diff --git a/halo2-base/README.md b/halo2-base/README.md index 94cbbc58..3ba763ea 100644 --- a/halo2-base/README.md +++ b/halo2-base/README.md @@ -121,7 +121,7 @@ QuantumCell contains the following enum variants. Assigns an entirely new witness value into the advice column, such as a private input. When `assign_cell()` is called the value is wrapped in as an `Assigned::Trivial()` which marks it for exclusion from batch inversion. - **WitnessFraction**: - Assigns an entirely new witness value to the advice column. `WitnessFraction` exists for optimization purposes and accepts Assigned values wrapped in `Assigned::Rational()` marked for batch inverion (see [Assigned](#assigned)). + Assigns an entirely new witness value to the advice column. `WitnessFraction` exists for optimization purposes and accepts Assigned values wrapped in `Assigned::Rational()` marked for batch inversion (see [Assigned](#assigned)). - **Constant**: A value that is a "known" constant. A "known" refers to known at circuit creation time to both the Prover and Verifier. When you assign a constant value there exists another secret Fixed column in the circuit constraint table whose values are fixed at circuit creation time. When you assign a Constant value, you are adding this value to the Fixed column, adding the value as a witness to the Advice column, and then imposing an equality constraint between the two corresponding cells in the Fixed and Advice columns. diff --git a/halo2-base/src/gates/circuit/builder.rs b/halo2-base/src/gates/circuit/builder.rs index dabd50f1..ae7e188d 100644 --- a/halo2-base/src/gates/circuit/builder.rs +++ b/halo2-base/src/gates/circuit/builder.rs @@ -67,7 +67,7 @@ impl Default for BaseCircuitBuilder { impl BaseCircuitBuilder { /// Creates a new [BaseCircuitBuilder] with all default managers. /// * `witness_gen_only`: - /// * If true, the builder only does witness asignments and does not store constraint information -- this should only be used for the real prover. + /// * If true, the builder only does witness assignments and does not store constraint information -- this should only be used for the real prover. /// * If false, the builder also imposes constraints (selectors, fixed columns, copy constraints). Primarily used for keygen and mock prover (but can also be used for real prover). /// /// By default, **no** circuit configuration parameters have been set. @@ -254,7 +254,7 @@ impl BaseCircuitBuilder { /// Auto-calculates configuration parameters for the circuit and sets them. /// - /// * `k`: The number of in the circuit (i.e. numeber of rows = 2k) + /// * `k`: The number of in the circuit (i.e. number of rows = 2k) /// * `minimum_rows`: The minimum number of rows in the circuit that cannot be used for witness assignments and contain random `blinding factors` to ensure zk property, defaults to 0. /// * `lookup_bits`: The fixed lookup table will consist of [0, 2lookup_bits) pub fn calculate_params(&mut self, minimum_rows: Option) -> BaseCircuitParams { diff --git a/halo2-base/src/gates/flex_gate/mod.rs b/halo2-base/src/gates/flex_gate/mod.rs index 03f952b6..60405a95 100644 --- a/halo2-base/src/gates/flex_gate/mod.rs +++ b/halo2-base/src/gates/flex_gate/mod.rs @@ -545,7 +545,7 @@ pub trait GateInstructions { ctx.last().unwrap() } - /// Constrains and returns `a & b`, assumeing `a` and `b` are boolean. + /// Constrains and returns `a & b`, assuming `a` and `b` are boolean. /// /// Defines a vertical gate of form | 0 | a | b | out |, where out = a * b. /// * `ctx`: [Context] to add the constraints to. @@ -590,7 +590,7 @@ pub trait GateInstructions { ctx.last().unwrap() } - /// Constrains and returns `!a` assumeing `a` is boolean. + /// Constrains and returns `!a` assuming `a` is boolean. /// /// Defines a vertical gate of form | 1 - a | a | 1 | 1 |, where 1 - a = out. /// * `ctx`: [Context] to add the constraints to. @@ -1204,7 +1204,7 @@ impl GateInstructions for GateChip { ctx.last().unwrap() } - /// Constains and returns `a || (b && c)`, assuming `a`, `b` and `c` are boolean. + /// Constrains and returns `a || (b && c)`, assuming `a`, `b` and `c` are boolean. /// /// Defines a vertical gate of form `| 1 - b c | b | c | 1 | a - 1 | 1 - b c | out | a - 1 | 1 | 1 | a |`, where out = a + b * c - a * b * c. /// * `ctx`: [Context] to add the constraints to diff --git a/halo2-base/src/gates/flex_gate/threads/multi_phase.rs b/halo2-base/src/gates/flex_gate/threads/multi_phase.rs index ae893fb1..44e3401f 100644 --- a/halo2-base/src/gates/flex_gate/threads/multi_phase.rs +++ b/halo2-base/src/gates/flex_gate/threads/multi_phase.rs @@ -29,7 +29,7 @@ impl MultiPhaseCoreManager { /// Creates a new [MultiPhaseCoreManager] with a default [SinglePhaseCoreManager] in phase 0. /// Creates an empty [SharedCopyConstraintManager] and sets `witness_gen_only` flag. /// * `witness_gen_only`: If true, the [MultiPhaseCoreManager] is used for witness generation only. - /// * If true, the gate thread builder only does witness asignments and does not store constraint information -- this should only be used for the real prover. + /// * If true, the gate thread builder only does witness assignments and does not store constraint information -- this should only be used for the real prover. /// * If false, the gate thread builder is used for keygen and mock prover (it can also be used for real prover) and the builder stores circuit information (e.g. copy constraints, fixed columns, enabled selectors). /// * These values are fixed for the circuit at key generation time, and they do not need to be re-computed by the prover in the actual proving phase. pub fn new(witness_gen_only: bool) -> Self { @@ -126,7 +126,7 @@ impl MultiPhaseCoreManager { /// Auto-calculates configuration parameters for the circuit /// - /// * `k`: The number of in the circuit (i.e. numeber of rows = 2k) + /// * `k`: The number of in the circuit (i.e. number of rows = 2k) /// * `minimum_rows`: The minimum number of rows in the circuit that cannot be used for witness assignments and contain random `blinding factors` to ensure zk property, defaults to 0. pub fn calculate_params(&self, k: usize, minimum_rows: Option) -> FlexGateConfigParams { let max_rows = (1 << k) - minimum_rows.unwrap_or(0); diff --git a/halo2-base/src/gates/flex_gate/threads/single_phase.rs b/halo2-base/src/gates/flex_gate/threads/single_phase.rs index a554d727..472ae999 100644 --- a/halo2-base/src/gates/flex_gate/threads/single_phase.rs +++ b/halo2-base/src/gates/flex_gate/threads/single_phase.rs @@ -42,7 +42,7 @@ pub struct SinglePhaseCoreManager { impl SinglePhaseCoreManager { /// Creates a new [SinglePhaseCoreManager] and spawns a main thread. /// * `witness_gen_only`: If true, the [SinglePhaseCoreManager] is used for witness generation only. - /// * If true, the gate thread builder only does witness asignments and does not store constraint information -- this should only be used for the real prover. + /// * If true, the gate thread builder only does witness assignments and does not store constraint information -- this should only be used for the real prover. /// * If false, the gate thread builder is used for keygen and mock prover (it can also be used for real prover) and the builder stores circuit information (e.g. copy constraints, fixed columns, enabled selectors). /// * These values are fixed for