Skip to content

Commit

Permalink
chore: create constraints for sha256 compression opcode (AztecProtoco…
Browse files Browse the repository at this point in the history 
…l#4503)

This PR implements the sha256compression opcode in BB and will now
create constrains for the opcode.

Co-authored-by: kevaundray <[email protected]>
  • Loading branch information
@guipublic @kevaundray
guipublic and kevaundray authored Feb 12, 2024
1 parent 7caa2af commit 6cacf71
Show file tree
Hide file tree
Showing 13 changed files with 212 additions and 0 deletions.
3 changes: 3 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ void build_constraints(Builder& builder, AcirFormat const& constraint_system, bo
for (const auto& constraint : constraint_system.sha256_constraints) {
create_sha256_constraints(builder, constraint);
}
for (const auto& constraint : constraint_system.sha256_compression) {
create_sha256_compression_constraints(builder, constraint);
}

// Add schnorr constraints
for (const auto& constraint : constraint_system.schnorr_constraints) {
Expand Down
2 changes: 2 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ struct AcirFormat {
std::vector<LogicConstraint> logic_constraints;
std::vector<RangeConstraint> range_constraints;
std::vector<Sha256Constraint> sha256_constraints;
std::vector<Sha256Compression> sha256_compression;
std::vector<SchnorrConstraint> schnorr_constraints;
std::vector<EcdsaSecp256k1Constraint> ecdsa_k1_constraints;
std::vector<EcdsaSecp256r1Constraint> ecdsa_r1_constraints;
Expand Down Expand Up @@ -65,6 +66,7 @@ struct AcirFormat {
logic_constraints,
range_constraints,
sha256_constraints,
sha256_compression,
schnorr_constraints,
ecdsa_k1_constraints,
ecdsa_r1_constraints,
Expand Down
6 changes: 6 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -148,6 +149,7 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit)
.logic_constraints = { logic_constraint },
.range_constraints = { range_a, range_b },
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -214,6 +216,7 @@ TEST_F(AcirFormatTests, TestSchnorrVerifyPass)
.logic_constraints = {},
.range_constraints = range_constraints,
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = { schnorr_constraint },
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -308,6 +311,7 @@ TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange)
.logic_constraints = {},
.range_constraints = range_constraints,
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = { schnorr_constraint },
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -421,6 +425,7 @@ TEST_F(AcirFormatTests, TestVarKeccak)
.logic_constraints = {},
.range_constraints = { range_a, range_b, range_c, range_d },
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -466,6 +471,7 @@ TEST_F(AcirFormatTests, TestKeccakPermutation)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down
18 changes: 18 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,24 @@ void handle_blackbox_func_call(Circuit::Opcode::BlackBoxFuncCall const& arg, Aci
}),
.result = map(arg.outputs, [](auto& e) { return e.value; }),
});
} else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::Sha256Compression>) {
af.sha256_compression.push_back(Sha256Compression{
.inputs = map(arg.inputs,
[](auto& e) {
return Sha256Input{
.witness = e.witness.value,
.num_bits = e.num_bits,
};
}),
.hash_values = map(arg.hash_values,
[](auto& e) {
return Sha256Input{
.witness = e.witness.value,
.num_bits = e.num_bits,
};
}),
.result = map(arg.outputs, [](auto& e) { return e.value; }),
});
} else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::Blake2s>) {
af.blake2s_constraints.push_back(Blake2sConstraint{
.inputs = map(arg.inputs,
Expand Down
4 changes: 4 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ TEST_F(BigIntTests, TestBigIntConstraintMultiple)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -238,6 +239,7 @@ TEST_F(BigIntTests, TestBigIntConstraintSimple)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -289,6 +291,7 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -344,6 +347,7 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse2)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down
1 change: 1 addition & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ TEST_F(UltraPlonkRAM, TestBlockConstraint)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down
1 change: 1 addition & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ TEST_F(EcOperations, TestECOperations)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down
3 changes: 3 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = { ecdsa_k1_constraint },
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -141,6 +142,7 @@ TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = { ecdsa_k1_constraint },
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -183,6 +185,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintFail)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = { ecdsa_k1_constraint },
.ecdsa_r1_constraints = {},
Expand Down
4 changes: 4 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ TEST(ECDSASecp256r1, test_hardcoded)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
Expand Down Expand Up @@ -177,6 +178,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintSucceed)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
Expand Down Expand Up @@ -223,6 +225,7 @@ TEST(ECDSASecp256r1, TestECDSACompilesForVerifier)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
Expand Down Expand Up @@ -264,6 +267,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintFail)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
Expand Down
2 changes: 2 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ Builder create_inner_circuit()
.logic_constraints = { logic_constraint },
.range_constraints = { range_a, range_b },
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down Expand Up @@ -242,6 +243,7 @@ Builder create_outer_circuit(std::vector<Builder>& inner_circuits)
.logic_constraints = {},
.range_constraints = {},
.sha256_constraints = {},
.sha256_compression = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
Expand Down
50 changes: 50 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#include "sha256_constraint.hpp"
#include "barretenberg/dsl/types.hpp"
#include "barretenberg/stdlib/hash/sha256/sha256.hpp"
#include "barretenberg/stdlib/hash/sha256/sha256_plookup.hpp"
#include "round.hpp"

