Add constrain_crt_equals_bytes, blob_crts, and challenge_digest functions

Author: z2trillion

aggregator/src/aggregation/batch_data.rs

@@ -1,6 +1,6 @@
 use crate::{
-    aggregation::rlc::POWS_OF_256, blob_consistency::BLOB_WIDTH, constants::N_BYTES_U256,
-    BatchHash, ChunkInfo, RlcConfig,
+    aggregation::rlc::POWS_OF_256, aggregation::util::constrain_crt_equals_bytes,
+    blob_consistency::BLOB_WIDTH, constants::N_BYTES_U256, BatchHash, ChunkInfo, RlcConfig,
 };
 use eth_types::{H256, U256};
 use ethers_core::utils::keccak256;
@@ -401,7 +401,7 @@ impl<const N_SNARKS: usize> BatchDataConfig<N_SNARKS> {
         chunks_are_padding: &[AssignedCell<Fr, Fr>],
         batch_data: &BatchData<N_SNARKS>,
         versioned_hash: H256,
-        barycentric_assignments: &[CRTInteger<Fr>],
+        challenge_digest: &CRTInteger<Fr>,
     ) -> Result<AssignedBatchDataExport, Error> {
         self.load_range_tables(layouter)?;
 
@@ -418,7 +418,7 @@ impl<const N_SNARKS: usize> BatchDataConfig<N_SNARKS> {
                     challenge_value,
                     rlc_config,
                     chunks_are_padding,
-                    barycentric_assignments,
+                    challenge_digest,
                     &assigned_rows,
                 )
             },
@@ -550,7 +550,7 @@ impl<const N_SNARKS: usize> BatchDataConfig<N_SNARKS> {
         // The chunks_are_padding assigned cells are exports from the conditional constraints in
         // `core.rs`. Since these are already constrained, we can just use them as is.
         chunks_are_padding: &[AssignedCell<Fr, Fr>],
-        barycentric_assignments: &[CRTInteger<Fr>],
+        assigned_challenge_digest: &CRTInteger<Fr>,
         assigned_rows: &[AssignedBatchDataConfig],
     ) -> Result<AssignedBatchDataExport, Error> {
         let n_rows_metadata = BatchData::<N_SNARKS>::n_rows_metadata();
@@ -996,41 +996,13 @@ impl<const N_SNARKS: usize> BatchDataConfig<N_SNARKS> {
         ////////////////////////////////////////////////////////////////////////////////
         //////////////////////////// CHALLENGE DIGEST CHECK ////////////////////////////
         ////////////////////////////////////////////////////////////////////////////////
-
-        assert_eq!(barycentric_assignments.len(), BLOB_WIDTH + 1);
-        let challenge_digest_crt = barycentric_assignments
-            .get(BLOB_WIDTH)
-            .expect("challenge digest CRT");
-        let challenge_digest_limb1 = rlc_config.inner_product(
-            region,
-            &challenge_digest[0..11],
-            &pows_of_256,
-            &mut rlc_config_offset,
-        )?;
-        let challenge_digest_limb2 = rlc_config.inner_product(
-            region,
-            &challenge_digest[11..22],
-            &pows_of_256,
-            &mut rlc_config_offset,
-        )?;
-        let challenge_digest_limb3 = rlc_config.inner_product(
+        constrain_crt_equals_bytes(
             region,
-            &challenge_digest[22..32],
-            &pows_of_256[0..10],
+            rlc_config,
+            assigned_challenge_digest,
+            &challenge_digest,
             &mut rlc_config_offset,
         )?;
-        region.constrain_equal(
-            challenge_digest_limb1.cell(),
-            challenge_digest_crt.truncation.limbs[0].cell(),
-        )?;
-        region.constrain_equal(
-            challenge_digest_limb2.cell(),
-            challenge_digest_crt.truncation.limbs[1].cell(),
-        )?;
-        region.constrain_equal(
-            challenge_digest_limb3.cell(),
-            challenge_digest_crt.truncation.limbs[2].cell(),
-        )?;
 
         Ok(export)
     }

aggregator/src/aggregation/circuit.rs

@@ -394,7 +394,6 @@ impl<const N_SNARKS: usize> Circuit<Fr> for BatchCircuit<N_SNARKS> {
 
         // blob data config
         {
-            let barycentric_assignments = &barycentric.barycentric_assignments;
             let challenge_le = &barycentric.z_le;
             let evaluation_le = &barycentric.y_le;
 
@@ -410,7 +409,7 @@ impl<const N_SNARKS: usize> Circuit<Fr> for BatchCircuit<N_SNARKS> {
             BlobConsistencyConfig::<N_SNARKS>::link(
                 &mut layouter,
                 &blob_data_exports.blob_crts_limbs,
-                barycentric_assignments,
+                barycentric.blob_crts(),
             )?;
 
             let batch_data_exports = config.batch_data_config.assign(
@@ -420,7 +419,7 @@ impl<const N_SNARKS: usize> Circuit<Fr> for BatchCircuit<N_SNARKS> {
                 &assigned_batch_hash.chunks_are_padding,
                 &batch_data,
                 self.batch_hash.blob_consistency_witness.id(),
-                barycentric_assignments,
+                barycentric.challenge_digest(),
             )?;
 