the circuit at key generation time, and they do not need to be re-computed by the prover in the actual proving phase. pub fn new(witness_gen_only: bool, copy_manager: SharedCopyConstraintManager) -> Self { diff --git a/halo2-base/src/gates/tests/bitwise_rotate.rs b/halo2-base/src/gates/tests/bitwise_rotate.rs index d854ffbe..e2a262d3 100644 --- a/halo2-base/src/gates/tests/bitwise_rotate.rs +++ b/halo2-base/src/gates/tests/bitwise_rotate.rs @@ -71,7 +71,7 @@ fn test_bitwise_rotate_gen( #[test] fn test_bitwise_rotate() { - // "<<" is leftroate. ">>" is rightrotate. + // "<<" is leftrotate. ">>" is rightrotate. // 1 << 8 == 256 test_bitwise_rotate_gen::<8, 10>(8, true, 1, 256, true); // 1 << 8 != 255 diff --git a/halo2-base/src/gates/tests/neg_prop.rs b/halo2-base/src/gates/tests/neg_prop.rs index 27994ac0..cc098bb0 100644 --- a/halo2-base/src/gates/tests/neg_prop.rs +++ b/halo2-base/src/gates/tests/neg_prop.rs @@ -101,7 +101,7 @@ fn arb_indicator(max_size: usize) -> impl Strategy bool { // check that: - // the length of the witnes array is correct + // the length of the witness array is correct // the sum of the witnesses is 1, indicting that there is only one index that is 1 if ind_witnesses.len() != len || ind_witnesses.iter().fold(Fr::zero(), |acc, val| acc + *val) != Fr::one() diff --git a/halo2-base/src/lib.rs b/halo2-base/src/lib.rs index 669bc1ad..ac2a3226 100644 --- a/halo2-base/src/lib.rs +++ b/halo2-base/src/lib.rs @@ -48,7 +48,7 @@ use virtual_region::copy_constraints::SharedCopyConstraintManager; pub mod gates; /// Module for the Poseidon hash function. pub mod poseidon; -/// Module for SafeType which enforce value range and realted functions. +/// Module for SafeType which enforce value range and related functions. pub mod safe_types; /// Utility functions for converting between different types of field elements. pub mod utils; diff --git a/halo2-base/src/poseidon/hasher/mds.rs b/halo2-base/src/poseidon/hasher/mds.rs index 91b7d262..5088a864 100644 --- a/halo2-base/src/poseidon/hasher/mds.rs +++ b/halo2-base/src/poseidon/hasher/mds.rs @@ -34,7 +34,7 @@ pub struct SparseMDSMatrix { pub(crate) col_hat: [F; RATE], } -/// `MDSMatrix` is applied to `State` to achive linear layer of Poseidon +/// `MDSMatrix` is applied to `State` to achieve linear layer of Poseidon #[derive(Clone, Debug)] pub struct MDSMatrix(pub(crate) Mds); diff --git a/halo2-base/src/poseidon/hasher/tests/hasher.rs b/halo2-base/src/poseidon/hasher/tests/hasher.rs index 7b55c3c4..0b5784e2 100644 --- a/halo2-base/src/poseidon/hasher/tests/hasher.rs +++ b/halo2-base/src/poseidon/hasher/tests/hasher.rs @@ -22,7 +22,7 @@ struct Payload { } // check if the results from hasher and native sponge are same for hash_var_len_array. -fn hasher_compatiblity_verification< +fn hasher_compatibility_verification< const T: usize, const RATE: usize, const R_F: usize, @@ -50,7 +50,7 @@ fn hasher_compatiblity_verification< } // check if the results from hasher and native sponge are same for hash_compact_input. -fn hasher_compact_inputs_compatiblity_verification< +fn hasher_compact_inputs_compatibility_verification< const T: usize, const RATE: usize, const R_F: usize, @@ -115,7 +115,7 @@ fn hasher_compact_inputs_compatiblity_verification< } // check if the results from hasher and native sponge are same for hash_compact_input. -fn hasher_compact_chunk_inputs_compatiblity_verification< +fn hasher_compact_chunk_inputs_compatibility_verification< const T: usize, const RATE: usize, const R_F: usize, @@ -189,7 +189,7 @@ fn random_payload_without_len(max_len: usize, max_value: usize) } #[test] -fn test_poseidon_hasher_compatiblity() { +fn test_poseidon_hasher_compatibility() { { const