search

privacy-scaling-explorations / halo2curves

Other
174 stars 141 forks source link

Add BLS12-381 #162

Closed kilic closed 4 months ago

kilic commented 6 months ago

Another take of BLS12 addition with a PR chain #154 #160 #161.

This PR also introduces compile time flag configuration to follow zcash serialization for BLS12381. However it leaves uncompressed encoding as it was, without usage of flags.

dragan2234 commented 5 months ago

@kilic just for the record, I was trying to generate simple proof with bls12-381 with this branch and still getting an error:

the trait bound `halo2curves::bls12381::G1Affine: halo2_proofs::halo2curves::serde::SerdeObject` is not satisfied
required for `halo2curves::bls12381::G1Affine` to implement `halo2_backend::helpers::SerdeCurveAffine`
required for `ParamsKZG<Bls12381>` to implement `Params<halo2curves::bls12381::G1Affine>`

and

the trait bound `halo2curves::bls12381::G2Affine: halo2_proofs::halo2curves::serde::SerdeObject` is not satisfied
required for `halo2curves::bls12381::G2Affine` to implement `halo2_backend::helpers::SerdeCurveAffine`
required for `ParamsKZG<Bls12381>` to implement `Params<halo2curves::bls12381::G1Affine>`
kilic commented 5 months ago

@dragan2234 both bls12381::G1Affine and bls12381::G2Affine does implement CurveAffine and SerdeObject which are only bounds for SerdeCurveAffine. In your workspace does all SerdeObject resolve to the one in this PR?

dragan2234 commented 5 months ago

@kilic This is my Cargo.toml:

halo2curves = { git = "https://github.com/kilic/halo2curves.git", branch = "bls12" }

I double-checked the files and it's the same as in this PR.

SerdeObject for groups is done in macro in derive/curve.rs if I understand correctly. and the line where it fails:

    let vk = keygen_vk(&params, &MyCircuit).expect("keygen_vk should not fail");

it also says:

keygen.rs(23, 8): required by a bound in `keygen_vk`

which resolves to:

/// Generate a `VerifyingKey` from an instance of `Circuit`.
/// By default, selector compression is turned **ON**.
///
/// **NOTE**: This `keygen_vk` is legacy one, assuming that `compress_selector: true`.
/// Hence, it is HIGHLY recommended to pair this util with `keygen_pk`.
/// In addition, when using this for key generation, user MUST use `compress_selectors: true`.
pub fn keygen_vk<C, P, ConcreteCircuit>(
    params: &P,
    circuit: &ConcreteCircuit,
) -> Result<VerifyingKey<C>, Error>
where
    C: CurveAffine,
    P: Params<C>,
    ConcreteCircuit: Circuit<C::Scalar>,
    C::Scalar: FromUniformBytes<64>,
{
    keygen_vk_custom(params, circuit, true)
}

Line:

    P: Params<C>,

where Params is:

pub trait Params<C: CurveAffine>: Sized + Clone + Debug {
kilic commented 5 months ago

@dragan2234 On my end I'm able to run halo2_proof::tests::plonk_api with BLS12-381

dragan2234 commented 5 months ago

@kilic thanks! I didn't change the dependency in other crates, the bug is fixed now (still can't produce proofs, but I think it's not related to the curve this time, but my circuit)

davidnevadoc commented 4 months ago

Ready to merge? @kilic