fix previous commit

Author: Velaciela

Cargo.lock

@@ -55,7 +55,7 @@ blake2b_simd = "1"
 sha3 = "0.9.1"
 subtle = "2.3"
 cfg-if = "0.1"
-poseidon = { git = "https://github.com/scroll-tech/poseidon.git", branch = "scroll-dev-0220" }
+poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon.git", tag = "v2023_04_20" }
 num-integer = "0.1"
 num-bigint = { version = "0.4", features = ["rand"] }
 

halo2_proofs/Cargo.toml

@@ -263,7 +263,7 @@ fn serial_split_fft<Scalar: Field, G: FftGroup<Scalar>>(
 
         let mut k = 0;
         while k < n {
-            let mut w = G::Scalar::ONE;
+            let mut w = Scalar::ONE;
             for j in 0..m {
                 let mut t = a[(k + j + m) as usize];
                 t *= &w;
@@ -293,10 +293,15 @@ fn split_radix_fft<Scalar: Field, G: FftGroup<Scalar>>(
 
     // we use out-place bitreverse here, split_m <= num_threads, so the buffer spase is small
     // and it's is good for data locality
-    let mut t1 = vec![G::Scalar::ZERO; split_m];
+    // COPY `a` to init temp buffer,
+    // it's a workaround for G: FftGroup,
+    // used to be: vec![G::identity; split_m];
+    // let mut t1 = a.clone();
     // if unsafe code is allowed, a 10% performance improvement can be achieved
-    // let mut t1: Vec<G> = Vec::with_capacity(split_m as usize);
-    // unsafe{ t1.set_len(split_m as usize); }
+    let mut t1: Vec<G> = Vec::with_capacity(split_m as usize);
+    unsafe {
+        t1.set_len(split_m as usize);
+    }
     for i in 0..split_m {
         t1[bitreverse(i, log_split)] = a[(i * sub_n + sub_fft_offset)];
     }
@@ -310,7 +315,7 @@ fn split_radix_fft<Scalar: Field, G: FftGroup<Scalar>>(
     if high_idx > 0 {
         omega = omega * twiddle_lut[(1 << sparse_degree) + high_idx];
     }
-    let mut w_m = G::Scalar::ONE;
+    let mut w_m = Scalar::ONE;
     for i in 0..split_m {
         t1[i] *= &w_m;
         tmp[i] = t1[i];
@@ -329,7 +334,7 @@ pub fn generate_twiddle_lookup_table<F: Field>(
 
     // dense
     if is_lut_len_large {
-        let mut twiddle_lut = vec![F::zero(); (1 << log_n) as usize];
+        let mut twiddle_lut = vec![F::ZERO; (1 << log_n) as usize];
         parallelize(&mut twiddle_lut, |twiddle_lut, start| {
             let mut w_n = omega.pow_vartime([start as u64, 0, 0, 0]);
             for twiddle_lut in twiddle_lut.iter_mut() {
@@ -343,7 +348,7 @@ pub fn generate_twiddle_lookup_table<F: Field>(
     // sparse
     let low_degree_lut_len = 1 << sparse_degree;
     let high_degree_lut_len = 1 << (log_n - sparse_degree - without_last_level as u32);
-    let mut twiddle_lut = vec![F::zero(); (low_degree_lut_len + high_degree_lut_len) as usize];
+    let mut twiddle_lut = vec![F::ZERO; (low_degree_lut_len + high_degree_lut_len) as usize];
     parallelize(
         &mut twiddle_lut[..low_degree_lut_len],
         |twiddle_lut, start| {
@@ -378,10 +383,15 @@ pub fn parallel_fft<Scalar: Field, G: FftGroup<Scalar>>(a: &mut [G], omega: Scal
     let twiddle_lut = generate_twiddle_lookup_table(omega, log_n, SPARSE_TWIDDLE_DEGREE, true);
 
     // split fft
-    let mut tmp = vec![G::Scalar::ZERO; n];
+    // COPY `a` to init temp buffer,
+    // it's a workaround for G: FftGroup,
+    // used to be: vec![G::identity; n];
+    // let mut tmp = a.clone();
     // if unsafe code is allowed, a 10% performance improvement can be achieved
-    // let mut tmp: Vec<G> = Vec::with_capacity(n);
-    // unsafe{ tmp.set_len(n); }
+    let mut tmp: Vec<G> = Vec::with_capacity(n);
+    unsafe {
+        tmp.set_len(n);
+    }
     multicore::scope(|scope| {
         let a = &*a;
         let twiddle_lut = &*twiddle_lut;

halo2_proofs/src/arithmetic.rs

@@ -97,7 +97,7 @@ impl Region {
 }
 
 /// The value of a particular cell within the circuit.
-#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+#[derive(Clone, Copy, Debug, Eq)]
 pub enum CellValue<F: Field> {
     /// An unassigned cell.
     Unassigned,
@@ -110,7 +110,7 @@ pub enum CellValue<F: Field> {
     Poison(usize),
 }
 
-impl<F: Group + Field> PartialEq for CellValue<F> {
+impl<F: Field> PartialEq for CellValue<F> {
     fn eq(&self, other: &Self) -> bool {
         match (self, other) {
             (Self::Unassigned, Self::Unassigned) => true,

halo2_proofs/src/dev.rs

@@ -86,7 +86,7 @@ pub(super) fn load<'a, F: Field, T: ColumnType, Q: Into<AnyQuery> + Copy>(
 }
 */
 