T: usize = 3; const RATE: usize = 2; @@ -216,7 +216,7 @@ fn test_poseidon_hasher_compatiblity() { random_payload(RATE * 2 + 1, RATE * 2 + 1, usize::MAX), random_payload(RATE * 5 + 1, RATE * 5 + 1, usize::MAX), ]; - hasher_compatiblity_verification::(payloads); + hasher_compatibility_verification::(payloads); } } @@ -262,7 +262,7 @@ fn test_poseidon_hasher_compact_inputs() { random_payload(RATE * 5, RATE * 5, usize::MAX), ]; base_test().k(12).run(|ctx, range| { - hasher_compact_inputs_compatiblity_verification::(payloads, ctx, range); + hasher_compact_inputs_compatibility_verification::(payloads, ctx, range); }); } } @@ -289,7 +289,7 @@ fn test_poseidon_hasher_compact_inputs_with_prover() { .collect::>(); base_test().k(12).bench_builder(init_payloads, logic_payloads, |pool, range, input| { let ctx = pool.main(); - hasher_compact_inputs_compatiblity_verification::(input, ctx, range); + hasher_compact_inputs_compatibility_verification::(input, ctx, range); }); } } @@ -306,7 +306,7 @@ fn test_poseidon_hasher_compact_chunk_inputs() { (random_payload(RATE * 3, RATE * 3, usize::MAX), true), ]; base_test().k(12).run(|ctx, range| { - hasher_compact_chunk_inputs_compatiblity_verification::( + hasher_compact_chunk_inputs_compatibility_verification::( payloads, ctx, range, ); }); @@ -320,7 +320,7 @@ fn test_poseidon_hasher_compact_chunk_inputs() { (random_payload(0, 0, usize::MAX), false), ]; base_test().k(12).run(|ctx, range| { - hasher_compact_chunk_inputs_compatiblity_verification::( + hasher_compact_chunk_inputs_compatibility_verification::( payloads, ctx, range, ); }); @@ -349,7 +349,7 @@ fn test_poseidon_hasher_compact_chunk_inputs_with_prover() { .collect::>(); base_test().k(12).bench_builder(init_payloads, logic_payloads, |pool, range, input| { let ctx = pool.main(); - hasher_compact_chunk_inputs_compatiblity_verification::( + hasher_compact_chunk_inputs_compatibility_verification::( input, ctx, range, ); }); diff --git a/halo2-base/src/safe_types/mod.rs b/halo2-base/src/safe_types/mod.rs index 205c314e..98485637 100644 --- a/halo2-base/src/safe_types/mod.rs +++ b/halo2-base/src/safe_types/mod.rs @@ -34,7 +34,7 @@ const BITS_PER_BYTE: usize = 8; /// where each [`AssignedValue`] represents 1 byte. However, the range of [`AssignedValue`] is much /// larger than 1 byte(0~255). If a circuit takes 32 [`AssignedValue`] as inputs and some of them /// are actually greater than 255, there could be some undefined behaviors. -/// [`SafeType`] gurantees the value range of its owned [`AssignedValue`]. So circuits don't need to +/// [`SafeType`] guarantees the value range of its owned [`AssignedValue`]. So circuits don't need to /// do any extra value checking if they take SafeType as inputs. /// - `TOTAL_BITS` is the number of total bits of this type. /// - `BYTES_PER_ELE` is the number of bytes of each element. @@ -131,7 +131,7 @@ impl<'a, F: ScalarField> SafeTypeChip<'a, F> { /// Convert a vector of AssignedValue (treated as little-endian) to a SafeType. /// The number of bytes of inputs must equal to the number of bytes of outputs. - /// This function also add contraints that a AssignedValue in inputs must be in the range of a byte. + /// This function also add constraints that a AssignedValue in inputs must be in the range of a byte. pub fn raw_bytes_to( &self, ctx: &mut Context, @@ -276,7 +276,7 @@ impl<'a, F: ScalarField> SafeTypeChip<'a, F> { /// /// * inputs: Vector representing the byte array, right padded to `max_len`. See [VarLenBytesVec] for details about padding. /// * len: [`AssignedValue`] witness representing the variable length of the byte array. Constrained to be `<= max_len`. - /// * max_len: [usize] representing the maximum length of the byte array and the number of elements it must contain. We enforce this to be provided explictly to make sure length of `inputs` is determinstic. + /// * max_len: [usize] representing the maximum length of the byte array and the number of elements it must contain. We enforce this to be provided explicitly to make sure length of `inputs` is deterministic. /// /// ## Assumptions /// * `max_len < u64::MAX` to prevent overflow (but you should never make an array this large) @@ -311,7 +311,7 @@ impl<'a, F: ScalarField> SafeTypeChip<'a, F> { /// Converts a slice of AssignedValue(treated as little-endian) to FixLenBytesVec. /// /// * inputs: Slice representing the byte array. - /// * len: length of the byte array. We enforce this to be provided explictly to make sure length of `inputs` is determinstic. + /// * len: length of the byte array. We enforce this to be provided explicitly to make sure length of `inputs` is deterministic. pub fn raw_to_fix_len_bytes_vec( &self, ctx: &mut Context, diff --git a/halo2-ecc/src/bigint/mod.rs b/halo2-ecc/src/bigint/mod.rs index 37c32ecf..c7965adf 100644 --- a/halo2-ecc/src/bigint/mod.rs +++ b/halo2-ecc/src/bigint/mod.rs @@ -125,7 +125,7 @@ impl FixedOverflowInteger { /// Input: a BigInteger `value`, Output: the `FixedOverflowInteger` that represents the same value /// Can handle signs - /// Note the representation of the integer will be in proper (no overflow) format, if signs are interpretted correctly + /// Note the representation of the integer will be in proper (no overflow) format, if signs are interpreted correctly pub fn from_native(value: &BigUint, num_limbs: usize, limb_bits: usize) -> Self { let limbs = decompose_biguint(value, num_limbs, limb_bits); Self { limbs } diff --git a/halo2-ecc/src/ecc/mod.rs b/halo2-ecc/src/ecc/mod.rs index b410b1e0..65cec232 100644 --- a/halo2-ecc/src/ecc/mod.rs +++ b/halo2-ecc/src/ecc/mod.rs @@ -415,7 +415,7 @@ where EcPoint::new(Rx, Ry) } -// takes the dot product of points with sel, where each is intepreted as +// takes the dot product of points with sel, where each is interpreted as // a _vector_ pub fn ec_select_by_indicator( chip: &FC, @@ -635,7 +635,7 @@ where // need to supply an extra generic `C` implementing `CurveAffine` trait in order to generate random witness points on the curve in question // Using Simultaneous 2^w-Ary Method, see https://www.bmoeller.de/pdf/multiexp-sac2001.pdf -// Random Accumlation point trick learned from halo2wrong: https://hackmd.io/ncuKqRXzR-Cw-Au2fGzsMg?view +// Random Accumulation point trick learned from halo2wrong: https://hackmd.io/ncuKqRXzR-Cw-Au2fGzsMg?view // Input: // - `scalars` is vector of same length as `P` // - each `scalar` in `scalars` satisfies same assumptions as in `scalar_multiply` above diff --git a/halo2-ecc/src/ecc/schnorr_signature.rs b/halo2-ecc/src/ecc/schnorr_signature.rs index a124560f..85b42c02 100644 --- a/halo2-ecc/src/ecc/schnorr_signature.rs +++ b/halo2-ecc/src/ecc/schnorr_signature.rs @@ -63,7 +63,7 @@ where let x_neq = base_chip.gate().not(ctx, x_eq); // R = s⋅G - e⋅P - // R is not infinity point implicitly constrainted by is_strict = true + // R is not infinity point implicitly constrained by is_strict = true let R = chip.sub_unequal(ctx, s_G, e_P, true); // check R.y is even diff --git a/halo2-ecc/src/fields/mod.rs b/halo2-ecc/src/fields/mod.rs index 469397df..de79dea2 100644 --- a/halo2-ecc/src/fields/mod.rs +++ b/halo2-ecc/src/fields/mod.rs @@ -61,7 +61,7 @@ pub trait FieldChip: Clone + Send + Sync { /// Assigns `fe` as private witness. Note that the witness may **not** be constrained to be a unique representation