This repository has been archived by the owner on Jul 5, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add KeccakFConfig & allocation structure def The KeccakFConfig contains all of the gadget configurations of the gadgets plus the logic for the allocations of each of the keccak steps on each of the regions. This is the first design guideline that seems can fit in with the infra we have. Works with #105 * Remove biguint_to_pallas duplicity * Add aux functions to switch state repr We need to move from `FieldExt` to `BigUint` Repr in order to execute KeccaK intermediate steps so that we can allocate all the intermediate states of the keccak algorithm inside of the circuit. Therefore we need functions that allow us to swap between both representations. * Add `assign_state` placeholders for Pi and Rho Configs * Add 24-loop state allocation phase in KeccakConfig * Add state_assign minus mixing stage * Add configure initial impl for `KeccakConfig` * Add basic b9 & b13 ROUND_CTANTS allocation * Change gadgets state allocation to add out_state We now also allocate the out_state of the gadget when we allocate the entire witness for the gadget in keccak. * Merge `next_input` and state assigment to single fn We can simply do the assigment of the `out_state`, `state` and `next_input` in a single function reducing the overhead and the verbosity. * Change `q_enable` activations to happen in `assign_state` * Add missing offset increments in KeccakConfig allocation * Set IotaB9Config Selector as generic Expression * Set IotaB13 Selector as Expression * Change AbsorbConfig design and allocation We now allocate the Absorb as: - State Row - Next Mixing Row - Out State Row * Move state transformation fns to arith_helpers mod * Add MixingConfig preliminary design * Externalize state conversion functions * Add out_state computation during `assign_state` runtime for B13 & B9 * Add `State` creation function in arith_helpers * Change AbsorbConfig assigment to compute out_state internally * Add assign_state_and_mixing_flag_and_rc for IotaB9Config * Finalize first MixingConfig configure fn * Change AbsorbConfig to copy_cell strategy * Add IotaB13Config Cell copy constrains strategy & modify tests * Update IotaB9Config assigment functions * Change KeccakF circuit calls to IotaB9 and Mixing configs * Fix `state_bigint_to_pallas` slice copy lengths * Add mixing step to KeccakFArith * test_absorb_gate: Witness input state to get (Cell, Value) tuples. * Fix range of `state_to_state_bigint` * IotaB9:_Fix test_flag wrong assignation_err * iota_b9: Introduce q_last, q_not_last selectors. These are used to differentiate between gates for the steady state, and gates for the final round (where an is_mixing flag is witnessed by the prover). In the final round, q_last * flag is used as a composite selector. * Add IotaB9 missing test cases * IotaB13: Add internal selector + flag setup With the previous setup, the gate was producing `ConstraintPoisoned` due to the usage of `round_ctant_b13` at rotation:next to store the `is_mixing` flag inside. It also was activated/deactivated following the same bool logic as IotaB9, and has been changed. - IotaB13 now activates when `is_mixing = false` so no matter the inputs the verification will pass as the gate is not active. - IotaB13 contains now an internal selector `q_mixing` which is always active and prevents the gate equations to fail due to queriyng `round_ctant_b13` cells that they shouldn't. This completes all the development needed for IotaB9 and IotaB13 in order to add them inside the `MixingConfig` and so work towards closing issue #105 * Absorb: Add internal selector + flag setup With the previous setup, the gate was producing `ConstraintPoisoned` due to the usage of `absorb_next_inputs` at rotation:next to store the `is_mixing` flag inside. It also was activated/deactivated following the same bool logic as IotaB9, and has been changed. - Absorb now activates when `is_mixing = false` so no matter the inputs the verification will pass as the gate is not active. - Absorb contains now an internal selector `q_mixing` which is always active and prevents the gate equations to fail due to queriyng `absorb_next_inputs` cells that they shouldn't. ASSIGNATION MAP: - STATE (25 columns) (offset -1) - NEXT_INPUTS (17 columns) + is_mixing flag (1 column) (offset +0) (current rotation) - OUT_STATE (25 columns) (offset +1) This completes all the development needed for `AbsorbConfig` in order to add them inside the `MixingConfig` and so work towards closing issue #105 * Add state computation fn's for configs It's much easier, clean and less verbose to compute `in_state`, `out_state` and `next_inputs` with an associated function for the MixingConfig sub-configs. And also makes the tests much less verbose. * Update StateBigint in compute_states signatures * Mixing: Add `MixingConfig` impl + tests lacking base conversion * mixing: Witness flag in state assignation * Rho: Derive `Debug` for all configs * xi: Apply copy_constraints for xi inputs It is critical for the correctness of the keccak circuit to apply copy constraints between the gates while executing the rounds. Works towards solving: #219 * Add OFFSET associated consts * Ignore failing Mixing tests * Clippy fixes * Replace pallas by field * Add zeroed_bytes assertion Co-authored-by: ying tong <[email protected]>
- Loading branch information