fix/keccak-decode-overflow: calculate with bitshifts in u64

zkevm-circuits/src/keccak_circuit/keccak_packed_multi.rs

@@ -5,8 +5,8 @@ use super::util::{
 use crate::evm_circuit::util::{not, rlc};
 use crate::keccak_circuit::util::{
     compose_rlc, field_xor, get_absorb_positions, into_bits, pack, pack_u64, pack_with_base,
-    rotate, scatter, target_part_sizes, to_bytes, unpack, BIT_SIZE, NUM_BYTES_PER_WORD,
-    NUM_WORDS_TO_ABSORB, NUM_WORDS_TO_SQUEEZE, RATE, RATE_IN_BITS, RHO_MATRIX, ROUND_CST,
+    rotate, scatter, target_part_sizes, to_bytes, unpack, NUM_BYTES_PER_WORD, NUM_WORDS_TO_ABSORB,
+    NUM_WORDS_TO_SQUEEZE, RATE, RATE_IN_BITS, RHO_MATRIX, ROUND_CST,
 };
 use crate::table::KeccakTable;
 use crate::util::{Challenges, SubCircuit, SubCircuitConfig};
@@ -482,20 +482,20 @@ impl<F: Field> KeccakCircuit<F> {
 /// Recombines parts back together
 mod decode {
     use super::{Part, PartValue};
-    use crate::keccak_circuit::util::BIT_SIZE;
+    use crate::keccak_circuit::util::BIT_COUNT;
     use crate::util::Expr;
     use eth_types::Field;
     use halo2_proofs::plonk::Expression;
 
     pub(crate) fn expr<F: Field>(parts: Vec<Part<F>>) -> Expression<F> {
         parts.iter().rev().fold(0.expr(), |acc, part| {
-            acc * F::from((BIT_SIZE as u32).pow(part.num_bits as u32) as u64) + part.expr.clone()
+            acc * F::from(1u64 << (BIT_COUNT * part.num_bits)) + part.expr.clone()
         })
     }
 
     pub(crate) fn value<F: Field>(parts: Vec<PartValue<F>>) -> F {
         parts.iter().rev().fold(F::zero(), |acc, part| {
-            acc * F::from((BIT_SIZE as u32).pow(part.num_bits as u32) as u64) + part.value
+            acc * F::from(1u64 << (BIT_COUNT * part.num_bits)) + part.value
         })
     }
 }
@@ -574,8 +574,9 @@ mod split {
 // table layout in `output_cells` regardless of rotation.
 mod split_uniform {
     use super::{decode, target_part_sizes, Cell, CellManager, KeccakRegion, Part, PartValue};
-    use crate::keccak_circuit::keccak_packed_multi::BIT_SIZE;
-    use crate::keccak_circuit::util::{pack, pack_part, rotate, rotate_rev, unpack, WordParts};
+    use crate::keccak_circuit::util::{
+        pack, pack_part, rotate, rotate_rev, unpack, WordParts, BIT_COUNT,
+    };
     use crate::{evm_circuit::util::constraint_builder::BaseConstraintBuilder, util::Expr};
     use eth_types::Field;
     use halo2_proofs::plonk::{ConstraintSystem, Expression};
@@ -625,8 +626,7 @@ mod split_uniform {
 
                 // Make sure the parts combined equal the value in the uniform output
                 let expr = part_a.expr()
-                    + part_b.expr()
-                        * F::from((BIT_SIZE as u32).pow(word_part.bits.len() as u32) as u64);
+                    + part_b.expr() * F::from(1u64 << (BIT_COUNT * word_part.bits.len()));
                 cb.require_equal("rot part", expr, output_cells[counter].expr());
 
                 // Input needs the two parts because it needs to be able to undo the rotation
@@ -709,7 +709,7 @@ mod split_uniform {
                 part_a.assign(region, 0, F::from(value_a));
                 part_b.assign(region, 0, F::from(value_b));
 
-                let value = value_a + value_b * (BIT_SIZE as u64).pow(word_part.bits.len() as u32);
+                let value = value_a + value_b * (1u64 << (BIT_COUNT * word_part.bits.len()));
 
                 output_cells[counter].assign(region, 0, F::from(value));