change: Migrate workspace to pasta_curves-0.5 (privacy-scaling-explor…

…ations#157)

* change: Migrate workspace to pasta_curves-0.5

This ports the majority of the workspace to the `pasta_curves-0.5.0`
leaving some tricky edge-cases that we need to handle carefully.

Resolves: privacy-scaling-explorations#132

* fix: Complete latest trait bounds to compile halo2proofs

* change: Migrate examples & benches to pasta 0.5

* change: Migrate halo2_gadgets to pasta-0.5

* change: Update gadgets outdated code with latest upstream

* fix: Sha3 gadget circuit

* fix: doc tests

* chore: Update merged main

* fix: Apply review suggestions

halo2_gadgets/Cargo.toml

@@ -24,11 +24,11 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 [dependencies]
 arrayvec = "0.7.0"
 bitvec = "1"
-ff = "0.12"
-group = "0.12"
+ff = { version = "0.13", features = ["bits"] }
+group = "0.13"
 halo2_proofs = { version = "0.2", path = "../halo2_proofs" }
 lazy_static = "1"
-halo2curves = { git = 'https://github.com/privacy-scaling-explorations/halo2curves', tag = '0.3.0' }
+halo2curves = { git = 'https://github.com/privacy-scaling-explorations/halo2curves', tag = "0.3.2" }
 proptest = { version = "1.0.0", optional = true }
 rand = "0.8"
 subtle = "2.3"

halo2_gadgets/benches/poseidon.rs

@@ -21,7 +21,7 @@ use halo2_proofs::{
 use halo2curves::pasta::{pallas, vesta, EqAffine, Fp};
 
 use halo2_gadgets::poseidon::{
-    primitives::{self as poseidon, ConstantLength, Spec},
+    primitives::{self as poseidon, generate_constants, ConstantLength, Mds, Spec},
     Hash, Pow5Chip, Pow5Config,
 };
 use std::convert::TryInto;
@@ -139,6 +139,10 @@ impl<const WIDTH: usize, const RATE: usize> Spec<Fp, WIDTH, RATE> for MySpec<WID
     fn secure_mds() -> usize {
         0
     }
+
+    fn constants() -> (Vec<[Fp; WIDTH]>, Mds<Fp, WIDTH>, Mds<Fp, WIDTH>) {
+        generate_constants::<_, Self, WIDTH, RATE>()
+    }
 }
 
 const K: u32 = 7;

halo2_gadgets/src/ecc/chip/add.rs

@@ -1,10 +1,11 @@
 use super::EccPoint;
+use ff::PrimeField;
 use halo2_proofs::{
     circuit::Region,
     plonk::{Advice, Assigned, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
     poly::Rotation,
 };
-use halo2curves::{pasta::pallas, FieldExt};
+use halo2curves::pasta::pallas;
 use std::collections::HashSet;
 
 #[derive(Clone, Copy, Debug, Eq, PartialEq)]

halo2_gadgets/src/ecc/chip/constants.rs

@@ -6,7 +6,7 @@ use group::{
     Curve,
 };
 use halo2_proofs::arithmetic::lagrange_interpolate;
-use halo2curves::{pasta::pallas, CurveAffine, FieldExt};
+use halo2curves::{pasta::pallas, CurveAffine};
 
 /// Window size for fixed-base scalar multiplication
 pub const FIXED_BASE_WINDOW_SIZE: usize = 3;
@@ -61,7 +61,7 @@ fn compute_window_table<C: CurveAffine>(base: C, num_windows: usize) -> Vec<[C;
     // Generate window table entries for the last window, w = `num_windows - 1`.
     // For the last window, we compute [k * (2^3)^w - sum]B, where sum is defined
     // as sum = \sum_{j = 0}^{`num_windows - 2`} 2^{3j+1}
-    let sum = (0..(num_windows - 1)).fold(C::Scalar::zero(), |acc, j| {
+    let sum = (0..(num_windows - 1)).fold(C::Scalar::ZERO, |acc, j| {
         acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * j as u64 + 1, 0, 0, 0])
     });
     window_table.push(
@@ -181,7 +181,7 @@ pub fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
             .rev()
             .cloned()
             .reduce(|acc, coeff| acc * x + coeff)
-            .unwrap_or_else(C::Base::zero)
+            .unwrap_or(C::Base::ZERO)
     }
 
     let lagrange_coeffs = compute_lagrange_coeffs(base, num_windows);
@@ -213,7 +213,7 @@ pub fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
 
