Skip to content

Commit

Permalink
Merge f602be6 into 6d0f86b
Browse files Browse the repository at this point in the history
  • Loading branch information
AztecBot authored Dec 9, 2024
2 parents 6d0f86b + f602be6 commit bfa2389
Show file tree
Hide file tree
Showing 40 changed files with 62 additions and 1,042 deletions.
2 changes: 1 addition & 1 deletion .aztec-sync-commit
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0577c1a70e9746bd06f07d2813af1be39e01ca02
fca96007d6055dcf00b72a46630c680fcb6d190d
128 changes: 2 additions & 126 deletions acvm-repo/acir/codegen/acir.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -318,18 +318,6 @@ namespace Program {
static EcdsaSecp256r1 bincodeDeserialize(std::vector<uint8_t>);
};

struct SchnorrVerify {
Program::MemoryAddress public_key_x;
Program::MemoryAddress public_key_y;
Program::HeapVector message;
Program::HeapVector signature;
Program::MemoryAddress result;

friend bool operator==(const SchnorrVerify&, const SchnorrVerify&);
std::vector<uint8_t> bincodeSerialize() const;
static SchnorrVerify bincodeDeserialize(std::vector<uint8_t>);
};

struct MultiScalarMul {
Program::HeapVector points;
Program::HeapVector scalars;
Expand Down Expand Up @@ -444,7 +432,7 @@ namespace Program {
static ToRadix bincodeDeserialize(std::vector<uint8_t>);
};

std::variant<AES128Encrypt, Blake2s, Blake3, Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, SchnorrVerify, MultiScalarMul, EmbeddedCurveAdd, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression, ToRadix> value;
std::variant<AES128Encrypt, Blake2s, Blake3, Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression, ToRadix> value;

friend bool operator==(const BlackBoxOp&, const BlackBoxOp&);
std::vector<uint8_t> bincodeSerialize() const;
Expand Down Expand Up @@ -817,18 +805,6 @@ namespace Program {
static Blake3 bincodeDeserialize(std::vector<uint8_t>);
};

struct SchnorrVerify {
Program::FunctionInput public_key_x;
Program::FunctionInput public_key_y;
std::array<Program::FunctionInput, 64> signature;
std::vector<Program::FunctionInput> message;
Program::Witness output;

friend bool operator==(const SchnorrVerify&, const SchnorrVerify&);
std::vector<uint8_t> bincodeSerialize() const;
static SchnorrVerify bincodeDeserialize(std::vector<uint8_t>);
};

struct EcdsaSecp256k1 {
std::array<Program::FunctionInput, 32> public_key_x;
std::array<Program::FunctionInput, 32> public_key_y;
Expand Down Expand Up @@ -973,7 +949,7 @@ namespace Program {
static Sha256Compression bincodeDeserialize(std::vector<uint8_t>);
};

std::variant<AES128Encrypt, AND, XOR, RANGE, Blake2s, Blake3, SchnorrVerify, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, Keccakf1600, RecursiveAggregation, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression> value;
std::variant<AES128Encrypt, AND, XOR, RANGE, Blake2s, Blake3, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, Keccakf1600, RecursiveAggregation, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression> value;

friend bool operator==(const BlackBoxFuncCall&, const BlackBoxFuncCall&);
std::vector<uint8_t> bincodeSerialize() const;
Expand Down Expand Up @@ -2528,56 +2504,6 @@ Program::BlackBoxFuncCall::Blake3 serde::Deserializable<Program::BlackBoxFuncCal
return obj;
}

namespace Program {

inline bool operator==(const BlackBoxFuncCall::SchnorrVerify &lhs, const BlackBoxFuncCall::SchnorrVerify &rhs) {
if (!(lhs.public_key_x == rhs.public_key_x)) { return false; }
if (!(lhs.public_key_y == rhs.public_key_y)) { return false; }
if (!(lhs.signature == rhs.signature)) { return false; }
if (!(lhs.message == rhs.message)) { return false; }
if (!(lhs.output == rhs.output)) { return false; }
return true;
}

inline std::vector<uint8_t> BlackBoxFuncCall::SchnorrVerify::bincodeSerialize() const {
auto serializer = serde::BincodeSerializer();
serde::Serializable<BlackBoxFuncCall::SchnorrVerify>::serialize(*this, serializer);
return std::move(serializer).bytes();
}

inline BlackBoxFuncCall::SchnorrVerify BlackBoxFuncCall::SchnorrVerify::bincodeDeserialize(std::vector<uint8_t> input) {
auto deserializer = serde::BincodeDeserializer(input);
auto value = serde::Deserializable<BlackBoxFuncCall::SchnorrVerify>::deserialize(deserializer);
if (deserializer.get_buffer_offset() < input.size()) {
throw serde::deserialization_error("Some input bytes were not read");
}
return value;
}

