Skip to content
This repository was archived by the owner on Apr 18, 2025. It is now read-only.
Merged
Show file tree
Hide file tree
Changes from 42 commits
Commits
Show all changes
51 commits
Select commit Hold shift + click to select a range
7320dc5
init table16 with generic refactoring
noel2004 Nov 3, 2023
944cf7c
update cargo
noel2004 Nov 3, 2023
215a1a2
add required cfgs
noel2004 Nov 3, 2023
55eec01
add benchmarking
noel2004 Nov 7, 2023
c1ea6b8
customable bench
noel2004 Nov 10, 2023
ab5b2fa
fmt
noel2004 Nov 10, 2023
fe5a433
config gates for sha256 circuit
noel2004 Nov 15, 2023
d0b63a6
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 15, 2023
70ceb47
complete sha256 circuit
noel2004 Nov 15, 2023
4795760
induce SHA256 in bus mapping
noel2004 Nov 15, 2023
152c567
better challenge spec
noel2004 Nov 16, 2023
b8379ea
integrate sha256 circuit into super
noel2004 Nov 16, 2023
bef157b
readme (wip)
noel2004 Nov 16, 2023
4adf228
complete precompile and sha256 table
noel2004 Nov 16, 2023
89505b0
clippies
noel2004 Nov 16, 2023
85732d2
fmt
noel2004 Nov 16, 2023
8d90619
better tests
noel2004 Nov 16, 2023
a51e117
fix issues and better printing for circuit layout
noel2004 Nov 17, 2023
1c14779
refine and fix issues
noel2004 Nov 17, 2023
8b125f1
fix digest in table16
noel2004 Nov 20, 2023
edef428
fix layout, clippy and fmt
noel2004 Nov 20, 2023
635beae
complete sha256 table
noel2004 Nov 20, 2023
c8a3f6d
fix rw
noel2004 Nov 20, 2023
08d3039
fix rlc on padding
noel2004 Nov 21, 2023
4af8e0e
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 21, 2023
5db7d69
clippy and fmt
noel2004 Nov 21, 2023
2b43069
more tests
noel2004 Nov 21, 2023
7992f8d
test added
noel2004 Nov 21, 2023
f11f6cc
sha256: update row cost per block
noel2004 Nov 21, 2023
ac0d3fb
update readme (wip)
noel2004 Nov 22, 2023
c4b1898
lookup input len
noel2004 Nov 22, 2023
41298f7
enable sha256
noel2004 Nov 23, 2023
f7740de
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 23, 2023
da3027c
more tests cases
noel2004 Nov 23, 2023
8fb408e
refactoring aux data
noel2004 Nov 23, 2023
abeb61a
fmt
noel2004 Nov 23, 2023
e8e2c71
fix precompile call test
noel2004 Nov 23, 2023
e600ff5
fix another callop test
noel2004 Nov 23, 2023
a748453
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 23, 2023
fc94e67
+ update bench to circuit-sha256,
noel2004 Nov 25, 2023
f3f497d
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 25, 2023
0a4c056
fix vk issue, add more test
noel2004 Nov 26, 2023
e3d1333
trivial fixs
noel2004 Nov 27, 2023
9649214
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 28, 2023
ff0bf52
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 29, 2023
88e419c
move sha256 circuit into zkevm-circuits
noel2004 Nov 30, 2023
2d9914e
purge unused sha256 dir
noel2004 Nov 30, 2023
5af254a
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Nov 30, 2023
c526f09
bump halo2 version
noel2004 Nov 30, 2023
05d3747
fix blank comment
noel2004 Dec 1, 2023
9d5661c
Merge remote-tracking branch 'origin/develop' into feat/sha256
noel2004 Dec 1, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ members = [
"bus-mapping",
"geth-utils",
"keccak256",
"sha256",
"zktrie",
"gadgets",
"integration-tests",
Expand Down
2 changes: 1 addition & 1 deletion bus-mapping/src/circuit_input_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ use ethers_providers::JsonRpcClient;
pub use execution::{
BigModExp, CopyBytes, CopyDataType, CopyEvent, CopyEventStepsBuilder, CopyStep, EcAddOp,
EcMulOp, EcPairingOp, EcPairingPair, ExecState, ExecStep, ExpEvent, ExpStep, NumberOrHash,
PrecompileEvent, PrecompileEvents, N_BYTES_PER_PAIR, N_PAIRING_PER_OP,
PrecompileEvent, PrecompileEvents, N_BYTES_PER_PAIR, N_PAIRING_PER_OP, SHA256,
};
use hex::decode_to_slice;