             // conditionally encode those bytes. By default we use a worked example.

aggregator/src/aggregation/util.rs

@@ -1,8 +1,13 @@
+use crate::RlcConfig;
 use gadgets::util::Expr;
+use halo2_ecc::bigint::CRTInteger;
 use halo2_proofs::{
-    plonk::{Advice, Column, ConstraintSystem, Expression, VirtualCells},
+    circuit::{AssignedCell, Region},
+    halo2curves::{bn256::Fr, group::ff::PrimeField},
+    plonk::{Advice, Column, ConstraintSystem, Error, Expression, VirtualCells},
     poly::Rotation,
 };
+use itertools::Itertools;
 use zkevm_circuits::util::Field;
 
 #[derive(Clone, Copy, Debug)]
@@ -29,3 +34,48 @@ impl BooleanAdvice {
         meta.query_advice(self.column, at)
     }
 }
+
+pub fn constrain_crt_equals_bytes(
+    region: &mut Region<Fr>,
+    rlc_config: &RlcConfig,
+    crt: &CRTInteger<Fr>,
+    bytes: &[AssignedCell<Fr, Fr>],
+    rlc_config_offset: &mut usize,
+) -> Result<(), Error> {
+    let mut powers_of_256 = vec![];
+    for i in 0..11 {
+        let assigned_cell =
+            rlc_config.load_private(region, &Fr::from_u128(256u128.pow(i)), rlc_config_offset)?;
+        let region_index = assigned_cell.cell().region_index;
+        let fixed_cell = if i == 0 {
+            rlc_config.one_cell(region_index)
+        } else {
+            rlc_config
+                .pow_of_two_hundred_and_fifty_six_cell(region_index, usize::try_from(i).unwrap())
+        };
+        region.constrain_equal(fixed_cell, assigned_cell.cell())?;
+        powers_of_256.push(assigned_cell);
+    }
+
+    let limb_from_bytes_lo =
+        rlc_config.inner_product(region, &bytes[0..11], &powers_of_256, rlc_config_offset)?;
+    let limb_from_bytes_mid =
+        rlc_config.inner_product(region, &bytes[11..22], &powers_of_256, rlc_config_offset)?;
+    let limb_from_bytes_hi = rlc_config.inner_product(
+        region,
+        &bytes[22..32],
+        &powers_of_256[0..10],
+        rlc_config_offset,
+    )?;
+
+    for (limb_from_bytes, crt_limb) in [limb_from_bytes_lo, limb_from_bytes_mid, limb_from_bytes_hi]
+        .iter()
+        .zip_eq(crt.limbs())
+    {
+        region.constrain_equal(limb_from_bytes.cell(), crt_limb.cell())?
+    }
+
+    Ok(())
+
+    // This can just be a collect....
+}

aggregator/src/blob_consistency/eip4844/barycentric.rs

@@ -55,13 +55,23 @@ pub struct BarycentricEvaluationConfig {
 pub struct AssignedBarycentricEvaluationConfig {
     /// CRTIntegers for the BLOB_WIDTH number of blob polynomial coefficients, followed by a
     /// CRTInteger for the challenge digest.
-    pub(crate) barycentric_assignments: Vec<CRTInteger<Fr>>,
+    barycentric_assignments: Vec<CRTInteger<Fr>>,
     /// 32 Assigned cells representing the LE-bytes of challenge z.
     pub(crate) z_le: Vec<AssignedValue<Fr>>,
     /// 32 Assigned cells representing the LE-bytes of evaluation y.
     pub(crate) y_le: Vec<AssignedValue<Fr>>,
 }
 
+impl AssignedBarycentricEvaluationConfig {
+    pub fn blob_crts(&self) -> &[CRTInteger<Fr>] {
+        &self.barycentric_assignments[0..BLOB_WIDTH]
+    }
+
+    pub fn challenge_digest(&self) -> &CRTInteger<Fr> {
+        &self.barycentric_assignments[BLOB_WIDTH]
+    }
+}
+
 impl BarycentricEvaluationConfig {
     pub fn construct(range: RangeConfig<Fr>) -> Self {
         Self {

aggregator/src/blob_consistency/eip4844/tests.rs

@@ -199,7 +199,7 @@ impl Circuit<Fr> for BlobCircuit {
                     challenge_values,
                     &config.rlc,
                     &chunks_are_padding,
-                    &barycentric_assignments.barycentric_assignments,
+                    barycentric_assignments.challenge_digest(),
                     &assigned_rows,
                 )?;