} // end of namespace Program

template <>
template <typename Serializer>
void serde::Serializable<Program::BlackBoxFuncCall::SchnorrVerify>::serialize(const Program::BlackBoxFuncCall::SchnorrVerify &obj, Serializer &serializer) {
serde::Serializable<decltype(obj.public_key_x)>::serialize(obj.public_key_x, serializer);
serde::Serializable<decltype(obj.public_key_y)>::serialize(obj.public_key_y, serializer);
serde::Serializable<decltype(obj.signature)>::serialize(obj.signature, serializer);
serde::Serializable<decltype(obj.message)>::serialize(obj.message, serializer);
serde::Serializable<decltype(obj.output)>::serialize(obj.output, serializer);
}

template <>
template <typename Deserializer>
Program::BlackBoxFuncCall::SchnorrVerify serde::Deserializable<Program::BlackBoxFuncCall::SchnorrVerify>::deserialize(Deserializer &deserializer) {
Program::BlackBoxFuncCall::SchnorrVerify obj;
obj.public_key_x = serde::Deserializable<decltype(obj.public_key_x)>::deserialize(deserializer);
obj.public_key_y = serde::Deserializable<decltype(obj.public_key_y)>::deserialize(deserializer);
obj.signature = serde::Deserializable<decltype(obj.signature)>::deserialize(deserializer);
obj.message = serde::Deserializable<decltype(obj.message)>::deserialize(deserializer);
obj.output = serde::Deserializable<decltype(obj.output)>::deserialize(deserializer);
return obj;
}

namespace Program {

inline bool operator==(const BlackBoxFuncCall::EcdsaSecp256k1 &lhs, const BlackBoxFuncCall::EcdsaSecp256k1 &rhs) {
Expand Down Expand Up @@ -3518,56 +3444,6 @@ Program::BlackBoxOp::EcdsaSecp256r1 serde::Deserializable<Program::BlackBoxOp::E
return obj;
}

namespace Program {

inline bool operator==(const BlackBoxOp::SchnorrVerify &lhs, const BlackBoxOp::SchnorrVerify &rhs) {
if (!(lhs.public_key_x == rhs.public_key_x)) { return false; }
if (!(lhs.public_key_y == rhs.public_key_y)) { return false; }
if (!(lhs.message == rhs.message)) { return false; }
if (!(lhs.signature == rhs.signature)) { return false; }
if (!(lhs.result == rhs.result)) { return false; }
return true;
}

inline std::vector<uint8_t> BlackBoxOp::SchnorrVerify::bincodeSerialize() const {
auto serializer = serde::BincodeSerializer();
serde::Serializable<BlackBoxOp::SchnorrVerify>::serialize(*this, serializer);
return std::move(serializer).bytes();
}

inline BlackBoxOp::SchnorrVerify BlackBoxOp::SchnorrVerify::bincodeDeserialize(std::vector<uint8_t> input) {
auto deserializer = serde::BincodeDeserializer(input);
auto value = serde::Deserializable<BlackBoxOp::SchnorrVerify>::deserialize(deserializer);
if (deserializer.get_buffer_offset() < input.size()) {
throw serde::deserialization_error("Some input bytes were not read");
}
return value;
}

} // end of namespace Program

template <>
template <typename Serializer>
void serde::Serializable<Program::BlackBoxOp::SchnorrVerify>::serialize(const Program::BlackBoxOp::SchnorrVerify &obj, Serializer &serializer) {
serde::Serializable<decltype(obj.public_key_x)>::serialize(obj.public_key_x, serializer);
serde::Serializable<decltype(obj.public_key_y)>::serialize(obj.public_key_y, serializer);
serde::Serializable<decltype(obj.message)>::serialize(obj.message, serializer);
serde::Serializable<decltype(obj.signature)>::serialize(obj.signature, serializer);
serde::Serializable<decltype(obj.result)>::serialize(obj.result, serializer);
}

