add halo2_gadgets_optimized

Cargo.toml

@@ -3,4 +3,5 @@ members = [
     "halo2",
     "halo2_gadgets",
     "halo2_proofs",
+    "halo2_gadgets_optimized",
 ]

halo2_gadgets_optimized/CHANGELOG.md

@@ -0,0 +1,130 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to Rust's notion of
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.3.0] - 2023-03-21
+### Added
+- `halo2_gadgets::poseidon::primitives::{Mds, generate_constants}`
+
+### Changed
+- Migrated to `ff 0.13`, `group 0.13`, `pasta_curves 0.5` and `halo2_proofs 0.3`.
+- APIs with `F: pasta_curves::arithmetic::FieldExt` bounds have been changed to
+  use `ff` traits directly.
+
+## [0.2.0] - 2022-06-23
+### Added
+- `halo2_gadgets::utilities::RangeConstrained<F, Value<F>>::bitrange_of`
+
+### Changed
+All APIs that represented witnessed values as `Option<V>` now represent them as
+`halo2_proofs::circuit::Value<V>`. The core API changes are listed below.
+
+- Migrated to `halo2_proofs 0.2.0`.
+- The following APIs now take `Value<_>` instead of `Option<_>`:
+  - `halo2_gadgets::ecc`:
+    - `EccInstructions::{witness_point, witness_point_non_id}`
+    - `EccInstructions::{witness_scalar_var, witness_scalar_fixed}`
+    - `ScalarVar::new`
+    - `ScalarFixed::new`
+    - `NonIdentityPoint::new`
+    - `Point::new`
+  - `halo2_gadgets::sinsemilla`:
+    - `SinsemillaInstructions::witness_message_piece`
+    - `MessagePiece::{from_field_elem, from_subpieces}`
+  - `halo2_gadgets::sinsemilla::merkle`:
+    - `MerklePath::construct`
+  - `halo2_gadgets::utilities`:
+    - `UtilitiesInstructions::load_private`
+    - `RangeConstrained::witness_short`
+  - `halo2_gadgets::utilities::cond_swap`:
+    - `CondSwapInstructions::swap`
+  - `halo2_gadgets::utilities::decompose_running_sum`:
+    - `RunningSumConfig::witness_decompose`
+  - `halo2_gadgets::utilities::lookup_range_check`:
+    - `LookupRangeCheckConfig::{witness_check, witness_short_check}`
+- The following APIs now return `Value<_>` instead of `Option<_>`:
+  - `halo2_gadgets::ecc::chip`:
+    - `EccPoint::{point, is_identity}`
+    - `NonIdentityEccPoint::point`
+  - `halo2_gadgets::utilities`:
+    - `FieldValue::value`
+    - `Var::value`
+    - `RangeConstrained::value`
+- `halo2_gadgets::sha256::BlockWord` is now a newtype wrapper around
+  `Value<u32>` instead of `Option<u32>`.
+
+### Removed
+- `halo2_gadgets::utilities::RangeConstrained<F, Option<F>>::bitrange_of`
+
+## [0.1.0] - 2022-05-10
+### Added
+- `halo2_gadgets::utilities`:
+  - `FieldValue` trait.
+  - `RangeConstrained` newtype wrapper.
+- `halo2_gadgets::ecc`:
+  - `EccInstructions::witness_scalar_var` API to witness a full-width scalar
+    used in variable-base scalar multiplication.
+  - `EccInstructions::witness_scalar_fixed`, to witness a full-width scalar
+    used in fixed-base scalar multiplication.
+  - `EccInstructions::scalar_fixed_from_signed_short`, to construct a signed
+    short scalar used in fixed-base scalar multiplication from its magnitude and
+    sign.
+  - `BaseFitsInScalarInstructions` trait that can be implemented for a curve
+    whose base field fits into its scalar field. This provides a method
+    `scalar_var_from_base` that converts a base field element that exists as
+    a variable in the circuit, into a scalar to be used in variable-base
+    scalar multiplication.
+  - `ScalarFixed::new`
+  - `ScalarFixedShort::new`
+  - `ScalarVar::new` and `ScalarVar::from_base` gadget APIs.
+- `halo2_gadgets::ecc::chip`:
+  - `ScalarVar` enum with `BaseFieldElem` and `FullWidth` variants. `FullWidth`
+    is unimplemented for `halo2_gadgets v0.1.0`.
+- `halo2_gadgets::poseidon`:
+  - `primitives` (moved from `halo2_gadgets::primitives::poseidon`)
+- `halo2_gadgets::sinsemilla`:
+  - `primitives` (moved from `halo2_gadgets::primitives::sinsemilla`)
+  - `MessagePiece::from_subpieces`
+
+### Changed
+- `halo2_gadgets::ecc`:
+  - `EccInstructions::ScalarVar` is now treated as a full-width scalar, instead
+    of being restricted to a base field element.
+  - `EccInstructions::mul` now takes a `Self::ScalarVar` as argument, instead
+    of assuming that the scalar fits in a base field element `Self::Var`.
+  - `EccInstructions::mul_fixed` now takes a `Self::ScalarFixed` as argument,
+    instead of requiring that the chip always witness a new scalar.
+  - `EccInstructions::mul_fixed_short` now takes a `Self::ScalarFixedShort` as
+    argument, instead of the magnitude and sign directly.
+  - `FixedPoint::mul` now takes `ScalarFixed` instead of `Option<C::Scalar>`.
+  - `FixedPointShort::mul` now takes `ScalarFixedShort` instead of
+    `(EccChip::Var, EccChip::Var)`.
+- `halo2_gadgets::ecc::chip`:
+  - `FixedPoint::u` now returns `Vec<[<C::Base as PrimeField>::Repr; H]>`
+    instead of `Vec<[[u8; 32]; H]>`.
+  - `ScalarKind` has been renamed to `FixedScalarKind`.
+- `halo2_gadgets::sinsemilla`:
+  - `CommitDomain::{commit, short_commit}` now take the trapdoor `r` as an
+    `ecc::ScalarFixed<C, EccChip>` instead of `Option<C::Scalar>`.
+  - `merkle::MerklePath` can now be constructed with more or fewer than two
+    `MerkleChip`s.
+
+### Removed
+- `halo2_gadgets::primitives` (use `halo2_gadgets::poseidon::primitives` or
+  `halo2_gadgets::sinsemilla::primitives` instead).
+
+## [0.1.0-beta.3] - 2022-04-06
+### Changed
+- Migrated to `halo2_proofs 0.1.0-beta.4`.
+
+## [0.1.0-beta.2] - 2022-03-22
+### Changed
+- Migrated to `halo2_proofs 0.1.0-beta.3`.
+
+## [0.1.0-beta.1] - 2022-02-14
+Initial release!

