Iquerejeta/pruning (#17)

* Remove book and halo2. Move everything to parent repo.

* Remove Shuffle

* Remove IPA

* Remove SHPLONK

* Remove compressed selectors

* Temporarily remove examples and benches

* Working version of new polynomial commitment scheme interface.

* Plonk working parametrised only by F and PCS.

* Bring examples and benches back

* Update to halo2curves 0.7.0

* Apply tachyon optimizations

privacy-scaling-explorations#342

* Cost model update

* * Implement PartialEq, Eq, Hash for Cell and AssignedCell

* Add table, compressed and normal rows count.

* Add rows and table rows to cost model.

* Ignore unassigned cells if they are multiplied by zero

* Some format values are written as

"Scalar(0x..)"

The hotfix was to change the stripping rules, but this is probably
an incorrect implementation of certain traits for one of the curves.

* Review comments

* Just moving things around!

Used the same style as we have in midnight-circuits.

Modules are defined with a `mod.rs` file inside the folder, instead of with a file at root level with the same name.

I've also created a module for utils and one for the transcript.

* Remove issue template

* Review comments

* Bring back using the SerdeFormat for keys

* Address review comments

* Leftover docs

Cargo.toml

@@ -1,5 +1,100 @@
-[workspace]
-members = [
-    "halo2",
-    "halo2_proofs",
+[package]
+name = "halo2_proofs"
+version = "0.3.0"
+authors = [
+    "Sean Bowe <[email protected]>",
+    "Ying Tong Lai <[email protected]>",
+    "Daira Hopwood <[email protected]>",
+    "Jack Grigg <[email protected]>",
 ]
+edition = "2021"
+rust-version = "1.76.0"
+description = """
+Fast PLONK-based zero-knowledge proving system
+"""
+license = "MIT OR Apache-2.0"
+repository = "https://github.com/input-output-hk/halo2"
+readme = "README.md"
+categories = ["cryptography"]
+keywords = ["halo", "proofs", "zkp", "zkSNARKs"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
+
+[[bench]]
+name = "commit_zk"
+harness = false
+
+[[bench]]
+name = "hashtocurve"
+harness = false
+
+[[bench]]
+name = "plonk"
+harness = false
+
+[[bench]]
+name = "dev_lookup"
+harness = false
+
+[dependencies]
+backtrace = { version = "0.3", optional = true }
+ff = "0.13"
+group = "0.13"
+halo2curves = { version = "0.7.0", default-features = false }
+rand_core = { version = "0.6", default-features = false }
+tracing = "0.1"
+blake2b_simd = "1" # MSRV 1.66.0
+sha3 = "0.9.1"
+rand_chacha = "0.3"
+serde = { version = "1", optional = true, features = ["derive"] }
+serde_derive = { version = "1", optional = true}
+rayon = "1.8"
+
+# Developer tooling dependencies
+plotters = { version = "0.3.0", default-features = false, optional = true }
+tabbycat = { version = "0.1", features = ["attributes"], optional = true }
+
+# Legacy circuit compatibility
+halo2_legacy_pdqsort = { version = "0.1.0", optional = true }
+
+[dev-dependencies]
+assert_matches = "1.5"
+criterion = "0.3"
+gumdrop = "0.8"
+proptest = "1"
+rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
+serde_json = "1"
+
+[target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dev-dependencies]
+getrandom = { version = "0.2", features = ["js"] }
+
+[features]
+default = ["batch", "bits"]
+dev-graph = ["plotters", "tabbycat"]
+test-dev-graph = [
+    "dev-graph",
+    "plotters/bitmap_backend",
+    "plotters/bitmap_encoder",
+    "plotters/ttf",
+]
+bits = ["halo2curves/bits"]
+gadget-traces = ["backtrace"]
+thread-safe-region = []
+sanity-checks = []
+batch = ["rand_core/getrandom"]
+circuit-params = []
+cost-estimator = ["serde", "serde_derive"]
+derive_serde = ["halo2curves/derive_serde"]
+
+[lib]
+bench = false
+
+[[example]]
+name = "circuit-layout"
+required-features = ["test-dev-graph"]
+
+[[example]]
+name = "proof-size"
+required-features = ["cost-estimator"]

README.md

@@ -1,8 +1,6 @@
-# halo2 [![Crates.io](https://img.shields.io/crates/v/halo2.svg)](https://crates.io/crates/halo2) #
+# halo2_proofs [![Crates.io](https://img.shields.io/crates/v/halo2_proofs.svg)](https://crates.io/crates/halo2_proofs) #
 
-## [Documentation](https://privacy-scaling-explorations.github.io/halo2/halo2_proofs)
-
-For experimental features `privacy-scaling-explorations/halo2` fork adds, please refer to [`experimental-features.md`](./book/src/user/experimental-features.md).
+## [Documentation](https://docs.rs/halo2_proofs)
 
 ## Minimum Supported Rust Version
 
@@ -13,7 +11,9 @@ minor version bump.
 
