WIP optimizations

Cargo.toml

@@ -24,10 +24,6 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 name = "arithmetic"
 harness = false
 
-[[bench]]
-name = "hashtocurve"
-harness = false
-
 [[bench]]
 name = "plonk"
 harness = false
@@ -37,9 +33,15 @@ backtrace = { version = "0.3", optional = true }
 rayon = "1.5.1"
 ff = "0.11"
 group = "0.11"
-pasta_curves = "0.2.1"
 rand = "0.8"
 blake2b_simd = "0.5"
+# pairing = { path = '../pairing', package = "pairing_bn256" }
+pairing = { git = 'https://github.com/appliedzkp/pairing', package = "pairing_bn256" }
+rand_core = { version = "0.6", default-features = false }
+subtle = "2.3"
+ark-std = { version = "0.3", features = ["print-trace"] }
+itertools = "0.8.0"
+
 
 # Developer tooling dependencies
 plotters = { version = "0.3.0", optional = true }
@@ -50,6 +52,8 @@ assert_matches = "1.5"
 criterion = "0.3"
 gumdrop = "0.8"
 proptest = "1"
+rand_xorshift = "0.3"
+
 
 [features]
 dev-graph = ["plotters", "tabbycat"]

benches/arithmetic.rs

@@ -2,17 +2,25 @@
 extern crate criterion;
 
 extern crate halo2;
-use crate::arithmetic::{small_multiexp, FieldExt};
-use crate::pasta::{EqAffine, Fp};
-use crate::poly::commitment::Params;
+use crate::arithmetic::small_multiexp;
+use crate::poly::commitment::Setup;
 use halo2::*;
+use pairing::arithmetic::BaseExt;
+use pairing::bn256::{Bn256, Fr as Fp};
+use rand::SeedableRng;
+use rand_xorshift::XorShiftRng;
 
 use criterion::{black_box, Criterion};
 
 fn criterion_benchmark(c: &mut Criterion) {
     // small multiexp
     {
-        let params: Params<EqAffine> = Params::new(5);
+        let mut rng = XorShiftRng::from_seed([
+            0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06,
+            0xbc, 0xe5,
+        ]);
+        let params = Setup::<Bn256>::new(5, &mut rng);
+
         let g = &mut params.get_g();
         let len = g.len() / 2;
         let (g_lo, g_hi) = g.split_at_mut(len);

benches/plonk.rs

@@ -2,24 +2,29 @@
 extern crate criterion;
 
 extern crate halo2;
-use halo2::arithmetic::FieldExt;
+use criterion::Criterion;
+use halo2::arithmetic::{BaseExt, FieldExt};
 use halo2::circuit::{Cell, Layouter, SimpleFloorPlanner};
-use halo2::pasta::{EqAffine, Fp};
 use halo2::plonk::*;
-use halo2::poly::{commitment::Params, Rotation};
+use halo2::poly::{commitment::Setup, Rotation};
 use halo2::transcript::{Blake2bRead, Blake2bWrite, Challenge255};
-
+use pairing::bn256::{Bn256, Fr as Fp};
+use rand::SeedableRng;
+use rand_xorshift::XorShiftRng;
 use std::marker::PhantomData;
 
-use criterion::Criterion;
-
 fn bench_with_k(name: &str, k: u32, c: &mut Criterion) {
     /// This represents an advice column at a certain row in the ConstraintSystem
     #[derive(Copy, Clone, Debug)]
     pub struct Variable(Column<Advice>, usize);
 
     // Initialize the polynomial commitment parameters
-    let params: Params<EqAffine> = Params::new(k);
+    let mut rng = XorShiftRng::from_seed([
+        0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc,
+        0xe5,
+    ]);
+    let params = Setup::<Bn256>::new(k, &mut rng);
+    let verifier_params = Setup::<Bn256>::verifier_params(&params, 0).unwrap();
 
     #[derive(Clone)]
     struct PlonkConfig {
@@ -283,11 +288,8 @@ fn bench_with_k(name: &str, k: u32, c: &mut Criterion) {
 
     c.bench_function(&verifier_name, |b| {
         b.iter(|| {
-            let msm = params.empty_msm();
             let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
-            let guard = verify_proof(&params, pk.get_vk(), msm, &[&[]], &mut transcript).unwrap();
-            let msm = guard.clone().use_challenges();
-            assert!(msm.eval());
+            let _ = verify_proof(&verifier_params, pk.get_vk(), &[&[]], &mut transcript).unwrap();
         });
     });
 }

examples/circuit-layout.rs

@@ -1,10 +1,11 @@
 use halo2::{
+    arithmetic::BaseExt,
     arithmetic::FieldExt,
     circuit::{Cell, Layouter, Region, SimpleFloorPlanner},
-    pasta::Fp,
     plonk::{Advice, Circuit, Column, ConstraintSystem, Error, Fixed, TableColumn},
     poly::Rotation,
 };
+use pairing::bn256::Fr as Fp;
 use std::marker::PhantomData;
 
 /// This represents an advice column at a certain row in the ConstraintSystem

examples/cost-model.rs

@@ -8,13 +8,14 @@ use std::{
 use ff::Field;
 use group::{Curve, Group};
 use gumdrop::Options;
-use halo2::{arithmetic::best_multiexp, pasta::pallas};
+use halo2::arithmetic::best_multiexp;
+use pairing::bn256::{Fr as Scalar, G1Affine as Affine, G1 as Point};
 
 struct Estimator {
     /// Scalars for estimating multiexp performance.
-    multiexp_scalars: Vec<pallas::Scalar>,
+    multiexp_scalars: Vec<Scalar>,
     /// Bases for estimating multiexp performance.
-    multiexp_bases: Vec<pallas::Affine>,
+    multiexp_bases: Vec<Affine>,
 }
 
 impl fmt::Debug for Estimator {
@@ -29,11 +30,9 @@ impl Estimator {
         let mut rng = rand::thread_rng();
 
