -62,14 +62,14 @@ fn compute_window_table<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C;
     // For the last window, we compute [k * (2^3)^w - sum]B, where sum is defined
     // as sum = \sum_{j = 0}^{`num_windows - 2`} 2^{3j+1}
     let sum = (0..(num_windows - 1)).fold(C::Scalar::ZERO, |acc, j| {
-        acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1, 0, 0, 0])
+        acc + C::Scalar::from(2).pow([FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1, 0, 0, 0])
     });
     window_table.push(
         (0..H)
             .map(|k| {
                 // scalar = k * (2^3)^w - sum, where w = `num_windows - 1`
                 let scalar = C::Scalar::from(k as u64)
-                    * C::Scalar::from(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0])
+                    * C::Scalar::from(H as u64).pow([(num_windows - 1) as u64, 0, 0, 0])
                     - sum;
                 (base * scalar).to_affine()
             })
@@ -197,7 +197,7 @@ pub fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
                 // Compute the actual x-coordinate of the multiple [(k+2)*(8^w)]B.
                 let point = base
                     * C::Scalar::from(bits as u64 + 2)
-                    * C::Scalar::from(H as u64).pow(&[idx as u64, 0, 0, 0]);
+                    * C::Scalar::from(H as u64).pow([idx as u64, 0, 0, 0]);
                 let x = *point.to_affine().coordinates().unwrap().x();
 
                 // Check that the interpolated x-coordinate matches the actual one.
@@ -214,10 +214,10 @@ pub fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
         // Compute the actual x-coordinate of the multiple [k * (8^84) - offset]B,
         // where offset = \sum_{j = 0}^{83} 2^{3j+1}
         let offset = (0..(num_windows - 1)).fold(C::Scalar::ZERO, |acc, w| {
-            acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0])
+            acc + C::Scalar::from(2).pow([FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0])
         });
         let scalar = C::Scalar::from(bits as u64)
-            * C::Scalar::from(H as u64).pow(&[(num_windows - 1) as u64, 0, 0, 0])
+            * C::Scalar::from(H as u64).pow([(num_windows - 1) as u64, 0, 0, 0])
             - offset;
         let point = base * scalar;
         let x = *point.to_affine().coordinates().unwrap().x();

halo2_gadgets/src/ecc/chip/mul_fixed.rs

@@ -372,7 +372,7 @@ impl<FixedPoints: super::FixedPoints<pallas::Affine>> Config<FixedPoints> {
         base: &F,
     ) -> Result<NonIdentityEccPoint, Error> {
         // `scalar = [(k_w + 2) ⋅ 8^w]
-        let scalar = k.map(|k| (k + *TWO_SCALAR) * (*H_SCALAR).pow(&[w as u64, 0, 0, 0]));
+        let scalar = k.map(|k| (k + *TWO_SCALAR) * (*H_SCALAR).pow([w as u64, 0, 0, 0]));
 
         self.process_window::<_, NUM_WINDOWS>(region, offset, w, k_usize, scalar, base)
     }
@@ -389,12 +389,12 @@ impl<FixedPoints: super::FixedPoints<pallas::Affine>> Config<FixedPoints> {
 
         // offset_acc = \sum_{j = 0}^{NUM_WINDOWS - 2} 2^{FIXED_BASE_WINDOW_SIZE*j + 1}
         let offset_acc = (0..(NUM_WINDOWS - 1)).fold(pallas::Scalar::zero(), |acc, w| {
-            acc + (*TWO_SCALAR).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0])
+            acc + (*TWO_SCALAR).pow([FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0])
         });
 