         // Compute the actual x-coordinate of the multiple [k * (8^84) - offset]B,
         // where offset = \sum_{j = 0}^{83} 2^{3j+1}
-        let offset = (0..(num_windows - 1)).fold(C::Scalar::zero(), |acc, w| {
+        let offset = (0..(num_windows - 1)).fold(C::Scalar::ZERO, |acc, w| {
             acc + C::Scalar::from(2).pow(&[FIXED_BASE_WINDOW_SIZE as u64 * w as u64 + 1, 0, 0, 0])
         });
         let scalar = C::Scalar::from(bits as u64)
@@ -229,8 +229,9 @@ pub fn test_lagrange_coeffs<C: CurveAffine>(base: C, num_windows: usize) {
 
 #[cfg(test)]
 mod tests {
+    use ff::FromUniformBytes;
     use group::{ff::Field, Curve, Group};
-    use halo2curves::{pasta::pallas, CurveAffine, FieldExt};
+    use halo2curves::{pasta::pallas, CurveAffine};
     use proptest::prelude::*;
 
     use super::{compute_window_table, find_zs_and_us, test_lagrange_coeffs, H, NUM_WINDOWS};
@@ -241,7 +242,7 @@ mod tests {
             // Instead of rejecting out-of-range bytes, let's reduce them.
             let mut buf = [0; 64];
             buf[..32].copy_from_slice(&bytes);
-            let scalar = pallas::Scalar::from_bytes_wide(&buf);
+            let scalar = pallas::Scalar::from_uniform_bytes(&buf);
             pallas::Point::generator() * scalar
         }
     }

halo2_gadgets/src/ecc/chip/mul.rs

@@ -8,16 +8,15 @@ use std::{
     ops::{Deref, Range},
 };
 
-use ff::PrimeField;
 use halo2_proofs::{
-    arithmetic::FieldExt,
+    arithmetic::Field,
     circuit::{AssignedCell, Layouter, Region, Value},
     plonk::{Advice, Assigned, Column, ConstraintSystem, Constraints, Error, Selector},
     poly::Rotation,
 };
-use uint::construct_uint;
-
+use halo2curves::group::ff::PrimeField;
 use halo2curves::pasta::pallas;
+use uint::construct_uint;
 
 mod complete;
 pub(super) mod incomplete;
@@ -389,8 +388,8 @@ impl Config {
 
 #[derive(Clone, Debug)]
 // `x`-coordinate of the accumulator.
-struct X<F: FieldExt>(AssignedCell<Assigned<F>, F>);
-impl<F: FieldExt> Deref for X<F> {
+struct X<F: Field>(AssignedCell<Assigned<F>, F>);
+impl<F: Field> Deref for X<F> {
     type Target = AssignedCell<Assigned<F>, F>;
 
     fn deref(&self) -> &Self::Target {
@@ -400,8 +399,8 @@ impl<F: FieldExt> Deref for X<F> {
 
 #[derive(Clone, Debug)]
 // `y`-coordinate of the accumulator.
-struct Y<F: FieldExt>(AssignedCell<Assigned<F>, F>);
-impl<F: FieldExt> Deref for Y<F> {
+struct Y<F: Field>(AssignedCell<Assigned<F>, F>);
+impl<F: Field> Deref for Y<F> {
     type Target = AssignedCell<Assigned<F>, F>;
 
     fn deref(&self) -> &Self::Target {
@@ -411,8 +410,8 @@ impl<F: FieldExt> Deref for Y<F> {
 
 #[derive(Clone, Debug)]
 // Cumulative sum `z` used to decompose the scalar.
-struct Z<F: FieldExt>(AssignedCell<F, F>);
-impl<F: FieldExt> Deref for Z<F> {
+struct Z<F: Field>(AssignedCell<F, F>);
+impl<F: Field> Deref for Z<F> {
     type Target = AssignedCell<F, F>;
 
     fn deref(&self) -> &Self::Target {

halo2_gadgets/src/ecc/chip/mul/incomplete.rs

@@ -1,14 +1,15 @@
 use super::super::NonIdentityEccPoint;
 use super::{X, Y, Z};
 use crate::utilities::bool_check;
+use ff::PrimeField;
 use halo2_proofs::{
     circuit::{Region, Value},
     plonk::{
         Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector, VirtualCells,
     },
     poly::Rotation,
 };
-use halo2curves::{pasta::pallas, FieldExt};
+use halo2curves::pasta::pallas;
 