         Estimator {
-            multiexp_scalars: (0..max_size)
-                .map(|_| pallas::Scalar::random(&mut rng))
-                .collect(),
+            multiexp_scalars: (0..max_size).map(|_| Scalar::random(&mut rng)).collect(),
             multiexp_bases: (0..max_size)
-                .map(|_| pallas::Point::random(&mut rng).to_affine())
+                .map(|_| Point::random(&mut rng).to_affine())
                 .collect(),
         }
     }

examples/sha256/benches.rs

@@ -1,7 +1,6 @@
 use halo2::{
     arithmetic::FieldExt,
     circuit::{layouter::SingleChipLayouter, Layouter},
-    pasta::EqAffine,
     plonk::{
         create_proof, keygen_pk, keygen_vk, verify_proof, Assignment, Circuit, ConstraintSystem,
         Error, VerifyingKey,
@@ -10,6 +9,8 @@ use halo2::{
     transcript::{Blake2bRead, Blake2bWrite, Challenge255},
 };
 
+use pairing::bn256::G1Affine;
+
 use std::{
     fs::File,
     io::{prelude::*, BufReader},

examples/sha256/table16.rs

@@ -344,9 +344,9 @@ mod tests {
     use halo2::{
         arithmetic::FieldExt,
         circuit::{layouter::SingleChipLayouter, Layouter},
-        pasta::Fq,
         plonk::{Assignment, Circuit, ConstraintSystem, Error},
     };
+    use pairing::bn256::Fr as Fp;
 
     #[cfg(feature = "dev-graph")]
     #[test]

examples/sha256/table16/compression.rs

@@ -761,10 +761,11 @@ mod tests {
         arithmetic::FieldExt,
         circuit::layouter::SingleChipLayouter,
         dev::MockProver,
-        pasta::Fp,
         plonk::{Assignment, Circuit, ConstraintSystem, Error},
     };
 
+    use pairing::bn256::Fr as Fp;
+
     #[test]
     fn compress() {
         struct MyCircuit {}

examples/sha256/table16/message_schedule.rs

@@ -447,10 +447,11 @@ mod tests {
         arithmetic::FieldExt,
         circuit::layouter::SingleChipLayouter,
         dev::MockProver,
-        pasta::Fp,
         plonk::{Assignment, Circuit, ConstraintSystem, Error},
     };
 
+    use pairing::bn256::Fr as Fp;
+
     #[test]
     fn message_schedule() {
         struct MyCircuit {}

examples/sha256/table16/spread_table.rs

@@ -51,7 +51,7 @@ impl SpreadVar {
             || {
                 dense_val
                     .map(|v| F::from_u64(v as u64))
-                    .ok_or(Error::SynthesisError)
+                    .ok_or(Error::Synthesis)
             },
         )?;
         let spread_var = region.assign_advice(
@@ -61,7 +61,7 @@ impl SpreadVar {
             || {
                 spread_val
                     .map(|v| F::from_u64(v as u64))
-                    .ok_or(Error::SynthesisError)
+                    .ok_or(Error::Synthesis)
             },
         )?;
 
@@ -90,7 +90,7 @@ impl SpreadVar {
             || {
                 dense_val
                     .map(|v| F::from_u64(v as u64))
-                    .ok_or(Error::SynthesisError)
+                    .ok_or(Error::Synthesis)
             },
         )?;
         let spread_var = region.assign_advice(
@@ -100,7 +100,7 @@ impl SpreadVar {
             || {
                 spread_val
                     .map(|v| F::from_u64(v as u64))
-                    .ok_or(Error::SynthesisError)
+                    .ok_or(Error::Synthesis)
             },
         )?;
 
@@ -209,22 +209,22 @@ impl<F: FieldExt> SpreadTableChip<F> {
                         index,
                         || {
                             row = rows.next();
-                            row.map(|(tag, _, _)| tag).ok_or(Error::SynthesisError)
+                            row.map(|(tag, _, _)| tag).ok_or(Error::Synthesis)
                         },
                     )?;
                     gate.assign_fixed(
                         || "dense",
                         config.table.dense,
                         index,
-                        || row.map(|(_, dense, _)| dense).ok_or(Error::SynthesisError),
+                        || row.map(|(_, dense, _)| dense).ok_or(Error::Synthesis),
                     )?;
                     gate.assign_fixed(
                         || "spread",
                         config.table.spread,
                         index,
                         || {
                             row.map(|(_, _, spread)| spread)
-                                .ok_or(Error::SynthesisError)
+                                .ok_or(Error::Synthesis)
                         },
                     )?;
                 }
@@ -277,10 +277,11 @@ mod tests {
         arithmetic::FieldExt,
         circuit::{layouter::SingleChipLayouter, Layouter},
         dev::MockProver,
-        pasta::Fp,
         plonk::{Advice, Assignment, Circuit, Column, ConstraintSystem, Error},
     };
 
+    use pairing::bn256::Fr as Fp;
+
     #[test]
     fn lookup_table() {
         /// This represents an advice column at a certain row in the ConstraintSystem