axiom-crypto · jonathanpwang · Apr 15, 2023 · Feb 5, 2023 · Feb 5, 2023 · Feb 8, 2023
diff --git a/README.md b/README.md
diff --git a/halo2-base/Cargo.toml b/halo2-base/Cargo.toml
@@ -15,7 +15,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 
 # Use Axiom's custom halo2 monorepo for faster proving when feature = "halo2-axiom" is on
-halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", tag = "v2023_01_17", package = "halo2_proofs", optional = true }
+halo2_proofs_axiom = { git = "https://github.com/axiom-crypto/halo2.git", branch = "axiom/dev", package = "halo2_proofs", optional = true }
 # Use PSE halo2 and halo2curves for compatibility when feature = "halo2-pse" is on
 halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_01_20", optional = true }
 

diff --git a/halo2-base/src/gates/builder.rs b/halo2-base/src/gates/builder.rs
@@ -168,7 +168,7 @@ impl<F: ScalarField> GateThreadBuilder<F> {
                     let column = basic_gate.value;
                     let value = if use_unknown { Value::unknown() } else { Value::known(advice) };
                     #[cfg(feature = "halo2-axiom")]
-                    let cell = region.assign_advice(column, row_offset, value);
+                    let cell = *region.assign_advice(column, row_offset, value).cell();
                     #[cfg(not(feature = "halo2-axiom"))]
                     let cell =
                         region.assign_advice(|| "", column, row_offset, || value).unwrap().cell();
@@ -188,7 +188,7 @@ impl<F: ScalarField> GateThreadBuilder<F> {
                         #[cfg(feature = "halo2-axiom")]
                         {
                             let ncell = region.assign_advice(column, row_offset, value);
-                            region.constrain_equal(&ncell, &cell);
+                            region.constrain_equal(ncell.cell(), &cell);
                         }
                         #[cfg(not(feature = "halo2-axiom"))]
                         {
@@ -270,7 +270,7 @@ impl<F: ScalarField> GateThreadBuilder<F> {
                     #[cfg(feature = "halo2-axiom")]
                     {
                         let bcell = region.assign_advice(column, lookup_offset, value);
-                        region.constrain_equal(&acell, &bcell);
+                        region.constrain_equal(&acell, bcell.cell());
                     }
                     #[cfg(not(feature = "halo2-axiom"))]
                     {
@@ -315,21 +315,24 @@ pub fn assign_threads_in<F: ScalarField>(
     let mut lookup_advice = lookup_advice.iter();
     let mut lookup_column = lookup_advice.next();
     for ctx in threads {
-        for advice in ctx.cells_to_lookup {
-            if lookup_offset >= config.max_rows {
-                lookup_offset = 0;
-                lookup_column = lookup_advice.next();
-            }
-            let value = advice.value;
-            let lookup_column = *lookup_column.unwrap();
-            #[cfg(feature = "halo2-axiom")]
-            region.assign_advice(lookup_column, lookup_offset, Value::known(value));
-            #[cfg(not(feature = "halo2-axiom"))]
-            region
-                .assign_advice(|| "", lookup_column, lookup_offset, || Value::known(value))
-                .unwrap();
+        // if lookup_column is empty, that means there should be a single advice column and it has lookup enabled, so we don't need to copy to special lookup advice columns
+        if lookup_column.is_some() {
+            for advice in ctx.cells_to_lookup {
+                if lookup_offset >= config.max_rows {
+                    lookup_offset = 0;
+                    lookup_column = lookup_advice.next();
+                }
+                let value = advice.value;
+                let lookup_column = *lookup_column.unwrap();
+                #[cfg(feature = "halo2-axiom")]
+                region.assign_advice(lookup_column, lookup_offset, Value::known(value));
+                #[cfg(not(feature = "halo2-axiom"))]
+                region
+                    .assign_advice(|| "", lookup_column, lookup_offset, || Value::known(value))
+                    .unwrap();
 
-            lookup_offset += 1;
+                lookup_offset += 1;
+            }
         }
         for advice in ctx.advice {
             #[cfg(feature = "halo2-axiom")]