 /// A helper struct for implementing single-row double-and-add using incomplete addition.
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]

halo2_gadgets/src/ecc/chip/mul/overflow.rs

@@ -9,8 +9,8 @@ use halo2_proofs::{
     plonk::{Advice, Assigned, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
     poly::Rotation,
 };
-
-use halo2curves::{pasta::pallas, FieldExt};
+use halo2curves::group::ff::PrimeField;
+use halo2curves::pasta::pallas;
 
 use std::iter;
 

halo2_gadgets/src/ecc/chip/mul_fixed.rs

@@ -7,7 +7,7 @@ use crate::utilities::decompose_running_sum::RunningSumConfig;
 use std::marker::PhantomData;
 
 use group::{
-    ff::{PrimeField, PrimeFieldBits},
+    ff::{Field, PrimeField, PrimeFieldBits},
     Curve,
 };
 use halo2_proofs::{
@@ -18,7 +18,7 @@ use halo2_proofs::{
     },
     poly::Rotation,
 };
-use halo2curves::{pasta::pallas, CurveAffine, FieldExt};
+use halo2curves::{pasta::pallas, CurveAffine};
 use lazy_static::lazy_static;
 
 pub mod base_field_elem;

halo2_gadgets/src/ecc/chip/mul_fixed/base_field_elem.rs

@@ -13,7 +13,7 @@ use halo2_proofs::{
     plonk::{Advice, Column, ConstraintSystem, Constraints, Error, Expression, Selector},
     poly::Rotation,
 };
-use halo2curves::{pasta::pallas, FieldExt};
+use halo2curves::pasta::pallas;
 
 use std::convert::TryInto;
 

halo2_gadgets/src/ecc/chip/mul_fixed/full_width.rs

@@ -295,7 +295,7 @@ pub mod tests {
 
         // [-1]B is the largest scalar field element.
         {
-            let scalar_fixed = -pallas::Scalar::one();
+            let scalar_fixed = -pallas::Scalar::ONE;
             let neg_1 = ScalarFixed::new(
                 chip.clone(),
                 layouter.namespace(|| "-1"),

halo2_gadgets/src/ecc/chip/mul_fixed/short.rs

@@ -209,6 +209,7 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
         // tested at the circuit-level.
         {
             use super::super::FixedPoint;
+            use ff::Field;
             use group::{ff::PrimeField, Curve};
 
             scalar
@@ -228,9 +229,9 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
                             let magnitude = pallas::Scalar::from_repr(magnitude.to_repr()).unwrap();
 
                             let sign = if sign == &&pallas::Base::one() {
-                                pallas::Scalar::one()
+                                pallas::Scalar::ONE
                             } else {
-                                -pallas::Scalar::one()
+                                -pallas::Scalar::ONE
                             };
 
                             magnitude * sign
@@ -248,13 +249,16 @@ impl<Fixed: FixedPoints<pallas::Affine>> Config<Fixed> {
 
 #[cfg(test)]
 pub mod tests {
-    use group::{ff::PrimeField, Curve};
+    use group::{
+        ff::{Field, PrimeField},
+        Curve,
+    };
     use halo2_proofs::{
         arithmetic::CurveAffine,
         circuit::{AssignedCell, Chip, Layouter, Value},
         plonk::{Any, Error},
     };
-    use halo2curves::{pasta::pallas, FieldExt};
+    use halo2curves::pasta::pallas;
 
     use crate::{
         ecc::{
@@ -359,9 +363,9 @@ pub mod tests {
             let scalar = {
                 let magnitude = pallas::Scalar::from_repr(magnitude.to_repr()).unwrap();
                 let sign = if *sign == pallas::Base::one() {
-                    pallas::Scalar::one()
+                    pallas::Scalar::ONE
                 } else {
-                    -pallas::Scalar::one()
+                    -pallas::Scalar::ONE
                 };
                 magnitude * sign
             };

halo2_gadgets/src/poseidon.rs

@@ -4,9 +4,9 @@ use std::convert::TryInto;
 use std::fmt;
 use std::marker::PhantomData;
 
