checkpoint

halo2_backend/src/plonk/circuit.rs

@@ -244,6 +244,8 @@ impl<'a, F: Field> std::fmt::Debug for PinnedGates<'a, F> {
 }
 
 /// Represents the minimal parameters that determine a `ConstraintSystem`.
+#[allow(dead_code)]
+#[derive(Debug)]
 pub(crate) struct PinnedConstraintSystem<'a, F: Field> {
     num_fixed_columns: &'a usize,
     num_advice_columns: &'a usize,
@@ -261,35 +263,6 @@ pub(crate) struct PinnedConstraintSystem<'a, F: Field> {
     minimum_degree: &'a Option<usize>,
 }
 
-impl<'a, F: Field> std::fmt::Debug for PinnedConstraintSystem<'a, F> {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let mut debug_struct = f.debug_struct("PinnedConstraintSystem");
-        debug_struct
-            .field("num_fixed_columns", self.num_fixed_columns)
-            .field("num_advice_columns", self.num_advice_columns)
-            .field("num_instance_columns", self.num_instance_columns);
-        // Only show multi-phase related fields if it's used.
-        if *self.num_challenges > 0 {
-            debug_struct
-                .field("num_challenges", self.num_challenges)
-                .field("advice_column_phase", self.advice_column_phase)
-                .field("challenge_phase", self.challenge_phase);
-        }
-        debug_struct
-            .field("gates", &self.gates)
-            .field("advice_queries", self.advice_queries)
-            .field("instance_queries", self.instance_queries)
-            .field("fixed_queries", self.fixed_queries)
-            .field("permutation", self.permutation)
-            .field("lookups", self.lookups);
-        if !self.shuffles.is_empty() {
-            debug_struct.field("shuffles", self.shuffles);
-        }
-        debug_struct.field("minimum_degree", self.minimum_degree);
-        debug_struct.finish()
-    }
-}
-
 // Cost functions: arguments required degree
 
 /// Returns the minimum circuit degree required by the permutation argument.

halo2_backend/src/plonk/evaluation.rs

@@ -408,8 +408,16 @@ impl<C: CurveAffine> Evaluator<C> {
                 let chunk_len = pk.vk.cs.degree() - 2;
                 let delta_start = beta * C::Scalar::ZETA;
 
-                let first_set = sets.first().unwrap();
-                let last_set = sets.last().unwrap();
+                let permutation_product_cosets: Vec<
+                    Polynomial<C::ScalarExt, ExtendedLagrangeCoeff>,
+                > = sets
+                    .iter()
+                    .map(|set| domain.coeff_to_extended(set.permutation_product_poly.clone()))
+                    .collect();
+
+                let first_set_permutation_product_coset =
+                    permutation_product_cosets.first().unwrap();
+                let last_set_permutation_product_coset = permutation_product_cosets.last().unwrap();
 
                 // Permutation constraints
                 parallelize(&mut values, |values, start| {
@@ -422,22 +430,21 @@ impl<C: CurveAffine> Evaluator<C> {
                         // Enforce only for the first set.
                         // l_0(X) * (1 - z_0(X)) = 0
                         *value = *value * y
-                            + ((one - first_set.permutation_product_coset[idx]) * l0[idx]);
+                            + ((one - first_set_permutation_product_coset[idx]) * l0[idx]);
                         // Enforce only for the last set.
                         // l_last(X) * (z_l(X)^2 - z_l(X)) = 0
                         *value = *value * y
-                            + ((last_set.permutation_product_coset[idx]
-                                * last_set.permutation_product_coset[idx]
-                                - last_set.permutation_product_coset[idx])
+                            + ((last_set_permutation_product_coset[idx]
+                                * last_set_permutation_product_coset[idx]
+                                - last_set_permutation_product_coset[idx])
                                 * l_last[idx]);
                         // Except for the first set, enforce.
                         // l_0(X) * (z_i(X) - z_{i-1}(\omega^(last) X)) = 0
-                        for (set_idx, set) in sets.iter().enumerate() {
+                        for set_idx in 0..sets.len() {
                             if set_idx != 0 {
                                 *value = *value * y
-                                    + ((set.permutation_product_coset[idx]
-                                        - permutation.sets[set_idx - 1].permutation_product_coset
-                                            [r_last])
+                                    + ((permutation_product_cosets[set_idx][idx]
+                                        - permutation_product_cosets[set_idx - 1][r_last])
                                         * l0[idx]);
                             }
                         }
@@ -447,12 +454,13 @@ impl<C: CurveAffine> Evaluator<C> {
                         // - z_i(X) \prod_j (p(X) + \delta^j \beta X + \gamma)
                         // )
                         let mut current_delta = delta_start * beta_term;
-                        for ((set, columns), cosets) in sets
-                            .iter()
-                            .zip(p.columns.chunks(chunk_len))
-                            .zip(pk.permutation.cosets.chunks(chunk_len))
+                        for ((permutation_product_coset, columns), cosets) in
+                            permutation_product_cosets
+                                .iter()
+                                .zip(p.columns.chunks(chunk_len))
+                                .zip(pk.permutation.cosets.chunks(chunk_len))
                         {
-                            let mut left = set.permutation_product_coset[r_next];
+                            let mut left = permutation_product_coset[r_next];
                             for (values, permutation) in columns
                                 .iter()
                                 .map(|&column| match column.column_type {
@@ -465,7 +473,7 @@ impl<C: CurveAffine> Evaluator<C> {
                                 left *= values[idx] + beta * permutation[idx] + gamma;
                             }
 
