matter-labs/franklin-crypto

what is the multi tables usage for of Sha256Gadget ?

DreamWuGit opened this issue · 0 comments

DreamWuGit commented

Hi, buddy

I am reading code regarding Sha256Gadget with lookup method involved. I am not sure multi tables usage for of Sha256Gadget as below:
pub struct Sha256Gadget<E: Engine> {
// is is possible to reduce the number of constraints even more by exploiting not only d_next,
// but also c_prev
use_c_prev : bool,

// the purpose of these parameters is discussed before the "normalize" function
ch_num_of_chunks: usize,
// NOTE : actually the majority vand sheduler bases are the same (4), so there is no reason for their corresponding
// number of chunks to be different
maj_and_sheduler_num_of_chunks: usize,

**// tables used for chooser (ch) implementation    
sha256_base7_rot6_table: Arc<LookupTableApplication<E>>,
sha256_base7_rot3_extr10_table: Arc<LookupTableApplication<E>>,
sha256_ch_normalization_table: Arc<LookupTableApplication<E>>,

// tables used for majority (maj) implementation
sha256_base4_rot2_table: Arc<LookupTableApplication<E>>,
// the special property of this table is that it operates on 10-but chunks
sha256_base4_rot2_width10_table: Arc<LookupTableApplication<E>>,
sha256_maj_sheduler_normalization_table: Arc<LookupTableApplication<E>>,

// tables used for message expansion (message sheduler, in other terms)
sha256_base4_rot7_table: Arc<LookupTableApplication<E>>,**
// for normalization we are going to use the same table as in majority function - as their bases (4) are the same!
// we also implement R_3 and S_19 (see below) with the help of specially crafted addtional tables,
// namely: Sha256ShedulerHelperTable
sha256_sheduler_helper_table : Arc<LookupTableApplication<E>>,

// there is an option to handle of range checks via globally defined range table
// if there is no such table available, we are not going to create such a range table ourselves
// instead we accomplish rabge checks via sha_specific sparse_rotate tables
// in fact, there is not much benefit from using 16-bit range table than our inner 11-bit tables
// but if we are given one as a gift. why not to exploit it?
use_global_range_table: bool,
global_range_table_width: usize,
global_range_table: Option<Arc<LookupTableApplication<E>>>,
max_of_width: usize,

// constants 
iv: [E::Fr; 8],
round_constants: [E::Fr; 64],

}

I know the original sha256 algorithm process , but still confusing with circuit & lookup applied implementation, Is there any doc on design or someone tells some clues ?
Appreciate your classification!

Thanks