+use ff::PrimeField;
 use group::ff::Field;
 use halo2_proofs::{
-    arithmetic::FieldExt,
     circuit::{AssignedCell, Chip, Layouter},
     plonk::Error,
 };
@@ -27,7 +27,7 @@ pub enum PaddedWord<F: Field> {
 }
 
 /// The set of circuit instructions required to use the Poseidon permutation.
-pub trait PoseidonInstructions<F: FieldExt, S: Spec<F, T, RATE>, const T: usize, const RATE: usize>:
+pub trait PoseidonInstructions<F: Field, S: Spec<F, T, RATE>, const T: usize, const RATE: usize>:
     Chip<F>
 {
     /// Variable representing the word over which the Poseidon permutation operates.
@@ -45,7 +45,7 @@ pub trait PoseidonInstructions<F: FieldExt, S: Spec<F, T, RATE>, const T: usize,
 ///
 /// [`Hash`]: self::Hash
 pub trait PoseidonSpongeInstructions<
-    F: FieldExt,
+    F: Field,
     S: Spec<F, T, RATE>,
     D: Domain<F, RATE>,
     const T: usize,
@@ -71,7 +71,7 @@ pub trait PoseidonSpongeInstructions<
 /// A word over which the Poseidon permutation operates.
 #[derive(Debug)]
 pub struct Word<
-    F: FieldExt,
+    F: Field,
     PoseidonChip: PoseidonInstructions<F, S, T, RATE>,
     S: Spec<F, T, RATE>,
     const T: usize,
@@ -81,7 +81,7 @@ pub struct Word<
 }
 
 impl<
-        F: FieldExt,
+        F: Field,
         PoseidonChip: PoseidonInstructions<F, S, T, RATE>,
         S: Spec<F, T, RATE>,
         const T: usize,
@@ -100,7 +100,7 @@ impl<
 }
 
 fn poseidon_sponge<
-    F: FieldExt,
+    F: Field,
     PoseidonChip: PoseidonSpongeInstructions<F, S, D, T, RATE>,
     S: Spec<F, T, RATE>,
     D: Domain<F, RATE>,
@@ -122,7 +122,7 @@ fn poseidon_sponge<
 /// A Poseidon sponge.
 #[derive(Debug)]
 pub struct Sponge<
-    F: FieldExt,
+    F: Field,
     PoseidonChip: PoseidonSpongeInstructions<F, S, D, T, RATE>,
     S: Spec<F, T, RATE>,
     M: SpongeMode,
@@ -137,7 +137,7 @@ pub struct Sponge<
 }
 
 impl<
-        F: FieldExt,
+        F: Field,
         PoseidonChip: PoseidonSpongeInstructions<F, S, D, T, RATE>,
         S: Spec<F, T, RATE>,
         D: Domain<F, RATE>,
@@ -210,7 +210,7 @@ impl<
 }
 
 impl<
-        F: FieldExt,
+        F: Field,
         PoseidonChip: PoseidonSpongeInstructions<F, S, D, T, RATE>,
         S: Spec<F, T, RATE>,
         D: Domain<F, RATE>,
@@ -241,7 +241,7 @@ impl<
 /// A Poseidon hash function, built around a sponge.
 #[derive(Debug)]
 pub struct Hash<
-    F: FieldExt,
+    F: Field,
     PoseidonChip: PoseidonSpongeInstructions<F, S, D, T, RATE>,
     S: Spec<F, T, RATE>,
     D: Domain<F, RATE>,
@@ -252,7 +252,7 @@ pub struct Hash<
 }
 
 impl<
-        F: FieldExt,
+        F: Field,
         PoseidonChip: PoseidonSpongeInstructions<F, S, D, T, RATE>,
         S: Spec<F, T, RATE>,
         D: Domain<F, RATE>,
@@ -267,7 +267,7 @@ impl<
 }
 
 impl<
-        F: FieldExt,
+        F: PrimeField,
         PoseidonChip: PoseidonSpongeInstructions<F, S, ConstantLength<L>, T, RATE>,
         S: Spec<F, T, RATE>,
         const T: usize,