of the field element `fe`. fn load_private(&self, ctx: &mut Context, fe: Self::FieldType) -> Self::FieldPoint; - /// Assigns `fe` as private witness and contrains the witness to be in reduced form. + /// Assigns `fe` as private witness and constrains the witness to be in reduced form. fn load_private_reduced( &self, ctx: &mut Context, diff --git a/halo2-ecc/src/fields/native_fp.rs b/halo2-ecc/src/fields/native_fp.rs index 7391d1db..bb3f70b4 100644 --- a/halo2-ecc/src/fields/native_fp.rs +++ b/halo2-ecc/src/fields/native_fp.rs @@ -145,7 +145,7 @@ impl<'range, F: BigPrimeField> FieldChip for NativeFieldChip<'range, F> { a: impl Into>, max_bits: usize, // the maximum bits that a.value could take ) { - // skip range chek if max_bits >= F::NUM_BITS + // skip range check if max_bits >= F::NUM_BITS if max_bits < F::NUM_BITS as usize { let a: AssignedValue = a.into(); self.range().range_check(ctx, a, max_bits); diff --git a/hashes/zkevm/src/keccak/README.md b/hashes/zkevm/src/keccak/README.md index 527d671f..89c838a9 100644 --- a/hashes/zkevm/src/keccak/README.md +++ b/hashes/zkevm/src/keccak/README.md @@ -4,13 +4,13 @@ Keccak circuit in vanilla halo2. This implementation starts from [PSE version](https://github.com/privacy-scaling-explorations/zkevm-circuits/tree/main/zkevm-circuits/src/keccak_circuit), then adopts some changes from [this PR](https://github.com/scroll-tech/zkevm-circuits/pull/216) and later updates in PSE version. -The major differences is that this version directly represent raw inputs and Keccak results as witnesses, while the original version only has RLCs(random linear combination) of raw inputs and Keccak results. Because this version doesn't need RLCs, it doesn't have the 2nd phase or use challenge APIs. +The major difference is that this version directly represent raw inputs and Keccak results as witnesses, while the original version only has RLCs(random linear combination) of raw inputs and Keccak results. Because this version doesn't need RLCs, it doesn't have the 2nd phase or use challenge APIs. ### Logical Input/Output Logically the circuit takes an array of bytes as inputs and Keccak results of these bytes as outputs. -`keccak::vanilla::witness::multi_keccak` generates the witnesses of the ciruit for a given input. +`keccak::vanilla::witness::multi_keccak` generates the witnesses of the circuit for a given input. ### Background Knowledge @@ -23,8 +23,8 @@ All these items remain consistent across all versions. - Every input is padded to be a multiple of RATE (136 bytes). If the length of the logical input already matches a multiple of RATE, an additional RATE bytes are added as padding. - Each `keccak_f` absorbs `RATE` bytes, which are splitted into `NUM_WORDS_TO_ABSORB`(17) words. Each word has `NUM_BYTES_PER_WORD`(8) bytes. - Each of the first `NUM_WORDS_TO_ABSORB`(17) rounds of each `keccak_f` absorbs a word. -- `is_final`(anothe name is `is_enabled`) is meaningful only at the first row of the "squeeze" round. It must be true if this is the last `keccak_f` of an logical input. -- The first round of the circuit is a dummy round, which doesn't crespond to any input. +- `is_final`(anothe name is `is_enabled`) is meaningful only at the first row of the "squeeze" round. It must be true if this is the last `keccak_f` of a logical input. +- The first round of the circuit is a dummy round, which doesn't correspond to any input. ### Raw inputs @@ -73,7 +73,7 @@ Let's say `rows_per_round = 10` and `inputs = [[], [0x89, 0x88, .., 0x01]]`. The - Removed column `output_rlc` and related gates. - Removed challenges. - Refactored the folder structure to follow [Scroll's