Divide-By-0
commented
8 months ago This is unmaintained and deprecated.
Closed Divide-By-0 closed 8 months ago
Divide-By-0
commented
8 months ago This is unmaintained and deprecated.
To understand these circuits, here are some dms from the discord:
Blake: Vu and I ended up having a discussion about how to divide up the work. The plan for the immediate future is that I will implement the elliptic curve equations using https://github.com/privacy-scaling-explorations/halo2wrong, and he will pull the SHA256 circuit from zkEVM and use it to compute the hash. (Aayush note: we are sticking to SHA256 for the near future, no Posiedon plans, Axiom has an audited sha256 circuit)
Aayush: We need to add hash to curve starting from timofeys work (https://github.com/axiom-crypto/halo2-lib/pull/179), not from blake's work (who i believe didn't start this specific circuit but did most of the rest).
Timofey: Right, as secp256k1 and BLS12 are both weierstrass curves same simplified SWU should apply, XMD message expansion should work too One thing that can be different is sqrt_ratio for the Fq - there are multiple algos based on field modulus (see https://github.com/paulmillr/noble-curves/blob/main/src/abstract/weierstrass.ts#L1153), though the way I implemented sqrt_ratio in-circuit is by constraining the output supplied as private input, so it should only matter off-circuit I have not work with secp256k1 in halo2lib so there might be some other unimplemented traits like Selectable but aside of that it looks like a fairly easy adaptation