diff --git a/cpp/scripts/bb-tests b/cpp/scripts/bb-tests index b8df6e338f..ba012981ea 100644 --- a/cpp/scripts/bb-tests +++ b/cpp/scripts/bb-tests @@ -2,7 +2,7 @@ crypto_aes128_tests crypto_blake2s_tests crypto_blake3s_tests crypto_ecdsa_tests -crypto_pedersen_tests +crypto_pedersen_commitment_tests crypto_schnorr_tests crypto_sha256_tests ecc_tests @@ -18,7 +18,7 @@ stdlib_blake2s_tests stdlib_blake3s_tests stdlib_ecdsa_tests stdlib_merkle_tree_tests -stdlib_pedersen_tests +stdlib_pedersen_commitment_tests stdlib_schnorr_tests stdlib_sha256_tests transcript_tests diff --git a/cpp/src/aztec/CMakeLists.txt b/cpp/src/aztec/CMakeLists.txt index a778e332b0..8810a695a9 100644 --- a/cpp/src/aztec/CMakeLists.txt +++ b/cpp/src/aztec/CMakeLists.txt @@ -71,13 +71,15 @@ if(WASM) $ $ $ - $ + $ + $ $ $ $ $ $ - $ + $ + $ $ $ ) @@ -118,13 +120,15 @@ if(WASM) $ $ $ - $ + $ + $ $ $ $ $ $ - $ + $ + $ $ $ $ @@ -146,13 +150,15 @@ else() $ $ $ - $ + $ + $ $ $ $ $ $ - $ + $ + $ $ $ $ diff --git a/cpp/src/aztec/crypto/CMakeLists.txt b/cpp/src/aztec/crypto/CMakeLists.txt index 8f2b22453b..a6517b1675 100644 --- a/cpp/src/aztec/crypto/CMakeLists.txt +++ b/cpp/src/aztec/crypto/CMakeLists.txt @@ -1,9 +1,11 @@ add_subdirectory(hmac) +add_subdirectory(generators) add_subdirectory(blake2s) add_subdirectory(blake3s) add_subdirectory(blake3s_full) add_subdirectory(keccak) -add_subdirectory(pedersen) +add_subdirectory(pedersen_commitment) +add_subdirectory(pedersen_hash) add_subdirectory(schnorr) add_subdirectory(sha256) add_subdirectory(ecdsa) diff --git a/cpp/src/aztec/crypto/generators/CMakeLists.txt b/cpp/src/aztec/crypto/generators/CMakeLists.txt new file mode 100644 index 0000000000..c57e2f53c5 --- /dev/null +++ b/cpp/src/aztec/crypto/generators/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(crypto_generators ecc) \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen/fixed_base_scalar_mul.hpp b/cpp/src/aztec/crypto/generators/fixed_base_scalar_mul.hpp similarity index 89% rename from cpp/src/aztec/crypto/pedersen/fixed_base_scalar_mul.hpp rename to cpp/src/aztec/crypto/generators/fixed_base_scalar_mul.hpp index c19f5f8e88..281509935f 100644 --- a/cpp/src/aztec/crypto/pedersen/fixed_base_scalar_mul.hpp +++ b/cpp/src/aztec/crypto/generators/fixed_base_scalar_mul.hpp @@ -1,8 +1,9 @@ #pragma once #include +#include "./generator_data.hpp" namespace crypto { -namespace pedersen { +namespace generators { constexpr uint64_t WNAF_MASK = 0x7fffffffUL; @@ -17,7 +18,7 @@ grumpkin::g1::element fixed_base_scalar_mul(const barretenberg::fr& in, const si constexpr size_t num_quads = ((num_quads_base << 1) + 1 < num_bits) ? num_quads_base + 1 : num_quads_base; constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); uint64_t wnaf_entries[num_quads + 2] = { 0 }; bool skew = false; @@ -40,5 +41,5 @@ grumpkin::g1::element fixed_base_scalar_mul(const barretenberg::fr& in, const si return accumulator.normalize(); } -} // namespace pedersen +} // namespace generators } // namespace crypto diff --git a/cpp/src/aztec/crypto/pedersen/generator_data.cpp b/cpp/src/aztec/crypto/generators/generator_data.cpp similarity index 99% rename from cpp/src/aztec/crypto/pedersen/generator_data.cpp rename to cpp/src/aztec/crypto/generators/generator_data.cpp index c98e10c002..514489f117 100644 --- a/cpp/src/aztec/crypto/pedersen/generator_data.cpp +++ b/cpp/src/aztec/crypto/generators/generator_data.cpp @@ -1,7 +1,7 @@ #include "./generator_data.hpp" namespace crypto { -namespace pedersen { +namespace generators { namespace { // The number of unique base points with default main index with precomputed ladders @@ -276,5 +276,5 @@ const fixed_base_ladder* generator_data::get_hash_ladder(size_t num_bits) const return get_ladder_internal(hash_ladder, num_bits); } -} // namespace pedersen +} // namespace generators } // namespace crypto diff --git a/cpp/src/aztec/crypto/pedersen/generator_data.hpp b/cpp/src/aztec/crypto/generators/generator_data.hpp similarity index 97% rename from cpp/src/aztec/crypto/pedersen/generator_data.hpp rename to cpp/src/aztec/crypto/generators/generator_data.hpp index ed917d6a90..09215a21ef 100644 --- a/cpp/src/aztec/crypto/pedersen/generator_data.hpp +++ b/cpp/src/aztec/crypto/generators/generator_data.hpp @@ -4,7 +4,7 @@ #include namespace crypto { -namespace pedersen { +namespace generators { struct generator_index_t { size_t index; @@ -58,5 +58,5 @@ std::vector> const& init_generator_data(); const fixed_base_ladder* get_g1_ladder(const size_t num_bits); generator_data const& get_generator_data(generator_index_t index); -} // namespace pedersen +} // namespace generators } // namespace crypto diff --git a/cpp/src/aztec/crypto/pedersen/pedersen.test.cpp b/cpp/src/aztec/crypto/generators/generator_data.test.cpp similarity index 93% rename from cpp/src/aztec/crypto/pedersen/pedersen.test.cpp rename to cpp/src/aztec/crypto/generators/generator_data.test.cpp index 32c85175d5..03ecf01554 100644 --- a/cpp/src/aztec/crypto/pedersen/pedersen.test.cpp +++ b/cpp/src/aztec/crypto/generators/generator_data.test.cpp @@ -1,10 +1,11 @@ #include #include -#include "./pedersen.hpp" +#include "./fixed_base_scalar_mul.hpp" +#include "./generator_data.hpp" -using namespace crypto::pedersen; +using namespace crypto::generators; -TEST(pedersen, hash_ladder_structure) +TEST(generators, hash_ladder_structure) { generator_index_t index = { 2, 0 }; generator_data gen_data = get_generator_data(index); @@ -60,7 +61,7 @@ TEST(pedersen, hash_ladder_structure) EXPECT_EQ(grumpkin::g1::element(hash_ladder[0].one), mult); } -TEST(pedersen, fixed_base_scalar_mul) +TEST(generators, fixed_base_scalar_mul) { uint256_t scalar(123, 0, 0, 0); diff --git a/cpp/src/aztec/crypto/pedersen/CMakeLists.txt b/cpp/src/aztec/crypto/pedersen/CMakeLists.txt deleted file mode 100644 index c9e1108acd..0000000000 --- a/cpp/src/aztec/crypto/pedersen/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -barretenberg_module(crypto_pedersen ecc) \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen_commitment/CMakeLists.txt b/cpp/src/aztec/crypto/pedersen_commitment/CMakeLists.txt new file mode 100644 index 0000000000..9f6095fdf3 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_commitment/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(crypto_pedersen_commitment ecc crypto_generators crypto_pedersen_hash) \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen_commitment/c_bind.cpp b/cpp/src/aztec/crypto/pedersen_commitment/c_bind.cpp new file mode 100644 index 0000000000..2994a9ee98 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_commitment/c_bind.cpp @@ -0,0 +1,37 @@ +#include "pedersen.hpp" +#include +#include +#include +#include +#define WASM_EXPORT __attribute__((visibility("default"))) + +extern "C" { + +WASM_EXPORT void pedersen__init() +{ + crypto::generators::init_generator_data(); +} + +WASM_EXPORT void pedersen__compress(uint8_t const* inputs_buffer, uint8_t* output) +{ + std::vector to_compress; + read(inputs_buffer, to_compress); + auto r = crypto::pedersen_commitment::compress_native(to_compress); + barretenberg::fr::serialize_to_buffer(r, output); +} + +WASM_EXPORT void pedersen__compress_with_hash_index(uint8_t const* inputs_buffer, uint8_t* output, uint32_t hash_index) +{ + std::vector to_compress; + read(inputs_buffer, to_compress); + auto r = crypto::pedersen_commitment::compress_native(to_compress, hash_index); + barretenberg::fr::serialize_to_buffer(r, output); +} + +WASM_EXPORT void pedersen__buffer_to_field(uint8_t const* data, size_t length, uint8_t* r) +{ + std::vector to_compress(data, data + length); + auto output = crypto::pedersen_commitment::compress_native(to_compress); + write(r, output); +} +} \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen/convert_buffer_to_field.hpp b/cpp/src/aztec/crypto/pedersen_commitment/convert_buffer_to_field.hpp similarity index 94% rename from cpp/src/aztec/crypto/pedersen/convert_buffer_to_field.hpp rename to cpp/src/aztec/crypto/pedersen_commitment/convert_buffer_to_field.hpp index e6dc4d3212..ae33db10dc 100644 --- a/cpp/src/aztec/crypto/pedersen/convert_buffer_to_field.hpp +++ b/cpp/src/aztec/crypto/pedersen_commitment/convert_buffer_to_field.hpp @@ -3,7 +3,7 @@ #include namespace crypto { -namespace pedersen { +namespace pedersen_commitment { inline std::vector convert_buffer_to_field(const std::vector& input) { @@ -33,5 +33,5 @@ inline std::vector convert_buffer_to_field(const std::vector #endif +// using namespace crypto::generators; + namespace crypto { -namespace pedersen { +namespace pedersen_commitment { -grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index) +grumpkin::g1::element commit_single(const barretenberg::fr& in, generator_index_t const& index) { auto gen_data = get_generator_data(index); barretenberg::fr scalar_multiplier = in.from_montgomery_form(); @@ -19,7 +21,7 @@ grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t constexpr size_t num_quads = ((num_quads_base << 1) + 1 < num_bits) ? num_quads_base + 1 : num_quads_base; constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); uint64_t wnaf_entries[num_quads + 2] = { 0 }; bool skew = false; @@ -56,7 +58,7 @@ grumpkin::g1::affine_element commit_native(const std::vector& inpu #endif for (size_t i = 0; i < inputs.size(); ++i) { generator_index_t index = { hash_index, i }; - out[i] = hash_single(inputs[i], index); + out[i] = commit_single(inputs[i], index); } grumpkin::g1::element r = out[0]; @@ -89,5 +91,5 @@ grumpkin::fq compress_native(const std::vector& input) return compress_native_buffer_to_field(input); } -} // namespace pedersen +} // namespace pedersen_commitment } // namespace crypto \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen/pedersen.hpp b/cpp/src/aztec/crypto/pedersen_commitment/pedersen.hpp similarity index 67% rename from cpp/src/aztec/crypto/pedersen/pedersen.hpp rename to cpp/src/aztec/crypto/pedersen_commitment/pedersen.hpp index 38df6eca46..d4c1cc686d 100644 --- a/cpp/src/aztec/crypto/pedersen/pedersen.hpp +++ b/cpp/src/aztec/crypto/pedersen_commitment/pedersen.hpp @@ -1,13 +1,15 @@ #pragma once #include #include -#include "./generator_data.hpp" -#include "./fixed_base_scalar_mul.hpp" +#include "../generators/generator_data.hpp" +#include "../generators/fixed_base_scalar_mul.hpp" + +using namespace crypto::generators; namespace crypto { -namespace pedersen { +namespace pedersen_commitment { -grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index); +grumpkin::g1::element commit_single(const barretenberg::fr& in, generator_index_t const& index); grumpkin::g1::affine_element commit_native(const std::vector& elements, const size_t hash_index = 0); @@ -21,5 +23,5 @@ template grumpkin::fq compress_native(const std::array& input); -} // namespace pedersen +} // namespace pedersen_commitment } // namespace crypto diff --git a/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.cpp b/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.cpp new file mode 100644 index 0000000000..d58de916e6 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.cpp @@ -0,0 +1,79 @@ +#include "./pedersen_lookup.hpp" +#include "../pedersen_hash/pedersen_lookup.hpp" +#include "./convert_buffer_to_field.hpp" + +#include + +using namespace crypto::pedersen_hash::lookup; + +namespace crypto::pedersen_hash::lookup { +extern std::array, NUM_PEDERSEN_TABLES> pedersen_tables; +extern std::vector pedersen_iv_table; +extern std::array generators; +} // namespace crypto::pedersen_hash::lookup + +namespace crypto { +namespace pedersen_commitment { +namespace lookup { + +grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv) +{ + if (inputs.size() == 0) { + auto result = grumpkin::g1::affine_one; + result.self_set_infinity(); + return result; + } + init(); + const size_t num_inputs = inputs.size(); + + grumpkin::fq result = (pedersen_iv_table[iv]).x; + for (size_t i = 0; i < num_inputs; i++) { + result = hash_pair(result, inputs[i]); + } + + return (hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); +} + +grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index) +{ + return grumpkin::g1::affine_element(merkle_damgard_compress(inputs, hash_index)); +} + +grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index) +{ + return commit_native(inputs, hash_index).x; +} + +grumpkin::fq compress_native_buffer_to_field(const std::vector& input) +{ + const auto elements = convert_buffer_to_field(input); + grumpkin::fq result_fq = compress_native(elements); + return result_fq; +} + +std::vector compress_native(const std::vector& input) +{ + const auto result_fq = compress_native_buffer_to_field(input); + uint256_t result_u256(result_fq); + const size_t num_bytes = input.size(); + + bool is_zero = true; + for (const auto byte : input) { + is_zero = is_zero && (byte == static_cast(0)); + } + if (is_zero) { + result_u256 = num_bytes; + } + std::vector result_buffer; + result_buffer.reserve(32); + for (size_t i = 0; i < 32; ++i) { + const uint64_t shift = (31 - i) * 8; + uint256_t shifted = result_u256 >> uint256_t(shift); + result_buffer.push_back(static_cast(shifted.data[0])); + } + return result_buffer; +} + +} // namespace lookup +} // namespace pedersen_commitment +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.hpp b/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.hpp new file mode 100644 index 0000000000..b2408075e5 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.hpp @@ -0,0 +1,26 @@ +#pragma once + +#include + +namespace crypto { +namespace pedersen_commitment { +namespace lookup { + +grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv); + +grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index = 0); +std::vector compress_native(const std::vector& input); + +grumpkin::fq compress_native_buffer_to_field(const std::vector& input); + +template grumpkin::fq compress_native(const std::array& inputs) +{ + std::vector in(inputs.begin(), inputs.end()); + return compress_native(in); +} + +grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index = 0); + +} // namespace lookup +} // namespace pedersen_commitment +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen/pedersen_lookup.test.cpp b/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.test.cpp similarity index 80% rename from cpp/src/aztec/crypto/pedersen/pedersen_lookup.test.cpp rename to cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.test.cpp index 974dd1ba29..eeed7a27df 100644 --- a/cpp/src/aztec/crypto/pedersen/pedersen_lookup.test.cpp +++ b/cpp/src/aztec/crypto/pedersen_commitment/pedersen_lookup.test.cpp @@ -3,6 +3,7 @@ #include #include "./pedersen_lookup.hpp" +#include "../pedersen_hash/pedersen_lookup.hpp" namespace { auto& engine = numeric::random::get_debug_engine(); @@ -13,14 +14,14 @@ auto compute_expected(const grumpkin::fq exponent, size_t generator_offset) uint256_t bits(exponent); std::array accumulators; const auto lambda = grumpkin::fr::cube_root_of_unity(); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < 15; ++i) { const auto slice_a = static_cast(bits.data[0] & mask) + 1; - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; const auto slice_b = static_cast(bits.data[0] & mask) + 1; - const auto generator = crypto::pedersen::lookup::get_table_generator(generator_offset + i); + const auto generator = crypto::pedersen_hash::lookup::get_table_generator(generator_offset + i); if (i == 0) { accumulators[0] = generator * (lambda * slice_a); @@ -31,7 +32,7 @@ auto compute_expected(const grumpkin::fq exponent, size_t generator_offset) accumulators[1] += (generator * grumpkin::fr(slice_b)); } } - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } return (accumulators[0] + accumulators[1]); } @@ -70,9 +71,9 @@ TEST(pedersen_lookup, hash_single) const fq exponent = engine.get_random_uint256(); - const affine_element result(crypto::pedersen::lookup::hash_single(exponent, false)); + const affine_element result(crypto::pedersen_hash::lookup::hash_single(exponent, false)); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; uint256_t bits(exponent); @@ -82,10 +83,10 @@ TEST(pedersen_lookup, hash_single) for (size_t i = 0; i < 15; ++i) { const auto slice_a = static_cast(bits.data[0] & mask) + 1; - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; const auto slice_b = static_cast(bits.data[0] & mask) + 1; - const element generator = crypto::pedersen::lookup::get_table_generator(i); + const element generator = crypto::pedersen_hash::lookup::get_table_generator(i); if (i == 0) { accumulators[0] = generator * (lambda * slice_a); @@ -96,7 +97,7 @@ TEST(pedersen_lookup, hash_single) accumulators[1] += (generator * (slice_b)); } } - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } const affine_element expected(accumulators[0] + accumulators[1]); @@ -112,7 +113,7 @@ TEST(pedersen_lookup, hash_pair) const fq left = engine.get_random_uint256(); const fq right = engine.get_random_uint256(); - const fq result(crypto::pedersen::lookup::hash_pair(left, right)); + const fq result(crypto::pedersen_hash::lookup::hash_pair(left, right)); const affine_element expected(compute_expected(left, 0) + compute_expected(right, 15)); @@ -131,7 +132,7 @@ TEST(pedersen_lookup, merkle_damgard_compress) inputs.push_back(engine.get_random_uint256()); } - const auto result = crypto::pedersen::lookup::merkle_damgard_compress(inputs, iv); + const auto result = crypto::pedersen_commitment::lookup::merkle_damgard_compress(inputs, iv); fq intermediate = (grumpkin::g1::affine_one * fr(iv + 1)).x; for (size_t i = 0; i < m; i++) { diff --git a/cpp/src/aztec/crypto/pedersen/sidon_set/sidon_set.hpp b/cpp/src/aztec/crypto/pedersen_commitment/sidon_set/sidon_set.hpp similarity index 100% rename from cpp/src/aztec/crypto/pedersen/sidon_set/sidon_set.hpp rename to cpp/src/aztec/crypto/pedersen_commitment/sidon_set/sidon_set.hpp diff --git a/cpp/src/aztec/crypto/pedersen/sidon_set/sidon_set.test.cpp b/cpp/src/aztec/crypto/pedersen_commitment/sidon_set/sidon_set.test.cpp similarity index 100% rename from cpp/src/aztec/crypto/pedersen/sidon_set/sidon_set.test.cpp rename to cpp/src/aztec/crypto/pedersen_commitment/sidon_set/sidon_set.test.cpp diff --git a/cpp/src/aztec/crypto/pedersen_hash/CMakeLists.txt b/cpp/src/aztec/crypto/pedersen_hash/CMakeLists.txt new file mode 100644 index 0000000000..46f39c7163 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_hash/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(crypto_pedersen_hash ecc crypto_generators) \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen/c_bind.cpp b/cpp/src/aztec/crypto/pedersen_hash/c_bind.cpp similarity index 60% rename from cpp/src/aztec/crypto/pedersen/c_bind.cpp rename to cpp/src/aztec/crypto/pedersen_hash/c_bind.cpp index 810db9c939..7226cb556a 100644 --- a/cpp/src/aztec/crypto/pedersen/c_bind.cpp +++ b/cpp/src/aztec/crypto/pedersen_hash/c_bind.cpp @@ -7,42 +7,37 @@ extern "C" { -WASM_EXPORT void pedersen__init() +WASM_EXPORT void pedersen_hash__init() { - crypto::pedersen::init_generator_data(); + crypto::generators::init_generator_data(); } -WASM_EXPORT void pedersen__compress_fields(uint8_t const* left, uint8_t const* right, uint8_t* result) +WASM_EXPORT void pedersen__hash_pair(uint8_t const* left, uint8_t const* right, uint8_t* result) { auto lhs = barretenberg::fr::serialize_from_buffer(left); auto rhs = barretenberg::fr::serialize_from_buffer(right); - auto r = crypto::pedersen::compress_native({ lhs, rhs }); + auto r = crypto::pedersen_hash::hash_multiple({ lhs, rhs }); barretenberg::fr::serialize_to_buffer(r, result); } -WASM_EXPORT void pedersen__compress(uint8_t const* inputs_buffer, uint8_t* output) +WASM_EXPORT void pedersen__hash_multiple(uint8_t const* inputs_buffer, uint8_t* output) { std::vector to_compress; read(inputs_buffer, to_compress); - auto r = crypto::pedersen::compress_native(to_compress); + auto r = crypto::pedersen_hash::hash_multiple(to_compress); barretenberg::fr::serialize_to_buffer(r, output); } -WASM_EXPORT void pedersen__compress_with_hash_index(uint8_t const* inputs_buffer, uint8_t* output, uint32_t hash_index) +WASM_EXPORT void pedersen__hash_multiple_with_hash_index(uint8_t const* inputs_buffer, + uint8_t* output, + uint32_t hash_index) { std::vector to_compress; read(inputs_buffer, to_compress); - auto r = crypto::pedersen::compress_native(to_compress, hash_index); + auto r = crypto::pedersen_hash::hash_multiple(to_compress, hash_index); barretenberg::fr::serialize_to_buffer(r, output); } -WASM_EXPORT void pedersen__buffer_to_field(uint8_t const* data, size_t length, uint8_t* r) -{ - std::vector to_compress(data, data + length); - auto output = crypto::pedersen::compress_native(to_compress); - write(r, output); -} - /** * Given a buffer containing 32 byte pedersen leaves, return a new buffer containing the leaves and all pairs of * nodes that define a merkle tree. @@ -57,7 +52,7 @@ WASM_EXPORT uint8_t* pedersen__hash_to_tree(uint8_t const* data) fields.reserve(num_outputs); for (size_t i = 0; fields.size() < num_outputs; i += 2) { - fields.push_back(crypto::pedersen::compress_native({ fields[i], fields[i + 1] })); + fields.push_back(crypto::pedersen_hash::hash_multiple({ fields[i], fields[i + 1] })); } auto buf_size = 4 + num_outputs * sizeof(grumpkin::fq); diff --git a/cpp/src/aztec/crypto/pedersen_hash/pedersen.cpp b/cpp/src/aztec/crypto/pedersen_hash/pedersen.cpp new file mode 100644 index 0000000000..ee1ad7fb01 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_hash/pedersen.cpp @@ -0,0 +1,71 @@ +#include "./pedersen.hpp" +#include +#include +#ifndef NO_MULTITHREADING +#include +#endif + +namespace crypto { +namespace pedersen_hash { + +grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index) +{ + auto gen_data = get_generator_data(index); + barretenberg::fr scalar_multiplier = in.from_montgomery_form(); + + constexpr size_t num_bits = 254; + constexpr size_t num_quads_base = (num_bits - 1) >> 1; + constexpr size_t num_quads = ((num_quads_base << 1) + 1 < num_bits) ? num_quads_base + 1 : num_quads_base; + constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; + + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + + uint64_t wnaf_entries[num_quads + 2] = { 0 }; + bool skew = false; + barretenberg::wnaf::fixed_wnaf(&scalar_multiplier.data[0], &wnaf_entries[0], skew, 0); + + grumpkin::g1::element accumulator; + accumulator = grumpkin::g1::element(ladder[0].one); + if (skew) { + accumulator -= gen_data.skew_generator; + } + + for (size_t i = 0; i < num_quads; ++i) { + uint64_t entry = wnaf_entries[i + 1]; + const grumpkin::g1::affine_element& point_to_add = + ((entry & WNAF_MASK) == 1) ? ladder[i + 1].three : ladder[i + 1].one; + uint64_t predicate = (entry >> 31U) & 1U; + accumulator.self_mixed_add_or_sub(point_to_add, predicate); + } + return accumulator; +} + +/** + * Given a vector of fields, generate a pedersen hash using the indexed generators. + */ +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index) +{ + ASSERT((inputs.size() < (1 << 16)) && "too many inputs for 16 bit index"); + std::vector out(inputs.size()); + +#ifndef NO_MULTITHREADING + // Ensure generator data is initialized before threading... + init_generator_data(); +#pragma omp parallel for num_threads(inputs.size()) +#endif + for (size_t i = 0; i < inputs.size(); ++i) { + generator_index_t index = { hash_index, i }; + out[i] = hash_single(inputs[i], index); + } + + grumpkin::g1::element r = out[0]; + for (size_t i = 1; i < inputs.size(); ++i) { + r = out[i] + r; + } + grumpkin::g1::affine_element result = + r.is_point_at_infinity() ? grumpkin::g1::affine_element(0, 0) : grumpkin::g1::affine_element(r); + return result.x; +} + +} // namespace pedersen_hash +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen_hash/pedersen.hpp b/cpp/src/aztec/crypto/pedersen_hash/pedersen.hpp new file mode 100644 index 0000000000..e434d749b5 --- /dev/null +++ b/cpp/src/aztec/crypto/pedersen_hash/pedersen.hpp @@ -0,0 +1,17 @@ +#pragma once +#include +#include +#include "../generators/generator_data.hpp" +#include "../generators/fixed_base_scalar_mul.hpp" + +using namespace crypto::generators; + +namespace crypto { +namespace pedersen_hash { + +grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index); + +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index = 0); + +} // namespace pedersen_hash +} // namespace crypto diff --git a/cpp/src/aztec/crypto/pedersen/pedersen_lookup.cpp b/cpp/src/aztec/crypto/pedersen_hash/pedersen_lookup.cpp similarity index 71% rename from cpp/src/aztec/crypto/pedersen/pedersen_lookup.cpp rename to cpp/src/aztec/crypto/pedersen_hash/pedersen_lookup.cpp index 5fd8dbff62..42e6ae7fd9 100644 --- a/cpp/src/aztec/crypto/pedersen/pedersen_lookup.cpp +++ b/cpp/src/aztec/crypto/pedersen_hash/pedersen_lookup.cpp @@ -1,16 +1,15 @@ #include "./pedersen_lookup.hpp" -#include "./convert_buffer_to_field.hpp" #include namespace crypto { -namespace pedersen { +namespace pedersen_hash { namespace lookup { -namespace { -static std::array, NUM_PEDERSEN_TABLES> pedersen_tables; -static std::vector pedersen_iv_table; -static std::array generators; +std::array, NUM_PEDERSEN_TABLES> pedersen_tables; +std::vector pedersen_iv_table; +std::array generators; + static bool inited = false; void init_single_lookup_table(const size_t index) @@ -83,7 +82,6 @@ void init() init_iv_lookup_table(); inited = true; } -} // namespace grumpkin::g1::affine_element get_table_generator(const size_t table_index) { @@ -149,63 +147,26 @@ grumpkin::fq hash_pair(const grumpkin::fq& left, const grumpkin::fq& right) return result.x; } -grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv) +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index) { if (inputs.size() == 0) { auto result = grumpkin::g1::affine_one; result.self_set_infinity(); - return result; + return result.x; } init(); const size_t num_inputs = inputs.size(); - grumpkin::fq result = (pedersen_iv_table[iv]).x; + grumpkin::fq result = (pedersen_iv_table[hash_index]).x; for (size_t i = 0; i < num_inputs; i++) { result = hash_pair(result, inputs[i]); } - return (hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); -} - -grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index) -{ - return grumpkin::g1::affine_element(merkle_damgard_compress(inputs, hash_index)); -} - -grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index) -{ - return commit_native(inputs, hash_index).x; -} - -grumpkin::fq compress_native_buffer_to_field(const std::vector& input) -{ - const auto elements = convert_buffer_to_field(input); - grumpkin::fq result_fq = compress_native(elements); - return result_fq; + auto final_result = + grumpkin::g1::affine_element(hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); + return final_result.x; } -std::vector compress_native(const std::vector& input) -{ - const auto result_fq = compress_native_buffer_to_field(input); - uint256_t result_u256(result_fq); - const size_t num_bytes = input.size(); - - bool is_zero = true; - for (const auto byte : input) { - is_zero = is_zero && (byte == static_cast(0)); - } - if (is_zero) { - result_u256 = num_bytes; - } - std::vector result_buffer; - result_buffer.reserve(32); - for (size_t i = 0; i < 32; ++i) { - const uint64_t shift = (31 - i) * 8; - uint256_t shifted = result_u256 >> uint256_t(shift); - result_buffer.push_back(static_cast(shifted.data[0])); - } - return result_buffer; -} } // namespace lookup -} // namespace pedersen +} // namespace pedersen_hash } // namespace crypto \ No newline at end of file diff --git a/cpp/src/aztec/crypto/pedersen/pedersen_lookup.hpp b/cpp/src/aztec/crypto/pedersen_hash/pedersen_lookup.hpp similarity index 65% rename from cpp/src/aztec/crypto/pedersen/pedersen_lookup.hpp rename to cpp/src/aztec/crypto/pedersen_hash/pedersen_lookup.hpp index ac63e9b19e..ff0374405f 100644 --- a/cpp/src/aztec/crypto/pedersen/pedersen_lookup.hpp +++ b/cpp/src/aztec/crypto/pedersen_hash/pedersen_lookup.hpp @@ -3,7 +3,7 @@ #include namespace crypto { -namespace pedersen { +namespace pedersen_hash { namespace lookup { constexpr size_t BITS_PER_HASH = 512; @@ -19,31 +19,26 @@ constexpr size_t NUM_PEDERSEN_TABLES = NUM_PEDERSEN_TABLES_RAW + (NUM_PEDERSEN_T constexpr size_t PEDERSEN_IV_TABLE_SIZE = (1UL) << 10; constexpr size_t NUM_PEDERSEN_IV_TABLES = 4; -grumpkin::g1::affine_element get_table_generator(const size_t table_index); +extern std::array, NUM_PEDERSEN_TABLES> pedersen_tables; +extern std::vector pedersen_iv_table; +extern std::array generators; -const std::array& get_endomorphism_scalars(); +void init_single_lookup_table(const size_t index); +void init_small_lookup_table(const size_t index); +void init_iv_lookup_table(); +void init(); +grumpkin::g1::affine_element get_table_generator(const size_t table_index); +const std::array& get_endomorphism_scalars(); const std::vector& get_table(const size_t table_index); const std::vector& get_iv_table(); grumpkin::g1::element hash_single(const grumpkin::fq& input, const bool parity); grumpkin::fq hash_pair(const grumpkin::fq& left, const grumpkin::fq& right); -grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv); - -grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index = 0); -std::vector compress_native(const std::vector& input); - -grumpkin::fq compress_native_buffer_to_field(const std::vector& input); - -template grumpkin::fq compress_native(const std::array& inputs) -{ - std::vector in(inputs.begin(), inputs.end()); - return compress_native(in); -} -grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index = 0); +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index = 0); } // namespace lookup -} // namespace pedersen +} // namespace pedersen_hash } // namespace crypto \ No newline at end of file diff --git a/cpp/src/aztec/crypto/schnorr/CMakeLists.txt b/cpp/src/aztec/crypto/schnorr/CMakeLists.txt index 2719d4b6b9..e0a1c61740 100644 --- a/cpp/src/aztec/crypto/schnorr/CMakeLists.txt +++ b/cpp/src/aztec/crypto/schnorr/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(crypto_schnorr crypto_pedersen crypto_blake2s crypto_keccak crypto_sha256 numeric) \ No newline at end of file +barretenberg_module(crypto_schnorr crypto_pedersen_commitment crypto_blake2s crypto_keccak crypto_sha256 numeric) \ No newline at end of file diff --git a/cpp/src/aztec/crypto/schnorr/schnorr.tcc b/cpp/src/aztec/crypto/schnorr/schnorr.tcc index fe2eae4456..41bf938965 100644 --- a/cpp/src/aztec/crypto/schnorr/schnorr.tcc +++ b/cpp/src/aztec/crypto/schnorr/schnorr.tcc @@ -1,7 +1,7 @@ #pragma once #include -#include +#include #include "schnorr.hpp" @@ -42,8 +42,8 @@ static auto generate_schnorr_challenge(const std::string& message, const typename G1::affine_element& R) { using Fq = typename G1::coordinate_field; - // create challenge message pedersen_hash(R.x, pubkey) - Fq compressed_keys = crypto::pedersen::compress_native({ R.x, pubkey.x, pubkey.y }); + // create challenge message pedersen_commitment(R.x, pubkey) + Fq compressed_keys = crypto::pedersen_commitment::compress_native({ R.x, pubkey.x, pubkey.y }); std::vector e_buffer; write(e_buffer, compressed_keys); std::copy(message.begin(), message.end(), std::back_inserter(e_buffer)); diff --git a/cpp/src/aztec/honk/circuit_constructors/standard_circuit_constructor.test.cpp b/cpp/src/aztec/honk/circuit_constructors/standard_circuit_constructor.test.cpp index 3b12d0e882..f4fcc93424 100644 --- a/cpp/src/aztec/honk/circuit_constructors/standard_circuit_constructor.test.cpp +++ b/cpp/src/aztec/honk/circuit_constructors/standard_circuit_constructor.test.cpp @@ -1,7 +1,7 @@ #include "standard_circuit_constructor.hpp" #include -#include -#include +#include +#include using namespace barretenberg; using namespace honk; @@ -420,7 +420,7 @@ TEST(standard_circuit_constructor, test_check_circuit_broken) TEST(standard_circuit_constructor, test_fixed_group_add_gate_with_init) { StandardCircuitConstructor composer = StandardCircuitConstructor(); - auto gen_data = crypto::pedersen::get_generator_data({ 0, 0 }); + auto gen_data = crypto::generators::get_generator_data({ 0, 0 }); // 1. generate two origin points P, Q // 2. derive gate constant values from P, Q @@ -431,7 +431,7 @@ TEST(standard_circuit_constructor, test_fixed_group_add_gate_with_init) constexpr size_t num_bits = 63; constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.aux_generator; grumpkin::g1::element origin_points[2]; @@ -471,7 +471,7 @@ TEST(standard_circuit_constructor, test_fixed_group_add_gate_with_init) TEST(standard_circuit_constructor, test_fixed_group_add_gate) { auto composer = StandardCircuitConstructor(); - auto gen_data = crypto::pedersen::get_generator_data({ 0, 0 }); + auto gen_data = crypto::generators::get_generator_data({ 0, 0 }); constexpr size_t num_bits = 63; constexpr size_t num_quads_base = (num_bits - 1) >> 1; @@ -479,7 +479,7 @@ TEST(standard_circuit_constructor, test_fixed_group_add_gate) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; constexpr uint64_t bit_mask = (1ULL << num_bits) - 1UL; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.aux_generator; // also passes with aux_generator? grumpkin::g1::element origin_points[2]; @@ -516,7 +516,7 @@ TEST(standard_circuit_constructor, test_fixed_group_add_gate) fr one = fr::one(); fr three = ((one + one) + one); for (size_t i = 0; i < num_quads; ++i) { - uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK; + uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK; fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i]; prev_accumulator = prev_accumulator + prev_accumulator; diff --git a/cpp/src/aztec/honk/composer/standard_honk_composer.hpp b/cpp/src/aztec/honk/composer/standard_honk_composer.hpp index 3515d083f0..fa7c2febe5 100644 --- a/cpp/src/aztec/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/aztec/honk/composer/standard_honk_composer.hpp @@ -16,6 +16,9 @@ namespace honk { class StandardHonkComposer { public: static constexpr plonk::ComposerType type = plonk::ComposerType::STANDARD_HONK; + static constexpr plonk::merkle::HashType merkle_hash_type = plonk::merkle::HashType::LOOKUP_PEDERSEN; + static constexpr plonk::pedersen::CommitmentType commitment_type = + plonk::pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system diff --git a/cpp/src/aztec/join_split_example/proofs/join_split/CMakeLists.txt b/cpp/src/aztec/join_split_example/proofs/join_split/CMakeLists.txt index 560148e432..2a44f93e25 100644 --- a/cpp/src/aztec/join_split_example/proofs/join_split/CMakeLists.txt +++ b/cpp/src/aztec/join_split_example/proofs/join_split/CMakeLists.txt @@ -5,7 +5,7 @@ barretenberg_module( crypto_schnorr stdlib_blake2s stdlib_sha256 - stdlib_pedersen + stdlib_pedersen_commitment stdlib_schnorr stdlib_primitives stdlib_merkle_tree) \ No newline at end of file diff --git a/cpp/src/aztec/join_split_example/proofs/join_split/compute_signing_data.cpp b/cpp/src/aztec/join_split_example/proofs/join_split/compute_signing_data.cpp index c33e5ffc0b..1957fab095 100644 --- a/cpp/src/aztec/join_split_example/proofs/join_split/compute_signing_data.cpp +++ b/cpp/src/aztec/join_split_example/proofs/join_split/compute_signing_data.cpp @@ -1,12 +1,12 @@ #include "compute_signing_data.hpp" #include "../notes/native/index.hpp" -#include +#include namespace join_split_example { namespace proofs { namespace join_split { -using namespace crypto::pedersen; +using namespace crypto::pedersen_commitment; using namespace notes::native; barretenberg::fr compute_signing_data(join_split_tx const& tx) diff --git a/cpp/src/aztec/join_split_example/proofs/join_split/join_split.test.cpp b/cpp/src/aztec/join_split_example/proofs/join_split/join_split.test.cpp index cc012a6bdb..63c71a0486 100644 --- a/cpp/src/aztec/join_split_example/proofs/join_split/join_split.test.cpp +++ b/cpp/src/aztec/join_split_example/proofs/join_split/join_split.test.cpp @@ -801,9 +801,9 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change) EXPECT_TRUE(result.valid); // The below part detects any changes in the join-split circuit - constexpr uint32_t CIRCUIT_GATE_COUNT = 64000; + constexpr uint32_t CIRCUIT_GATE_COUNT = 59175; constexpr uint32_t GATES_NEXT_POWER_OF_TWO = 65536; - const uint256_t VK_HASH("bb2062d006d31d3234766277711eb28577d5f6082d0f484b87e8235628f8e864"); + const uint256_t VK_HASH("edcee79f9736d8a9dcc7a5c822a49bc930315bdad7f7b67accc60ab196eb63d9"); auto number_of_gates_js = result.number_of_gates; auto vk_hash_js = get_verification_key()->sha256_hash(); diff --git a/cpp/src/aztec/join_split_example/proofs/join_split/join_split_tx.cpp b/cpp/src/aztec/join_split_example/proofs/join_split/join_split_tx.cpp index 2967293a85..5eb50dca22 100644 --- a/cpp/src/aztec/join_split_example/proofs/join_split/join_split_tx.cpp +++ b/cpp/src/aztec/join_split_example/proofs/join_split/join_split_tx.cpp @@ -1,5 +1,5 @@ #include "join_split_tx.hpp" -#include +#include namespace join_split_example { namespace proofs { diff --git a/cpp/src/aztec/join_split_example/proofs/join_split/verify_signature.hpp b/cpp/src/aztec/join_split_example/proofs/join_split/verify_signature.hpp index fca85e828b..a68574ceec 100644 --- a/cpp/src/aztec/join_split_example/proofs/join_split/verify_signature.hpp +++ b/cpp/src/aztec/join_split_example/proofs/join_split/verify_signature.hpp @@ -1,5 +1,5 @@ #include -#include +#include namespace join_split_example { namespace proofs { @@ -23,7 +23,7 @@ inline void verify_signature(field_ct const& public_value, public_value, public_owner, public_asset_id, output_note1_commitment, output_note2_commitment, nullifier1, nullifier2, backward_link, allow_chain, }; - byte_array_ct message = pedersen::compress(to_compress); + byte_array_ct message = pedersen_commitment::compress(to_compress); verify_signature(message, owner_pub_key, signature); } diff --git a/cpp/src/aztec/join_split_example/proofs/mock/CMakeLists.txt b/cpp/src/aztec/join_split_example/proofs/mock/CMakeLists.txt index 7695dfdc80..2edf8f230d 100644 --- a/cpp/src/aztec/join_split_example/proofs/mock/CMakeLists.txt +++ b/cpp/src/aztec/join_split_example/proofs/mock/CMakeLists.txt @@ -2,5 +2,5 @@ barretenberg_module( rollup_proofs_mock stdlib_blake2s stdlib_sha256 - stdlib_pedersen + stdlib_pedersen_commitment stdlib_primitives) \ No newline at end of file diff --git a/cpp/src/aztec/join_split_example/proofs/mock/mock_circuit.hpp b/cpp/src/aztec/join_split_example/proofs/mock/mock_circuit.hpp index 626533573a..5e1bd8d658 100644 --- a/cpp/src/aztec/join_split_example/proofs/mock/mock_circuit.hpp +++ b/cpp/src/aztec/join_split_example/proofs/mock/mock_circuit.hpp @@ -1,7 +1,7 @@ #pragma once #include #include -#include +#include namespace join_split_example { namespace proofs { @@ -15,7 +15,8 @@ template void mock_circuit(Composer& composer, std::vector::compress(field_t(witness_t(&composer, 1)), field_t(witness_t(&composer, 1))); + plonk::stdlib::pedersen_commitment::compress(field_t(witness_t(&composer, 1)), + field_t(witness_t(&composer, 1))); } } // namespace mock diff --git a/cpp/src/aztec/join_split_example/proofs/notes/CMakeLists.txt b/cpp/src/aztec/join_split_example/proofs/notes/CMakeLists.txt index 58b7fd37fd..0efb8cfc27 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/CMakeLists.txt +++ b/cpp/src/aztec/join_split_example/proofs/notes/CMakeLists.txt @@ -3,7 +3,7 @@ barretenberg_module( crypto_schnorr stdlib_blake2s stdlib_sha256 - stdlib_pedersen + stdlib_pedersen_commitment stdlib_schnorr stdlib_primitives stdlib_merkle_tree) \ No newline at end of file diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/account/commit.hpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/account/commit.hpp index 609212459f..25771f590c 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/account/commit.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/account/commit.hpp @@ -14,7 +14,7 @@ inline auto commit(field_ct const& account_alias_hash, point_ct const& account_public_key, point_ct const& signing_pub_key) { - return pedersen::compress( + return pedersen_commitment::compress( { account_alias_hash, account_public_key.x, diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp index 4cc10d7011..4806dd11fb 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp @@ -14,8 +14,8 @@ inline auto complete_partial_commitment(field_ct const& partial_commitment, field_ct const& interaction_nonce, suint_ct const& fee) { - return pedersen::compress({ partial_commitment, interaction_nonce, fee.value }, - GeneratorIndex::CLAIM_NOTE_COMMITMENT); + return pedersen_commitment::compress({ partial_commitment, interaction_nonce, fee.value }, + GeneratorIndex::CLAIM_NOTE_COMMITMENT); } } // namespace claim diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp index c4c4141d32..00b0220b1e 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp @@ -13,7 +13,8 @@ using namespace plonk::stdlib::types; inline field_ct compute_nullifier(field_ct const& note_commitment) { - return pedersen::compress(std::vector{ note_commitment }, GeneratorIndex::CLAIM_NOTE_NULLIFIER); + return pedersen_commitment::compress(std::vector{ note_commitment }, + GeneratorIndex::CLAIM_NOTE_NULLIFIER); // Note: unlike for value note nullifiers, we don't need to then Blake2-hash this result (which would provide a // psuedorandom-looking nullifier) because the contents of a claim note commitment are public anyway. diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp index ae7aeef8f8..07f0532e3d 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp @@ -16,8 +16,9 @@ inline auto create_partial_commitment(field_ct const& deposit_value, field_ct const& value_note_partial_commitment, field_ct const& input_nullifier) { - return pedersen::compress({ deposit_value, bridge_call_data, value_note_partial_commitment, input_nullifier }, - GeneratorIndex::CLAIM_NOTE_PARTIAL_COMMITMENT); + return pedersen_commitment::compress( + { deposit_value, bridge_call_data, value_note_partial_commitment, input_nullifier }, + GeneratorIndex::CLAIM_NOTE_PARTIAL_COMMITMENT); } } // namespace claim diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp index b3a13d9eda..a0125fb945 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include "../../constants.hpp" namespace join_split_example { @@ -16,8 +16,9 @@ inline auto complete_partial_commitment(field_ct const& value_note_partial_commi suint_ct const& asset_id, field_ct const& input_nullifier) { - return pedersen::compress({ value_note_partial_commitment, value.value, asset_id.value, input_nullifier }, - GeneratorIndex::VALUE_NOTE_COMMITMENT); + return pedersen_commitment::compress( + { value_note_partial_commitment, value.value, asset_id.value, input_nullifier }, + GeneratorIndex::VALUE_NOTE_COMMITMENT); } } // namespace value diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp index 3532fb3a67..a87a2f31a2 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp @@ -30,7 +30,7 @@ field_ct compute_nullifier(field_ct const& note_commitment, // We compress the hash_inputs with Pedersen, because that's cheaper (constraint-wise) than compressing // the data directly with Blake2s in the next step. - const auto compressed_inputs = pedersen::compress(hash_inputs, GeneratorIndex::JOIN_SPLIT_NULLIFIER); + const auto compressed_inputs = pedersen_commitment::compress(hash_inputs, GeneratorIndex::JOIN_SPLIT_NULLIFIER); // Blake2s hash the compressed result. Without this it's possible to leak info from the pedersen compression. /** E.g. we can extract a representation of the hashed_pk: diff --git a/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp index efa98988b2..79b984a440 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp @@ -16,8 +16,8 @@ inline auto create_partial_commitment(field_ct const& secret, bool_ct const& account_required, field_ct const& creator_pubkey) { - return pedersen::compress({ secret, owner.x, owner.y, account_required, creator_pubkey }, - GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); + return pedersen_commitment::compress({ secret, owner.x, owner.y, account_required, creator_pubkey }, + GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); } } // namespace value diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.cpp b/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.cpp index 8794066d47..ab1d38f526 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.cpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.cpp @@ -1,5 +1,5 @@ #include "account_note.hpp" -#include +#include #include "../../constants.hpp" namespace join_split_example { @@ -12,8 +12,8 @@ grumpkin::fq generate_account_commitment(const barretenberg::fr& alias_hash, const barretenberg::fr& owner_x, const barretenberg::fr& signing_x) { - return crypto::pedersen::compress_native({ alias_hash, owner_x, signing_x }, - GeneratorIndex::ACCOUNT_NOTE_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ alias_hash, owner_x, signing_x }, + GeneratorIndex::ACCOUNT_NOTE_COMMITMENT); } grumpkin::fq account_note::commit() const diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.hpp index 58edab1344..be1176203a 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/account/account_note.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include "../../constants.hpp" namespace join_split_example { diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp index 02570ca49b..6157de8e27 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp @@ -1,6 +1,6 @@ #pragma once #include "account_note.hpp" -#include +#include #include "../../constants.hpp" namespace join_split_example { @@ -13,8 +13,8 @@ using namespace barretenberg; inline fr compute_account_alias_hash_nullifier(fr const& alias_hash) { - return crypto::pedersen::compress_native(std::vector{ alias_hash }, - notes::GeneratorIndex::ACCOUNT_ALIAS_HASH_NULLIFIER); + return crypto::pedersen_commitment::compress_native(std::vector{ alias_hash }, + notes::GeneratorIndex::ACCOUNT_ALIAS_HASH_NULLIFIER); } } // namespace account diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp index de16c589ad..93b0450ae5 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp @@ -1,6 +1,6 @@ #pragma once #include "account_note.hpp" -#include +#include #include "../../constants.hpp" namespace join_split_example { @@ -13,8 +13,8 @@ using namespace barretenberg; inline fr compute_account_public_key_nullifier(grumpkin::g1::affine_element const& public_key) { - return crypto::pedersen::compress_native(std::vector{ public_key.x }, - notes::GeneratorIndex::ACCOUNT_PUBLIC_KEY_NULLIFIER); + return crypto::pedersen_commitment::compress_native(std::vector{ public_key.x }, + notes::GeneratorIndex::ACCOUNT_PUBLIC_KEY_NULLIFIER); } } // namespace account diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/bridge_call_data.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/bridge_call_data.hpp index e13bb50d06..9c013d66c1 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/bridge_call_data.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/bridge_call_data.hpp @@ -1,7 +1,7 @@ #pragma once #include #include "../constants.hpp" -#include +#include #include #include diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note.hpp index 283918b463..d044e68b73 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include #include "create_partial_commitment.hpp" #include "complete_partial_commitment.hpp" diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp index d6868eba99..c2f64e03df 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include #include "../bridge_call_data.hpp" diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp index 3473e3e843..835d24890f 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include #include "../../constants.hpp" @@ -14,8 +14,8 @@ inline auto complete_partial_commitment(grumpkin::fq const& claim_note_partial_c uint32_t interaction_nonce, uint256_t fee) { - return crypto::pedersen::compress_native({ claim_note_partial_commitment, interaction_nonce, fee }, - GeneratorIndex::CLAIM_NOTE_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ claim_note_partial_commitment, interaction_nonce, fee }, + GeneratorIndex::CLAIM_NOTE_COMMITMENT); } } // namespace claim diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp index d5fa5d1a75..856fcb7b02 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include #include "../../constants.hpp" @@ -14,7 +14,7 @@ using namespace barretenberg; inline auto compute_nullifier(grumpkin::fq const& note_commitment) { - return crypto::pedersen::compress_native({ note_commitment }, GeneratorIndex::CLAIM_NOTE_NULLIFIER); + return crypto::pedersen_commitment::compress_native({ note_commitment }, GeneratorIndex::CLAIM_NOTE_NULLIFIER); } } // namespace claim diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp index 70035f637d..f144767a0d 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include "claim_note.hpp" -#include +#include #include "../../constants.hpp" namespace join_split_example { @@ -14,7 +14,7 @@ inline auto create_partial_commitment(uint256_t const& deposit_value, grumpkin::fq const& value_note_partial_commitment, grumpkin::fq const& input_nullifier) { - return crypto::pedersen::compress_native( + return crypto::pedersen_commitment::compress_native( { deposit_value, bridge_call_data, value_note_partial_commitment, input_nullifier }, GeneratorIndex::CLAIM_NOTE_PARTIAL_COMMITMENT); } diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp index e30654cff1..2c74274cbb 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp @@ -1,5 +1,5 @@ #pragma once -#include +#include #include "../../constants.hpp" namespace join_split_example { @@ -13,8 +13,8 @@ inline auto complete_partial_commitment(grumpkin::fq const& partial_commitment, uint32_t asset_id, grumpkin::fq input_nullifier) { - return crypto::pedersen::compress_native({ partial_commitment, value, asset_id, input_nullifier }, - GeneratorIndex::VALUE_NOTE_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ partial_commitment, value, asset_id, input_nullifier }, + GeneratorIndex::VALUE_NOTE_COMMITMENT); }; } // namespace value diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/value/compute_nullifier.cpp b/cpp/src/aztec/join_split_example/proofs/notes/native/value/compute_nullifier.cpp index c9b0e163a0..0f072a5e8b 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/value/compute_nullifier.cpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/value/compute_nullifier.cpp @@ -1,6 +1,6 @@ #include "compute_nullifier.hpp" #include "../../constants.hpp" -#include +#include #include namespace join_split_example { @@ -17,7 +17,7 @@ fr compute_nullifier(grumpkin::fq const& note_commitment, grumpkin::fr const& account_private_key, const bool is_note_in_use) { - auto hashed_pk = crypto::pedersen::fixed_base_scalar_mul<254>( + auto hashed_pk = crypto::generators::fixed_base_scalar_mul<254>( fr(account_private_key), GeneratorIndex::JOIN_SPLIT_NULLIFIER_ACCOUNT_PRIVATE_KEY); std::vector buf{ @@ -26,7 +26,7 @@ fr compute_nullifier(grumpkin::fq const& note_commitment, hashed_pk.y, is_note_in_use, }; - auto compressed_inputs = crypto::pedersen::compress_native(buf, GeneratorIndex::JOIN_SPLIT_NULLIFIER); + auto compressed_inputs = crypto::pedersen_commitment::compress_native(buf, GeneratorIndex::JOIN_SPLIT_NULLIFIER); auto blake_result = blake2::blake2s(to_buffer(compressed_inputs)); return from_buffer(blake_result); diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp index 5cb0e238a7..5b182d8f1c 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include #include "../../constants.hpp" @@ -15,8 +15,8 @@ inline auto create_partial_commitment(barretenberg::fr const& secret, bool account_required, barretenberg::fr const& creator_pubkey) { - return crypto::pedersen::compress_native({ secret, owner.x, owner.y, account_required, creator_pubkey }, - GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ secret, owner.x, owner.y, account_required, creator_pubkey }, + GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); } } // namespace value diff --git a/cpp/src/aztec/join_split_example/proofs/notes/native/value/value_note.hpp b/cpp/src/aztec/join_split_example/proofs/notes/native/value/value_note.hpp index a92799dc54..9478db4d99 100644 --- a/cpp/src/aztec/join_split_example/proofs/notes/native/value/value_note.hpp +++ b/cpp/src/aztec/join_split_example/proofs/notes/native/value/value_note.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include +#include #include #include "create_partial_commitment.hpp" #include "complete_partial_commitment.hpp" diff --git a/cpp/src/aztec/plonk/CMakeLists.txt b/cpp/src/aztec/plonk/CMakeLists.txt index 651baa2baa..0893749023 100644 --- a/cpp/src/aztec/plonk/CMakeLists.txt +++ b/cpp/src/aztec/plonk/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(plonk proof_system transcript crypto_pedersen polynomials crypto_sha256 ecc crypto_blake3s) \ No newline at end of file +barretenberg_module(plonk proof_system transcript crypto_pedersen_commitment polynomials crypto_sha256 ecc crypto_blake3s) \ No newline at end of file diff --git a/cpp/src/aztec/plonk/composer/plookup_tables/pedersen.hpp b/cpp/src/aztec/plonk/composer/plookup_tables/pedersen.hpp index 26c7a74b1a..1c8af9939b 100644 --- a/cpp/src/aztec/plonk/composer/plookup_tables/pedersen.hpp +++ b/cpp/src/aztec/plonk/composer/plookup_tables/pedersen.hpp @@ -2,7 +2,7 @@ #include "./types.hpp" -#include +#include #include #include #include @@ -14,14 +14,14 @@ namespace basic { template inline std::array get_basic_pedersen_table_values(const std::array key) { - const auto& basic_table = crypto::pedersen::lookup::get_table(generator_index); + const auto& basic_table = crypto::pedersen_hash::lookup::get_table(generator_index); const size_t index = static_cast(key[0]); return { basic_table[index].x, basic_table[index].y }; } inline std::array get_pedersen_iv_table_values(const std::array key) { - const auto& iv_table = crypto::pedersen::lookup::get_iv_table(); + const auto& iv_table = crypto::pedersen_hash::lookup::get_iv_table(); const size_t index = static_cast(key[0]); return { iv_table[index].x, iv_table[index].y }; } @@ -32,11 +32,11 @@ inline BasicTable generate_basic_pedersen_table(BasicTableId id, const size_t ta BasicTable table; table.id = id; table.table_index = table_index; - table.size = - is_small ? crypto::pedersen::lookup::PEDERSEN_SMALL_TABLE_SIZE : crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE; + table.size = is_small ? crypto::pedersen_hash::lookup::PEDERSEN_SMALL_TABLE_SIZE + : crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE; table.use_twin_keys = false; - const auto& basic_table = crypto::pedersen::lookup::get_table(generator_index); + const auto& basic_table = crypto::pedersen_hash::lookup::get_table(generator_index); for (size_t i = 0; i < table.size; ++i) { table.column_1.emplace_back(i); @@ -58,10 +58,10 @@ inline BasicTable generate_pedersen_iv_table(BasicTableId id) BasicTable table; table.id = id; table.table_index = 0; - table.size = crypto::pedersen::lookup::PEDERSEN_IV_TABLE_SIZE; + table.size = crypto::pedersen_hash::lookup::PEDERSEN_IV_TABLE_SIZE; table.use_twin_keys = false; - const auto& iv_table = crypto::pedersen::lookup::get_iv_table(); + const auto& iv_table = crypto::pedersen_hash::lookup::get_iv_table(); for (size_t i = 0; i < table.size; ++i) { table.column_1.emplace_back(i); @@ -80,9 +80,9 @@ inline BasicTable generate_pedersen_iv_table(BasicTableId id) inline MultiTable get_pedersen_iv_table(const MultiTableId id = PEDERSEN_IV) { - MultiTable table(crypto::pedersen::lookup::PEDERSEN_IV_TABLE_SIZE, 0, 0, 1); + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_IV_TABLE_SIZE, 0, 0, 1); table.id = id; - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_IV_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_IV_TABLE_SIZE); table.get_table_values.emplace_back(&get_pedersen_iv_table_values); table.lookup_ids = { PEDERSEN_IV_BASE }; @@ -91,12 +91,12 @@ inline MultiTable get_pedersen_iv_table(const MultiTableId id = PEDERSEN_IV) inline MultiTable get_pedersen_left_lo_table(const MultiTableId id = PEDERSEN_LEFT_LO) { - const size_t num_entries = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + const size_t num_entries = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } table.get_table_values = { &get_basic_pedersen_table_values<0>, &get_basic_pedersen_table_values<0>, @@ -115,14 +115,14 @@ inline MultiTable get_pedersen_left_lo_table(const MultiTableId id = PEDERSEN_LE inline MultiTable get_pedersen_left_hi_table(const MultiTableId id = PEDERSEN_LEFT_HI) { const size_t num_entries = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries - 1; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_SMALL_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_SMALL_TABLE_SIZE); table.get_table_values = { &get_basic_pedersen_table_values<7>, &get_basic_pedersen_table_values<7>, &get_basic_pedersen_table_values<8>, &get_basic_pedersen_table_values<8>, @@ -141,12 +141,12 @@ inline MultiTable get_pedersen_left_hi_table(const MultiTableId id = PEDERSEN_LE inline MultiTable get_pedersen_right_lo_table(const MultiTableId id = PEDERSEN_RIGHT_LO) { - const size_t num_entries = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + const size_t num_entries = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } table.get_table_values = { &get_basic_pedersen_table_values<15>, &get_basic_pedersen_table_values<15>, @@ -165,14 +165,14 @@ inline MultiTable get_pedersen_right_lo_table(const MultiTableId id = PEDERSEN_R inline MultiTable get_pedersen_right_hi_table(const MultiTableId id = PEDERSEN_RIGHT_HI) { const size_t num_entries = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries - 1; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_SMALL_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_SMALL_TABLE_SIZE); table.get_table_values = { &get_basic_pedersen_table_values<22>, &get_basic_pedersen_table_values<22>, &get_basic_pedersen_table_values<23>, &get_basic_pedersen_table_values<23>, diff --git a/cpp/src/aztec/plonk/composer/standard_composer.hpp b/cpp/src/aztec/plonk/composer/standard_composer.hpp index 12bdb24045..ae39050082 100644 --- a/cpp/src/aztec/plonk/composer/standard_composer.hpp +++ b/cpp/src/aztec/plonk/composer/standard_composer.hpp @@ -18,7 +18,8 @@ inline std::vector standard_selector_propertie class StandardComposer : public ComposerBase { public: static constexpr ComposerType type = ComposerType::STANDARD; - static constexpr MerkleHashType merkle_hash_type = MerkleHashType::FIXED_BASE_PEDERSEN; + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; StandardComposer(const size_t size_hint = 0) diff --git a/cpp/src/aztec/plonk/composer/standard_composer.test.cpp b/cpp/src/aztec/plonk/composer/standard_composer.test.cpp index d7191a116f..96a5e5ef4b 100644 --- a/cpp/src/aztec/plonk/composer/standard_composer.test.cpp +++ b/cpp/src/aztec/plonk/composer/standard_composer.test.cpp @@ -1,7 +1,7 @@ #include "standard_composer.hpp" #include -#include -#include +#include +#include #include using namespace barretenberg; @@ -559,7 +559,7 @@ TEST(standard_composer, test_check_circuit_broken) TEST(standard_composer, test_fixed_group_add_gate_with_init) { StandardComposer composer = StandardComposer(); - auto gen_data = crypto::pedersen::get_generator_data({ 0, 0 }); + auto gen_data = crypto::generators::get_generator_data({ 0, 0 }); // 1. generate two origin points P, Q // 2. derive gate constant values from P, Q @@ -570,7 +570,7 @@ TEST(standard_composer, test_fixed_group_add_gate_with_init) constexpr size_t num_bits = 63; constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.aux_generator; grumpkin::g1::element origin_points[2]; @@ -615,7 +615,7 @@ TEST(standard_composer, test_fixed_group_add_gate_with_init) TEST(standard_composer, test_fixed_group_add_gate) { auto composer = StandardComposer(); - auto gen_data = crypto::pedersen::get_generator_data({ 0, 0 }); + auto gen_data = crypto::generators::get_generator_data({ 0, 0 }); constexpr size_t num_bits = 63; constexpr size_t num_quads_base = (num_bits - 1) >> 1; @@ -623,7 +623,7 @@ TEST(standard_composer, test_fixed_group_add_gate) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; constexpr uint64_t bit_mask = (1ULL << num_bits) - 1UL; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.aux_generator; // also passes with aux_generator? grumpkin::g1::element origin_points[2]; @@ -660,7 +660,7 @@ TEST(standard_composer, test_fixed_group_add_gate) fr one = fr::one(); fr three = ((one + one) + one); for (size_t i = 0; i < num_quads; ++i) { - uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK; + uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK; fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i]; prev_accumulator = prev_accumulator + prev_accumulator; diff --git a/cpp/src/aztec/plonk/composer/turbo_composer.hpp b/cpp/src/aztec/plonk/composer/turbo_composer.hpp index 92ac327cf0..98098c65f1 100644 --- a/cpp/src/aztec/plonk/composer/turbo_composer.hpp +++ b/cpp/src/aztec/plonk/composer/turbo_composer.hpp @@ -7,7 +7,8 @@ namespace plonk { class TurboComposer : public ComposerBase { public: static constexpr ComposerType type = ComposerType::TURBO; - static constexpr MerkleHashType merkle_hash_type = MerkleHashType::FIXED_BASE_PEDERSEN; + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; enum TurboSelectors { QM, QC, Q1, Q2, Q3, Q4, Q5, QARITH, QFIXED, QRANGE, QLOGIC, NUM }; diff --git a/cpp/src/aztec/plonk/composer/turbo_composer.test.cpp b/cpp/src/aztec/plonk/composer/turbo_composer.test.cpp index 0b00b229f7..e3b5c387e1 100644 --- a/cpp/src/aztec/plonk/composer/turbo_composer.test.cpp +++ b/cpp/src/aztec/plonk/composer/turbo_composer.test.cpp @@ -1,11 +1,11 @@ #include "turbo_composer.hpp" -#include +#include #include #include using namespace barretenberg; using namespace bonk; -using namespace crypto::pedersen; +using namespace crypto::pedersen_commitment; namespace { auto& engine = numeric::random::get_debug_engine(); @@ -227,8 +227,8 @@ TEST(turbo_composer, small_scalar_multipliers) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; constexpr uint64_t bit_mask = (1ULL << num_bits) - 1UL; - auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.generator; grumpkin::g1::element origin_points[2]; @@ -267,7 +267,7 @@ TEST(turbo_composer, small_scalar_multipliers) fr one = fr::one(); fr three = ((one + one) + one); for (size_t i = 0; i < num_quads; ++i) { - uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK; + uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK; fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i]; prev_accumulator = prev_accumulator + prev_accumulator; @@ -356,8 +356,8 @@ TEST(turbo_composer, large_scalar_multipliers) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; - auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.generator; grumpkin::g1::element origin_points[2]; @@ -397,7 +397,7 @@ TEST(turbo_composer, large_scalar_multipliers) fr one = fr::one(); fr three = ((one + one) + one); for (size_t i = 0; i < num_quads; ++i) { - uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK; + uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK; fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i]; prev_accumulator = prev_accumulator + prev_accumulator; @@ -993,8 +993,8 @@ TEST(turbo_composer, test_check_circuit_fixed_group) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; - auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.generator; grumpkin::g1::element origin_points[2]; diff --git a/cpp/src/aztec/plonk/composer/ultra_composer.hpp b/cpp/src/aztec/plonk/composer/ultra_composer.hpp index 161d65ae5d..c969c6ee34 100644 --- a/cpp/src/aztec/plonk/composer/ultra_composer.hpp +++ b/cpp/src/aztec/plonk/composer/ultra_composer.hpp @@ -11,7 +11,8 @@ class UltraComposer : public ComposerBase { public: static constexpr ComposerType type = ComposerType::PLOOKUP; - static constexpr MerkleHashType merkle_hash_type = MerkleHashType::FIXED_BASE_PEDERSEN; + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t NUM_RESERVED_GATES = 4; // This must be >= num_roots_cut_out_of_vanishing_polynomial // See the comment in plonk/proof_system/prover/prover.cpp // ProverBase::compute_quotient_commitments() for why 4 exactly. diff --git a/cpp/src/aztec/plonk/composer/ultra_composer.test.cpp b/cpp/src/aztec/plonk/composer/ultra_composer.test.cpp index 0a68a8bea9..2984f136f3 100644 --- a/cpp/src/aztec/plonk/composer/ultra_composer.test.cpp +++ b/cpp/src/aztec/plonk/composer/ultra_composer.test.cpp @@ -1,6 +1,6 @@ #include #include "ultra_composer.hpp" -#include +#include #include #include #include @@ -50,8 +50,8 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) std::vector expected_y; const size_t num_lookups_hi = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; const size_t num_lookups = num_lookups_hi + num_lookups_lo; EXPECT_EQ(num_lookups_hi, lookup_witnesses_hi[ColumnIdx::C1].size()); @@ -66,10 +66,10 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) const size_t num_rounds = (num_lookups + 1) / 2; uint256_t bits(input_value); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < num_rounds; ++i) { - const auto& table = crypto::pedersen::lookup::get_table(i); + const auto& table = crypto::pedersen_hash::lookup::get_table(i); const size_t index = i * 2; uint64_t slice_a = ((bits >> (index * 9)) & mask).data[0]; @@ -87,7 +87,7 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) } for (size_t i = num_lookups - 2; i < num_lookups; --i) { - expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } size_t hi_shift = 126; @@ -98,7 +98,7 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) expected_scalars[i]); EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]); EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]); - hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE; + hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { @@ -150,9 +150,9 @@ TEST(ultra_composer, test_elliptic_gate) typedef grumpkin::g1::element element; UltraComposer composer = UltraComposer(); - affine_element p1 = crypto::pedersen::get_generator_data({ 0, 0 }).generator; + affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - affine_element p2 = crypto::pedersen::get_generator_data({ 0, 1 }).generator; + affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; affine_element p3(element(p1) + element(p2)); uint32_t x1 = composer.add_variable(p1.x); diff --git a/cpp/src/aztec/plonk/proof_system/constants.hpp b/cpp/src/aztec/plonk/proof_system/constants.hpp index 9d6229b039..ad87afc3b8 100644 --- a/cpp/src/aztec/plonk/proof_system/constants.hpp +++ b/cpp/src/aztec/plonk/proof_system/constants.hpp @@ -13,12 +13,21 @@ enum ComposerType { // This variable sets the composer (TURBO or ULTRA) of the entire stdlib and rollup modules. // To switch to using a new composer, only changing this variable should activate the new composer // throughout the stdlib and circuits. -static constexpr uint32_t SYSTEM_COMPOSER = ComposerType::TURBO; +static constexpr uint32_t SYSTEM_COMPOSER = ComposerType::PLOOKUP; -enum MerkleHashType { +namespace merkle { +enum HashType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN, }; +} + +namespace pedersen { +enum CommitmentType { + FIXED_BASE_PEDERSEN, + LOOKUP_PEDERSEN, +}; +} // limb size when simulating a non-native field using bigfield class // (needs to be a universal constant to be used by native verifier) diff --git a/cpp/src/aztec/stdlib/CMakeLists.txt b/cpp/src/aztec/stdlib/CMakeLists.txt index 22c25b1480..c3fa01c851 100644 --- a/cpp/src/aztec/stdlib/CMakeLists.txt +++ b/cpp/src/aztec/stdlib/CMakeLists.txt @@ -1,4 +1,5 @@ add_subdirectory(hash) +add_subdirectory(commitment) add_subdirectory(encryption) add_subdirectory(primitives) add_subdirectory(recursion) diff --git a/cpp/src/aztec/stdlib/commitment/CMakeLists.txt b/cpp/src/aztec/stdlib/commitment/CMakeLists.txt new file mode 100644 index 0000000000..e95d22b87b --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/CMakeLists.txt @@ -0,0 +1 @@ +add_subdirectory(pedersen) \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/commitment/pedersen/CMakeLists.txt b/cpp/src/aztec/stdlib/commitment/pedersen/CMakeLists.txt new file mode 100644 index 0000000000..2ba8c14140 --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/pedersen/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(stdlib_pedersen_commitment stdlib_primitives stdlib_pedersen_hash crypto_pedersen_commitment crypto_generators) diff --git a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.bench.cpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.bench.cpp similarity index 92% rename from cpp/src/aztec/stdlib/hash/pedersen/pedersen.bench.cpp rename to cpp/src/aztec/stdlib/commitment/pedersen/pedersen.bench.cpp index 7bbb75360d..a3ace9b753 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.bench.cpp +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.bench.cpp @@ -1,6 +1,6 @@ #include "pedersen.hpp" #include -#include +#include #include #include #include @@ -43,7 +43,7 @@ void generate_test_pedersen_circuit(plonk::TurboComposer& turbo_composer, size_t plonk::stdlib::witness_t(&turbo_composer, barretenberg::fr::random_element())); for (size_t i = 0; i < num_repetitions; ++i) { - out = plonk::stdlib::pedersen::compress(left, out); + out = plonk::stdlib::pedersen_commitment::compress(left, out); } } @@ -56,18 +56,18 @@ grumpkin::fq pedersen_function(const size_t count) grumpkin::fq left = grumpkin::fq::random_element(); grumpkin::fq out = grumpkin::fq::random_element(); for (size_t i = 0; i < count; ++i) { - out = crypto::pedersen::compress_native({ left, out }); + out = crypto::pedersen_commitment::compress_native({ left, out }); } return out; } -void native_pedersen_hash_bench(State& state) noexcept +void native_pedersen_commitment_bench(State& state) noexcept { for (auto _ : state) { const size_t count = (static_cast(state.range(0))); (pedersen_function(count)); } } -BENCHMARK(native_pedersen_hash_bench) +BENCHMARK(native_pedersen_commitment_bench) ->Arg(num_hashes[0]) ->Arg(num_hashes[1]) ->Arg(num_hashes[2]) @@ -86,7 +86,7 @@ void native_pedersen_eight_hash_bench(State& state) noexcept elements[i] = grumpkin::fq::random_element(); } for (auto _ : state) { - crypto::pedersen::compress_native(elements); + crypto::pedersen_commitment::compress_native(elements); } } BENCHMARK(native_pedersen_eight_hash_bench)->MinTime(3); @@ -97,7 +97,7 @@ void construct_pedersen_witnesses_bench(State& state) noexcept plonk::TurboComposer composer = plonk::TurboComposer(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); generate_test_pedersen_circuit(composer, static_cast(state.range(0))); - std::cout << "composer gates = " << composer.num_gates << std::endl; + std::cout << "composer gates = " << composer.get_num_gates() << std::endl; composer.compute_witness(); } } diff --git a/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.cpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.cpp new file mode 100644 index 0000000000..18ecb40808 --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.cpp @@ -0,0 +1,107 @@ +#include "pedersen.hpp" +#include "pedersen_plookup.hpp" +#include +#include +#include "../../hash/pedersen/pedersen.hpp" + +#include "../../primitives/composers/composers.hpp" +#include "../../primitives/packed_byte_array/packed_byte_array.hpp" + +namespace plonk { +namespace stdlib { + +using namespace barretenberg; +using namespace crypto::pedersen_commitment; + +template +point pedersen_commitment::commit(const std::vector& inputs, const size_t hash_index) +{ + if constexpr (C::type == waffle::ComposerType::PLOOKUP && + C::commitment_type == waffle::pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::commit(inputs, hash_index); + } + + std::vector to_accumulate; + for (size_t i = 0; i < inputs.size(); ++i) { + generator_index_t index = { hash_index, i }; + to_accumulate.push_back(pedersen_hash::commit_single(inputs[i], index)); + } + return pedersen_hash::accumulate(to_accumulate); +} + +/** + * Compress the pair (in_left, in_right) with a given hash index. + * Called unsafe because this allows the option of not validating the input elements are unique, i.e. +field_t pedersen_commitment::compress_unsafe(const field_t& in_left, + const field_t& in_right, + const size_t hash_index, + const bool validate_input_is_in_field) +{ + if constexpr (C::type == waffle::ComposerType::PLOOKUP && + C::commitment_type == waffle::pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::compress({ in_left, in_right }); + } + + std::vector accumulators; + generator_index_t index_1 = { hash_index, 0 }; + generator_index_t index_2 = { hash_index, 1 }; + accumulators.push_back(pedersen_hash::commit_single(in_left, index_1, validate_input_is_in_field)); + accumulators.push_back(pedersen_hash::commit_single(in_right, index_2, validate_input_is_in_field)); + return pedersen_hash::accumulate(accumulators).x; +} + +/** + * Compress a vector of scalars with a given hash index. + */ +template +field_t pedersen_commitment::compress(const std::vector& inputs, const size_t hash_index) +{ + if constexpr (C::type == waffle::ComposerType::PLOOKUP && + C::commitment_type == waffle::pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::compress(inputs, hash_index); + } + + return commit(inputs, hash_index).x; +} + +/** + * Compress a byte_array. + * + * If the input values are all zero, we return the array length instead of "0\" + * This is because we require the inputs to regular pedersen compression function are nonzero (we use this method to + * hash the base layer of our merkle trees) + */ +template field_t pedersen_commitment::compress(const byte_array& input) +{ + const size_t num_bytes = input.size(); + const size_t bytes_per_element = 31; + size_t num_elements = (num_bytes % bytes_per_element != 0) + (num_bytes / bytes_per_element); + + std::vector elements; + for (size_t i = 0; i < num_elements; ++i) { + size_t bytes_to_slice = 0; + if (i == num_elements - 1) { + bytes_to_slice = num_bytes - (i * bytes_per_element); + } else { + bytes_to_slice = bytes_per_element; + } + field_t element = static_cast(input.slice(i * bytes_per_element, bytes_to_slice)); + elements.emplace_back(element); + } + field_t compressed = compress(elements, 0); + + bool_t is_zero(true); + for (const auto& element : elements) { + is_zero = is_zero && element.is_zero(); + } + + field_t output = field_t::conditional_assign(is_zero, field_t(num_bytes), compressed); + return output; +} + +INSTANTIATE_STDLIB_TYPE(pedersen_commitment); + +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.hpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.hpp new file mode 100644 index 0000000000..d7b44296f4 --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.hpp @@ -0,0 +1,47 @@ +#pragma once +#include +#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/field/field.hpp" +#include "../../primitives/point/point.hpp" +#include "../../primitives/byte_array/byte_array.hpp" + +namespace plonk { +namespace stdlib { + +constexpr uint64_t WNAF_MASK = crypto::generators::WNAF_MASK; + +template class pedersen_commitment { + private: + typedef plonk::stdlib::field_t field_t; + typedef plonk::stdlib::point point; + typedef plonk::stdlib::byte_array byte_array; + typedef plonk::stdlib::bool_t bool_t; + + static point commit(const std::vector& inputs, const size_t hash_index = 0); + + public: + static field_t compress_unsafe(const field_t& left, + const field_t& right, + const size_t hash_index, + const bool validate_input_is_in_field); + + static field_t compress(const field_t& left, const field_t& right, const size_t hash_index = 0) + { + return compress_unsafe(left, right, hash_index, true); + } + + static field_t compress(const std::vector& inputs, const size_t hash_index = 0); + + template static field_t compress(const std::array& inputs) + { + std::vector in(inputs.begin(), inputs.end()); + return compress(in); + } + + static field_t compress(const byte_array& inputs); +}; + +EXTERN_STDLIB_TYPE(pedersen_commitment); + +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.test.cpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.test.cpp similarity index 73% rename from cpp/src/aztec/stdlib/hash/pedersen/pedersen.test.cpp rename to cpp/src/aztec/stdlib/commitment/pedersen/pedersen.test.cpp index 46bfe96377..3b464a0968 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.test.cpp +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen.test.cpp @@ -1,7 +1,7 @@ #include "pedersen.hpp" #include "pedersen_plookup.hpp" -#include -#include +#include +#include #include #include #include @@ -21,7 +21,7 @@ template class stdlib_pedersen : public testing::Test { typedef typename curve::fr_ct fr_ct; typedef typename curve::witness_ct witness_ct; typedef typename curve::public_witness_ct public_witness_ct; - typedef typename stdlib::pedersen pedersen; + typedef typename stdlib::pedersen_commitment pedersen_commitment; public: static grumpkin::g1::element pedersen_recover(const fr& left_in, const fr& right_in) @@ -70,10 +70,10 @@ template class stdlib_pedersen : public testing::Test { compute_split_scalar(&right_wnafs[126], 2) }; grumpkin::g1::affine_element grumpkin_points[4]{ - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).generator, - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).aux_generator, - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_2).generator, - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_2).aux_generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).aux_generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_2).generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_2).aux_generator, }; grumpkin::g1::element result_points[4]{ @@ -91,12 +91,12 @@ template class stdlib_pedersen : public testing::Test { if (left_skew) { grumpkin::g1::affine_element left_skew_gen = - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).skew_generator; + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).skew_generator; hash_output_left -= left_skew_gen; } if (right_skew) { grumpkin::g1::affine_element right_skew_gen = - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_2).skew_generator; + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_2).skew_generator; hash_output_right -= right_skew_gen; } @@ -154,7 +154,7 @@ template class stdlib_pedersen : public testing::Test { composer.fix_witness(left.witness_index, left.get_value()); composer.fix_witness(right.witness_index, right.get_value()); - fr_ct out = pedersen::compress(left, right); + fr_ct out = pedersen_commitment::compress(left, right); auto prover = composer.create_prover(); @@ -175,7 +175,7 @@ template class stdlib_pedersen : public testing::Test { EXPECT_EQ(out.get_value(), hash_output.x); - fr compress_native = crypto::pedersen::compress_native({ left.get_value(), right.get_value() }); + fr compress_native = crypto::pedersen_commitment::compress_native({ left.get_value(), right.get_value() }); EXPECT_EQ(out.get_value(), compress_native); } @@ -195,11 +195,11 @@ template class stdlib_pedersen : public testing::Test { fr_ct r_minus_two = witness_ct(&composer, r_minus_two_fr); fr_ct r = witness_ct(&composer, r_fr); - fr_ct out_1_with_zero = pedersen::compress(zero, one); - fr_ct out_1_with_r = pedersen::compress(r, one); - fr_ct out_2 = pedersen::compress(r_minus_one, r_minus_two); - fr_ct out_with_zero = pedersen::compress(out_1_with_zero, out_2); - fr_ct out_with_r = pedersen::compress(out_1_with_r, out_2); + fr_ct out_1_with_zero = pedersen_commitment::compress(zero, one); + fr_ct out_1_with_r = pedersen_commitment::compress(r, one); + fr_ct out_2 = pedersen_commitment::compress(r_minus_one, r_minus_two); + fr_ct out_with_zero = pedersen_commitment::compress(out_1_with_zero, out_2); + fr_ct out_with_r = pedersen_commitment::compress(out_1_with_r, out_2); auto prover = composer.create_prover(); @@ -232,12 +232,15 @@ template class stdlib_pedersen : public testing::Test { EXPECT_EQ(r_minus_one_fr, recovered_r_minus_one); EXPECT_EQ(r_minus_two_fr, recovered_r_minus_two); - fr compress_native_1_with_zero = crypto::pedersen::compress_native({ zero.get_value(), one.get_value() }); - fr compress_native_1_with_r = crypto::pedersen::compress_native({ r.get_value(), one.get_value() }); - fr compress_native_2 = crypto::pedersen::compress_native({ r_minus_one.get_value(), r_minus_two.get_value() }); + fr compress_native_1_with_zero = + crypto::pedersen_commitment::compress_native({ zero.get_value(), one.get_value() }); + fr compress_native_1_with_r = crypto::pedersen_commitment::compress_native({ r.get_value(), one.get_value() }); + fr compress_native_2 = + crypto::pedersen_commitment::compress_native({ r_minus_one.get_value(), r_minus_two.get_value() }); fr compress_native_with_zero = - crypto::pedersen::compress_native({ out_1_with_zero.get_value(), out_2.get_value() }); - fr compress_native_with_r = crypto::pedersen::compress_native({ out_1_with_r.get_value(), out_2.get_value() }); + crypto::pedersen_commitment::compress_native({ out_1_with_zero.get_value(), out_2.get_value() }); + fr compress_native_with_r = + crypto::pedersen_commitment::compress_native({ out_1_with_r.get_value(), out_2.get_value() }); EXPECT_EQ(out_1_with_zero.get_value(), compress_native_1_with_zero); EXPECT_EQ(out_1_with_r.get_value(), compress_native_1_with_r); @@ -264,7 +267,7 @@ template class stdlib_pedersen : public testing::Test { fr_ct right = witness_ct(&composer, right_in); for (size_t i = 0; i < 256; ++i) { - left = pedersen::compress(left, right); + left = pedersen_commitment::compress(left, right); } composer.set_public_input(left.witness_index); @@ -297,7 +300,7 @@ template class stdlib_pedersen : public testing::Test { fr_ct right = witness_ct(&composer, right_in); for (size_t i = 0; i < 256; ++i) { - left = pedersen::compress(left, right); + left = pedersen_commitment::compress(left, right); } composer.set_public_input(left.witness_index); @@ -325,10 +328,10 @@ template class stdlib_pedersen : public testing::Test { input.push_back(engine.get_random_uint8()); } - fr expected = crypto::pedersen::compress_native(input); + fr expected = crypto::pedersen_commitment::compress_native(input); byte_array_ct circuit_input(&composer, input); - auto result = pedersen::compress(circuit_input); + auto result = pedersen_commitment::compress(circuit_input); EXPECT_EQ(result.get_value(), expected); @@ -382,9 +385,9 @@ template class stdlib_pedersen : public testing::Test { witnesses.push_back(witness_ct(&composer, input)); } - barretenberg::fr expected = crypto::pedersen::compress_native(inputs); + barretenberg::fr expected = crypto::pedersen_commitment::compress_native(inputs); - fr_ct result = pedersen::compress(witnesses); + fr_ct result = pedersen_commitment::compress(witnesses); EXPECT_EQ(result.get_value(), expected); } @@ -413,8 +416,8 @@ template class stdlib_pedersen : public testing::Test { } constexpr size_t hash_idx = 10; - grumpkin::fq expected = crypto::pedersen::compress_native(inputs, hash_idx); - auto result = pedersen::compress(witness_inputs, hash_idx); + grumpkin::fq expected = crypto::pedersen_commitment::compress_native(inputs, hash_idx); + auto result = pedersen_commitment::compress(witness_inputs, hash_idx); EXPECT_EQ(result.get_value(), expected); } @@ -435,8 +438,8 @@ template class stdlib_pedersen : public testing::Test { } } - barretenberg::fr expected = crypto::pedersen::compress_native(inputs); - auto result = pedersen::compress(witness_inputs); + barretenberg::fr expected = crypto::pedersen_commitment::compress_native(inputs); + auto result = pedersen_commitment::compress(witness_inputs); EXPECT_EQ(result.get_value(), expected); } @@ -486,98 +489,4 @@ TYPED_TEST(stdlib_pedersen, compress_constants) TestFixture::test_compress_constants(); }; -// Tests of Plookup-based Pedersen hash -namespace plookup_pedersen_tests { -typedef stdlib::field_t field_ct; -typedef stdlib::witness_t witness_ct; -TEST(stdlib_pedersen, test_pedersen_plookup) -{ - plonk::UltraComposer composer = plonk::UltraComposer(); - - fr left_in = fr::random_element(); - fr right_in = fr::random_element(); - - field_ct left = witness_ct(&composer, left_in); - field_ct right = witness_ct(&composer, right_in); - - field_ct result = stdlib::pedersen_plookup::compress(left, right); - - fr expected = crypto::pedersen::lookup::hash_pair(left_in, right_in); - - EXPECT_EQ(result.get_value(), expected); - - auto prover = composer.create_prover(); - - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); - - bool proof_result = verifier.verify_proof(proof); - EXPECT_EQ(proof_result, true); -} - -TEST(stdlib_pedersen, test_compress_many_plookup) -{ - plonk::UltraComposer composer = plonk::UltraComposer(); - - std::vector input_values{ - fr::random_element(), fr::random_element(), fr::random_element(), - fr::random_element(), fr::random_element(), fr::random_element(), - }; - std::vector inputs; - for (const auto& input : input_values) { - inputs.emplace_back(witness_ct(&composer, input)); - } - - const size_t hash_idx = 20; - - field_ct result = stdlib::pedersen_plookup::compress(inputs, hash_idx); - - auto expected = crypto::pedersen::lookup::compress_native(input_values, hash_idx); - - EXPECT_EQ(result.get_value(), expected); - - auto prover = composer.create_prover(); - - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); - - bool proof_result = verifier.verify_proof(proof); - EXPECT_EQ(proof_result, true); -} - -TEST(stdlib_pedersen, test_merkle_damgard_compress_plookup) -{ - plonk::UltraComposer composer = plonk::UltraComposer(); - - std::vector input_values{ - fr::random_element(), fr::random_element(), fr::random_element(), - fr::random_element(), fr::random_element(), fr::random_element(), - }; - std::vector inputs; - for (const auto& input : input_values) { - inputs.emplace_back(witness_ct(&composer, input)); - } - field_ct iv = witness_ct(&composer, fr(10)); - - field_ct result = stdlib::pedersen_plookup::merkle_damgard_compress(inputs, iv).x; - - auto expected = crypto::pedersen::lookup::merkle_damgard_compress(input_values, 10); - - EXPECT_EQ(result.get_value(), expected.normalize().x); - - auto prover = composer.create_prover(); - - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); - - bool proof_result = verifier.verify_proof(proof); - EXPECT_EQ(proof_result, true); -} -} // namespace plookup_pedersen_tests } // namespace test_stdlib_pedersen diff --git a/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.cpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.cpp new file mode 100644 index 0000000000..014a5dc6d6 --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.cpp @@ -0,0 +1,60 @@ +#include "pedersen_plookup.hpp" +#include +#include +#include "../../hash/pedersen/pedersen_plookup.hpp" + +#include +#include "../../primitives/composers/composers.hpp" +#include "../../primitives/plookup/plookup.hpp" + +namespace plonk { +namespace stdlib { + +using namespace barretenberg; + +template +point pedersen_plookup_commitment::compress_to_point(const field_t& left, const field_t& right) +{ + auto p2 = pedersen_plookup_hash::hash_single(left, false); + auto p1 = pedersen_plookup_hash::hash_single(right, true); + + return pedersen_plookup_hash::add_points(p1, p2); +} + +template field_t pedersen_plookup_commitment::compress(const field_t& left, const field_t& right) +{ + return compress_to_point(left, right).x; +} + +template +point pedersen_plookup_commitment::merkle_damgard_compress(const std::vector& inputs, const field_t& iv) +{ + if (inputs.size() == 0) { + return point{ 0, 0 }; + } + + auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, iv)[ColumnIdx::C2][0]; + auto num_inputs = inputs.size(); + for (size_t i = 0; i < num_inputs; i++) { + result = compress(result, inputs[i]); + } + + return compress_to_point(result, field_t(num_inputs)); +} + +template +point pedersen_plookup_commitment::commit(const std::vector& inputs, const size_t hash_index) +{ + return merkle_damgard_compress(inputs, field_t(hash_index)); +} + +template +field_t pedersen_plookup_commitment::compress(const std::vector& inputs, const size_t hash_index) +{ + return commit(inputs, hash_index).x; +} + +template class pedersen_plookup_commitment; + +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.hpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.hpp new file mode 100644 index 0000000000..acd662307c --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.hpp @@ -0,0 +1,37 @@ +#pragma once +#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/field/field.hpp" +#include "../../primitives/point/point.hpp" +#include "../../primitives/packed_byte_array/packed_byte_array.hpp" + +namespace plonk { +namespace stdlib { + +template class pedersen_plookup_commitment { + private: + typedef plonk::stdlib::field_t field_t; + typedef plonk::stdlib::point point; + typedef plonk::stdlib::packed_byte_array packed_byte_array; + typedef plonk::stdlib::bool_t bool_t; + + static point commit(const std::vector& inputs, const size_t hash_index = 0); + + public: + static field_t compress(const field_t& left, const field_t& right); + static field_t compress(const std::vector& inputs, const size_t hash_index = 0); + static field_t compress(const packed_byte_array& input) { return compress(input.get_limbs()); } + + template static field_t compress(const std::array& inputs) + { + std::vector in(inputs.begin(), inputs.end()); + return compress(in); + } + + static point merkle_damgard_compress(const std::vector& inputs, const field_t& iv); + + static point compress_to_point(const field_t& left, const field_t& right); +}; + +extern template class pedersen_plookup_commitment; +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.test.cpp b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.test.cpp new file mode 100644 index 0000000000..8863de207e --- /dev/null +++ b/cpp/src/aztec/stdlib/commitment/pedersen/pedersen_plookup.test.cpp @@ -0,0 +1,111 @@ +#include "pedersen.hpp" +#include "pedersen_plookup.hpp" +#include +#include +#include +#include +#include +#include +#include + +namespace test_stdlib_pedersen { +using namespace barretenberg; +using namespace plonk; +namespace { +auto& engine = numeric::random::get_debug_engine(); +} + +namespace plookup_pedersen_tests { +typedef stdlib::field_t field_ct; +typedef stdlib::witness_t witness_ct; +TEST(stdlib_pedersen, test_pedersen_plookup) +{ + waffle::UltraComposer composer = waffle::UltraComposer(); + + fr left_in = fr::random_element(); + fr right_in = fr::random_element(); + + field_ct left = witness_ct(&composer, left_in); + field_ct right = witness_ct(&composer, right_in); + + field_ct result = stdlib::pedersen_plookup_commitment::compress(left, right); + + fr expected = crypto::pedersen_hash::lookup::hash_pair(left_in, right_in); + + EXPECT_EQ(result.get_value(), expected); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + waffle::plonk_proof proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +TEST(stdlib_pedersen, test_compress_many_plookup) +{ + waffle::UltraComposer composer = waffle::UltraComposer(); + + std::vector input_values{ + fr::random_element(), fr::random_element(), fr::random_element(), + fr::random_element(), fr::random_element(), fr::random_element(), + }; + std::vector inputs; + for (const auto& input : input_values) { + inputs.emplace_back(witness_ct(&composer, input)); + } + + const size_t hash_idx = 20; + + field_ct result = stdlib::pedersen_plookup_commitment::compress(inputs, hash_idx); + + auto expected = crypto::pedersen_commitment::lookup::compress_native(input_values, hash_idx); + + EXPECT_EQ(result.get_value(), expected); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + waffle::plonk_proof proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +TEST(stdlib_pedersen, test_merkle_damgard_compress_plookup) +{ + waffle::UltraComposer composer = waffle::UltraComposer(); + + std::vector input_values{ + fr::random_element(), fr::random_element(), fr::random_element(), + fr::random_element(), fr::random_element(), fr::random_element(), + }; + std::vector inputs; + for (const auto& input : input_values) { + inputs.emplace_back(witness_ct(&composer, input)); + } + field_ct iv = witness_ct(&composer, fr(10)); + + field_ct result = stdlib::pedersen_plookup_commitment::merkle_damgard_compress(inputs, iv).x; + + auto expected = crypto::pedersen_commitment::lookup::merkle_damgard_compress(input_values, 10); + + EXPECT_EQ(result.get_value(), expected.normalize().x); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + waffle::plonk_proof proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} +} // namespace plookup_pedersen_tests +} // namespace test_stdlib_pedersen diff --git a/cpp/src/aztec/stdlib/encryption/schnorr/CMakeLists.txt b/cpp/src/aztec/stdlib/encryption/schnorr/CMakeLists.txt index 20a100dff1..d200b786ae 100644 --- a/cpp/src/aztec/stdlib/encryption/schnorr/CMakeLists.txt +++ b/cpp/src/aztec/stdlib/encryption/schnorr/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(stdlib_schnorr stdlib_pedersen stdlib_blake2s stdlib_primitives) \ No newline at end of file +barretenberg_module(stdlib_schnorr stdlib_pedersen_commitment stdlib_blake2s stdlib_primitives) \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.cpp b/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.cpp index fcb473cea9..161fefe279 100644 --- a/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.cpp +++ b/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.cpp @@ -1,7 +1,8 @@ #include "schnorr.hpp" -#include +#include #include #include +#include #include "../../primitives/composers/composers.hpp" @@ -160,7 +161,7 @@ point variable_base_mul(const point& pub_key, const point& current_accu // Various elliptic curve point additions that follow assume that the two points are distinct and not mutually // inverse. collision_offset is chosen to prevent a malicious prover from exploiting this assumption. - grumpkin::g1::affine_element collision_offset = crypto::pedersen::get_generator_data(DEFAULT_GEN_1).generator; + grumpkin::g1::affine_element collision_offset = crypto::generators::get_generator_data(DEFAULT_GEN_1).generator; grumpkin::g1::affine_element collision_end = collision_offset * grumpkin::fr(uint256_t(1) << 129); const bool init = current_accumulator.x.get_value() == pub_key.x.get_value(); @@ -285,7 +286,7 @@ void verify_signature(const byte_array& message, const point& pub_key, con // build input (pedersen(([s]g + [e]pub).x | pub.x | pub.y) | message) to hash function // pedersen hash ([r].x | pub.x) to make sure the size of `hash_input` is <= 64 bytes for a 32 byte message - byte_array hash_input(stdlib::pedersen::compress({ x_3, pub_key.x, pub_key.y })); + byte_array hash_input(stdlib::pedersen_commitment::compress({ x_3, pub_key.x, pub_key.y })); hash_input.write(message); // compute e' = hash(([s]g + [e]pub).x | message) diff --git a/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.test.cpp b/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.test.cpp index e269f150fc..b5ab6823f3 100644 --- a/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.test.cpp +++ b/cpp/src/aztec/stdlib/encryption/schnorr/schnorr.test.cpp @@ -1,5 +1,5 @@ #include "schnorr.hpp" -#include +#include #include #include #include diff --git a/cpp/src/aztec/stdlib/hash/pedersen/CMakeLists.txt b/cpp/src/aztec/stdlib/hash/pedersen/CMakeLists.txt index 66047381be..c4504582a2 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/CMakeLists.txt +++ b/cpp/src/aztec/stdlib/hash/pedersen/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(stdlib_pedersen stdlib_primitives crypto_pedersen) +barretenberg_module(stdlib_pedersen_hash stdlib_primitives crypto_pedersen_commitment crypto_generators) diff --git a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.cpp b/cpp/src/aztec/stdlib/hash/pedersen/pedersen.cpp index 629694d237..88c421afb3 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.cpp +++ b/cpp/src/aztec/stdlib/hash/pedersen/pedersen.cpp @@ -1,33 +1,13 @@ +#include #include "pedersen.hpp" #include "pedersen_plookup.hpp" -#include -#include - #include "../../primitives/composers/composers.hpp" -#include "../../primitives/packed_byte_array/packed_byte_array.hpp" namespace plonk { namespace stdlib { using namespace barretenberg; -using namespace crypto::pedersen; -using namespace bonk; - -namespace { -/** - * Adds two group elements using elliptic curve addition. - **/ -template point add_points(const point& first, const point& second) -{ - field_t lhs = second.y - first.y; - field_t rhs = second.x - first.x; - // since we are adding multiples of different generators, creating a zero denum is as hard as DL - field_t lambda = lhs.divide_no_zero_check(rhs); - field_t x_3 = lambda * lambda - second.x - first.x; - field_t y_3 = lambda * (first.x - x_3) - first.y; - return { x_3, y_3 }; -} -} // namespace +using namespace crypto::pedersen_hash; /** * Description of function: @@ -57,16 +37,15 @@ template point add_points(const point& first, const point& * Full documentation: https://hackmd.io/gRsmqUGkSDOCI9O22qWXBA?view **/ template -point pedersen::hash_single(const field_t& in, - const generator_index_t hash_index, - const bool validate_input_is_in_field) +point pedersen_hash::hash_single_internal(const field_t& in, + const generator_index_t hash_index, + const bool validate_input_is_in_field) { C* ctx = in.context; - field_t scalar = in.normalize(); if (in.is_constant()) { - const auto hash_native = crypto::pedersen::hash_single(in.get_value(), hash_index).normalize(); + const auto hash_native = crypto::pedersen_hash::hash_single(in.get_value(), hash_index).normalize(); return { field_t(ctx, hash_native.x), field_t(ctx, hash_native.y) }; } @@ -82,8 +61,8 @@ point pedersen::hash_single(const field_t& in, // initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1: num_bits; // this may require updating the logic around accumulator_offset constexpr size_t initial_exponent = num_bits; - const auto gen_data = crypto::pedersen::get_generator_data(hash_index); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + const auto gen_data = crypto::generators::get_generator_data(hash_index); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); grumpkin::g1::affine_element skew_generator = gen_data.skew_generator; // Here n = num_quads = 127. @@ -224,7 +203,8 @@ point pedersen::hash_single(const field_t& in, ctx->create_fixed_group_add_gate(round_quad); } else { if constexpr (C::type == plonk::PLOOKUP && - C::merkle_hash_type == plonk::MerkleHashType::FIXED_BASE_PEDERSEN) { + (C::merkle_hash_type == plonk::merkle::HashType::FIXED_BASE_PEDERSEN || + C::commitment_type == plonk::pedersen::CommitmentType::FIXED_BASE_PEDERSEN)) { /* In TurboComposer, the selector q_5 is used to show that w_1 and w_2 are properly initialized to the * coordinates of P_s = (-s + 4^n)[g]. In UltraPlonK, we have removed q_5 for overall efficiency (it * would only be used here in this gate), but this presents us a cost in the present circuit: we must @@ -289,6 +269,42 @@ point pedersen::hash_single(const field_t& in, return result; } +/** + * Compute pedersen hash of the field element `in` using either lookup tables or its WNAF representation. + * + * Full documentation: https://hackmd.io/gRsmqUGkSDOCI9O22qWXBA?view + **/ +template +point pedersen_hash::hash_single(const field_t& in, + const generator_index_t hash_index, + const bool validate_input_is_in_field) +{ + if constexpr (C::type == waffle::ComposerType::PLOOKUP && + C::merkle_hash_type == waffle::merkle::HashType::LOOKUP_PEDERSEN) { + return pedersen_plookup_hash::hash_single(in, hash_index.index == 0); + } + + return pedersen_hash::hash_single_internal(in, hash_index, validate_input_is_in_field); +} + +/** + * Subsidiary function used by the Pedersen commitment gadget to "hash" a field element. + * + * Full documentation: https://hackmd.io/gRsmqUGkSDOCI9O22qWXBA?view + **/ +template +point pedersen_hash::commit_single(const field_t& in, + const generator_index_t hash_index, + const bool validate_input_is_in_field) +{ + if constexpr (C::type == waffle::ComposerType::PLOOKUP && + C::commitment_type == waffle::pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_hash::hash_single(in, hash_index.index == 0); + } + + return pedersen_hash::hash_single_internal(in, hash_index, validate_input_is_in_field); +} + /** * Check the wnaf sum is smaller than the circuit modulus * @@ -302,7 +318,7 @@ point pedersen::hash_single(const field_t& in, * * Total cost is ~36 gates **/ -template void pedersen::validate_wnaf_is_in_field(C* ctx, const std::vector& accumulator) +template void pedersen_hash::validate_wnaf_is_in_field(C* ctx, const std::vector& accumulator) { /** * To validate that `w < r`, we use schoolbook subtraction @@ -496,7 +512,24 @@ template void pedersen::validate_wnaf_is_in_field(C* ctx, const y_hi.create_range_constraint(128, "pedersen: range constraint on y_lo fails in validate_wnaf_is_in_field"); } -template point pedersen::accumulate(const std::vector& to_accumulate) +/** + * Adds two group elements using elliptic curve addition. + **/ +template point pedersen_hash::add_points(const point& first, const point& second) +{ + field_t lhs = second.y - first.y; + field_t rhs = second.x - first.x; + // since we are adding multiples of different generators, creating a zero denum is as hard as DL + field_t lambda = lhs.divide_no_zero_check(rhs); + field_t x_3 = lambda * lambda - second.x - first.x; + field_t y_3 = lambda * (first.x - x_3) - first.y; + return { x_3, y_3 }; +} + +/** + * Accumulate a set of group elements using simple elliptic curve addition. + */ +template point pedersen_hash::accumulate(const std::vector& to_accumulate) { if (to_accumulate.size() == 0) { return point{ 0, 0 }; @@ -509,82 +542,26 @@ template point pedersen::accumulate(const std::vector& return accumulator; } -// called unsafe because allowing the option of not validating the input elements are unique, i.e. -field_t pedersen::compress_unsafe(const field_t& in_left, - const field_t& in_right, - const size_t hash_index, - const bool validate_input_is_in_field) -{ - if constexpr (C::type == ComposerType::PLOOKUP && C::merkle_hash_type == plonk::MerkleHashType::LOOKUP_PEDERSEN) { - return pedersen_plookup::compress({ in_left, in_right }); - } - - std::vector accumulators; - generator_index_t index_1 = { hash_index, 0 }; - generator_index_t index_2 = { hash_index, 1 }; - accumulators.push_back(hash_single(in_left, index_1, validate_input_is_in_field)); - accumulators.push_back(hash_single(in_right, index_2, validate_input_is_in_field)); - return accumulate(accumulators).x; -} - -template point pedersen::commit(const std::vector& inputs, const size_t hash_index) +field_t pedersen_hash::hash_multiple(const std::vector& inputs, + const size_t hash_index, + const bool validate_inputs_in_field) { - if constexpr (C::type == ComposerType::PLOOKUP && C::merkle_hash_type == plonk::MerkleHashType::LOOKUP_PEDERSEN) { - return pedersen_plookup::commit(inputs, hash_index); + if constexpr (C::type == plonk::ComposerType::PLOOKUP && + C::merkle_hash_type == plonk::merkle::HashType::LOOKUP_PEDERSEN) { + return pedersen_plookup_hash::hash_multiple(inputs, hash_index); } std::vector to_accumulate; for (size_t i = 0; i < inputs.size(); ++i) { generator_index_t index = { hash_index, i }; - to_accumulate.push_back(hash_single(inputs[i], index)); - } - return accumulate(to_accumulate); -} - -template field_t pedersen::compress(const std::vector& inputs, const size_t hash_index) -{ - if constexpr (C::type == ComposerType::PLOOKUP && C::merkle_hash_type == plonk::MerkleHashType::LOOKUP_PEDERSEN) { - return pedersen_plookup::compress(inputs, hash_index); + to_accumulate.push_back(pedersen_hash::hash_single(inputs[i], index, validate_inputs_in_field)); } - - return commit(inputs, hash_index).x; -} - -// If the input values are all zero, we return the array length instead of `0\` -// This is because we require the inputs to regular pedersen compression function are nonzero (we use this method to -// hash the base layer of our merkle trees) -template field_t pedersen::compress(const byte_array& input) -{ - const size_t num_bytes = input.size(); - const size_t bytes_per_element = 31; - size_t num_elements = (num_bytes % bytes_per_element != 0) + (num_bytes / bytes_per_element); - - std::vector elements; - for (size_t i = 0; i < num_elements; ++i) { - size_t bytes_to_slice = 0; - if (i == num_elements - 1) { - bytes_to_slice = num_bytes - (i * bytes_per_element); - } else { - bytes_to_slice = bytes_per_element; - } - field_t element = static_cast(input.slice(i * bytes_per_element, bytes_to_slice)); - elements.emplace_back(element); - } - field_t compressed = compress(elements, 0); - - bool_t is_zero(true); - for (const auto& element : elements) { - is_zero = is_zero && element.is_zero(); - } - - field_t output = field_t::conditional_assign(is_zero, field_t(num_bytes), compressed); - return output; + point result = pedersen_hash::accumulate(to_accumulate); + return result.x; } -template class pedersen; -template class pedersen; -template class pedersen; +INSTANTIATE_STDLIB_TYPE(pedersen_hash); } // namespace stdlib } // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.hpp b/cpp/src/aztec/stdlib/hash/pedersen/pedersen.hpp index 50ffa81fc0..ebfcea68a5 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/pedersen.hpp +++ b/cpp/src/aztec/stdlib/hash/pedersen/pedersen.hpp @@ -1,58 +1,48 @@ #pragma once -#include +#include #include "../../primitives/composers/composers_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" -#include "../../primitives/byte_array/byte_array.hpp" namespace plonk { namespace stdlib { -constexpr uint64_t WNAF_MASK = crypto::pedersen::WNAF_MASK; +using namespace barretenberg; +using namespace crypto::pedersen_hash; -template class pedersen { - private: +template class pedersen_hash { + + public: typedef plonk::stdlib::field_t field_t; typedef plonk::stdlib::point point; - typedef plonk::stdlib::byte_array byte_array; typedef plonk::stdlib::bool_t bool_t; - static point hash_single(const field_t& in, - const crypto::pedersen::generator_index_t hash_index, - const bool validate_input_is_in_field = true); - static point accumulate(const std::vector& to_accumulate); - - public: - // called unsafe because allowing the option of not validating the input elements are unique, i.e. & inputs, const size_t hash_index = 0); + public: + static void validate_wnaf_is_in_field(ComposerContext* ctx, const std::vector& accumulator); - template static field_t compress(const std::array& inputs) - { - std::vector in(inputs.begin(), inputs.end()); - return compress(in); - } + static point accumulate(const std::vector& to_accumulate); - static field_t compress(const byte_array& inputs); + static point hash_single(const field_t& in, + const crypto::generators::generator_index_t hash_index, + const bool validate_input_is_in_field = true); - static void validate_wnaf_is_in_field(ComposerContext* ctx, const std::vector& accumulator); + static point commit_single(const field_t& in, + const crypto::generators::generator_index_t hash_index, + const bool validate_input_is_in_field = true); - private: - static point commit(const std::vector& inputs, const size_t hash_index = 0); + static field_t hash_multiple(const std::vector& in, + const size_t hash_index = 0, + const bool validate_inputs_in_field = true); }; -extern template class pedersen; -extern template class pedersen; -extern template class pedersen; +EXTERN_STDLIB_TYPE(pedersen_hash); } // namespace stdlib } // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.cpp b/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.cpp index d11be43153..5bcce6601b 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.cpp +++ b/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.cpp @@ -1,5 +1,5 @@ #include "pedersen_plookup.hpp" -#include +#include #include #include @@ -13,7 +13,14 @@ namespace stdlib { using namespace barretenberg; -template point pedersen_plookup::add_points(const point& p1, const point& p2, const AddType add_type) +/** + * Add two curve points in one of the following ways: + * one: p1 + p2 + * lambda: p1 + λ.p2 + * one_plus_lambda: p1 + (1 + λ).p2 + */ +template +point pedersen_plookup_hash::add_points(const point& p1, const point& p2, const AddType add_type) { C* ctx = p1.x.context ? p1.x.context : (p1.y.context ? p1.y.context : (p2.x.context ? p2.x.context : p2.y.context)); grumpkin::fq x_1_raw = p1.x.get_value(); @@ -68,11 +75,14 @@ template point pedersen_plookup::add_points(const point& p1, return p3; } -template point pedersen_plookup::hash_single(const field_t& scalar, const bool parity) +/** + * Hash a single field element using lookup tables. + */ +template point pedersen_plookup_hash::hash_single(const field_t& scalar, const bool parity) { if (scalar.is_constant()) { C* ctx = scalar.get_context(); - const auto hash_native = crypto::pedersen::lookup::hash_single(scalar.get_value(), parity).normalize(); + const auto hash_native = crypto::pedersen_hash::lookup::hash_single(scalar.get_value(), parity).normalize(); return { field_t(ctx, hash_native.x), field_t(ctx, hash_native.y) }; } @@ -125,47 +135,30 @@ template point pedersen_plookup::hash_single(const field_t& s return res; } -template point pedersen_plookup::compress_to_point(const field_t& left, const field_t& right) -{ - auto p2 = hash_single(left, false); - auto p1 = hash_single(right, true); - - return add_points(p1, p2); -} - -template field_t pedersen_plookup::compress(const field_t& left, const field_t& right) -{ - return compress_to_point(left, right).x; -} - +/** + * Hash a bunch of field element using merkle damagard construction. + */ template -point pedersen_plookup::merkle_damgard_compress(const std::vector& inputs, const field_t& iv) +field_t pedersen_plookup_hash::hash_multiple(const std::vector& inputs, const size_t hash_index) { if (inputs.size() == 0) { - return point{ 0, 0 }; + return point{ 0, 0 }.x; } - auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, iv)[ColumnIdx::C2][0]; + auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, hash_index)[ColumnIdx::C2][0]; auto num_inputs = inputs.size(); for (size_t i = 0; i < num_inputs; i++) { - result = compress(result, inputs[i]); + auto p2 = pedersen_plookup_hash::hash_single(result, false); + auto p1 = pedersen_plookup_hash::hash_single(inputs[i], true); + result = add_points(p1, p2).x; } - return compress_to_point(result, field_t(num_inputs)); -} - -template point pedersen_plookup::commit(const std::vector& inputs, const size_t hash_index) -{ - return merkle_damgard_compress(inputs, field_t(hash_index)); -} - -template -field_t pedersen_plookup::compress(const std::vector& inputs, const size_t hash_index) -{ - return commit(inputs, hash_index).x; + auto p2 = hash_single(result, false); + auto p1 = hash_single(field_t(num_inputs), true); + return add_points(p1, p2).x; } -template class pedersen_plookup; +template class pedersen_plookup_hash; } // namespace stdlib } // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.hpp b/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.hpp index bc01ff94a8..74d898ecac 100644 --- a/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.hpp +++ b/cpp/src/aztec/stdlib/hash/pedersen/pedersen_plookup.hpp @@ -7,7 +7,7 @@ namespace plonk { namespace stdlib { -template class pedersen_plookup { +template class pedersen_plookup_hash { private: typedef plonk::stdlib::field_t field_t; typedef plonk::stdlib::point point; @@ -20,27 +20,14 @@ template class pedersen_plookup { ONE_PLUS_LAMBDA, }; - static point hash_single(const field_t& in, const bool parity); - static point add_points(const point& p1, const point& p2, const AddType add_type = ONE); - public: - static field_t compress(const field_t& left, const field_t& right); - static field_t compress(const std::vector& inputs, const size_t hash_index = 0); - static field_t compress(const packed_byte_array& input) { return compress(input.get_limbs()); } - - template static field_t compress(const std::array& inputs) - { - std::vector in(inputs.begin(), inputs.end()); - return compress(in); - } - - static point merkle_damgard_compress(const std::vector& inputs, const field_t& iv); + static point add_points(const point& p1, const point& p2, const AddType add_type = ONE); - static point commit(const std::vector& inputs, const size_t hash_index = 0); + static point hash_single(const field_t& in, const bool parity); - static point compress_to_point(const field_t& left, const field_t& right); + static field_t hash_multiple(const std::vector& in, const size_t hash_index = 0); }; -extern template class pedersen_plookup; +extern template class pedersen_plookup_hash; } // namespace stdlib } // namespace plonk \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/merkle_tree/CMakeLists.txt b/cpp/src/aztec/stdlib/merkle_tree/CMakeLists.txt index 2457820baf..f0378375a7 100644 --- a/cpp/src/aztec/stdlib/merkle_tree/CMakeLists.txt +++ b/cpp/src/aztec/stdlib/merkle_tree/CMakeLists.txt @@ -1 +1,43 @@ -barretenberg_module(stdlib_merkle_tree stdlib_primitives stdlib_blake3s stdlib_pedersen) +barretenberg_module(stdlib_merkle_tree stdlib_primitives stdlib_blake3s stdlib_pedersen_hash) + +if(NOT WASM) + include(FetchContent) + FetchContent_Declare( + leveldb + GIT_REPOSITORY https://github.com/google/leveldb.git + GIT_TAG 1.22 + FIND_PACKAGE_ARGS + ) + + # Disable some leveldb targets before we call FetchContent_MakeAvailable + # so they are configured correctly if it needs to fetch + set(LEVELDB_BUILD_TESTS OFF CACHE BOOL "LevelDB tests off") + set(LEVELDB_BUILD_BENCHMARKS OFF CACHE BOOL "LevelDB benchmarks off") + + FetchContent_MakeAvailable(leveldb) + + if (leveldb_FOUND) + # Globally installed leveldb needs Threads available as Threads::Threads as discovered by `find_package` + find_package(Threads REQUIRED) + + foreach(target IN LISTS stdlib_merkle_tree_lib_targets stdlib_merkle_tree_exe_targets) + target_link_libraries(${target} PRIVATE leveldb::leveldb) + endforeach() + else() + # FetchContent_MakeAvailable calls FetchContent_Populate if `find_package` is unsuccessful + # so these variables will be available if we reach this case + set_property(DIRECTORY ${leveldb_SOURCE_DIR} PROPERTY EXCLUDE_FROM_ALL) + set_property(DIRECTORY ${leveldb_BINARY_DIR} PROPERTY EXCLUDE_FROM_ALL) + + # Silence all compiler warnings from LevelDB + target_compile_options( + leveldb + PRIVATE + -w + ) + + foreach(target IN LISTS stdlib_merkle_tree_lib_targets stdlib_merkle_tree_exe_targets) + target_link_libraries(${target} PRIVATE leveldb) + endforeach() + endif() +endif() diff --git a/cpp/src/aztec/stdlib/merkle_tree/hash.hpp b/cpp/src/aztec/stdlib/merkle_tree/hash.hpp index 8a1a3dc544..a4213b7dd8 100644 --- a/cpp/src/aztec/stdlib/merkle_tree/hash.hpp +++ b/cpp/src/aztec/stdlib/merkle_tree/hash.hpp @@ -1,7 +1,9 @@ #pragma once #include #include -#include +#include +#include +#include #include #include #include @@ -11,19 +13,9 @@ namespace plonk { namespace stdlib { namespace merkle_tree { -template inline field_t hash_value(byte_array const& input) -{ - return plonk::stdlib::pedersen::compress(input); -} - -inline barretenberg::fr hash_value_native(std::vector const& input) -{ - return crypto::pedersen::compress_native(input); -} - inline barretenberg::fr compress_native(barretenberg::fr const& lhs, barretenberg::fr const& rhs) { - return crypto::pedersen::compress_native({ lhs, rhs }); + return crypto::pedersen_hash::lookup::hash_multiple({ lhs, rhs }); } } // namespace merkle_tree diff --git a/cpp/src/aztec/stdlib/merkle_tree/hash.test.cpp b/cpp/src/aztec/stdlib/merkle_tree/hash.test.cpp index 0b2cb852ef..3987999029 100644 --- a/cpp/src/aztec/stdlib/merkle_tree/hash.test.cpp +++ b/cpp/src/aztec/stdlib/merkle_tree/hash.test.cpp @@ -11,17 +11,7 @@ TEST(stdlib_merkle_tree_hash, compress_native_vs_circuit) fr x = uint256_t(0x5ec473eb273a8011, 0x50160109385471ca, 0x2f3095267e02607d, 0x02586f4a39e69b86); Composer composer = Composer(); witness_ct y = witness_ct(&composer, x); - field_ct