repo](https://github.com/scroll-tech/zkevm-circuits/tree/95f82762cfec46140d6866c34a420ee1fc1e27c7/zkevm-circuits/src/keccak_circuit). `mod.rs` and `witness.rs` could be found [here](https://github.com/scroll-tech/zkevm-circuits/blob/develop/zkevm-circuits/src/keccak_circuit.rs). `KeccakTable` could be found [here](https://github.com/scroll-tech/zkevm-circuits/blob/95f82762cfec46140d6866c34a420ee1fc1e27c7/zkevm-circuits/src/table.rs#L1308). -- Imported utilites from [PSE zkevm-circuits repo](https://github.com/privacy-scaling-explorations/zkevm-circuits/blob/588b8b8c55bf639fc5cbf7eae575da922ea7f1fd/zkevm-circuits/src/util/word.rs). +- Imported utilities from [PSE zkevm-circuits repo](https://github.com/privacy-scaling-explorations/zkevm-circuits/blob/588b8b8c55bf639fc5cbf7eae575da922ea7f1fd/zkevm-circuits/src/util/word.rs). ## Component diff --git a/hashes/zkevm/src/keccak/component/circuit/shard.rs b/hashes/zkevm/src/keccak/component/circuit/shard.rs index 604da477..e0ffddc8 100644 --- a/hashes/zkevm/src/keccak/component/circuit/shard.rs +++ b/hashes/zkevm/src/keccak/component/circuit/shard.rs @@ -71,7 +71,7 @@ pub struct KeccakComponentShardCircuitParams { // Number of unusable rows withhold by Halo2. #[getset(get_copy = "pub")] num_unusable_row: usize, - /// Max keccak_f this circuits can aceept. The circuit can at most process `capacity` of inputs + /// Max keccak_f this circuits can accept. The circuit can at most process `capacity` of inputs /// with < NUM_BYTES_TO_ABSORB bytes or an input with `capacity * NUM_BYTES_TO_ABSORB - 1` bytes. #[getset(get_copy = "pub")] capacity: usize, @@ -410,7 +410,7 @@ pub(crate) fn create_hasher() -> PoseidonHasher( ctx: &mut Context, gate: &impl GateInstructions, @@ -466,7 +466,7 @@ pub fn pack_inputs_from_keccak_fs( /// Encode raw inputs from Keccak circuit witnesses into lookup keys. /// -/// Each element in the return value corrresponds to a Keccak chunk. If is_final = true, this element is the lookup key of the corresponding logical input. +/// Each element in the return value corresponds to a Keccak chunk. If is_final = true, this element is the lookup key of the corresponding logical input. pub fn encode_inputs_from_keccak_fs( ctx: &mut Context, gate: &impl GateInstructions, diff --git a/hashes/zkevm/src/keccak/component/output.rs b/hashes/zkevm/src/keccak/component/output.rs index 22688b5f..5787bdc4 100644 --- a/hashes/zkevm/src/keccak/component/output.rs +++ b/hashes/zkevm/src/keccak/component/output.rs @@ -19,7 +19,7 @@ pub struct KeccakCircuitOutput { pub hash_hi: E, } -/// Return circuit outputs of the specified Keccak corprocessor circuit for a specified input. +/// Return circuit outputs of the specified Keccak coprocessor circuit for a specified input. pub fn multi_inputs_to_circuit_outputs( inputs: &[Vec], capacity: usize, diff --git a/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs b/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs index 6a78efc9..d149e982 100644 --- a/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs +++ b/hashes/zkevm/src/keccak/vanilla/keccak_packed_multi.rs @@ -489,7 +489,7 @@ pub(crate) mod transform { } } -// Transfroms values to cells +// Transforms values to cells pub(crate) mod transform_to { use crate::{ halo2_proofs::plonk::{ConstraintSystem, TableColumn}, diff --git a/hashes/zkevm/src/keccak/vanilla/mod.rs b/hashes/zkevm/src/keccak/vanilla/mod.rs index c049ed89..8faa6d7b 100644 --- a/hashes/zkevm/src/keccak/vanilla/mod.rs +++ b/hashes/zkevm/src/keccak/vanilla/mod.rs @@ -266,7 +266,7 @@ impl KeccakCircuitConfig { // that allows reusing the same parts in an optimal way for the chi step. // We can save quite a few columns by not