-                            let mut right = set.permutation_product_coset[idx];
+                            let mut right = permutation_product_coset[idx];
                             for values in columns.iter().map(|&column| match column.column_type {
                                 Any::Advice => &advice[column.index],
                                 Any::Fixed => &fixed[column.index],

halo2_backend/src/plonk/permutation/prover.rs

@@ -13,7 +13,7 @@ use crate::{
     plonk::{self, permutation::ProvingKey, ChallengeBeta, ChallengeGamma, ChallengeX, Error},
     poly::{
         commitment::{Blind, Params},
-        Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, ProverQuery,
+        Coeff, LagrangeCoeff, Polynomial, ProverQuery,
     },
     transcript::{EncodedChallenge, TranscriptWrite},
 };
@@ -25,25 +25,15 @@ use halo2_middleware::poly::Rotation;
 
 pub(crate) struct CommittedSet<C: CurveAffine> {
     pub(crate) permutation_product_poly: Polynomial<C::Scalar, Coeff>,
-    pub(crate) permutation_product_coset: Polynomial<C::Scalar, ExtendedLagrangeCoeff>,
     permutation_product_blind: Blind<C::Scalar>,
 }
 
 pub(crate) struct Committed<C: CurveAffine> {
     pub(crate) sets: Vec<CommittedSet<C>>,
 }
 
-pub(crate) struct ConstructedSet<C: CurveAffine> {
-    permutation_product_poly: Polynomial<C::Scalar, Coeff>,
-    permutation_product_blind: Blind<C::Scalar>,
-}
-
-pub(crate) struct Constructed<C: CurveAffine> {
-    sets: Vec<ConstructedSet<C>>,
-}
-
 pub(crate) struct Evaluated<C: CurveAffine> {
-    constructed: Constructed<C>,
+    constructed: Committed<C>,
 }
 
 #[allow(clippy::too_many_arguments)]
@@ -177,39 +167,20 @@ pub(in crate::plonk) fn permutation_commit<
             .commit_lagrange(&engine.msm_backend, &z, blind)
             .to_affine();
         let permutation_product_blind = blind;
-        let z = domain.lagrange_to_coeff(z);
-        let permutation_product_poly = z.clone();
-
-        let permutation_product_coset = domain.coeff_to_extended(z);
+        let permutation_product_poly = domain.lagrange_to_coeff(z);
 
         // Hash the permutation product commitment
         transcript.write_point(permutation_product_commitment)?;
 
         sets.push(CommittedSet {
             permutation_product_poly,
-            permutation_product_coset,
             permutation_product_blind,
         });
     }
 
