feat(halo2_proofs): add create_proof() of tachyon

kroma-network · Feb 21, 2024 · fa020ff · fa020ff
1 parent 01ace42
commit fa020ff
Show file tree

Hide file tree

Showing 29 changed files with 2,830 additions and 4 deletions.
diff --git a/halo2_proofs/Cargo.toml b/halo2_proofs/Cargo.toml
@@ -46,12 +46,14 @@ harness = false
 [dependencies]
 backtrace = { version = "0.3", optional = true }
 rayon = "1.5.1"
+digest = "0.10.3"
 ff = "0.12"
 group = "0.12"
 halo2curves = { git = 'https://github.com/kroma-network/halo2curves.git', rev = "c0ac193"}
 rand_core = { version = "0.6", default-features = false }
 tracing = "0.1"
 blake2b_simd = "1"
+sha2 = "0.10.2"
 sha3 = "0.9.1"
 subtle = "2.3"
 cfg-if = "0.1"
@@ -78,6 +80,7 @@ criterion = "0.3"
 gumdrop = "0.8"
 proptest = "1"
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
+rand_xorshift = "0.3"
 
 [build-dependencies]
 cxx-build = "1.0"

diff --git a/halo2_proofs/build.rs b/halo2_proofs/build.rs
@@ -1,9 +1,37 @@
 fn main() {
-    cxx_build::bridge("src/lib.rs")
+    let src_files = [
+        "src/bn254_blake2b_writer.cc",
+        "src/bn254_evals.cc",
+        "src/bn254_gwc_prover.cc",
+        "src/bn254_poly.cc",
+        "src/bn254_poseidon_writer.cc",
+        "src/bn254_proving_key.cc",
+        "src/bn254_rational_evals.cc",
+        "src/bn254_sha256_writer.cc",
+        "src/bn254_shplonk_prover.cc",
+        "src/xor_shift_rng.cc",
+    ];
+    cxx_build::bridges(["src/bn254.rs", "src/xor_shift_rng.rs"])
+        .files(src_files)
         .flag_if_supported("-std=c++17")
         .compile("halo2_proofs");
 
-    let dep_files = vec!["src/lib.rs"];
+    let mut dep_files = vec![
+        "include/bn254_blake2b_writer.h",
+        "include/bn254_evals.h",
+        "include/bn254_gwc_prover.h",
+        "include/bn254_poly.h",
+        "include/bn254_poseidon_writer.h",
+        "include/bn254_proving_key.h",
+        "include/bn254_rational_evals.h",
+        "include/bn254_sha256_writer.h",
+        "include/bn254_shplonk_prover.h",
+        "include/xor_shift_rng.h",
+        "src/bn254.rs",
+        "src/rust_vec.h",
+        "src/xor_shift_rng.rs",
+    ];
+    dep_files.extend_from_slice(&src_files);
     for file in dep_files {
         println!("cargo:rerun-if-changed={file}");
     }