         // `scalar = [k * 8^(NUM_WINDOWS - 1) - offset_acc]`.
         let scalar = scalar.windows_field()[scalar.windows_field().len() - 1]
-            .map(|k| k * (*H_SCALAR).pow(&[(NUM_WINDOWS - 1) as u64, 0, 0, 0]) - offset_acc);
+            .map(|k| k * (*H_SCALAR).pow([(NUM_WINDOWS - 1) as u64, 0, 0, 0]) - offset_acc);
 
         self.process_window::<_, NUM_WINDOWS>(
             region,
@@ -490,7 +490,7 @@ impl ScalarFixed {
                         .by_vals()
                         .take(FIXED_BASE_WINDOW_SIZE)
                         .rev()
-                        .fold(0, |acc, b| 2 * acc + if b { 1 } else { 0 })
+                        .fold(0, |acc, b| 2 * acc + usize::from(b))
                 })
             })
             .collect::<Vec<_>>()

halo2_gadgets/src/poseidon/pow5.rs

@@ -444,7 +444,7 @@ impl<F: Field, const WIDTH: usize> Pow5State<F, WIDTH> {
                     .value()
                     .map(|v| *v + config.round_constants[round][idx])
             });
-            let r: Value<Vec<F>> = q.map(|q| q.map(|q| q.pow(&config.alpha))).collect();
+            let r: Value<Vec<F>> = q.map(|q| q.map(|q| q.pow(config.alpha))).collect();
             let m = &config.m_reg;
             let state = m.iter().map(|m_i| {
                 r.as_ref().map(|r| {
@@ -470,7 +470,7 @@ impl<F: Field, const WIDTH: usize> Pow5State<F, WIDTH> {
             let p: Value<Vec<_>> = self.0.iter().map(|word| word.0.value().cloned()).collect();
 
             let r: Value<Vec<_>> = p.map(|p| {
-                let r_0 = (p[0] + config.round_constants[round][0]).pow(&config.alpha);
+                let r_0 = (p[0] + config.round_constants[round][0]).pow(config.alpha);
                 let r_i = p[1..]
                     .iter()
                     .enumerate()
@@ -510,7 +510,7 @@ impl<F: Field, const WIDTH: usize> Pow5State<F, WIDTH> {
             }
 
             let r_mid: Value<Vec<_>> = p_mid.map(|p| {
-                let r_0 = (p[0] + config.round_constants[round + 1][0]).pow(&config.alpha);
+                let r_0 = (p[0] + config.round_constants[round + 1][0]).pow(config.alpha);
                 let r_i = p[1..]
                     .iter()
                     .enumerate()

halo2_gadgets/src/poseidon/primitives/p128pow5t3.rs

@@ -22,7 +22,7 @@ impl Spec<Fp, 3, 2> for P128Pow5T3 {
     }
 
     fn sbox(val: Fp) -> Fp {
-        val.pow_vartime(&[5])
+        val.pow_vartime([5])
     }
 
     fn secure_mds() -> usize {
@@ -48,7 +48,7 @@ impl Spec<Fq, 3, 2> for P128Pow5T3 {
     }
 
     fn sbox(val: Fq) -> Fq {
-        val.pow_vartime(&[5])
+        val.pow_vartime([5])
     }
 