halo2_gadgets_optimized/Cargo.toml

@@ -0,0 +1,85 @@
+[package]
+name = "halo2_gadgets_optimized"
+version = "0.3.0"
+authors = [
+    "Sean Bowe <[email protected]>",
+    "Jack Grigg <[email protected]>",
+    "Daira Hopwood <[email protected]>",
+    "Ying Tong Lai <[email protected]>",
+    "Kris Nuttycombe <[email protected]>",
+]
+edition = "2021"
+rust-version = "1.60"
+description = "Reusable gadgets and chip implementations for Halo 2"
+license = "MIT OR Apache-2.0"
+repository = "https://github.com/zcash/halo2"
+readme = "README.md"
+categories = ["cryptography"]
+keywords = ["halo", "proofs", "zcash", "zkp", "zkSNARKs"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
+
+[dependencies]
+arrayvec = "0.7.0"
+bitvec = "1"
+ff = "0.13"
+group = "0.13"
+halo2_proofs = { version = "0.3", path = "../halo2_proofs", default-features = false }
+lazy_static = "1"
+pasta_curves = "0.5"
+proptest = { version = "1.0.0", optional = true }
+rand = "0.8"
+subtle = "2.3"
+uint = "0.9.2" # MSRV 1.56.1
+
+# Developer tooling dependencies
+plotters = { version = "0.3.0", default-features = false, optional = true }
+
+[dev-dependencies]
+criterion = "0.3"
+proptest = "1.0.0"
+
+[target.'cfg(unix)'.dev-dependencies]
+inferno = ">=0.11, <0.11.5" # MSRV 1.59
+pprof = { version = "0.8", features = ["criterion", "flamegraph"] } # MSRV 1.56
+
+[lib]
+bench = false
+
+[features]
+test-dev-graph = [
+    "halo2_proofs/dev-graph",
+    "plotters",
+    "plotters/bitmap_backend",
+    "plotters/bitmap_encoder",
+    "plotters/ttf",
+]
+test-dependencies = ["proptest"]
+
+# In-development features
+# See https://zcash.github.io/halo2/dev/features.html
+beta = [
+    "halo2_proofs/beta",
+]
+nightly = [
+    "beta",
+    "halo2_proofs/nightly",
+    "unstable-sha256-gadget",
+]
+unstable-sha256-gadget = []
+# Add flags for in-development features above this line.
+
+[[bench]]
+name = "primitives"
+harness = false
+
+[[bench]]
+name = "poseidon"
+harness = false
+
+[[bench]]
+name = "sha256"
+harness = false
+required-features = ["unstable-sha256-gadget"]

halo2_gadgets_optimized/README.md

@@ -0,0 +1,25 @@
+# halo2_gadgets [![Crates.io](https://img.shields.io/crates/v/halo2_gadgets.svg)](https://crates.io/crates/halo2_gadgets) #
+
+Requires Rust 1.60+.
+
+## Documentation
+
+- [The Halo 2 Book](https://zcash.github.io/halo2/)
+- [Crate documentation](https://docs.rs/halo2_gadgets)
+
+## License
+
+Licensed under either of
+
+ * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or
+   http://www.apache.org/licenses/LICENSE-2.0)
+ * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally
+submitted for inclusion in the work by you, as defined in the Apache-2.0
+license, shall be dual licensed as above, without any additional terms or
+conditions.