-pub(super) fn load_slice<'a, F: FieldExt, T: ColumnType, Q: Into<AnyQuery> + Copy>(
+pub(super) fn load_slice<'a, F: Field, T: ColumnType, Q: Into<AnyQuery> + Copy>(
     n: i32,
     row: i32,
     queries: &'a [(Column<T>, Rotation)],

halo2_proofs/src/dev/util.rs

@@ -1,8 +1,6 @@
 use crate::plonk::{Any, Column};
 use crate::poly::Polynomial;
-use ff::Field;
-use ff::PrimeField;
-use halo2curves::FieldExt;
+use ff::{Field, FromUniformBytes, PrimeField};
 use halo2curves::{pairing::Engine, serde::SerdeObject, CurveAffine};
 use num_bigint::BigUint;
 use std::io;
@@ -42,24 +40,30 @@ pub(crate) trait CurveRead: CurveAffine {
 }
 impl<C: CurveAffine> CurveRead for C {}
 
-pub fn field_to_bn<F: FieldExt>(f: &F) -> BigUint {
+pub fn field_to_bn<F: PrimeField>(f: &F) -> BigUint {
     BigUint::from_bytes_le(f.to_repr().as_ref())
 }
 
 /// Input a big integer `bn`, compute a field element `f`
 /// such that `f == bn % F::MODULUS`.
-pub fn bn_to_field<F: FieldExt>(bn: &BigUint) -> F {
+pub fn bn_to_field<F: PrimeField>(bn: &BigUint) -> F
+where
+    F: FromUniformBytes<64>,
+{
     let mut buf = bn.to_bytes_le();
     buf.resize(64, 0u8);
 
     let mut buf_array = [0u8; 64];
     buf_array.copy_from_slice(buf.as_ref());
-    F::from_bytes_wide(&buf_array)
+    F::from_uniform_bytes(&buf_array)
 }
 
 /// Input a base field element `b`, output a scalar field
 /// element `s` s.t. `s == b % ScalarField::MODULUS`
-pub(crate) fn base_to_scalar<C: CurveAffine>(base: &C::Base) -> C::Scalar {
+pub(crate) fn base_to_scalar<C: CurveAffine>(base: &C::Base) -> C::Scalar
+where
+    C::Scalar: FromUniformBytes<64>,
+{
     let bn = field_to_bn(base);
     // bn_to_field will perform a mod reduction
     bn_to_field(&bn)
@@ -103,6 +107,7 @@ mod test {
         }
     }
 }
+
 pub trait SerdeCurveAffine: CurveAffine + SerdeObject {
     /// Reads an element from the buffer and parses it according to the `format`:
     /// - `Processed`: Reads a compressed curve element and decompress it

halo2_proofs/src/helpers.rs

@@ -424,6 +424,7 @@ where
     C: CurveAffine,
     P: Params<'params, C>,
     ConcreteCircuit: Circuit<C::Scalar>,
+    <C as CurveAffine>::ScalarExt: FromUniformBytes<64>,
 {
     keygen_pk_impl(params, None, circuit)
 }
@@ -438,6 +439,7 @@ where
     C: CurveAffine,
     P: Params<'params, C>,
     ConcreteCircuit: Circuit<C::Scalar>,
+    <C as CurveAffine>::ScalarExt: FromUniformBytes<64>,
 {
     keygen_pk_impl(params, Some(vk), circuit)
 }
@@ -452,6 +454,7 @@ where
     C: CurveAffine,
     P: Params<'params, C>,
     ConcreteCircuit: Circuit<C::Scalar>,
+    <C as CurveAffine>::ScalarExt: FromUniformBytes<64>,
 {
     let (domain, cs, config) = create_domain::<C, ConcreteCircuit>(params.k());
 

halo2_proofs/src/plonk/keygen.rs

@@ -466,7 +466,7 @@ where
                     //*cell = C::Scalar::one();
                     //}
                     let idx = advice_values.len() - 1;
-                    advice_values[idx] = Scheme::Scalar::one();
+                    advice_values[idx] = Scheme::Scalar::ONE;
                 }
 
                 // Compute commitments to advice column polynomials

halo2_proofs/src/plonk/prover.rs

@@ -50,10 +50,10 @@ impl<C: CurveAffine> Argument<C> {
         transcript: &mut T,
     ) -> Result<Committed<C>, Error> {
         // Sample a random polynomial of degree n - 1
-        let random_poly = domain.constant_lagrange(C::Scalar::one());
+        let random_poly = domain.constant_lagrange(C::Scalar::ONE);
         let random_poly = domain.lagrange_to_coeff(random_poly);
         // Sample a random blinding factor
-        let random_blind = Blind(C::Scalar::zero());
+        let random_blind = Blind(C::Scalar::ZERO);
         let c = params.commit(&random_poly, random_blind).to_affine();
         // We write the identity point to the transcript which
         // is the commitment of the zero polynomial.

halo2_proofs/src/plonk/vanishing/prover.rs

@@ -458,7 +458,7 @@ impl<F: WithSmallOrderMulGroup<3>> EvaluationDomain<F> {
         parallelize(a, |a, index| {
             let mut c_power = c.pow_vartime(&[index as u64, 0, 0, 0]);
             for a in a {
-                a = a * (&c_power);
+                *a = *a * (&c_power);
                 c_power = c_power * c;
             }
         });
@@ -654,7 +654,7 @@ fn test_l_i() {
         points.push(domain.omega.pow(&[i, 0, 0, 0]));
     }
     for i in 0..8 {
-        let mut l_i = vec![Scalar::zero(); 8];
+        let mut l_i = vec![Scalar::ZERO; 8];
         l_i[i] = Scalar::ONE;
         let l_i = lagrange_interpolate(&points[..], &l_i[..]);
         l.push(l_i);