namespace acir_format {
Expand Down Expand Up @@ -41,9 +42,58 @@ template <typename Builder> void create_sha256_constraints(Builder& builder, con
}
}

template <typename Builder>
void create_sha256_compression_constraints(Builder& builder, const Sha256Compression& constraint)
{
using field_ct = bb::stdlib::field_t<Builder>;

std::array<field_ct, 16> inputs;
std::array<field_ct, 8> hash_inputs;

// Get the witness assignment for each witness index
// Note that we do not range-check the inputs, which should be 32 bits,
// because of the lookup-tables.
size_t i = 0;
for (const auto& witness_index_num_bits : constraint.inputs) {
auto witness_index = witness_index_num_bits.witness;
field_ct element = field_ct::from_witness_index(&builder, witness_index);
inputs[i] = element;
++i;
}
i = 0;
for (const auto& witness_index_num_bits : constraint.hash_values) {
auto witness_index = witness_index_num_bits.witness;
field_ct element = field_ct::from_witness_index(&builder, witness_index);
hash_inputs[i] = element;
++i;
}

// Compute sha256 compression
auto output_bytes = bb::stdlib::sha256_plookup::sha256_block<Builder>(hash_inputs, inputs);

for (size_t i = 0; i < 8; ++i) {
poly_triple assert_equal{
.a = output_bytes[i].normalize().witness_index,
.b = constraint.result[i],
.c = 0,
.q_m = 0,
.q_l = 1,
.q_r = -1,
.q_o = 0,
.q_c = 0,
};
builder.create_poly_gate(assert_equal);
}
}

template void create_sha256_constraints<UltraCircuitBuilder>(UltraCircuitBuilder& builder,
const Sha256Constraint& constraint);
template void create_sha256_constraints<GoblinUltraCircuitBuilder>(GoblinUltraCircuitBuilder& builder,
const Sha256Constraint& constraint);

template void create_sha256_compression_constraints<UltraCircuitBuilder>(UltraCircuitBuilder& builder,
const Sha256Compression& constraint);
template void create_sha256_compression_constraints<GoblinUltraCircuitBuilder>(GoblinUltraCircuitBuilder& builder,
const Sha256Compression& constraint);

} // namespace acir_format
14 changes: 14 additions & 0 deletions barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,21 @@ struct Sha256Constraint {
MSGPACK_FIELDS(inputs, result);
};

struct Sha256Compression {
std::vector<Sha256Input> inputs;
std::vector<Sha256Input> hash_values;
std::vector<uint32_t> result;

friend bool operator==(Sha256Compression const& lhs, Sha256Compression const& rhs) = default;
// for serialization, update with any new fields
MSGPACK_FIELDS(inputs, hash_values, result);
};

// This function does not work (properly) because the stdlib:sha256 function is not working correctly for 512 bits
// pair<witness_index, bits>
template <typename Builder> void create_sha256_constraints(Builder& builder, const Sha256Constraint& constraint);

template <typename Builder>
void create_sha256_compression_constraints(Builder& builder, const Sha256Compression& constraint);

} // namespace acir_format
Loading

0 comments on commit 6cacf71

Please sign in to comment.