Expand Down
25 changes: 25 additions & 0 deletions bus-mapping/src/circuit_input_builder/execution.rs
Original file line number Diff line number Diff line change
Expand Up @@ -908,6 +908,20 @@ impl PrecompileEvents {
.cloned()
.collect()
}
/// Get all SHA256 events.
pub fn get_sha256_events(&self) -> Vec<SHA256> {
self.events
.iter()
.filter_map(|e| {
if let PrecompileEvent::SHA256(op) = e {
Some(op)
} else {
None
}
})
.cloned()
.collect()
}
}

/// I/O from a precompiled contract call.
Expand All @@ -923,6 +937,8 @@ pub enum PrecompileEvent {
EcPairing(Box<EcPairingOp>),
/// Represents the I/O from Modexp call.
ModExp(BigModExp),
/// Represents the I/O from SHA256 call.
SHA256(SHA256),
}

impl Default for PrecompileEvent {
Expand Down Expand Up @@ -1369,3 +1385,12 @@ impl Default for BigModExp {
}
}
}

/// Event representating an SHA256 hash in precompile sha256.
#[derive(Clone, Debug, Default)]
pub struct SHA256 {
/// input bytes
pub input: Vec<u8>,
/// digest
pub digest: [u8; 32],
}
3 changes: 0 additions & 3 deletions bus-mapping/src/evm/opcodes/callop.rs
Original file line number Diff line number Diff line change
Expand Up @@ -753,9 +753,6 @@ pub mod tests {
address: Word::from(0x2),
stack_value: vec![(
Word::from(0x20),
#[cfg(feature = "scroll")]
Word::zero(),
#[cfg(not(feature = "scroll"))]
word!("a8100ae6aa1940d0b663bb31cd466142ebbdbd5187131b92d93818987832eb89"),
)],
..Default::default()
Expand Down
21 changes: 20 additions & 1 deletion bus-mapping/src/evm/opcodes/precompiles/mod.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
use eth_types::{GethExecStep, ToWord, Word};

use crate::{
circuit_input_builder::{Call, CircuitInputStateRef, ExecState, ExecStep},
circuit_input_builder::{
Call, CircuitInputStateRef, ExecState, ExecStep, PrecompileEvent, SHA256,
},
operation::CallContextField,
precompile::{PrecompileAuxData, PrecompileCalls},
Error,
Expand Down Expand Up @@ -50,6 +52,23 @@ pub fn gen_associated_ops(
return_bytes: return_bytes.to_vec(),
}),
),
PrecompileCalls::Sha256 => (
if output_bytes.is_empty() {
None
} else {
Some(PrecompileEvent::SHA256(SHA256 {
input: input_bytes.to_vec(),
digest: output_bytes
.try_into()
.expect("output bytes must be 32 bytes"),
}))
},
Some(PrecompileAuxData::SHA256 {
input_bytes: input_bytes.to_vec(),
output_bytes: output_bytes.to_vec(),
return_bytes: return_bytes.to_vec(),
}),
),
_ => {
log::warn!("precompile {:?} unsupported in circuits", precompile);
(
Expand Down
11 changes: 10 additions & 1 deletion bus-mapping/src/precompile.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ pub(crate) fn execute_precompiled(
// so we need to override the behavior of invalid input
match PrecompileCalls::from(address.0[19]) {
PrecompileCalls::Blake2F
| PrecompileCalls::Sha256
// | PrecompileCalls::Sha256
Comment thread
noel2004 marked this conversation as resolved.
Outdated
| PrecompileCalls::Ripemd160 => (vec![], gas, false, false),
PrecompileCalls::Bn128Pairing => {
if input.len() > N_PAIRING_PER_OP * N_BYTES_PER_PAIR {
Expand Down Expand Up @@ -455,6 +455,15 @@ pub enum PrecompileAuxData {
/// bytes returned back to the caller from the identity call.
return_bytes: Vec<u8>,
},
/// SHA256
SHA256 {
/// input bytes to the sha256 call.
input_bytes: Vec<u8>,
/// output bytes from the sha256 call.
output_bytes: Vec<u8>,
/// bytes returned back to the caller from the sha256 call.
return_bytes: Vec<u8>,
},
/// Ecrecover.
Ecrecover(EcrecoverAuxData),
/// Modexp.
Expand Down
6 changes: 3 additions & 3 deletions geth-utils/l2geth/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.18

require (
github.com/imdario/mergo v0.3.16
github.com/scroll-tech/go-ethereum v1.10.14-0.20230919024151-fa0be69a3fb9
github.com/scroll-tech/go-ethereum v1.10.14-0.20231123003536-35313dc92055
)

