Add permutations to Halo2 circuits

2026-04-20 03:03:25 -04:00 · 2023-06-05 12:08:21 +02:00
parent aea0b8750f
commit 6df144ee18
3 changed files with 46 additions and 36 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,7 +14,11 @@ members = [
 ]

 [patch."https://github.com/privacy-scaling-explorations/halo2.git"]
-halo2_proofs = { git = "https://github.com/appliedzkp/halo2.git", rev = "d3746109d7d38be53afc8ddae8fdfaf1f02ad1d7" }
+# TODO change back to this once the PR is merged
+#halo2_proofs = { git = "https://github.com/appliedzkp/halo2.git", rev = "d3746109d7d38be53afc8ddae8fdfaf1f02ad1d7" }
+halo2_proofs = { git = "https://github.com/kilic/halo2", branch = "shuffle" }

 [patch.crates-io]
-halo2_proofs = { git = "https://github.com/appliedzkp/halo2.git", rev = "d3746109d7d38be53afc8ddae8fdfaf1f02ad1d7" }
+# TODO change back to this once the PR is merged
+#halo2_proofs = { git = "https://github.com/appliedzkp/halo2.git", rev = "d3746109d7d38be53afc8ddae8fdfaf1f02ad1d7" }
+halo2_proofs = { git = "https://github.com/kilic/halo2", branch = "shuffle" }
--- a/halo2/Cargo.toml
+++ b/halo2/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 [dependencies]
 number = { path = "../number" }
 pil_analyzer = { path = "../pil_analyzer" }
-polyexen = { git = "https://github.com/Dhole/polyexen", rev="5f1eebd773e0e2ae82b1c8dc15d68f422b87c6e5"}
+polyexen = { git = "https://github.com/Dhole/polyexen", branch = "feature/shuffles" }
 halo2_proofs = "0.2"
 num-traits = "0.2.15"
 num-integer = "0.1.45"
--- a/halo2/src/circuit_builder.rs
+++ b/halo2/src/circuit_builder.rs
@@ -1,7 +1,9 @@
 use num_bigint::BigUint;
 use polyexen::expr::{ColumnKind, ColumnQuery, Expr, PlonkVar};
 use polyexen::plaf::backends::halo2::PlafH2Circuit;
-use polyexen::plaf::{ColumnFixed, ColumnWitness, Columns, Info, Lookup, Plaf, Poly, Witness};
+use polyexen::plaf::{
+    ColumnFixed, ColumnWitness, Columns, Info, Lookup, Plaf, Poly, Shuffle, Witness,
+};

 use num_traits::One;
 use number::{BigInt, FieldElement};
@@ -55,6 +57,7 @@ pub(crate) fn analyzed_to_circuit<T: FieldElement>(
    );

    let mut lookups = vec![];
+    let mut shuffles = vec![];
    let mut polys = vec![];

    // build Plaf columns -------------------------------------------------
@@ -83,6 +86,31 @@ pub(crate) fn analyzed_to_circuit<T: FieldElement>(

    // build Plaf polys. -------------------------------------------------------------------------

+    let apply_selectors_to_set = |set: &SelectedExpressions<T>| {
+        let selector = set
+            .selector
+            .clone()
+            .map_or(Expr::Const(BigUint::one()), |expr| {
+                expression_2_expr(&cd, &expr)
+            });
+
+        let contains_next_ref = set.expressions.iter().any(|exp| exp.contains_next_ref());
+
+        let selector = Expr::Mul(vec![
+            selector,
+            if contains_next_ref {
+                q_enable_next.clone()
+            } else {
+                q_enable_cur.clone()
+            },
+        ]);
+
+        set.expressions
+            .iter()
+            .map(|expr| selector.clone() * expression_2_expr(&cd, expr))
+            .collect()
+    };
+
    for id in &analyzed.identities {
        match id.kind {
            IdentityKind::Polynomial => {
@@ -114,36 +142,8 @@ pub(crate) fn analyzed_to_circuit<T: FieldElement>(
                });
            }
            IdentityKind::Plookup => {
-                // lookups.
-
-                let wrap_lookup = |side: &SelectedExpressions<T>| {
-                    let selector = side
-                        .selector
-                        .clone()
-                        .map_or(Expr::Const(BigUint::one()), |expr| {
-                            expression_2_expr(&cd, &expr)
-                        });
-
-                    let contains_next_ref =
-                        side.expressions.iter().any(|exp| exp.contains_next_ref());
-
-                    let selector = Expr::Mul(vec![
-                        selector,
-                        if contains_next_ref {
-                            q_enable_next.clone()
-                        } else {
-                            q_enable_cur.clone()
-                        },
-                    ]);
-
-                    side.expressions
-                        .iter()
-                        .map(|expr| selector.clone() * expression_2_expr(&cd, expr))
-                        .collect()
-                };
-
-                let left = wrap_lookup(&id.left);
-                let right = wrap_lookup(&id.right);
+                let left = apply_selectors_to_set(&id.left);
+                let right = apply_selectors_to_set(&id.right);

                lookups.push(Lookup {
                    name: "".to_string(),
@@ -151,8 +151,13 @@ pub(crate) fn analyzed_to_circuit<T: FieldElement>(
                });
            }
            IdentityKind::Permutation => {
-                // TODO anything that uses permutations is
-                // fully unconstrained right now!!!
+                let left = apply_selectors_to_set(&id.left);
+                let right = apply_selectors_to_set(&id.right);
+
+                shuffles.push(Shuffle {
+                    name: "".to_string(),
+                    exps: (left, right),
+                });
            }
            _ => unimplemented!(),
        }
@@ -206,6 +211,7 @@ pub(crate) fn analyzed_to_circuit<T: FieldElement>(
        polys,
        metadata: Default::default(),
        lookups,
+        shuffles,
        copys,
        fixed,
    };