     Ok(Committed { sets })
 }
 
-impl<C: CurveAffine> Committed<C> {
-    pub(in crate::plonk) fn construct(self) -> Constructed<C> {
-        Constructed {
-            sets: self
-                .sets
-                .iter()
-                .map(|set| ConstructedSet {
-                    permutation_product_poly: set.permutation_product_poly.clone(),
-                    permutation_product_blind: set.permutation_product_blind,
-                })
-                .collect(),
-        }
-    }
-}
-
 impl<C: CurveAffine> super::ProvingKey<C> {
     pub(in crate::plonk) fn open(
         &self,
@@ -236,7 +207,7 @@ impl<C: CurveAffine> super::ProvingKey<C> {
     }
 }
 
-impl<C: CurveAffine> Constructed<C> {
+impl<C: CurveAffine> Committed<C> {
     pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
         self,
         pk: &plonk::ProvingKey<C>,

halo2_backend/src/plonk/prover.rs

@@ -68,9 +68,7 @@ impl<
         engine: PlonkEngine<Scheme::Curve, M>,
         params: &'params Scheme::ParamsProver,
         pk: &'a ProvingKey<Scheme::Curve>,
-        // TODO: If this was a vector the usage would be simpler
-        // https://github.com/privacy-scaling-explorations/halo2/issues/265
-        instance: &[&[Scheme::Scalar]],
+        instance: Vec<Vec<Scheme::Scalar>>,
         rng: R,
         transcript: &'a mut T,
     ) -> Result<Self, Error>
@@ -90,9 +88,7 @@ impl<
     pub fn new(
         params: &'params Scheme::ParamsProver,
         pk: &'a ProvingKey<Scheme::Curve>,
-        // TODO: If this was a vector the usage would be simpler
-        // https://github.com/privacy-scaling-explorations/halo2/issues/265
-        instance: &[&[Scheme::Scalar]],
+        instance: Vec<Vec<Scheme::Scalar>>,
         rng: R,
         transcript: &'a mut T,
     ) -> Result<ProverSingle<'a, 'params, Scheme, P, E, R, T, H2cEngine>, Error>
@@ -175,9 +171,7 @@ impl<
         engine: PlonkEngine<Scheme::Curve, M>,
         params: &'params Scheme::ParamsProver,
         pk: &'a ProvingKey<Scheme::Curve>,
-        // TODO: If this was a vector the usage would be simpler.
-        // https://github.com/privacy-scaling-explorations/halo2/issues/265
-        circuits_instances: &[&[&[Scheme::Scalar]]],
+        circuits_instances: &[Vec<Vec<Scheme::Scalar>>],
         rng: R,
         transcript: &'a mut T,
     ) -> Result<Self, Error>
@@ -201,7 +195,7 @@ impl<
         // commit_instance_fn is a helper function to return the polynomials (and its commitments) of
         // instance columns while updating the transcript.
         let mut commit_instance_fn =
-            |instance: &[&[Scheme::Scalar]]| -> Result<InstanceSingle<Scheme::Curve>, Error> {
+            |instance: &[Vec<Scheme::Scalar>]| -> Result<InstanceSingle<Scheme::Curve>, Error> {
                 // Create a lagrange polynomial for each instance column
 
                 let instance_values = instance
@@ -804,9 +798,7 @@ impl<
         let permutations_evaluated: Vec<permutation::prover::Evaluated<Scheme::Curve>> =
             permutations_commited
                 .into_iter()
-                .map(|permutation| -> Result<_, _> {
-                    permutation.construct().evaluate(pk, x, self.transcript)
-                })
+                .map(|permutation| -> Result<_, _> { permutation.evaluate(pk, x, self.transcript) })
                 .collect::<Result<Vec<_>, _>>()?;
 
         // Evaluate the lookups, if any, at omega^i x.
@@ -907,9 +899,7 @@ impl<
     pub fn new(
         params: &'params Scheme::ParamsProver,
         pk: &'a ProvingKey<Scheme::Curve>,
-        // TODO: If this was a vector the usage would be simpler.
-        // https://github.com/privacy-scaling-explorations/halo2/issues/265
-        circuits_instances: &[&[&[Scheme::Scalar]]],
+        circuits_instances: &[Vec<Vec<Scheme::Scalar>>],
         rng: R,
         transcript: &'a mut T,
     ) -> Result<Prover<'a, 'params, Scheme, P, E, R, T, H2cEngine>, Error>

halo2_backend/src/plonk/vanishing/prover.rs

@@ -131,18 +131,20 @@ impl<C: CurveAffine> Committed<C> {
             .collect();
 