require (
Expand Down Expand Up @@ -36,7 +36,7 @@ require (
github.com/tklauser/go-sysconf v0.3.12 // indirect
github.com/tklauser/numcpus v0.6.1 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
golang.org/x/crypto v0.12.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/sys v0.13.0 // indirect
gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
)
8 changes: 8 additions & 0 deletions geth-utils/l2geth/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ github.com/scroll-tech/go-ethereum v1.10.14-0.20230901060443-e1eebd17067c h1:GuA
github.com/scroll-tech/go-ethereum v1.10.14-0.20230901060443-e1eebd17067c/go.mod h1:DiN3p2inoXOxGffxSswDKqWjQ7bU+Mp0c9v0XQXKmaA=
github.com/scroll-tech/go-ethereum v1.10.14-0.20230919024151-fa0be69a3fb9 h1:QiqH+ZGNNzMcKy21VGX6XYg81DXE+/9j1Ik7owm13hs=
github.com/scroll-tech/go-ethereum v1.10.14-0.20230919024151-fa0be69a3fb9/go.mod h1:DiN3p2inoXOxGffxSswDKqWjQ7bU+Mp0c9v0XQXKmaA=
github.com/scroll-tech/go-ethereum v1.10.14-0.20231123003536-35313dc92055 h1:7dGW0GxAu5y+8SlXc4LtuoWXxbV5de3vDjN2qz2oO+k=
github.com/scroll-tech/go-ethereum v1.10.14-0.20231123003536-35313dc92055/go.mod h1:4HrFcoStbViFVy/9l/rvKl1XmizVAaPdgqI8v0U8hOc=
github.com/scroll-tech/zktrie v0.6.0 h1:xLrMAO31Yo2BiPg1jtYKzcjpEFnXy8acbB7iIsyshPs=
github.com/scroll-tech/zktrie v0.6.0/go.mod h1:XvNo7vAk8yxNyTjBDj5WIiFzYW4bx/gJ78+NK6Zn6Uk=
github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
Expand Down Expand Up @@ -165,6 +167,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
Expand All @@ -175,6 +179,7 @@ golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand Down Expand Up @@ -204,12 +209,15 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
Expand Down
30 changes: 30 additions & 0 deletions sha256/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
[package]
name = "sha256"
version.workspace = true
edition.workspace = true
license.workspace = true

[features]
dev-graph = ["halo2_proofs/dev-graph", "halo2_gadgets/dev-graph", "plotters"]

[dependencies]
halo2curves = { git = "https://github.com/scroll-tech/halo2curves.git", branch = "0.3.1-derive-serde" }
halo2_gadgets = { git = "https://github.com/scroll-tech/halo2.git", branch = "develop", features = ["unstable"] }
halo2_proofs.workspace = true
itertools.workspace = true
num-bigint.workspace = true
num-traits.workspace = true
plotters = { version = "0.3.0", optional = true }
eth-types = { path = "../eth-types" }
lazy_static.workspace = true
log.workspace = true
env_logger.workspace = true

[dev-dependencies]
pretty_assertions.workspace = true
rand.workspace = true
criterion = "0.3"

[[bench]]
name = "sha256"
harness = false
67 changes: 67 additions & 0 deletions sha256/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# SHA256 Circuit with lookup table

This circuit use a forking of `table16` in `halo2-gadget`, with some patches:

+ Make all code generic for the `Field` trait so that it also work with the `bn254` curve
+ Fix the digest exporting part, output correct digest (the final state ⊕ init state) with correct constraint (rows for 512-bit block increased from **2102** -> **2114**)

The witness in table16 is then exported to an extra region so that the RLC of input and digest can be calculated and form the lookup table for the SHA256 precompile in zkevm-circuit. To achieve this, we have introduced several cols and assigned them to two regions: `input` and `digest`. The following table illustrates:

input region (example for input 'abc'):
| | s_final | s_u16 | counter | bytes_rlc | trans_byte | copied_data | s_output| padding |padding_size|
|----------|------------------|-----------|-----------|-----------|------------|-------------|---------|-----------------|------------|
|(inherit) | *1* | | *42* |*inherit_rlc*| | | | *1* | |
|s_begin | 1 | | 0 | 0 | | | | 0 | |
|s_enable | 1 | 1 | 1 | 0x61 | b'0x61' | *0x6162* | | 0 | |
|s_enable | 1 | 0 | 2 | 0x61062 | b'0x62' | | | 0 | |
|s_enable | 1 | 1 | 3 | 0x61062063| b'0x63' | *0x6380* | | 0 | |
|s_enable | 1 | 0 | 3 | 0x61062063| b'0x80' | | | 1 | |
|.... |
|s_enable | 1 | 1 | 3 | 0x61062063| b'0x00 | *0x0018* | | 1 | 0 |
|s_last | 1 | 0 | 3 | 0x61062063| b'0x18 | | | 1 | 24 |


