shared_types/
lib.rs

1pub mod circuit_hash;
2pub mod config;
3pub mod curves;
4pub mod pedersen;
5pub mod transcript;
6pub mod utils;
7pub use halo2curves;
8pub use halo2curves::bn256::{Fq, Fr};
9pub use halo2curves::ff::Field as ff_field;
10use halo2curves::ff::{FromUniformBytes, WithSmallOrderMulGroup};
11use halo2curves::CurveExt;
12pub use halo2curves::{bn256::G1 as Bn256Point, group::Group};
13pub use poseidon::Poseidon;
14use serde::{Deserialize, Serialize};
15use std::hash::Hash;
16pub type Scalar = <Bn256Point as Group>::Scalar;
17pub type Base = <Bn256Point as CurveExt>::Base;
18
19/// The primary finite field used within a GKR circuit, as well as within
20/// sumcheck. Note that the field's size should be large enough such that
21/// `depth(C) * deg(C) / |F|` bits of computational soundness is considered
22/// secure, where `depth(C)` is the depth of the GKR circuit and `deg(C)` is
23/// the maximum degree of any layerwise polynomial relationship.
24///
25/// ### Note
26/// We use the Halo2 implementation of BN-256's scalar field ([crate::Fr])
27/// everywhere currently for testing purposes, as well as the Halo2
28/// implementation of BN-256's curve elements ([crate::Bn256Point]) within
29/// Hyrax as Pedersen group elements. The Halo2 implementation of BN-256's
30/// base field ([crate::Fq]) is also available as a re-export, although
31/// this is not used in any circuits by default.
32///
33/// ### Sub-traits
34/// * [FromUniformBytes] -- see associated trait documentation for more details.
35///   Our use-case is specifically for compatibility with [Poseidon], which we
36///   are using as the hash function instantiation of a verifier's public coins (see
37///   `impl` block for [Poseidon::new], for example).
38/// * [Hash] -- necessary for creating a hashed representation of a circuit,
39///   as well as storing [Field] values within data structures e.g. `HashMap`.
40/// * [Ord] -- not strictly necessary for cryptographic purposes, but useful
41///   for comparing elements against one another. Consider replacing with [Eq].
42/// * [Serialize], [Deserialize] -- necessary for writing values to file using
43///   Serde.
44/// * [HasByteRepresentation] -- necessary for converting a field element into
45///   its u8 limbs. This is useful for e.g. computing a block-based hash function
46///   over a field whose num bytes integer representation does not evenly divide
47///   the hash function's block size (e.g. a 136-bit field against a 256-bit hash
48///   block).
49/// * [Zeroizable] -- necessary for actively over-writing otherwise sensitive
50///   values which may still be stored in RAM (e.g. blinding factors within a
51///   Hyrax commitment, or intermediate MLE values within a GKR circuit).
52pub trait Field:
53    ff_field
54    + FromUniformBytes<64>
55    + Hash
56    + Ord
57    + Serialize
58    + for<'de> Deserialize<'de>
59    + HasByteRepresentation
60    + Zeroizable
61{
62}
63impl<
64        F: ff_field
65            + FromUniformBytes<64>
66            + Hash
67            + Ord
68            + Serialize
69            + for<'de> Deserialize<'de>
70            + HasByteRepresentation
71            + Zeroizable,
72    > Field for F
73{
74}
75
76/// A field which is FFT-friendly under Halo2's EvaluationDomain-based algorithm.
77/// [WithSmallOrderMulGroup] -- see associated trait documentation for more
78/// details. Our use-case is specifically for Halo2's FFT implementation, which
79/// uses Halo2's `EvaluationDomain` to compute extended evaluations of a
80/// power-of-two degree polynomial.
81pub trait Halo2FFTFriendlyField: Field + WithSmallOrderMulGroup<3> {}
82impl<F: Field + WithSmallOrderMulGroup<3>> Halo2FFTFriendlyField for F {}
83
84/// Simple trait which allows us to convert to and from
85/// a little-endian byte representation.
86pub trait HasByteRepresentation {
87    /// Number of bytes within the element's representation.
88    const REPR_NUM_BYTES: usize;
89    /// Constructor which creates an instance of the element from a vec of
90    /// less than or equal to length `REPR_NUM_BYTES`.
91    /// If length less than `REPR_NUM_BYTES`, pads the most significant
92    /// bits with 0s until it is of equal length to `REPR_NUM_BYTES`.
93    fn from_bytes_le(bytes: &[u8]) -> Self;
94    /// Function which creates an equivalent representation of the element
95    /// in a byte array of length `REPR_NUM_BYTES`.
96    fn to_bytes_le(&self) -> Vec<u8>;
97
98    /// Similar to `to_bytes_le` but returns chunks of `u64`s.
99    fn to_u64s_le(&self) -> Vec<u64>;
100
101    /// Similar to `from_bytes_le` but takes chunks of `u64`s.
102    fn from_u64s_le(words: Vec<u64>) -> Self
103    where
104        Self: Sized;
105
106    /// Creates a Vec of elements from an arbitrary string
107    /// of bytes.
108    fn vec_from_bytes_le(bytes: &[u8]) -> Vec<Self>
109    where
110        Self: Sized;
111}
112
113/// A trait which allows zeroizing of Field elements.
114pub trait Zeroizable {
115    fn zeroize(&mut self);
116}
117
118/// Simple trait which allows for ease of converting e.g. a `Vec<u64>`
119/// into a `Vec<F>`.
120pub trait IntoVecF<F: Field> {
121    fn into_vec_f(self) -> Vec<F>;
122}
123
124impl<F: Field, T> IntoVecF<F> for Vec<T>
125where
126    F: From<T>,
127{
128    fn into_vec_f(self) -> Vec<F> {
129        self.into_iter().map(F::from).collect()
130    }
131}