diff --git a/halo2_proofs/include/bn254_blake2b_writer.h b/halo2_proofs/include/bn254_blake2b_writer.h
@@ -0,0 +1,38 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_BLAKE2B_WRITER_H_
+#define HALO2_PROOFS_INCLUDE_BN254_BLAKE2B_WRITER_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <array>
+#include <memory>
+
+#include <tachyon/c/zk/plonk/halo2/bn254_transcript.h>
+
+#include "rust/cxx.h"
+
+namespace tachyon::halo2_api::bn254 {
+
+constexpr size_t kBlake2bDigestLength = 64;
+constexpr size_t kBlake2bStateLength = 216;
+
+class Blake2bWriter {
+ public:
+  Blake2bWriter();
+  Blake2bWriter(const Blake2bWriter& other) = delete;
+  Blake2bWriter& operator=(const Blake2bWriter& other) = delete;
+  ~Blake2bWriter();
+
+  void update(rust::Slice<const uint8_t> data);
+  void finalize(std::array<uint8_t, kBlake2bDigestLength>& result);
+  rust::Vec<uint8_t> state() const;
+
+ private:
+  tachyon_halo2_bn254_transcript_writer* writer_;
+};
+
+std::unique_ptr<Blake2bWriter> new_blake2b_writer();
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_BLAKE2B_WRITER_H_
diff --git a/halo2_proofs/include/bn254_evals.h b/halo2_proofs/include/bn254_evals.h
@@ -0,0 +1,42 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_EVALS_H_
+#define HALO2_PROOFS_INCLUDE_BN254_EVALS_H_
+
+#include <stddef.h>
+
+#include <memory>
+#include <utility>
+
+#include <tachyon/c/math/polynomials/univariate/bn254_univariate_evaluations.h>
+
+namespace tachyon::halo2_api::bn254 {
+
+struct Fr;
+
+class Evals {
+ public:
+  Evals();
+  explicit Evals(tachyon_bn254_univariate_evaluations* evals) : evals_(evals) {}
+  Evals(const Evals& other) = delete;
+  Evals& operator=(const Evals& other) = delete;
+  ~Evals();
+
+  tachyon_bn254_univariate_evaluations* evals() { return evals_; }
+  const tachyon_bn254_univariate_evaluations* evals() const { return evals_; }
+
+  tachyon_bn254_univariate_evaluations* release() {
+    return std::exchange(evals_, nullptr);
+  }
+
+  size_t len() const;
+  void set_value(size_t idx, const Fr& value);
+  std::unique_ptr<Evals> clone() const;
+
+ private:
+  tachyon_bn254_univariate_evaluations* evals_;
+};
+
+std::unique_ptr<Evals> zero_evals();
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_EVALS_H_
diff --git a/halo2_proofs/include/bn254_gwc_prover.h b/halo2_proofs/include/bn254_gwc_prover.h
@@ -0,0 +1,60 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_GWC_PROVER_H_
+#define HALO2_PROOFS_INCLUDE_BN254_GWC_PROVER_H_
+
+#include <stdint.h>
+
+#include <memory>
+
+#include <tachyon/c/zk/plonk/halo2/bn254_gwc_prover.h>
+
+#include "rust/cxx.h"
+
+namespace tachyon::halo2_api::bn254 {
+
+struct Fr;
+struct G1JacobianPoint;
+struct InstanceSingle;
+struct AdviceSingle;
+class ProvingKey;
+class Evals;
+class RationalEvals;
+class Poly;
+
+class GWCProver {
+ public:
+  GWCProver(uint8_t transcript_type, uint32_t k, const Fr& s);
+  GWCProver(const GWCProver& other) = delete;
+  GWCProver& operator=(const GWCProver& other) = delete;
+  ~GWCProver();
+
+  const tachyon_halo2_bn254_gwc_prover* prover() const { return prover_; }
+
+  uint32_t k() const;
+  uint64_t n() const;
+  rust::Box<G1JacobianPoint> commit(const Poly& poly) const;
+  rust::Box<G1JacobianPoint> commit_lagrange(const Evals& evals) const;
+  std::unique_ptr<Evals> empty_evals() const;
+  std::unique_ptr<RationalEvals> empty_rational_evals() const;
+  std::unique_ptr<Poly> ifft(const Evals& evals) const;
+  void batch_evaluate(
+      rust::Slice<const std::unique_ptr<RationalEvals>> rational_evals,
+      rust::Slice<std::unique_ptr<Evals>> evals) const;
+  void set_rng(rust::Slice<const uint8_t> state);
+  void set_transcript(rust::Slice<const uint8_t> state);
+  void set_extended_domain(const ProvingKey& pk);
+  void create_proof(ProvingKey& key,
+                    rust::Slice<InstanceSingle> instance_singles,
+                    rust::Slice<AdviceSingle> advice_singles,
+                    rust::Slice<const Fr> challenges);
+  rust::Vec<uint8_t> get_proof() const;
+
+ private:
+  tachyon_halo2_bn254_gwc_prover* prover_;
+};
+
+std::unique_ptr<GWCProver> new_gwc_prover(uint8_t transcript_type, uint32_t k,
+                                          const Fr& s);
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_GWC_PROVER_H_
diff --git a/halo2_proofs/include/bn254_poly.h b/halo2_proofs/include/bn254_poly.h
@@ -0,0 +1,34 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_POLY_H_
+#define HALO2_PROOFS_INCLUDE_BN254_POLY_H_
+
+#include <utility>
+
+#include <tachyon/c/math/polynomials/univariate/bn254_univariate_dense_polynomial.h>
+
+namespace tachyon::halo2_api::bn254 {
+
