feat: add main_gate_with_plookup_with_mock_kzg_accumulator and `Cos…

…tEstimation`

README.md

@@ -0,0 +1,3 @@
+# PLONK Verifier
+
+Generic PLONK verifier.

src/lib.rs

@@ -1,5 +1,6 @@
 #![feature(int_log)]
 #![feature(int_roundings)]
+#![feature(assert_matches)]
 #![allow(clippy::type_complexity)]
 #![allow(clippy::too_many_arguments)]
 #![allow(clippy::upper_case_acronyms)]

src/loader/evm.rs

@@ -1,4 +1,4 @@
-use crate::util::PrimeField;
+use crate::{scheme::kzg::Cost, util::PrimeField};
 use ethereum_types::U256;
 use std::iter;
 
@@ -58,3 +58,13 @@ where
         .chain(proof)
         .collect()
 }
+
+pub fn estimate_gas(cost: Cost) -> usize {
+    let proof_size = cost.num_commitment * 64 + (cost.num_evaluation + cost.num_statement) * 32;
+
+    let intrinsic_cost = 21000;
+    let calldata_cost = (proof_size as f64 * 15.25).ceil() as usize;
+    let ec_operation_cost = 113100 + (cost.num_msm - 2) * 6350;
+
+    intrinsic_cost + calldata_cost + ec_operation_cost
+}

src/loader/halo2/loader.rs

@@ -9,11 +9,11 @@ use halo2_wrong_ecc::{
         rns::{Integer, Rns},
         IntegerInstructions, Range,
     },
+    maingate::{
+        AssignedValue, CombinationOptionCommon, MainGate, MainGateInstructions, RegionCtx, Term,
+    },
     AssignedPoint, BaseFieldEccChip, EccConfig,
 };
-use halo2_wrong_maingate::{
-    AssignedValue, CombinationOptionCommon, MainGate, MainGateInstructions, RegionCtx, Term,
-};
 use rand::rngs::OsRng;
 use std::{
     cell::RefCell,

src/protocol.rs

@@ -8,7 +8,7 @@ pub struct Protocol<C: Curve> {
     pub zk: bool,
     pub domain: Domain<C::Scalar>,
     pub preprocessed: Vec<C>,
-    pub num_statement: usize,
+    pub num_statement: Vec<usize>,
     pub num_auxiliary: Vec<usize>,
     pub num_challenge: Vec<usize>,
     pub evaluations: Vec<Query>,
@@ -20,7 +20,9 @@ pub struct Protocol<C: Curve> {
 
 impl<C: Curve> Protocol<C> {
     pub fn vanishing_poly(&self) -> usize {
-        self.preprocessed.len() + self.num_statement + self.num_auxiliary.iter().sum::<usize>()
+        self.preprocessed.len()
+            + self.num_statement.len()
+            + self.num_auxiliary.iter().sum::<usize>()
     }
 }
 
@@ -36,6 +38,13 @@ impl<C: Curve> Snark<C> {
         statements: Vec<Vec<<C as Group>::Scalar>>,
         proof: Vec<u8>,
     ) -> Self {
+        assert_eq!(
+            protocol.num_statement,
+            statements
+                .iter()
+                .map(|statements| statements.len())
+                .collect::<Vec<_>>()
+        );
         Snark {
             protocol,
             statements,

src/protocol/halo2.rs

@@ -18,6 +18,7 @@ mod test;
 pub struct Config {
     zk: bool,
     query_instance: bool,
+    num_instance: Vec<usize>,
     num_proof: usize,
     accumulator_indices: Option<Vec<(usize, usize)>>,
 }
@@ -26,6 +27,7 @@ pub fn compile<C: CurveExt>(vk: &VerifyingKey<C::AffineExt>, config: Config) ->
     let cs = vk.cs();
     let Config {
         zk,
+        num_instance,
         query_instance,
         num_proof,
         accumulator_indices,
@@ -42,7 +44,7 @@ pub fn compile<C: CurveExt>(vk: &VerifyingKey<C::AffineExt>, config: Config) ->
         .map(Into::into)
         .collect();
 
-    let polynomials = &Polynomials::new(cs, zk, query_instance, num_proof);
+    let polynomials = &Polynomials::new(cs, zk, query_instance, num_instance, num_proof);
 
     let evaluations = iter::empty()
         .chain((0..num_proof).flat_map(move |t| polynomials.instance_queries(t)))
@@ -110,7 +112,7 @@ struct Polynomials<'a, F: FieldExt> {
     num_proof: usize,
     num_fixed: usize,
     num_permutation_fixed: usize,
-    num_instance: usize,
+    num_instance: Vec<usize>,
     num_advice: Vec<usize>,
     num_challenge: Vec<usize>,
     advice_index: Vec<usize>,
@@ -122,7 +124,13 @@ struct Polynomials<'a, F: FieldExt> {
 }
 