diff --git a/halo2-ecc/configs/bn254/bench_pairing.config b/halo2-ecc/configs/bn254/bench_pairing.config
@@ -1,9 +1,9 @@
-{"strategy":"Simple","degree":14,"num_advice":221,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
-{"strategy":"Simple","degree":15,"num_advice":106,"num_lookup_advice":14,"num_fixed":1,"lookup_bits":14,"limb_bits":90,"num_limbs":3}
-{"strategy":"Simple","degree":16,"num_advice":51,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
+{"strategy":"Simple","degree":14,"num_advice":211,"num_lookup_advice":27,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
+{"strategy":"Simple","degree":15,"num_advice":105,"num_lookup_advice":14,"num_fixed":1,"lookup_bits":14,"limb_bits":90,"num_limbs":3}
+{"strategy":"Simple","degree":16,"num_advice":50,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
 {"strategy":"Simple","degree":17,"num_advice":25,"num_lookup_advice":3,"num_fixed":1,"lookup_bits":16,"limb_bits":88,"num_limbs":3}
 {"strategy":"Simple","degree":18,"num_advice":13,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":17,"limb_bits":88,"num_limbs":3}
 {"strategy":"Simple","degree":19,"num_advice":6,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":18,"limb_bits":90,"num_limbs":3}
-{"strategy":"Simple","degree":20,"num_advice":4,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":19,"limb_bits":88,"num_limbs":3}
+{"strategy":"Simple","degree":20,"num_advice":3,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":19,"limb_bits":88,"num_limbs":3}
 {"strategy":"Simple","degree":21,"num_advice":2,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":20,"limb_bits":88,"num_limbs":3}
 {"strategy":"Simple","degree":22,"num_advice":1,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":21,"limb_bits":88,"num_limbs":3}
diff --git a/halo2-ecc/configs/secp256k1/bench_ecdsa.config b/halo2-ecc/configs/secp256k1/bench_ecdsa.config
@@ -1,9 +1,9 @@
 {"strategy":"Simple","degree":19,"num_advice":1,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":18,"limb_bits":88,"num_limbs":3}
 {"strategy":"Simple","degree":18,"num_advice":2,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":17,"limb_bits":88,"num_limbs":3}
 {"strategy":"Simple","degree":17,"num_advice":4,"num_lookup_advice":1,"num_fixed":1,"lookup_bits":16,"limb_bits":88,"num_limbs":3}
-{"strategy":"Simple","degree":16,"num_advice":9,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
+{"strategy":"Simple","degree":16,"num_advice":8,"num_lookup_advice":2,"num_fixed":1,"lookup_bits":15,"limb_bits":90,"num_limbs":3}
 {"strategy":"Simple","degree":15,"num_advice":17,"num_lookup_advice":3,"num_fixed":1,"lookup_bits":14,"limb_bits":90,"num_limbs":3}
-{"strategy":"Simple","degree":14,"num_advice":36,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
-{"strategy":"Simple","degree":13,"num_advice":71,"num_lookup_advice":12,"num_fixed":1,"lookup_bits":12,"limb_bits":88,"num_limbs":3}
-{"strategy":"Simple","degree":12,"num_advice":142,"num_lookup_advice":24,"num_fixed":2,"lookup_bits":11,"limb_bits":88,"num_limbs":3}
-{"strategy":"Simple","degree":11,"num_advice":305,"num_lookup_advice":53,"num_fixed":4,"lookup_bits":10,"limb_bits":88,"num_limbs":3}
+{"strategy":"Simple","degree":14,"num_advice":34,"num_lookup_advice":6,"num_fixed":1,"lookup_bits":13,"limb_bits":91,"num_limbs":3}
+{"strategy":"Simple","degree":13,"num_advice":68,"num_lookup_advice":12,"num_fixed":1,"lookup_bits":12,"limb_bits":88,"num_limbs":3}
+{"strategy":"Simple","degree":12,"num_advice":139,"num_lookup_advice":24,"num_fixed":2,"lookup_bits":11,"limb_bits":88,"num_limbs":3}
+{"strategy":"Simple","degree":11,"num_advice":291,"num_lookup_advice":53,"num_fixed":4,"lookup_bits":10,"limb_bits":88,"num_limbs":3}
diff --git a/halo2-ecc/src/bigint/big_is_zero.rs b/halo2-ecc/src/bigint/big_is_zero.rs
@@ -1,7 +1,5 @@
 use super::{CRTInteger, OverflowInteger};
 use halo2_base::{gates::GateInstructions, utils::ScalarField, AssignedValue, Context};
-use num_bigint::BigInt;
-use num_traits::Zero;
 
 /// assume you know that the limbs of `a` are all in [0, 2^{a.max_limb_bits})
 pub fn positive<F: ScalarField>(
@@ -40,7 +38,6 @@ pub fn crt<F: ScalarField>(
     ctx: &mut Context<F>,
     a: &CRTInteger<F>,
 ) -> AssignedValue<F> {
-    debug_assert_eq!(a.value, BigInt::zero());
     let out_trunc = assign::<F>(gate, ctx, &a.truncation);
     let out_native = gate.is_zero(ctx, a.native);
     gate.and(ctx, out_trunc, out_native)

diff --git a/halo2-ecc/src/bigint/mod.rs b/halo2-ecc/src/bigint/mod.rs
@@ -25,19 +25,17 @@ pub mod sub;
 pub mod sub_no_carry;
 
 #[derive(Clone, Debug, PartialEq)]
+#[derive(Default)]
 pub enum BigIntStrategy {
     // use existing gates
+    #[default]
     Simple,
     // vertical custom gates of length 4 for dot product between an unknown vector and a constant vector, both of length 3
     // we restrict to gate of length 4 since this uses the same set of evaluation points Rotation(0..=3) as our simple gate
     // CustomVerticalShort,
 }
 
-impl Default for BigIntStrategy {
-    fn default() -> Self {
-        BigIntStrategy::Simple
-    }
-}
+
 
