Skip to content

feat: e1, e3 implementation for sha2 + keccak extensions #1657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 27 commits into from
May 20, 2025
Merged

feat: e1, e3 implementation for sha2 + keccak extensions #1657

merged 27 commits into from
May 20, 2025

Conversation

arayikhalatyan
Copy link
Contributor

@arayikhalatyan arayikhalatyan commented May 15, 2025
edited
Loading

Implemented e1, e3 for sha2 and keccak extensions. I feel like the trace generation of sha2 is more readable now.
Also, implemented an arbitrary length read function (used in both e1 executions)

I think eventually we should reimplement Plonky3's trace generation for Keccak so we don't have to allocate a separate trace matrix for the perm cols.

TODOs:

  • port the tests of keccak to the new framework
  • spend some time (not much) on optimizing the keccak trace gen

Resolves INT-3966
Resolves INT-3921

@arayikhalatyan
e1 and e3 implementation of rv32 adapters
5b86a3c
@arayikhalatyan
Make the BigInt crate compile
185fd35
@arayikhalatyan
fix: integration api comment
ec07962
@arayikhalatyan
e1 and e3 rewrite of mod-builder, algebra, ecc, and pairing
ac30c19
@arayikhalatyan
Merge branch 'feat/new-execution' into feat/mod-rewrite
783f936
@arayikhalatyan
fix pairing type defs
5f6da74
@arayikhalatyan
minor fix
fc8a28c
@arayikhalatyan
minor fix
8a0a319
@arayikhalatyan
e1,e3 implementation for Sha2 extension
58f2f24
@arayikhalatyan
merge feat/new-execution into feat/sha2-rewrite
5709f77
@arayikhalatyan
sha2 trace gen debug
b04ff82
@arayikhalatyan
Merge branch 'feat/new-execution' into feat/mod-rewrite
5006599
@arayikhalatyan
made all the tests to run successfully
a82a9b1
@arayikhalatyan
Merge branch 'feat/new-execution' into feat/mod-rewrite
421109a
@arayikhalatyan
minor fixes
2ac6eae
@arayikhalatyan
make execute e1 and e3 use the same funciton
0d37f5d
@arayikhalatyan
Merge branch 'feat/mod-rewrite' into feat/sha2-rewrite
331612f
@arayikhalatyan
Removed the pairing chips, added fill_dummy_row to TraceStep, other m…
473e2af 
…inor improvements
@arayikhalatyan
Merge branch 'feat/mod-rewrite' into feat/sha2-rewrite
d5474a4
@arayikhalatyan
Merge branch 'feat/new-execution' into feat/sha2-rewrite
7297237
@arayikhalatyan
e1,e3 rewrite for sha2
2b1004a
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented May 15, 2025
edited
Loading

CodSpeed Instrumentation Performance Report

Merging #1657 will not alter performance

Comparing feat/sha2-rewrite (03d186f) with feat/new-execution (00bab47)

Summary

✅ 4 untouched benchmarks

@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented May 15, 2025
edited
Loading

CodSpeed Walltime Performance Report

Merging #1657 will not alter performance

Comparing feat/sha2-rewrite (03d186f) with feat/new-execution (00bab47)

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

Summary

✅ 4 untouched benchmarks

@jonathanpwang
Copy link
Contributor

@arayikhalatyan we shouldn't have any block size restrictions on E1 (but likely need it for E2 in some light form). My imagination is indeed that E1 should just look like input = read_bytes(); return sha256(input)

@arayikhalatyan
Copy link
Contributor Author

@arayikhalatyan we shouldn't have any block size restrictions on E1 (but likely need it for E2 in some light form). My imagination is indeed that E1 should just look like input = read_bytes(); return sha256(input)

Yeah I agree. Then we have to make some changes to the GuestMemory interface because it expects the block size as a const generic.

@jonathanpwang jonathanpwang reopened this May 15, 2025
@arayikhalatyan arayikhalatyan changed the title feat: e1,e3 implementation for sha2 feat: e1, e3 implementation for sha2 + keccak extensions May 19, 2025
jonathanpwang
jonathanpwang reviewed May 20, 2025
View reviewed changes
crates/circuits/sha256-air/src/trace.rs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was a lot cleaner than I thought!

jonathanpwang
jonathanpwang reviewed May 20, 2025
View reviewed changes
extensions/sha256/circuit/src/sha256_chip/air.rs
@@ -44,6 +44,28 @@ pub struct Sha256VmAir {
pub(super) padding_encoder: Encoder,
}

impl Sha256VmAir {
pub fn new(
Copy link
Contributor

@jonathanpwang jonathanpwang May 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

info: this was moved from Sha256VmChip constructor

jonathanpwang
jonathanpwang reviewed May 20, 2025
View reviewed changes
crates/circuits/sha256-air/src/trace.rs
impl Sha256StepHelper {
pub fn new() -> Self {
Self {
row_idx_encoder: Encoder::new(18, 2, false),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you have to hardcode 18 because Padding::COUNT is not accessible in this crate?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe this function should be renamed and moved to tests.rs if it's only used there

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

18 comes from NUM_ROWS+1, I think it makes sense to keep it inside the constructor but with constants. eventually should be in colsref after Avaneesh's PR

jonathanpwang
jonathanpwang reviewed May 20, 2025
View reviewed changes
extensions/keccak256/circuit/src/trace.rs
let num_blocks = num_keccak_f(remaining_len);
let mut hasher = Keccak::v256();

trace
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: I think the way this is done makes sense ATM, but we'll have to change it / re-think it pretty carefully for the e4 rewrite

jonathanpwang
jonathanpwang reviewed May 20, 2025
View reviewed changes
extensions/keccak256/circuit/src/trace.rs
Arc::new(self.air)
}
impl<F: PrimeField32, CTX> TraceStep<F, CTX> for KeccakVmStep {
fn execute(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming this is mostly copied from InstructionExecutor in the other file

jonathanpwang
jonathanpwang approved these changes May 20, 2025
View reviewed changes
Copy link
Contributor

@jonathanpwang jonathanpwang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

tbh I didn't review the keccak execute/step too closely because (1) tests pass, (2) we'll need to re-review after the next (and last) e4 rewrite

@jonathanpwang jonathanpwang merged commit 5da1c54 into feat/new-execution May 20, 2025
14 of 31 checks passed
@jonathanpwang jonathanpwang deleted the feat/sha2-rewrite branch May 20, 2025 06:50
Golovanov399 pushed a commit that referenced this pull request May 20, 2025
@arayikhalatyan @Golovanov399
feat: e1, e3 implementation for sha2 + keccak extensions (#1657)
131c26c 
Implemented e1, e3 for sha2 and keccak extensions. I feel like the trace
generation of sha2 is more readable now.
Also, implemented an arbitrary length read function (used in both e1
executions)

I think eventually we should reimplement Plonky3's trace generation for
Keccak so we don't have to allocate a separate trace matrix for the perm
cols.

TODOs:

- port the tests of keccak to the new framework
- spend some time (not much) on optimizing the keccak trace gen 

Resolves INT-3966
Resolves INT-3921
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathanpwang jonathanpwang jonathanpwang approved these changes

@shuklaayush shuklaayush Awaiting requested review from shuklaayush

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arayikhalatyan @jonathanpwang