         // Compute commitments to each h(X) piece
-        let h_commitments_projective: Vec<_> = h_pieces
-            .iter()
-            .zip(h_blinds.iter())
-            .map(|(h_piece, blind)| params.commit(&engine.msm_backend, h_piece, *blind))
-            .collect();
-        let mut h_commitments = vec![C::identity(); h_commitments_projective.len()];
-        C::Curve::batch_normalize(&h_commitments_projective, &mut h_commitments);
-        let h_commitments = h_commitments;
+        let h_commitments = {
+            let h_commitments_projective: Vec<_> = h_pieces
+                .iter()
+                .zip(h_blinds.iter())
+                .map(|(h_piece, blind)| params.commit(&engine.msm_backend, h_piece, *blind))
+                .collect();
+            let mut h_commitments = vec![C::identity(); h_commitments_projective.len()];
+            C::Curve::batch_normalize(&h_commitments_projective, &mut h_commitments);
+            h_commitments
+        };
 
         // Hash each h(X) piece
-        for c in h_commitments.iter() {
-            transcript.write_point(*c)?;
+        for c in h_commitments {
+            transcript.write_point(c)?;
         }
 
         Ok(Constructed {

halo2_backend/src/plonk/verifier.rs

@@ -34,7 +34,7 @@ pub fn verify_proof_single<'params, Scheme, V, E, T, Strategy>(
     params: &'params Scheme::ParamsVerifier,
     vk: &VerifyingKey<Scheme::Curve>,
     strategy: Strategy,
-    instance: &[&[Scheme::Scalar]],
+    instance: Vec<Vec<Scheme::Scalar>>,
     transcript: &mut T,
 ) -> Result<Strategy::Output, Error>
 where
@@ -60,7 +60,7 @@ pub fn verify_proof<
     params: &'params Scheme::ParamsVerifier,
     vk: &VerifyingKey<Scheme::Curve>,
     strategy: Strategy,
-    instances: &[&[&[Scheme::Scalar]]],
+    instances: &[Vec<Vec<Scheme::Scalar>>],
     transcript: &mut T,
 ) -> Result<Strategy::Output, Error>
 where
@@ -301,9 +301,12 @@ where
                     .instance_queries
                     .iter()
                     .map(|(column, rotation)| {
-                        let instances = instances[column.index];
+                        let instances = &instances[column.index];
                         let offset = (max_rotation - rotation.0) as usize;
-                        compute_inner_product(instances, &l_i_s[offset..offset + instances.len()])
+                        compute_inner_product(
+                            instances.as_slice(),
+                            &l_i_s[offset..offset + instances.len()],
+                        )
                     })
                     .collect::<Vec<_>>()
             })

halo2_backend/src/plonk/verifier/batch.rs

@@ -99,7 +99,6 @@ where
             // `is_zero() == false` then this argument won't be able to interfere with it
             // to make it true, with high probability.
             acc.scale(C::Scalar::random(OsRng));
-
             acc.add_msm(&msm);
             acc
         }
@@ -109,16 +108,9 @@ where
             .into_par_iter()
             .enumerate()
             .map(|(i, item)| {
-                let instances: Vec<Vec<_>> = item
-                    .instances
-                    .iter()
-                    .map(|i| i.iter().map(|c| &c[..]).collect())
-                    .collect();
-                let instances: Vec<_> = instances.iter().map(|i| &i[..]).collect();
-
                 let strategy = BatchStrategy::new(params);
                 let mut transcript = Blake2bRead::init(&item.proof[..]);
-                verify_proof(params, vk, strategy, &instances, &mut transcript).map_err(|e| {
+                verify_proof(params, vk, strategy, &item.instances, &mut transcript).map_err(|e| {
                     tracing::debug!("Batch item {} failed verification: {}", i, e);
                     e
                 })

halo2_debug/Cargo.toml

@@ -25,3 +25,5 @@ ff = "0.13"
 halo2curves = { version = "0.6.1", default-features = false }
 num-bigint = "0.4.5"
 halo2_middleware = { path = "../halo2_middleware" }
+rand_core = "0.6.4"
+rand_chacha = "0.3"