+class Poly {
+ public:
+  Poly();
+  explicit Poly(tachyon_bn254_univariate_dense_polynomial* poly)
+      : poly_(poly) {}
+  Poly(const Poly& other) = delete;
+  Poly& operator=(const Poly& other) = delete;
+  ~Poly();
+
+  tachyon_bn254_univariate_dense_polynomial* poly() { return poly_; }
+  const tachyon_bn254_univariate_dense_polynomial* poly() const {
+    return poly_;
+  }
+
+  tachyon_bn254_univariate_dense_polynomial* release() {
+    return std::exchange(poly_, nullptr);
+  }
+
+ private:
+  tachyon_bn254_univariate_dense_polynomial* poly_;
+};
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_POLY_H_
diff --git a/halo2_proofs/include/bn254_poseidon_writer.h b/halo2_proofs/include/bn254_poseidon_writer.h
@@ -0,0 +1,35 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_POSEIDON_WRITER_H_
+#define HALO2_PROOFS_INCLUDE_BN254_POSEIDON_WRITER_H_
+
+#include <stdint.h>
+
+#include <memory>
+
+#include <tachyon/c/zk/plonk/halo2/bn254_transcript.h>
+
+#include "rust/cxx.h"
+
+namespace tachyon::halo2_api::bn254 {
+
+struct Fr;
+
+class PoseidonWriter {
+ public:
+  PoseidonWriter();
+  PoseidonWriter(const PoseidonWriter& other) = delete;
+  PoseidonWriter& operator=(const PoseidonWriter& other) = delete;
+  ~PoseidonWriter();
+
+  void update(rust::Slice<const uint8_t> data);
+  rust::Box<Fr> squeeze();
+  rust::Vec<uint8_t> state() const;
+
+ private:
+  tachyon_halo2_bn254_transcript_writer* writer_;
+};
+
+std::unique_ptr<PoseidonWriter> new_poseidon_writer();
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_POSEIDON_WRITER_H_
diff --git a/halo2_proofs/include/bn254_proving_key.h b/halo2_proofs/include/bn254_proving_key.h
@@ -0,0 +1,52 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_PROVING_KEY_H_
+#define HALO2_PROOFS_INCLUDE_BN254_PROVING_KEY_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include <tachyon/c/zk/plonk/keys/bn254_plonk_proving_key.h>
+
+#include "rust/cxx.h"
+
+namespace tachyon::halo2_api::bn254 {
+
+struct Fr;
+class GWCProver;
+class SHPlonkProver;
+
+class ProvingKey {
+ public:
+  explicit ProvingKey(rust::Slice<const uint8_t> pk_bytes);
+  ProvingKey(const ProvingKey& other) = delete;
+  ProvingKey& operator=(const ProvingKey& other) = delete;
+  ~ProvingKey();
+
+  const tachyon_bn254_plonk_proving_key* pk() const { return pk_; }
+  tachyon_bn254_plonk_proving_key* pk() { return pk_; }
+
+  rust::Vec<uint8_t> advice_column_phases() const;
+  uint32_t blinding_factors() const;
+  rust::Vec<uint8_t> challenge_phases() const;
+  rust::Vec<size_t> constants() const;
+  size_t num_advice_columns() const;
+  size_t num_challenges() const;
+  size_t num_instance_columns() const;
+  rust::Vec<uint8_t> phases() const;
+  rust::Box<Fr> transcript_repr_gwc(const GWCProver& prover);
+  rust::Box<Fr> transcript_repr_shplonk(const SHPlonkProver& prover);
+
+ private:
+  const tachyon_bn254_plonk_verifying_key* GetVerifyingKey() const;
+  const tachyon_bn254_plonk_constraint_system* GetConstraintSystem() const;
+
+  tachyon_bn254_plonk_proving_key* pk_;
+};
+
+std::unique_ptr<ProvingKey> new_proving_key(
+    rust::Slice<const uint8_t> pk_bytes);
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_PROVING_KEY_H_
diff --git a/halo2_proofs/include/bn254_rational_evals.h b/halo2_proofs/include/bn254_rational_evals.h
@@ -0,0 +1,45 @@
+#ifndef HALO2_PROOFS_INCLUDE_BN254_RATIONAL_EVALS_H_
+#define HALO2_PROOFS_INCLUDE_BN254_RATIONAL_EVALS_H_
+
+#include <stddef.h>
+
+#include <memory>
+#include <utility>
+
+#include <tachyon/c/math/polynomials/univariate/bn254_univariate_rational_evaluations.h>
+
+namespace tachyon::halo2_api::bn254 {
+
+struct Fr;
+
+class RationalEvals {
+ public:
+  RationalEvals();
+  explicit RationalEvals(tachyon_bn254_univariate_rational_evaluations* evals)
+      : evals_(evals) {}
+  RationalEvals(const RationalEvals& other) = delete;
+  RationalEvals& operator=(const RationalEvals& other) = delete;
+  ~RationalEvals();
+
+  tachyon_bn254_univariate_rational_evaluations* evals() { return evals_; }
+  const tachyon_bn254_univariate_rational_evaluations* evals() const {
+    return evals_;
+  }
+
+  tachyon_bn254_univariate_rational_evaluations* release() {
+    return std::exchange(evals_, nullptr);
+  }
+
+  size_t len() const;
+  void set_zero(size_t idx);
+  void set_trivial(size_t idx, const Fr& numerator);
+  void set_rational(size_t idx, const Fr& numerator, const Fr& denominator);
+  std::unique_ptr<RationalEvals> clone() const;
+
+ private:
+  tachyon_bn254_univariate_rational_evaluations* evals_;
+};
+
+}  // namespace tachyon::halo2_api::bn254
+
+#endif  // HALO2_PROOFS_INCLUDE_BN254_RATIONAL_EVALS_H_