 #[derive(Clone, Debug)]
 pub struct OverflowInteger<F: ScalarField> {

diff --git a/halo2-ecc/src/bn254/tests/pairing.rs b/halo2-ecc/src/bn254/tests/pairing.rs
@@ -111,7 +111,7 @@ fn bench_pairing() -> Result<(), Box<dyn std::error::Error>> {
 
     let results_path = "results/bn254/pairing_bench.csv";
     let mut fs_results = File::create(results_path).unwrap();
-    writeln!(fs_results, "degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,vk_size,proof_time,proof_size,verify_time")?;
+    writeln!(fs_results, "degree,num_advice,num_lookup,num_fixed,lookup_bits,limb_bits,num_limbs,proof_time,proof_size,verify_time")?;
 
     let bench_params_reader = BufReader::new(bench_params_file);
     for line in bench_params_reader.lines() {

diff --git a/halo2-ecc/src/ecc/fixed_base.rs b/halo2-ecc/src/ecc/fixed_base.rs
@@ -123,8 +123,8 @@ where
         .flat_map(|scalar_chunk| chip.gate().num_to_bits(ctx, scalar_chunk, max_bits))
         .collect::<Vec<_>>();
 
-    let cached_point_window_rev = cached_points.chunks(1usize << window_bits).into_iter().rev();
-    let bit_window_rev = bits.chunks(window_bits).into_iter().rev();
+    let cached_point_window_rev = cached_points.chunks(1usize << window_bits).rev();
+    let bit_window_rev = bits.chunks(window_bits).rev();
     let mut curr_point = None;
     // `is_started` is just a way to deal with if `curr_point` is actually identity
     let mut is_started = ctx.load_zero();
@@ -228,12 +228,11 @@ where
 
     let sm = cached_points
         .chunks(cached_points.len() / points.len())
-        .into_iter()
-        .zip(bits.chunks(total_bits).into_iter())
+        .zip(bits.chunks(total_bits))
         .map(|(cached_points, bits)| {
             let cached_point_window_rev =
-                cached_points.chunks(1usize << window_bits).into_iter().rev();
-            let bit_window_rev = bits.chunks(window_bits).into_iter().rev();
+                cached_points.chunks(1usize << window_bits).rev();
+            let bit_window_rev = bits.chunks(window_bits).rev();
             let mut curr_point = None;
             // `is_started` is just a way to deal with if `curr_point` is actually identity
             let mut is_started = ctx.load_zero();

diff --git a/halo2-ecc/src/ecc/mod.rs b/halo2-ecc/src/ecc/mod.rs
@@ -526,8 +526,7 @@ where
         }
         for (cached_points, rounded_bits) in cached_points
             .chunks(cache_size)
-            .into_iter()
-            .zip(rounded_bits.chunks(rounded_bitlen).into_iter())
+            .zip(rounded_bits.chunks(rounded_bitlen))
         {
             let add_point = ec_select_from_bits::<F, FC>(
                 chip,

diff --git a/halo2-ecc/src/ecc/pippenger.rs b/halo2-ecc/src/ecc/pippenger.rs
@@ -91,7 +91,7 @@ where
 
     let mut bucket = Vec::with_capacity(1 << c);
     let mut rand_point = rand_base.clone();
-    for (round, points_clump) in points.chunks(c).into_iter().enumerate() {
+    for (round, points_clump) in points.chunks(c).enumerate() {
         // compute all possible multi-products of elements in points[round * c .. round * (c+1)]
 
         // for later addition collision-prevension, we need a different random point per round

diff --git a/halo2-ecc/src/lib.rs b/halo2-ecc/src/lib.rs
@@ -9,7 +9,7 @@ pub mod ecc;
 pub mod fields;
 
 pub mod bn254;
-//pub mod secp256k1;
+pub mod secp256k1;
 
 pub use halo2_base;
 pub(crate) use halo2_base::halo2_proofs;
diff --git a/halo2-ecc/src/secp256k1/mod.rs b/halo2-ecc/src/secp256k1/mod.rs
@@ -1,14 +1,12 @@
-use crate::halo2_proofs::halo2curves::secp256k1::Fp;
+use crate::halo2_proofs::halo2curves::secp256k1::{Fp, Fq};
 
 use crate::ecc;
 use crate::fields::fp;
 
-#[allow(dead_code)]
-type FpChip<F> = fp::FpConfig<F, Fp>;
-#[allow(dead_code)]
-type Secp256k1Chip<F> = ecc::EccChip<F, FpChip<F>>;
-#[allow(dead_code)]
-const SECP_B: u64 = 7;
+pub type FpChip<'range, F> = fp::FpChip<'range, F, Fp>;
+pub type FqChip<'range, F> = fp::FpChip<'range, F, Fq>;
+pub type Secp256k1Chip<'chip, F> = ecc::EccChip<'chip, F, FpChip<'chip, F>>;
+pub const SECP_B: u64 = 7;
 
 #[cfg(test)]
 mod tests;