 impl<'a, F: FieldExt> Polynomials<'a, F> {
-    fn new(cs: &'a ConstraintSystem<F>, zk: bool, query_instance: bool, num_proof: usize) -> Self {
+    fn new(
+        cs: &'a ConstraintSystem<F>,
+        zk: bool,
+        query_instance: bool,
+        num_instance: Vec<usize>,
+        num_proof: usize,
+    ) -> Self {
         let degree = if zk {
             cs.degree::<true>()
         } else {
@@ -156,14 +164,16 @@ impl<'a, F: FieldExt> Polynomials<'a, F> {
         assert_eq!(num_advice.iter().sum::<usize>(), cs.num_advice_columns());
         assert_eq!(num_challenge.iter().sum::<usize>(), cs.num_challenges());
 
+        assert_eq!(cs.num_instance_columns(), num_instance.len());
+
         Self {
             cs,
             zk,
             query_instance,
             num_proof,
             num_fixed: cs.num_fixed_columns(),
             num_permutation_fixed: cs.permutation().get_columns().len(),
-            num_instance: cs.num_instance_columns(),
+            num_instance,
             num_advice,
             num_challenge,
             advice_index,
@@ -183,8 +193,11 @@ impl<'a, F: FieldExt> Polynomials<'a, F> {
         self.num_fixed + self.num_permutation_fixed
     }
 
-    fn num_statement(&self) -> usize {
-        self.num_proof * self.num_instance
+    fn num_statement(&self) -> Vec<usize> {
+        iter::repeat(self.num_instance.clone())
+            .take(self.num_proof)
+            .flatten()
+            .collect()
     }
 
     fn num_auxiliary(&self) -> Vec<usize> {
@@ -219,7 +232,7 @@ impl<'a, F: FieldExt> Polynomials<'a, F> {
     }
 
     fn auxiliary_offset(&self) -> usize {
-        self.instance_offset() + self.num_statement()
+        self.instance_offset() + self.num_statement().len()
     }
 
     fn cs_auxiliary_offset(&self) -> usize {
@@ -240,7 +253,7 @@ impl<'a, F: FieldExt> Polynomials<'a, F> {
     ) -> Query {
         let offset = match column_type.into() {
             Any::Fixed => 0,
-            Any::Instance => self.instance_offset() + t * self.num_instance,
+            Any::Instance => self.instance_offset() + t * self.num_instance.len(),
             Any::Advice(advice) => {
                 column_index = self.advice_index[column_index];
                 let phase_offset = self.num_proof
@@ -638,7 +651,7 @@ impl<'a, F: FieldExt> Polynomials<'a, F> {
                 accumulator_indices
                     .iter()
                     .cloned()
-                    .map(|(poly, row)| (poly + t * self.num_instance, row))
+                    .map(|(poly, row)| (poly + t * self.num_instance.len(), row))
                     .collect()
             })
             .collect()

src/protocol/halo2/test.rs

@@ -1,5 +1,6 @@
 use crate::{
     protocol::halo2::{compile, Config},
+    scheme::kzg::{Cost, CostEstimation, PlonkAccumulationScheme},
     util::{CommonPolynomial, Expression, Query},
 };
 use halo2_curves::bn256::{Bn256, Fr, G1};
@@ -18,13 +19,15 @@ use rand_chacha::{
     rand_core::{RngCore, SeedableRng},
     ChaCha20Rng,
 };
+use std::assert_matches::assert_matches;
 
 mod circuit;
 mod kzg;
 
 pub use circuit::{
-    maingate::{MainGateWithRange, MainGateWithRangeConfig},
-    plookup::Plookuper,
+    maingate::{
+        MainGateWithPlookup, MainGateWithPlookupConfig, MainGateWithRange, MainGateWithRangeConfig,
+    },
     standard::StandardPlonk,
 };
 
@@ -97,6 +100,7 @@ fn test_compile_standard_plonk() {
         Config {
             zk: false,
             query_instance: false,
+            num_instance: vec![1],
             num_proof: 1,
             accumulator_indices: None,
         },
@@ -108,7 +112,7 @@ fn test_compile_standard_plonk() {
     let t = Query::new(13, Rotation::cur());
 
     assert_eq!(protocol.preprocessed.len(), 8);
-    assert_eq!(protocol.num_statement, 1);
+    assert_eq!(protocol.num_statement, vec![1]);
     assert_eq!(protocol.num_auxiliary, vec![3, 0, 1]);
     assert_eq!(protocol.num_challenge, vec![1, 2, 0]);
     assert_eq!(
@@ -159,4 +163,14 @@ fn test_compile_standard_plonk() {
             ]
         })
     );
+
+    assert_matches!(
+        PlonkAccumulationScheme::estimate_cost(&protocol),
+        Cost {
+            num_commitment: 9,
+            num_evaluation: 13,
+            num_msm: 20,
+            ..
+        }
+    );
 }