This changes variable names in the multiopen and commitment opening implementations
and the book's protocol description to keep names and indicies consistent with one
another.
Co-Authored-By: Jack Grigg <jack@electriccoin.co>
`cargo rustdoc` only works for a single package. To render docs for
a workspace while passing config options to `rustdoc`, we need to use
the `RUSTDOCFLAGS` environment variable.
We also add several other flags to handle the switch to `cargo doc`:
- `--no-deps` ensures we only build packages in the workspace.
- `--enable-index-page` (unstable) adds a landing page showing the list
of rendered crate docs.
* use biimplication in the correctness argument to ensure both soundness and completeness;
* avoid introducing lambda at all; it's unnecessary and omitting it shortens the explanation.
Co-authored-by: Jack Grigg <str4d@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
- The crate module structure from `orchard` has been flattened.
- The book pages we want to include in `halo2` have been moved to their
target location, to avoid any conflicts during the merge.
- Common files that already exist in zcash/halo2 have been removed.
We define some simple fixed bases around the default Pallas generator,
and a simple Sinsemilla instantiation. The tests now compile and pass.
Co-authored-by: ying tong <yingtong@z.cash>
The tests do not compile as of this commit, due to Orchard-specific
constants being deleted, but everything else compiles.
Co-authored-by: ying tong <yingtong@z.cash>
Previously `plonk::verify_proof` took an `MSM` as an argument, to enable
batch verification. However, this also required that it take a source of
randomness in order to enforce separation of proofs within a batch. This
made single-proof verification unnecessarily non-deterministic.
We now have a `VerificationStrategy` trait encapsulating the necessary
details, and separate `SingleVerifier` and `BatchVerifier` structs for
the specific variants. Proof verifiers no longer need to create and
manage the `MSM` themselves, and single-proof verifiers no longer need
to supply a source of randomness.
Co-authored-by: Sean Bowe <sean@electriccoin.co>
Previously we were passing through the chunk size and index to each
thread's evaluation context, but this was insufficient for them to
determine whether or not they were processing the final chunk, or if
the final chunk was short. This led to constant and linear term chunks
being created with the full chunk size, even if the last chunk was
short. If this longer-than-short chunk reached the root of the AST, it
triggered a panic in the final `copy_from_slice()`.
The bug was obscured in two ways:
- Currently polynomials always have a power-of-two length, and on CPUs
with power-of-two threads this meant we never produced short chunks.
- The way that subsequent operations like `Ast::Add` were implemented
meant that if a constant or linear term occurred on the right-hand
side of an operation, the longer chunks were masked to the short chunk
length.
We fix this by passing the polynomial length into each thread's context,
so that we can compute the correct length for the final chunk.
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
We don't want to provide a generic `map` function, since that would
enable users to arbitrarily alter the value connected to a given cell.
If a new value is being produced, that should either happen outside of
the context of a cell (e.g. intermediate values from witness generation)
or in the context of a newly-assigned cell.
However, in the case of the `Assigned<F>` type, we do need the ability
to evaluate the deferred inversion in some cases (e.g. to then operate
on the bits of the value). So for this `AssignedCell` specialization, we
provide a pass-through `evaluate()` method that otherwise preserves the
cell-value connection.
In zcash/halo2#383 we altered the bounds on region assignment methods
like `Region::assign_advice` to constrain the value closure's result on
`for<'vr> Assigned<F>: From<&'vr VR>` instead of `VR: Into<Assigned<F>>`.
This had the unintended side-effect that `Assigned<F>` could no longer
be returned from the closure, because we were previously relying on the
implicit `impl From<T> for T` provided by Rust, which no longer fits the
bound. This commit adds the missing from-reference impl to restore
functionality, re-enabling inversion deferrment.
