feat(avm): sha256_compression

AztecProtocol · May 17, 2024 · 4e10cfd · 4e10cfd
1 parent 7a31896
commit 4e10cfd
Show file tree

Hide file tree

Showing 21 changed files with 959 additions and 189 deletions.
diff --git a/barretenberg/cpp/pil/avm/avm_main.pil b/barretenberg/cpp/pil/avm/avm_main.pil
@@ -4,6 +4,7 @@ include "avm_alu.pil";
 include "avm_binary.pil";
 include "avm_kernel.pil";
 include "gadgets/avm_conversion.pil";
+include "gadgets/avm_sha256.pil";
 
 namespace avm_main(256);
     // Kernel lookup selector opcodes
@@ -28,6 +29,7 @@ namespace avm_main(256);
 
     //===== Gadget Selectors ======================================================
     pol commit sel_op_radix_le;
+    pol commit sel_op_sha256;
 
     //===== CONSTANT POLYNOMIALS ==================================================
     pol constant clk(i) { i };
@@ -172,6 +174,7 @@ namespace avm_main(256);
     sel_op_transaction_fee * (1 - sel_op_transaction_fee) = 0;
 
     sel_op_radix_le * (1 - sel_op_radix_le) = 0;
+    sel_op_sha256 * (1 - sel_op_sha256) = 0;
 
     sel_op_add * (1 - sel_op_add) = 0;
     sel_op_sub * (1 - sel_op_sub) = 0;
@@ -317,8 +320,10 @@ namespace avm_main(256);
 
     //===== CONTROL_FLOW_CONSISTENCY ============================================
     pol INTERNAL_CALL_STACK_SELECTORS = (first + sel_internal_call + sel_internal_return + sel_halt);
-    pol OPCODE_SELECTORS = (sel_op_add + sel_op_sub + sel_op_div + sel_op_fdiv + sel_op_mul + sel_op_not
-                          + sel_op_eq + sel_op_and + sel_op_or + sel_op_xor + sel_op_cast + KERNEL_SELECTORS);
+    pol ALL_BINARY_SEL = sel_op_and + sel_op_or + sel_op_xor;
+    pol ALL_GADGET_SEL = sel_op_radix_le + sel_op_sha256;
+    pol ALL_MEMORY_SEL = sel_cmov + sel_mov;
+    pol OPCODE_SELECTORS = ALU_ALL_SEL + ALL_BINARY_SEL + ALL_MEMORY_SEL + ALL_GADGET_SEL + KERNEL_SELECTORS;
 
     // Program counter must increment if not jumping or returning
     #[PC_INCREMENT]
@@ -462,6 +467,11 @@ namespace avm_main(256);
     is
     avm_conversion.to_radix_le_sel {avm_conversion.clk, avm_conversion.input, avm_conversion.radix, avm_conversion.num_limbs};
 
+    #[PERM_MAIN_SHA256]
+    sel_op_sha256 {clk, ia, ib, ic}
+    is
+    avm_sha256.sha256_compression_sel {avm_sha256.clk, avm_sha256.state, avm_sha256.input, avm_sha256.output};
+
     #[PERM_MAIN_MEM_A]
     mem_op_a {clk, mem_idx_a, ia, rwa
             , r_in_tag, w_in_tag, sel_mov_a, sel_cmov}

diff --git a/barretenberg/cpp/pil/avm/gadgets/avm_sha256.pil b/barretenberg/cpp/pil/avm/gadgets/avm_sha256.pil
@@ -0,0 +1,14 @@
+include "../avm_main.pil";
+
+namespace avm_sha256(256);
+
+    pol commit clk;
+
+    // Selector for Radix Operation
+    pol commit sha256_compression_sel;
+    sha256_compression_sel * (1 - sha256_compression_sel) = 0;
+
+    // These will all be arrays, but we just store the first element for permutation to the main trace for now
+    pol commit state;
+    pol commit input;
+    pol commit output;