recombining the parts after rho/pi and // re-splitting the words again before chi. Instead we do chi directly - // on the output parts of rho/pi. For rho/pi specically we do + // on the output parts of rho/pi. For rho/pi specially we do // `s[j][2 * i + 3 * j) % 5] = normalize(rot(s[i][j], RHOM[i][j]))`. cell_manager.start_region(); let mut lookup_counter = 0; @@ -278,7 +278,7 @@ impl KeccakCircuitConfig { // multiple rows with lookups in a way that doesn't require any // extra additional cells or selectors we have to put all `s[i]`'s on the same // row. This isn't that strong of a requirement actually because we the - // words are split into multipe parts, and so only the parts at the same + // words are split into multiple parts, and so only the parts at the same // position of those words need to be on the same row. let target_word_sizes = target_part_sizes(part_size); let num_word_parts = target_word_sizes.len(); @@ -637,7 +637,7 @@ impl KeccakCircuitConfig { // Logically here we want !q_input[cur] && !start_new_hash(cur) ==> bytes_left[cur + num_rows_per_round] == bytes_left[cur] // In practice, in order to save a degree we use !(q_input[cur] ^ start_new_hash(cur)) ==> bytes_left[cur + num_rows_per_round] == bytes_left[cur] // When q_input[cur] is true, the above constraint q_input[cur] ==> bytes_left[cur + num_rows_per_round] + word_len == bytes_left[cur] has - // already been enabled. Even is_final in start_new_hash(cur) is true, it's just over-constrainted. + // already been enabled. Even is_final in start_new_hash(cur) is true, it's just over-constrained. // Note: At the first row of any round except the last round, is_final could be either true or false. cb.condition(not::expr(q(q_input, meta) + start_new_hash(meta, Rotation::cur())), |cb| { let bytes_left_next_expr = diff --git a/hashes/zkevm/src/sha256/README.md b/hashes/zkevm/src/sha256/README.md index 058cb371..23ed9fe3 100644 --- a/hashes/zkevm/src/sha256/README.md +++ b/hashes/zkevm/src/sha256/README.md @@ -4,14 +4,14 @@ SHA-256 circuit in vanilla halo2. This implementation is largely based on [Brechtpd](https://github.com/Brechtpd)'s [PR](https://github.com/privacy-scaling-explorations/zkevm-circuits/pull/756) to the PSE `zkevm-circuits`. His implementation of SHA-256 is in turn based on his implementation of Keccak using the "Bits" approach: one can read more about it [here](https://hackmd.io/NaTuIvmaQCybaOYgd-DG1Q?view#Bit-implementation). -The major differences is that this version directly represent raw inputs and SHA-256 digests as witnesses, while the original version only has RLCs (random linear combination) of raw inputs and outputs. Because this version doesn't need RLCs, it doesn't have the 2nd phase or use challenge APIs. +The major difference is that this version directly represent raw inputs and SHA-256 digests as witnesses, while the original version only has RLCs (random linear combination) of raw inputs and outputs. Because this version doesn't need RLCs, it doesn't have the 2nd phase or use challenge APIs. ### Logical Input/Output Logically the circuit takes a variable length array of variable length bytes as inputs and SHA-256 digests of these bytes as outputs. While these logical inputs are variable, what is fixed in a given circuit is max number of _total number of SHA-256 input blocks_ that can be processed (see below). We refer to this as the capacity of the circuit. -`sha256::vanilla::witness::generate_witnesses_multi_sha256` generates the witnesses of the ciruit for a given input. +`sha256::vanilla::witness::generate_witnesses_multi_sha256` generates the witnesses of the circuit for a given input. ### Background Knowledge