Skip to content

Fix: bit decomposition edge cases #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jonathanpwang merged 4 commits into from
Apr 15, 2023
Merged

Fix: bit decomposition edge cases #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2ef4894
feat: update halo2-ecc to v0.3.0
jonathanpwang Feb 10, 2023
e1540cf
feat: remove `size_hint` in `inner_product_simple`
jonathanpwang Feb 10, 2023
f3e814a
fix: change `debug_assert` in `decompose_u64_digits_limbs` to restrict
jonathanpwang Feb 10, 2023
247dfcc
Merge branch 'release-0.3.0' into fix/decompose-limbs
jonathanpwang Apr 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion halo2-base/src/gates/flex_gate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -896,7 +896,7 @@ impl<F: ScalarField> GateInstructions<F> for GateChip<F> {
let bits = a_bytes
.as_ref()
.iter()
.flat_map(|byte| (0..8).map(|i| (*byte as u64 >> i) & 1))
.flat_map(|byte| (0..8u32).map(|i| (*byte as u64 >> i) & 1))
.map(|x| Witness(F::from(x)))
.take(range_bits);

Expand Down
2 changes: 1 addition & 1 deletion halo2-base/src/gates/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ fn test_multithread_gates() {
let mut builder = GateThreadBuilder::mock();
gate_tests(builder.main(0), inputs);

let thread_ids = (0..4).map(|_| builder.get_new_thread_id()).collect::<Vec<_>>();
let thread_ids = (0..4usize).map(|_| builder.get_new_thread_id()).collect::<Vec<_>>();
let new_threads = thread_ids
.into_par_iter()
.map(|id| {
Expand Down
1 change: 1 addition & 0 deletions halo2-base/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#![feature(trait_alias)]
#![deny(clippy::perf)]
#![allow(clippy::too_many_arguments)]
#![warn(clippy::default_numeric_fallback)]

// different memory allocator options:
// mimalloc is fastest on Mac M2
Expand Down
90 changes: 78 additions & 12 deletions halo2-base/src/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ pub(crate) fn decompose_u64_digits_to_limbs(
number_of_limbs: usize,
bit_len: usize,
) -> Vec<u64> {
debug_assert!(bit_len <= 64);
debug_assert!(bit_len < 64);

let mut e = e.into_iter();
let mask: u64 = (1u64 << bit_len) - 1u64;
Expand Down Expand Up @@ -196,22 +196,22 @@ pub fn decompose_biguint<F: BigPrimeField>(
num_limbs: usize,
bit_len: usize,
) -> Vec<F> {
debug_assert!(bit_len > 64 && bit_len <= 128);
debug_assert!((64..128).contains(&bit_len));
let mut e = e.iter_u64_digits();

let mut limb0 = e.next().unwrap_or(0) as u128;
let mut rem = bit_len - 64;
let mut u64_digit = e.next().unwrap_or(0);
limb0 |= ((u64_digit & ((1 << rem) - 1)) as u128) << 64;
limb0 |= ((u64_digit & ((1 << rem) - 1u64)) as u128) << 64u32;
u64_digit >>= rem;
rem = 64 - rem;

core::iter::once(F::from_u128(limb0))
.chain((1..num_limbs).map(|_| {
let mut limb: u128 = u64_digit.into();
let mut limb = u64_digit as u128;
let mut bits = rem;
u64_digit = e.next().unwrap_or(0);
if bit_len - bits >= 64 {
if bit_len >= 64 + bits {
limb |= (u64_digit as u128) << bits;
u64_digit = e.next().unwrap_or(0);
bits += 64;
Expand Down Expand Up @@ -258,13 +258,6 @@ pub fn compose(input: Vec<BigUint>, bit_len: usize) -> BigUint {
input.iter().rev().fold(BigUint::zero(), |acc, val| (acc << bit_len) + val)
}

#[cfg(test)]
#[test]
fn test_signed_roundtrip() {
use crate::halo2_proofs::halo2curves::bn256::Fr;
assert_eq!(fe_to_bigint(&bigint_to_fe::<Fr>(&-BigInt::one())), -BigInt::one());
}

#[cfg(feature = "halo2-axiom")]
pub use halo2_proofs_axiom::halo2curves::CurveAffineExt;

Expand Down Expand Up @@ -337,3 +330,76 @@ pub mod fs {
})
}
}

#[cfg(test)]
mod tests {
use crate::halo2_proofs::halo2curves::bn256::Fr;
use num_bigint::RandomBits;
use rand::{rngs::OsRng, Rng};
use std::ops::Shl;

use super::*;

#[test]
fn test_signed_roundtrip() {
use crate::halo2_proofs::halo2curves::bn256::Fr;
assert_eq!(fe_to_bigint(&bigint_to_fe::<Fr>(&-BigInt::one())), -BigInt::one());
}

#[test]
fn test_decompose_biguint() {
let mut rng = OsRng;
const MAX_LIMBS: u64 = 5;
for bit_len in 64..128usize {
for num_limbs in 1..=MAX_LIMBS {
for _ in 0..10_000usize {
let mut e: BigUint = rng.sample(RandomBits::new(num_limbs * bit_len as u64));
let limbs = decompose_biguint::<Fr>(&e, num_limbs as usize, bit_len);

let limbs2 = {
let mut limbs = vec![];
let mask = BigUint::one().shl(bit_len) - 1usize;
for _ in 0..num_limbs {
let limb = &e & &mask;
let mut bytes_le = limb.to_bytes_le();
bytes_le.resize(32, 0u8);
limbs.push(Fr::from_bytes(&bytes_le.try_into().unwrap()).unwrap());
e >>= bit_len;
}
limbs
};
assert_eq!(limbs, limbs2);
}
}
}
}

#[test]
fn test_decompose_u64_digits_to_limbs() {
let mut rng = OsRng;
const MAX_LIMBS: u64 = 5;
for bit_len in 0..64usize {
for num_limbs in 1..=MAX_LIMBS {
for _ in 0..10_000usize {
let mut e: BigUint = rng.sample(RandomBits::new(num_limbs * bit_len as u64));
let limbs = decompose_u64_digits_to_limbs(
e.to_u64_digits(),
num_limbs as usize,
bit_len,
);
let limbs2 = {
let mut limbs = vec![];
let mask = BigUint::one().shl(bit_len) - 1usize;
for _ in 0..num_limbs {
let limb = &e & &mask;
limbs.push(u64::try_from(limb).unwrap());
e >>= bit_len;
}
limbs
};
assert_eq!(limbs, limbs2);
}
}
}
}
}