     fn secure_mds() -> usize {

halo2_proofs/benches/commit_zk.rs

@@ -0,0 +1,64 @@
+extern crate criterion;
+
+use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
+use group::ff::Field;
+use halo2_proofs::*;
+use halo2curves::pasta::pallas::Scalar;
+use rand_chacha::rand_core::RngCore;
+use rand_chacha::ChaCha20Rng;
+use rand_core::SeedableRng;
+use rayon::{current_num_threads, prelude::*};
+
+fn rand_poly_serial(mut rng: ChaCha20Rng, domain: usize) -> Vec<Scalar> {
+    // Sample a random polynomial of degree n - 1
+    let mut random_poly = vec![Scalar::zero(); 1 << domain];
+    for coeff in random_poly.iter_mut() {
+        *coeff = Scalar::random(&mut rng);
+    }
+
+    random_poly
+}
+
+fn rand_poly_par(mut rng: ChaCha20Rng, domain: usize) -> Vec<Scalar> {
+    // Sample a random polynomial of degree n - 1
+    let n_threads = current_num_threads();
+    let n = 1usize << domain;
+    let n_chunks = n_threads + usize::from(n % n_threads != 0);
+    let mut rand_vec = vec![Scalar::zero(); n];
+
+    let mut thread_seeds: Vec<ChaCha20Rng> = (0..n_chunks)
+        .map(|_| {
+            let mut seed = [0u8; 32];
+            rng.fill_bytes(&mut seed);
+            ChaCha20Rng::from_seed(seed)
+        })
+        .collect();
+
+    thread_seeds
+        .par_iter_mut()
+        .zip_eq(rand_vec.par_chunks_mut(n / n_threads))
+        .for_each(|(mut rng, chunk)| chunk.iter_mut().for_each(|v| *v = Scalar::random(&mut rng)));
+
+    rand_vec
+}
+
+fn bench_commit(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Blinder_poly");
+    let rand = ChaCha20Rng::from_seed([1u8; 32]);
+    for i in [
+        18usize, 19usize, 20usize, 21usize, 22usize, 23usize, 24usize, 25usize,
+    ]
+    .iter()
+    {
+        group.bench_with_input(BenchmarkId::new("serial", i), i, |b, i| {
+            b.iter(|| rand_poly_serial(rand.clone(), *i))
+        });
+        group.bench_with_input(BenchmarkId::new("parallel", i), i, |b, i| {
+            b.iter(|| rand_poly_par(rand.clone(), *i))
+        });
+    }
+    group.finish();
+}
+
+criterion_group!(benches, bench_commit);
+criterion_main!(benches);

halo2_proofs/src/circuit.rs

@@ -14,6 +14,7 @@ pub use value::Value;
 
 pub mod floor_planner;
 pub use floor_planner::single_pass::SimpleFloorPlanner;
+pub use floor_planner::single_pass::SimpleTableLayouter;
 
 pub mod layouter;
 

halo2_proofs/src/circuit/floor_planner/single_pass.rs

@@ -600,11 +600,12 @@ impl<'r, 'a, F: Field, CS: Assignment<F> + 'a + SyncDeps> RegionLayouter<F>
 ///   witnesses or not.
 type DefaultTableValue<F> = Option<Value<Assigned<F>>>;
 
-pub(crate) struct SimpleTableLayouter<'r, 'a, F: Field, CS: Assignment<F> + 'a> {
+/// A table layouter that can be used to assign values to a table.
+pub struct SimpleTableLayouter<'r, 'a, F: Field, CS: Assignment<F> + 'a> {
     cs: &'a mut CS,
     used_columns: &'r [TableColumn],
-    // maps from a fixed column to a pair (default value, vector saying which rows are assigned)
-    pub(crate) default_and_assigned: HashMap<TableColumn, (DefaultTableValue<F>, Vec<bool>)>,
+    /// maps from a fixed column to a pair (default value, vector saying which rows are assigned)
+    pub default_and_assigned: HashMap<TableColumn, (DefaultTableValue<F>, Vec<bool>)>,
 }
 
 impl<'r, 'a, F: Field, CS: Assignment<F> + 'a> fmt::Debug for SimpleTableLayouter<'r, 'a, F, CS> {
@@ -617,7 +618,8 @@ impl<'r, 'a, F: Field, CS: Assignment<F> + 'a> fmt::Debug for SimpleTableLayoute
 }
 
 impl<'r, 'a, F: Field, CS: Assignment<F> + 'a> SimpleTableLayouter<'r, 'a, F, CS> {
-    pub(crate) fn new(cs: &'a mut CS, used_columns: &'r [TableColumn]) -> Self {
+    /// Returns a new SimpleTableLayouter
+    pub fn new(cs: &'a mut CS, used_columns: &'r [TableColumn]) -> Self {
         SimpleTableLayouter {
             cs,
             used_columns,

halo2_proofs/src/circuit/floor_planner/v1.rs

@@ -90,8 +90,8 @@ impl FloorPlanner for V1 {
 
         // - Determine how many rows our planned circuit will require.
         let first_unassigned_row = column_allocations
-            .iter()
-            .map(|(_, a)| a.unbounded_interval_start())
+            .values()
+            .map(|a| a.unbounded_interval_start())
             .max()
             .unwrap_or(0);
 