 ## Controlling parallelism
 
-`halo2` currently uses [rayon](https://github.com/rayon-rs/rayon) for parallel computation. The `RAYON_NUM_THREADS` environment variable can be used to set the number of threads.
+`halo2_proofs` currently uses [rayon](https://github.com/rayon-rs/rayon) for parallel
+computation. The `RAYON_NUM_THREADS` environment variable can be used to set the number of
+threads.
 
 When compiling to WASM-targets, notice that since version `1.7`, `rayon` will fallback automatically (with no need to handle features) to require `getrandom` in order to be able to work. For more info related to WASM-compilation.
 

halo2_proofs/benches/commit_zk.rs → benches/commit_zk.rs

@@ -2,7 +2,7 @@ extern crate criterion;
 
 use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
 use group::ff::Field;
-use halo2_proofs::arithmetic::parallelize;
+use halo2_proofs::utils::arithmetic::parallelize;
 use halo2curves::pasta::pallas::Scalar;
 use rand_chacha::rand_core::RngCore;
 use rand_chacha::ChaCha20Rng;

halo2_proofs/benches/hashtocurve.rs → benches/hashtocurve.rs

@@ -2,7 +2,7 @@
 
 use criterion::{criterion_group, criterion_main, Criterion};
 
-use halo2_proofs::arithmetic::CurveExt;
+use halo2_proofs::utils::arithmetic::CurveExt;
 use halo2curves::pasta::{pallas, vesta};
 
 fn criterion_benchmark(c: &mut Criterion) {

halo2_proofs/benches/plonk.rs → benches/plonk.rs

@@ -4,26 +4,16 @@ extern crate criterion;
 use group::ff::Field;
 use halo2_proofs::circuit::{Cell, Layouter, SimpleFloorPlanner, Value};
 use halo2_proofs::plonk::*;
-use halo2_proofs::poly::{commitment::ParamsProver, Rotation};
-use halo2_proofs::transcript::{Blake2bRead, Blake2bWrite, Challenge255};
-use halo2curves::pasta::{EqAffine, Fp};
+use halo2_proofs::poly::Rotation;
+use halo2curves::bn256;
 use rand_core::OsRng;
 
-use halo2_proofs::{
-    poly::{
-        ipa::{
-            commitment::{IPACommitmentScheme, ParamsIPA},
-            multiopen::ProverIPA,
-            strategy::SingleStrategy,
-        },
-        VerificationStrategy,
-    },
-    transcript::{TranscriptReadBuffer, TranscriptWriterBuffer},
-};
-
 use std::marker::PhantomData;
 
 use criterion::{BenchmarkId, Criterion};
+use halo2_proofs::poly::kzg::{params::ParamsKZG, KZGCommitmentScheme};
+use halo2_proofs::transcript::{CircuitTranscript, Transcript};
+use halo2_proofs::utils::rational::Rational;
 
 fn criterion_benchmark(c: &mut Criterion) {
     /// This represents an advice column at a certain row in the ConstraintSystem
@@ -49,14 +39,14 @@ fn criterion_benchmark(c: &mut Criterion) {
             f: F,
         ) -> Result<(Cell, Cell, Cell), Error>
         where
-            F: FnMut() -> Value<(Assigned<FF>, Assigned<FF>, Assigned<FF>)>;
+            F: FnMut() -> Value<(Rational<FF>, Rational<FF>, Rational<FF>)>;
         fn raw_add<F>(
             &self,
             layouter: &mut impl Layouter<FF>,
             f: F,
         ) -> Result<(Cell, Cell, Cell), Error>
         where
-            F: FnMut() -> Value<(Assigned<FF>, Assigned<FF>, Assigned<FF>)>;
+            F: FnMut() -> Value<(Rational<FF>, Rational<FF>, Rational<FF>)>;
         fn copy(&self, layouter: &mut impl Layouter<FF>, a: Cell, b: Cell) -> Result<(), Error>;
     }
 