z = plonk::stdlib::pedersen::compress(y, y); - auto zz = crypto::pedersen::compress_native({ x, x }); - EXPECT_EQ(z.get_value(), zz); -} - -TEST(stdlib_merkle_tree_hash, hash_value_native_vs_circuit) -{ - std::vector x = std::vector(64, '\1'); - Composer composer = Composer(); - byte_array_ct y(&composer, x); - field_ct z = merkle_tree::hash_value(y); - fr zz = merkle_tree::hash_value_native(x); + field_ct z = plonk::stdlib::pedersen_hash::hash_multiple({ y, y }); + auto zz = crypto::pedersen_hash::lookup::hash_multiple({ x, x }); EXPECT_EQ(z.get_value(), zz); } \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/merkle_tree/membership.hpp b/cpp/src/aztec/stdlib/merkle_tree/membership.hpp index 55de69cbbe..ba4a963205 100644 --- a/cpp/src/aztec/stdlib/merkle_tree/membership.hpp +++ b/cpp/src/aztec/stdlib/merkle_tree/membership.hpp @@ -43,7 +43,7 @@ bool_t check_subtree_membership(field_t const& root, // current iff path_bit If either of these does not hold, then the final computed merkle root will not match field_t left = field_t::conditional_assign(path_bit, hashes[i].first, current); field_t right = field_t::conditional_assign(path_bit, current, hashes[i].second); - current = pedersen::compress_unsafe(left, right, 0, is_updating_tree); + current = pedersen_hash::hash_multiple({ left, right }, 0, is_updating_tree); } return (current == root); @@ -199,7 +199,7 @@ template field_t compute_tree_root(std::vector 1) { std::vector> next_layer(layer.size() / 2); for (size_t i = 0; i < next_layer.size(); ++i) { - next_layer[i] = pedersen::compress(layer[i * 2], layer[i * 2 + 1]); + next_layer[i] = pedersen_hash::hash_multiple({ layer[i * 2], layer[i * 2 + 1] }); } layer = std::move(next_layer); } diff --git a/cpp/src/aztec/stdlib/primitives/group/group.hpp b/cpp/src/aztec/stdlib/primitives/group/group.hpp index 186c43044c..e77e800659 100644 --- a/cpp/src/aztec/stdlib/primitives/group/group.hpp +++ b/cpp/src/aztec/stdlib/primitives/group/group.hpp @@ -3,7 +3,7 @@ #include "../field/field.hpp" #include #include -#include +#include #include "../../hash/pedersen/pedersen.hpp" @@ -13,7 +13,7 @@ namespace plonk { namespace stdlib { using namespace barretenberg; -using namespace crypto::pedersen; +using namespace crypto::pedersen_hash; template class group { public: @@ -136,7 +136,7 @@ auto group::fixed_base_scalar_mul_internal(const field_t::fixed_base_scalar_mul_internal(const field_t= 254) { - plonk::stdlib::pedersen::validate_wnaf_is_in_field(ctx, accumulator_witnesses); + plonk::stdlib::pedersen_hash::validate_wnaf_is_in_field(ctx, accumulator_witnesses); } aligned_free(multiplication_transcript); aligned_free(accumulator_transcript); diff --git a/cpp/src/aztec/stdlib/primitives/group/group.test.cpp b/cpp/src/aztec/stdlib/primitives/group/group.test.cpp index 460245c1d8..b491433e2b 100644 --- a/cpp/src/aztec/stdlib/primitives/group/group.test.cpp +++ b/cpp/src/aztec/stdlib/primitives/group/group.test.cpp @@ -20,7 +20,7 @@ TEST(stdlib_group, test_fixed_base_scalar_mul) { auto scalar = uint256_t(123, 0, 0, 0); auto priv_key = grumpkin::fr(scalar); - auto pub_key = crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).generator * priv_key; + auto pub_key = crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).generator * priv_key; Composer composer; auto priv_key_witness = field_ct(witness_ct(&composer, fr(scalar))); @@ -30,7 +30,7 @@ TEST(stdlib_group, test_fixed_base_scalar_mul) EXPECT_EQ(result.x.get_value(), pub_key.x); EXPECT_EQ(result.y.get_value(), pub_key.y); - auto native_result = crypto::pedersen::fixed_base_scalar_mul<128>(barretenberg::fr(scalar), 0); + auto native_result = crypto::generators::fixed_base_scalar_mul<128>(barretenberg::fr(scalar), 0); EXPECT_EQ(native_result.x, pub_key.x); EXPECT_EQ(native_result.y, pub_key.y); diff --git a/cpp/src/aztec/stdlib/primitives/plookup/plookup.test.cpp b/cpp/src/aztec/stdlib/primitives/plookup/plookup.test.cpp index a546455366..6b879b514d 100644 --- a/cpp/src/aztec/stdlib/primitives/plookup/plookup.test.cpp +++ b/cpp/src/aztec/stdlib/primitives/plookup/plookup.test.cpp @@ -4,7 +4,7 @@ #include #include #include -#include +#include #include #include #include @@ -41,8 +41,8 @@ TEST(stdlib_plookup, pedersen_lookup_left) std::vector expected_y; const size_t num_lookups_hi = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; EXPECT_EQ(num_lookups_hi, lookup_hi[ColumnIdx::C1].size()); EXPECT_EQ(num_lookups_lo, lookup_lo[ColumnIdx::C1].size()); @@ -57,21 +57,21 @@ TEST(stdlib_plookup, pedersen_lookup_left) const size_t num_rounds = (num_lookups + 1) / 2; uint256_t bits(input_value); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < num_rounds; ++i) { - const auto& table = crypto::pedersen::lookup::get_table(i); + const auto& table = crypto::pedersen_hash::lookup::get_table(i); const size_t index = i * 2; size_t slice_a = - static_cast(((bits >> (index * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + static_cast(((bits >> (index * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index] = (table[slice_a].x); expected_y[index] = (table[slice_a].y); expected_scalars[index] = slice_a; if (i < 14) { size_t slice_b = static_cast( - ((bits >> ((index + 1) * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + ((bits >> ((index + 1) * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index + 1] = (table[slice_b].x); expected_y[index + 1] = (table[slice_b].y); expected_scalars[index + 1] = slice_b; @@ -80,7 +80,7 @@ TEST(stdlib_plookup, pedersen_lookup_left) } for (size_t i = num_lookups - 2; i < num_lookups; --i) { - expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } size_t hi_shift = 126; const fr hi_cumulative = lookup_hi[ColumnIdx::C1][0].get_value(); @@ -89,7 +89,7 @@ TEST(stdlib_plookup, pedersen_lookup_left) EXPECT_EQ(lookup_lo[ColumnIdx::C1][i].get_value() + (hi_cumulative * hi_mult), expected_scalars[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C2][i].get_value(), expected_x[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C3][i].get_value(), expected_y[i]); - hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE; + hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { EXPECT_EQ(lookup_hi[ColumnIdx::C1][i].get_value(), expected_scalars[i + num_lookups_lo]); @@ -121,8 +121,8 @@ TEST(stdlib_plookup, pedersen_lookup_right) std::vector expected_y; const size_t num_lookups_hi = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; EXPECT_EQ(num_lookups_hi, lookup_hi[ColumnIdx::C1].size()); EXPECT_EQ(num_lookups_lo, lookup_lo[ColumnIdx::C1].size()); @@ -137,21 +137,21 @@ TEST(stdlib_plookup, pedersen_lookup_right) const size_t num_rounds = (num_lookups + 1) / 2; uint256_t bits(input_value); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < num_rounds; ++i) { - const auto& table = crypto::pedersen::lookup::get_table(i + num_rounds); + const auto& table = crypto::pedersen_hash::lookup::get_table(i + num_rounds); const size_t index = i * 2; size_t slice_a = - static_cast(((bits >> (index * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + static_cast(((bits >> (index * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index] = (table[slice_a].x); expected_y[index] = (table[slice_a].y); expected_scalars[index] = slice_a; if (i < 14) { size_t slice_b = static_cast( - ((bits >> ((index + 1) * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + ((bits >> ((index + 1) * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index + 1] = (table[slice_b].x); expected_y[index + 1] = (table[slice_b].y); expected_scalars[index + 1] = slice_b; @@ -160,7 +160,7 @@ TEST(stdlib_plookup, pedersen_lookup_right) } for (size_t i = num_lookups - 2; i < num_lookups; --i) { - expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } size_t hi_shift = 126; const fr hi_cumulative = lookup_hi[ColumnIdx::C1][0].get_value(); @@ -169,7 +169,7 @@ TEST(stdlib_plookup, pedersen_lookup_right) EXPECT_EQ(lookup_lo[ColumnIdx::C1][i].get_value() + (hi_cumulative * hi_mult), expected_scalars[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C2][i].get_value(), expected_x[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C3][i].get_value(), expected_y[i]); - hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE; + hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { EXPECT_EQ(lookup_hi[ColumnIdx::C1][i].get_value(), expected_scalars[i + num_lookups_lo]); diff --git a/cpp/src/aztec/stdlib/recursion/CMakeLists.txt b/cpp/src/aztec/stdlib/recursion/CMakeLists.txt index 0790762551..c5d1124e59 100644 --- a/cpp/src/aztec/stdlib/recursion/CMakeLists.txt +++ b/cpp/src/aztec/stdlib/recursion/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(stdlib_recursion ecc plonk stdlib_primitives stdlib_pedersen stdlib_blake3s) \ No newline at end of file +barretenberg_module(stdlib_recursion ecc plonk stdlib_primitives stdlib_pedersen_commitment stdlib_blake3s) \ No newline at end of file diff --git a/cpp/src/aztec/stdlib/recursion/transcript/transcript.hpp b/cpp/src/aztec/stdlib/recursion/transcript/transcript.hpp index 99957ebebb..16d862c6c1 100644 --- a/cpp/src/aztec/stdlib/recursion/transcript/transcript.hpp +++ b/cpp/src/aztec/stdlib/recursion/transcript/transcript.hpp @@ -8,8 +8,8 @@ #include "../../primitives/curves/bn254.hpp" #include "../verification_key/verification_key.hpp" #include "../../hash/blake3s/blake3s.hpp" -#include "../../hash/pedersen/pedersen.hpp" -#include "../../hash/pedersen/pedersen_plookup.hpp" +#include "../../commitment/pedersen/pedersen.hpp" +#include "../../commitment/pedersen/pedersen_plookup.hpp" #include "../../primitives/bigfield/bigfield.hpp" #include "../../primitives/biggroup/biggroup.hpp" #include "../../primitives/bool/bool.hpp" @@ -247,9 +247,9 @@ template class Transcript { field_pt T0; if constexpr (Composer::type == ComposerType::PLOOKUP) { - T0 = stdlib::pedersen_plookup::compress(compression_buffer); + T0 = stdlib::pedersen_plookup_commitment::compress(compression_buffer); } else { - T0 = stdlib::pedersen::compress(compression_buffer); + T0 = stdlib::pedersen_commitment::compress(compression_buffer); } byte_array compressed_buffer(T0); diff --git a/cpp/src/aztec/stdlib/recursion/verification_key/verification_key.hpp b/cpp/src/aztec/stdlib/recursion/verification_key/verification_key.hpp index 165ba00469..859e203a83 100644 --- a/cpp/src/aztec/stdlib/recursion/verification_key/verification_key.hpp +++ b/cpp/src/aztec/stdlib/recursion/verification_key/verification_key.hpp @@ -14,13 +14,13 @@ #include #include -#include -#include +#include +#include #include "../../primitives/uint/uint.hpp" #include "../../primitives/memory/rom_table.hpp" -#include "../../hash/pedersen/pedersen.hpp" -#include "../../hash/pedersen/pedersen_plookup.hpp" +#include "../../commitment/pedersen/pedersen.hpp" +#include "../../commitment/pedersen/pedersen_plookup.hpp" #include "../../primitives/curves/bn254.hpp" namespace plonk { @@ -57,14 +57,14 @@ template struct evaluation_domain { field_t compress() const { if constexpr (Composer::type == ComposerType::PLOOKUP) { - field_t out = pedersen_plookup::compress({ + field_t out = pedersen_plookup_commitment::compress({ root, domain, generator, }); return out; } else { - field_t out = pedersen::compress({ + field_t out = pedersen_commitment::compress({ root, domain, generator, @@ -77,13 +77,13 @@ template struct evaluation_domain { { barretenberg::fr out; if constexpr (Composer::type == ComposerType::PLOOKUP) { - out = crypto::pedersen::lookup::compress_native({ + out = crypto::pedersen_commitment::lookup::compress_native({ input.root, input.domain, input.generator, }); } else { - out = crypto::pedersen::compress_native({ + out = crypto::pedersen_commitment::compress_native({ input.root, input.domain, input.generator, @@ -208,9 +208,9 @@ template struct verification_key { field_t compressed_key; if constexpr (Composer::type == ComposerType::PLOOKUP) { - compressed_key = pedersen_plookup::compress(key_witnesses); + compressed_key = pedersen_plookup_commitment::compress(key_witnesses); } else { - compressed_key = pedersen::compress(key_witnesses); + compressed_key = pedersen_commitment::compress(key_witnesses); } return compressed_key; } @@ -248,9 +248,9 @@ template struct verification_key { } barretenberg::fr compressed_key; if constexpr (Composer::type == ComposerType::PLOOKUP) { - compressed_key = crypto::pedersen::lookup::compress_native(key_witnesses); + compressed_key = crypto::pedersen_commitment::lookup::compress_native(key_witnesses); } else { - compressed_key = crypto::pedersen::compress_native(key_witnesses); + compressed_key = crypto::pedersen_commitment::compress_native(key_witnesses); } return compressed_key; } diff --git a/cpp/src/aztec/stdlib/recursion/verifier/verifier.test.cpp b/cpp/src/aztec/stdlib/recursion/verifier/verifier.test.cpp index 95e2b768ec..b9aeb365d3 100644 --- a/cpp/src/aztec/stdlib/recursion/verifier/verifier.test.cpp +++ b/cpp/src/aztec/stdlib/recursion/verifier/verifier.test.cpp @@ -39,7 +39,7 @@ template class stdlib_verifier : public testing::Test { a = (a * b) + b + a; a = a.madd(b, c); } - plonk::stdlib::pedersen::compress(a, b); + plonk::stdlib::pedersen_commitment::compress(a, b); typename inner_curve::byte_array_ct to_hash(&composer, "nonsense test data"); stdlib::blake3s(to_hash); @@ -86,7 +86,7 @@ template class stdlib_verifier : public testing::Test { a = (a * b) + b + a; a = c.madd(b, a); } - plonk::stdlib::pedersen::compress(a, a); + plonk::stdlib::pedersen_commitment::compress(a, a); inner_curve::byte_array_ct to_hash(&composer, "different nonsense test data"); stdlib::blake3s(to_hash); diff --git a/cpp/src/aztec/stdlib/recursion/verifier/verifier_turbo.test.cpp b/cpp/src/aztec/stdlib/recursion/verifier/verifier_turbo.test.cpp index 1b0b92c7b9..4d403e89e8 100644 --- a/cpp/src/aztec/stdlib/recursion/verifier/verifier_turbo.test.cpp +++ b/cpp/src/aztec/stdlib/recursion/verifier/verifier_turbo.test.cpp @@ -37,7 +37,7 @@ template class stdlib_verifier_turbo : public testing:: a = (a * b) + b + a; a = a.madd(b, c); } - plonk::stdlib::pedersen::compress(a, b); + plonk::stdlib::pedersen_commitment::compress(a, b); typename inner_curve::byte_array_ct to_hash(&composer, "nonsense test data"); stdlib::blake3s(to_hash); @@ -111,7 +111,7 @@ template class stdlib_verifier_turbo : public testing:: a = (a * b) + b + a; a = c.madd(b, a); } - plonk::stdlib::pedersen::compress(a, a); + plonk::stdlib::pedersen_commitment::compress(a, a); inner_curve::byte_array_ct to_hash(&composer, "different nonsense test data"); stdlib::blake3s(to_hash); diff --git a/cpp/src/aztec/stdlib/types/types.hpp b/cpp/src/aztec/stdlib/types/types.hpp index 67df462651..a73c40809b 100644 --- a/cpp/src/aztec/stdlib/types/types.hpp +++ b/cpp/src/aztec/stdlib/types/types.hpp @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include #include #include @@ -70,7 +70,7 @@ typedef stdlib::bit_array bit_array_ct; typedef stdlib::bigfield fq_ct; typedef stdlib::element biggroup_ct; typedef stdlib::point point_ct; -typedef stdlib::pedersen pedersen; +typedef stdlib::pedersen_commitment pedersen_commitment; typedef stdlib::group group_ct; typedef stdlib::bn254 bn254; typedef stdlib::secp256k1 secp256k1_ct; diff --git a/cpp/src/aztec/transcript/CMakeLists.txt b/cpp/src/aztec/transcript/CMakeLists.txt index 2142c04ef7..6a00821c3c 100644 --- a/cpp/src/aztec/transcript/CMakeLists.txt +++ b/cpp/src/aztec/transcript/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(transcript crypto_pedersen crypto_blake3s) \ No newline at end of file +barretenberg_module(transcript crypto_pedersen_commitment crypto_blake3s) \ No newline at end of file diff --git a/cpp/src/aztec/transcript/transcript.cpp b/cpp/src/aztec/transcript/transcript.cpp index 42d2165140..005bf7c237 100644 --- a/cpp/src/aztec/transcript/transcript.cpp +++ b/cpp/src/aztec/transcript/transcript.cpp @@ -6,8 +6,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -213,12 +213,12 @@ void Transcript::apply_fiat_shamir(const std::string& challenge_name /*, const b break; } case HashType::PedersenBlake3s: { - std::vector compressed_buffer = to_buffer(crypto::pedersen::compress_native(buffer)); + std::vector compressed_buffer = to_buffer(crypto::pedersen_commitment::compress_native(buffer)); base_hash = Blake3sHasher::hash(compressed_buffer); break; } case HashType::PlookupPedersenBlake3s: { - std::vector compressed_buffer = crypto::pedersen::lookup::compress_native(buffer); + std::vector compressed_buffer = crypto::pedersen_commitment::lookup::compress_native(buffer); base_hash = Blake3sHasher::hash(compressed_buffer); break; }