halo2_proofs/src/dev.rs

@@ -1219,11 +1219,7 @@ impl<'a, F: FromUniformBytes<64> + Ord> MockProver<'a, F> {
                 .flat_map(|(gate_index, gate)| {
                     let blinding_rows =
                         (self.n as usize - (self.cs.blinding_factors() + 1))..(self.n as usize);
-                    (gate_row_ids
-                        .clone()
-                        .into_iter()
-                        .chain(blinding_rows.into_iter()))
-                    .flat_map(move |row| {
+                    (gate_row_ids.clone().chain(blinding_rows.into_iter())).flat_map(move |row| {
                         let row = row as i32 + n;
                         gate.polynomials().iter().enumerate().filter_map(
                             move |(poly_index, poly)| match poly.evaluate_lazy(
@@ -1387,7 +1383,6 @@ impl<'a, F: FromUniformBytes<64> + Ord> MockProver<'a, F> {
 
                     let mut inputs: Vec<(Vec<_>, usize)> = lookup_input_row_ids
                         .clone()
-                        .into_iter()
                         .filter_map(|input_row| {
                             let t = lookup
                                 .input_expressions
@@ -1458,7 +1453,6 @@ impl<'a, F: FromUniformBytes<64> + Ord> MockProver<'a, F> {
                     let mut input_rows: Vec<(Vec<Value<F>>, usize)> = self
                         .usable_rows
                         .clone()
-                        .into_iter()
                         .map(|input_row| {
                             let t = shuffle
                                 .input_expressions
@@ -1896,7 +1890,6 @@ impl<'a, F: FromUniformBytes<64> + Ord> MockProver<'a, F> {
                     let mut input_rows: Vec<(Vec<Value<F>>, usize)> = self
                         .usable_rows
                         .clone()
-                        .into_iter()
                         .map(|input_row| {
                             let t = shuffle
                                 .input_expressions

halo2_proofs/src/plonk/assigned.rs

@@ -613,7 +613,7 @@ mod proptests {
                 // Ensure that:
                 // - we have at least one value to apply unary operators to.
                 // - we can apply every binary operator pairwise sequentially.
-                cmp::max(if num_unary > 0 { 1 } else { 0 }, num_binary + 1)),
+                cmp::max(usize::from(num_unary > 0), num_binary + 1)),
             operations in arb_operators(num_unary, num_binary).prop_shuffle(),
         ) -> (Vec<Assigned<Fp>>, Vec<Operator>) {
             (values, operations)

halo2_proofs/src/plonk/circuit.rs

@@ -591,7 +591,8 @@ pub struct TableColumn {
 }
 
 impl TableColumn {
-    pub(crate) fn inner(&self) -> Column<Fixed> {
+    /// Returns inner column
+    pub fn inner(&self) -> Column<Fixed> {
         self.inner
     }
 }

halo2_proofs/src/plonk/evaluation.rs

@@ -451,8 +451,8 @@ impl<C: CurveAffine> Evaluator<C> {
 
                         // Permutation constraints
                         parallelize(&mut values, |values, start| {
-                            let mut beta_term = current_extended_omega
-                                * omega.pow_vartime(&[start as u64, 0, 0, 0]);
+                            let mut beta_term =
+                                current_extended_omega * omega.pow_vartime([start as u64, 0, 0, 0]);
                             for (i, value) in values.iter_mut().enumerate() {
                                 let idx = start + i;
                                 let r_next = get_rotation_idx(idx, 1, rot_scale, isize);

halo2_proofs/src/plonk/lookup/prover.rs

@@ -443,7 +443,7 @@ fn permute_expression_pair<'params, C: CurveAffine, P: Params<'params, C>, R: Rn
     // Populate permuted table at unfilled rows with leftover table elements
     for (coeff, count) in leftover_table_map.iter() {
         for _ in 0..*count {
-            permuted_table_coeffs[repeated_input_rows.pop().unwrap() as usize] = *coeff;
+            permuted_table_coeffs[repeated_input_rows.pop().unwrap()] = *coeff;
         }
     }
     assert!(repeated_input_rows.is_empty());