@@ -87,7 +77,7 @@ fn criterion_benchmark(c: &mut Criterion) {
             mut f: F,
         ) -> Result<(Cell, Cell, Cell), Error>
         where
-            F: FnMut() -> Value<(Assigned<FF>, Assigned<FF>, Assigned<FF>)>,
+            F: FnMut() -> Value<(Rational<FF>, Rational<FF>, Rational<FF>)>,
         {
             layouter.assign_region(
                 || "raw_multiply",
@@ -129,7 +119,7 @@ fn criterion_benchmark(c: &mut Criterion) {
             mut f: F,
         ) -> Result<(Cell, Cell, Cell), Error>
         where
-            F: FnMut() -> Value<(Assigned<FF>, Assigned<FF>, Assigned<FF>)>,
+            F: FnMut() -> Value<(Rational<FF>, Rational<FF>, Rational<FF>)>,
         {
             layouter.assign_region(
                 || "raw_add",
@@ -241,7 +231,7 @@ fn criterion_benchmark(c: &mut Criterion) {
             let cs = StandardPlonk::new(config);
 
             for _ in 0..((1 << (self.k - 1)) - 3) {
-                let a: Value<Assigned<_>> = self.a.into();
+                let a: Value<Rational<_>> = self.a.into();
                 let mut a_squared = Value::unknown();
                 let (a0, _, c0) = cs.raw_multiply(&mut layouter, || {
                     a_squared = a.square();
@@ -261,9 +251,14 @@ fn criterion_benchmark(c: &mut Criterion) {
         }
     }
 
-    fn keygen(k: u32) -> (ParamsIPA<EqAffine>, ProvingKey<EqAffine>) {
-        let params: ParamsIPA<EqAffine> = ParamsIPA::new(k);
-        let empty_circuit: MyCircuit<Fp> = MyCircuit {
+    fn keygen(
+        k: u32,
+    ) -> (
+        ParamsKZG<bn256::Bn256>,
+        ProvingKey<bn256::Fr, KZGCommitmentScheme<bn256::Bn256>>,
+    ) {
+        let params: ParamsKZG<bn256::Bn256> = ParamsKZG::new(k);
+        let empty_circuit: MyCircuit<bn256::Fr> = MyCircuit {
             a: Value::unknown(),
             k,
         };
@@ -272,16 +267,21 @@ fn criterion_benchmark(c: &mut Criterion) {
         (params, pk)
     }
 
-    fn prover(k: u32, params: &ParamsIPA<EqAffine>, pk: &ProvingKey<EqAffine>) -> Vec<u8> {
+    fn prover(
+        k: u32,
+        params: &ParamsKZG<bn256::Bn256>,
+        pk: &ProvingKey<bn256::Fr, KZGCommitmentScheme<bn256::Bn256>>,
+    ) -> Vec<u8> {
         let rng = OsRng;
 
-        let circuit: MyCircuit<Fp> = MyCircuit {
-            a: Value::known(Fp::random(rng)),
+        let circuit: MyCircuit<bn256::Fr> = MyCircuit {
+            a: Value::known(bn256::Fr::random(rng)),
             k,
         };
 
-        let mut transcript = Blake2bWrite::<_, _, Challenge255<EqAffine>>::init(vec![]);
-        create_proof::<IPACommitmentScheme<EqAffine>, ProverIPA<EqAffine>, _, _, _, _>(
+        let mut transcript = CircuitTranscript::init();
+
+        create_proof::<bn256::Fr, KZGCommitmentScheme<bn256::Bn256>, _, _>(
             params,
             pk,
             &[circuit],
@@ -293,10 +293,21 @@ fn criterion_benchmark(c: &mut Criterion) {
         transcript.finalize()
     }
 
-    fn verifier(params: &ParamsIPA<EqAffine>, vk: &VerifyingKey<EqAffine>, proof: &[u8]) {
-        let strategy = SingleStrategy::new(params);
-        let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(proof);
-        assert!(verify_proof(params, vk, strategy, &[&[]], &mut transcript).is_ok());
+    fn verifier(
+        params: &ParamsKZG<bn256::Bn256>,
+        vk: &VerifyingKey<bn256::Fr, KZGCommitmentScheme<bn256::Bn256>>,
+        proof: &[u8],
+    ) {
+        let mut transcript = CircuitTranscript::init_from_bytes(proof);
+        assert!(
+            verify_proof::<bn256::Fr, KZGCommitmentScheme<bn256::Bn256>, _>(
+                params,
+                vk,
+                &[&[]],
+                &mut transcript
+            )
+            .is_ok()
+        );
     }
 
     let k_range = 8..=16;