digest region (example for the hash of 'abc'):
| | s_final | s_u16 | counter | bytes_rlc | trans_byte | copied_data | s_output| padding |
|----------|------------------|-----------|-----------|-----------|------------|-------------|---------|-----------|
| | *1* | | | **0** | | | | **0** |
|s_enable | 1 | 1 | | 0xba | b'0xba' | *0xba78* | 0x6a09 | 0 |
|s_enable | 1 | 0 | | 0xba078 | b'0x78 | *0x6a09* | |
|.... |
|s_enable | 1 | 1 | | | b'0x15 | *0x15ad* | 0xcd19 | 0 |
|s_enable | 1 | 0 | | hash_rlc | b'0xad | *0xcd19* | | **0** |
| | | |*input_counter*|*hash_rlc*| | *input_rlc* | 1 | |

Note:
+ *Italic* indicate the cell is equality constrainted whie **bold** indicate the cell is constarinted with constant
+ We suppose the `random` value for rlc is `0x1000`

### Defination of the cols

+ `copied_data` col is used to copy the cells with `u16` values from `table16`.
+ `trans_byte` expands each `u16` value copied from `table16` into two bytes across two adjacent rows, with the help of the selector `s_u16`
+ `padding` col marks whether the byte in current row is padding or input byte.
+ `bytes_rlc` accumulates bytes in `trans_byte` col to its RLC expression only if the byte in current row is not padding. Otherwise, it continues the value from the previous row if the current row is marked as padding.
+ `counter` counts the total input bytes if byte in current row is not padding, Otherwise it continues the value from previous row if the current row is marked as padding.
+ `s_final` is a boolean advice col that identifies in each row of an input region, marking wether the current block is the last block
+ `padding_size` calculates the accumulation of the last 8 bytes in input region and obtains the bit counts recorded in the tail of the padding, which is specified by SHA2.

### Defination in regions:

Each input region captures a 512-bit block and copies the 16 x 32-bit integers (in the form of a pair of assigned cells for their lo and hi 16-bit parts) inside of the `message schedule` region of table16. The region consists of 66 rows: 64 rows for 64 bytes representing the 512-bit block and 2 extra rows at the beginning. For the `s_final`, `counter`, `padding` and `bytes_rlc` cols, the cells in last row (enabled by `s_last` selector) are connected by equality constraints to the first row of next input region for the subsequent 512-bit block. Additionally the `s_final` cells is also connected with the corresponding digest reion.

The second row at the top of the region determines how the `counter`, `padding` and `bytes_rlc` cols begin: if the inherited `s_final` cell (at the first row at the top of the region) is 1, these cols will start with an initial value (i.e., 0); else they will start with the "inherited" value of the previous 512-bit block.

Note that it is free to specify `s_final` in each block as either 0 or 1. If `s_final` is set to 1, the last row must satisfy the "final" constraint, that is the cell in `counter` col has to equal the calculated bit size in `padding_size` cell.

There is exactly one digest region corresponding to each input region. This region captures the 256-bit digest of the 512-bit block and copies it from the `digest` region of table16. The region consists of 34 rows: 32 rows for bytes of digests, 1 extra row at the beginning, and 1 row at the bottom. The `s_final` is inherited from the input region, and the first row for `counter`, `padding` and `bytes_rlc` cols are specified with 0 by constraints to a constant. The last row for digest bytes is also constarint the `padding` cell as 0, which also ensure there is no padding row existed in digest region.

Like input region, digest region calculated the RLC of digest bytes. The final row in digest copied `s_final` and `counter` value inheirted from input region into the corresponding cols; `bytes_rlc` of the cell in previous cell (i.e. the RLC of digest); and the RLC of input into `copied_data` col. This row represents a row in SHA256 table used for looking up from evm circuit.

## Performance

Currently the SHA256 circuit can calculate SHA256 for 1k bytes within 4.891s (`k=17`), ~26% overhead to its `table16` core (3.854s), and verfication is 6.601ms, 6% overhead to `table16` (6.207ms).

We have a [detailed performance for table16 and Brecht's sha256](https://www.notion.so/scrollzkp/Precompile-SHA256-7a0f519d5bbe4f52a9fa08ebff9a8118) (accessing priviledge required).

With `k=21`, SHA256-circuit can calculate the hashes for as much as 16KB bytes, which should be enough for the txs in mainnet.
1 change: 1 addition & 0 deletions sha256/benches/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
sha256_assets
Loading