[CI] Backporting fixes from 0.5.0 to 0.4#889
Open
dannywillems wants to merge 3 commits into
Open
Conversation
The incomplete double-and-add loop in `ecc::chip::mul` kept the per-iteration base `(x_p, y_p)` constant across loop rows via `q_mul_2`, but never tied it to the real base: the coordinates were written with `assign_advice`, and the constancy chain reached neither the doubling-row nor the complete-addition base anchors. A prover could therefore run the incomplete loop against a free constant `B' != base`, making the gadget output `[a] base + [b] B'` rather than `[scalar] base`. Anchor the base by `copy_advice`-ing it into the first incomplete row; `q_mul_2` then propagates the equality to every loop row. The `hi` and `lo` halves share the `x_p`/`y_p` columns and run on the same rows, so the single anchor covers both. The fix changes the verifying key, so introduce `CircuitVersion` (`AnchoredBase` / `InsecureUnanchoredBase`): one binary can build both the fixed VK and the prior unanchored VK, the latter only to verify proofs created before the fix. `EccChip::construct` now takes the version explicitly. Add a regression test that drives the real `mul::Config` synthesis through a copy-recording `Assignment`: the fixed circuit's equality constraints are a superset of the prior version's, and the only additions are the two base anchors at the first incomplete-addition row. Rename the stored ECC-chip vk/proof fixtures to `*_insecure` and check them against the `InsecureUnanchoredBase` circuit, which reproduces the historical (deployed) verifying key exactly and still verifies the pre-fix proof under it — so a node can sync from before the fix. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Pin the verifying key and a proof for the fixed (anchored) ECC-chip circuit as `*_fixed`, checked by `test_ecc_chip_fixed_against_stored_circuit` and `test_against_stored_ecc_chip_4_5b_fixed`. With the `*_insecure` fixtures from the previous commit this covers both directions: a proof for the fixed circuit verifies under the new verifying key, and the deployed pre-fix proof verifies under the old one. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dannywillems
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Opening for CI.
As discussed on Slack:
From there, we can release and create tags from
halo2_gadgets-x.y.If we decide to keep the branch
halo2_gadgets-x.y, the branch could be the one we always start from if we have to backport more changes in0.x.