template <>
template <typename Deserializer>
Program::BlackBoxOp::SchnorrVerify serde::Deserializable<Program::BlackBoxOp::SchnorrVerify>::deserialize(Deserializer &deserializer) {
Program::BlackBoxOp::SchnorrVerify obj;
obj.public_key_x = serde::Deserializable<decltype(obj.public_key_x)>::deserialize(deserializer);
obj.public_key_y = serde::Deserializable<decltype(obj.public_key_y)>::deserialize(deserializer);
obj.message = serde::Deserializable<decltype(obj.message)>::deserialize(deserializer);
obj.signature = serde::Deserializable<decltype(obj.signature)>::deserialize(deserializer);
obj.result = serde::Deserializable<decltype(obj.result)>::deserialize(deserializer);
return obj;
}

namespace Program {

inline bool operator==(const BlackBoxOp::MultiScalarMul &lhs, const BlackBoxOp::MultiScalarMul &rhs) {
Expand Down
30 changes: 0 additions & 30 deletions acvm-repo/acir/src/circuit/black_box_functions.rs
Original file line number Diff line number Diff line change
Expand Up @@ -51,41 +51,13 @@ pub enum BlackBoxFunc {
/// (witness, 8), constrained to be the blake3 of the inputs.
Blake3,

/// Verify a Schnorr signature over the embedded curve
/// - inputs are:
/// - Public key as 2 (witness, 254)
/// - signature as a vector of 64 bytes (witness, 8)
/// - message as a vector of (witness, 8)
/// - output: A witness representing the result of the signature
/// verification; 0 for failure and 1 for success.
///
/// Since the scalar field of the embedded curve is NOT the ACIR field, the
/// `(r,s)` signature is represented as a 64 bytes array for the two field
/// elements. On the other hand, the public key coordinates are ACIR fields.
/// The proving system decides how the message is to be hashed. Barretenberg
/// uses Blake2s.
///
/// Verifies a Schnorr signature over a curve which is "pairing friendly"
/// with the curve on which the ACIR circuit is defined.
///
/// The exact curve which this signature uses will vary based on the curve
/// being used by ACIR. For example, the BN254 curve supports Schnorr
/// signatures over the [Grumpkin][grumpkin] curve.
///
/// [grumpkin]: https://hackmd.io/@aztec-network/ByzgNxBfd#2-Grumpkin---A-curve-on-top-of-BN-254-for-SNARK-efficient-group-operations
SchnorrVerify,
/// Verifies a ECDSA signature over the secp256k1 curve.
/// - inputs:
/// - x coordinate of public key as 32 bytes
/// - y coordinate of public key as 32 bytes
/// - the signature, as a 64 bytes array
/// - the hash of the message, as a vector of bytes
/// - output: 0 for failure and 1 for success
///
/// Inputs and outputs are similar to SchnorrVerify, except that because we
/// use a different curve (secp256k1), the field elements involved in the
/// signature and the public key are defined as an array of 32 bytes.
/// Another difference is that we assume the message is already hashed.
EcdsaSecp256k1,

/// Verifies a ECDSA signature over the secp256r1 curve.
Expand Down Expand Up @@ -196,7 +168,6 @@ impl BlackBoxFunc {
pub fn name(&self) -> &'static str {
match self {
BlackBoxFunc::AES128Encrypt => "aes128_encrypt",
BlackBoxFunc::SchnorrVerify => "schnorr_verify",
BlackBoxFunc::Blake2s => "blake2s",
BlackBoxFunc::Blake3 => "blake3",
BlackBoxFunc::EcdsaSecp256k1 => "ecdsa_secp256k1",
Expand All @@ -222,7 +193,6 @@ impl BlackBoxFunc {
pub fn lookup(op_name: &str) -> Option<BlackBoxFunc> {
match op_name {
"aes128_encrypt" => Some(BlackBoxFunc::AES128Encrypt),
"schnorr_verify" => Some(BlackBoxFunc::SchnorrVerify),
"blake2s" => Some(BlackBoxFunc::Blake2s),
"blake3" => Some(BlackBoxFunc::Blake3),
"ecdsa_secp256k1" => Some(BlackBoxFunc::EcdsaSecp256k1),
Expand Down
20 changes: 1 addition & 19 deletions acvm-repo/acir/src/circuit/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -406,29 +406,12 @@ mod tests {
Opcode::BlackBoxFuncCall(BlackBoxFuncCall::Keccakf1600 { inputs, outputs })
}

fn schnorr_verify_opcode<F: AcirField>() -> Opcode<F> {
let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits());
let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits());
let signature: Box<[FunctionInput<F>; 64]> =
Box::new(std::array::from_fn(|i| FunctionInput::witness(Witness(i as u32 + 3), 8)));
let message: Vec<FunctionInput<F>> = vec![FunctionInput::witness(Witness(67), 8)];
let output = Witness(68);

Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify {
public_key_x,
public_key_y,
signature,
message,
output,
})
}

#[test]
fn serialization_roundtrip() {
let circuit = Circuit {
current_witness_index: 5,
expression_width: ExpressionWidth::Unbounded,
opcodes: vec![and_opcode::<FieldElement>(), range_opcode(), schnorr_verify_opcode()],
opcodes: vec![and_opcode::<FieldElement>(), range_opcode()],
private_parameters: BTreeSet::new(),
public_parameters: PublicInputs(BTreeSet::from_iter(vec![Witness(2), Witness(12)])),
return_values: PublicInputs(BTreeSet::from_iter(vec![Witness(4), Witness(12)])),
Expand Down Expand Up @@ -462,7 +445,6 @@ mod tests {
range_opcode(),
and_opcode(),
keccakf1600_opcode(),
schnorr_verify_opcode(),
],
private_parameters: BTreeSet::new(),
public_parameters: PublicInputs(BTreeSet::from_iter(vec![Witness(2)])),
Expand Down
52 changes: 0 additions & 52 deletions acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs
Original file line number Diff line number Diff line change
Expand Up @@ -108,17 +108,6 @@ pub enum BlackBoxFuncCall<F> {
inputs: Vec<FunctionInput<F>>,
outputs: Box<[Witness; 32]>,
},
SchnorrVerify {
public_key_x: FunctionInput<F>,
public_key_y: FunctionInput<F>,
#[serde(
serialize_with = "serialize_big_array",
deserialize_with = "deserialize_big_array_into_box"
)]
signature: Box<[FunctionInput<F>; 64]>,
message: Vec<FunctionInput<F>>,
output: Witness,
},
EcdsaSecp256k1 {
public_key_x: Box<[FunctionInput<F>; 32]>,
public_key_y: Box<[FunctionInput<F>; 32]>,
Expand Down Expand Up @@ -234,7 +223,6 @@ impl<F: Copy> BlackBoxFuncCall<F> {
BlackBoxFuncCall::RANGE { .. } => BlackBoxFunc::RANGE,
BlackBoxFuncCall::Blake2s { .. } => BlackBoxFunc::Blake2s,
BlackBoxFuncCall::Blake3 { .. } => BlackBoxFunc::Blake3,
BlackBoxFuncCall::SchnorrVerify { .. } => BlackBoxFunc::SchnorrVerify,
BlackBoxFuncCall::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1,
BlackBoxFuncCall::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1,
BlackBoxFuncCall::MultiScalarMul { .. } => BlackBoxFunc::MultiScalarMul,
Expand Down Expand Up @@ -288,21 +276,6 @@ impl<F: Copy> BlackBoxFuncCall<F> {
vec![input1[0], input1[1], input2[0], input2[1]]
}
BlackBoxFuncCall::RANGE { input } => vec![*input],
BlackBoxFuncCall::SchnorrVerify {
public_key_x,
public_key_y,
signature,
message,
..
} => {
let mut inputs: Vec<FunctionInput<F>> =
Vec::with_capacity(2 + signature.len() + message.len());
inputs.push(*public_key_x);
inputs.push(*public_key_y);
inputs.extend(signature.iter().copied());
inputs.extend(message.iter().copied());
inputs
}
BlackBoxFuncCall::EcdsaSecp256k1 {
public_key_x,
public_key_y,
Expand Down Expand Up @@ -372,7 +345,6 @@ impl<F: Copy> BlackBoxFuncCall<F> {

BlackBoxFuncCall::AND { output, .. }
| BlackBoxFuncCall::XOR { output, .. }
| BlackBoxFuncCall::SchnorrVerify { output, .. }
| BlackBoxFuncCall::EcdsaSecp256k1 { output, .. }
| BlackBoxFuncCall::EcdsaSecp256r1 { output, .. } => vec![*output],
BlackBoxFuncCall::MultiScalarMul { outputs, .. }
Expand Down Expand Up @@ -525,22 +497,6 @@ mod tests {

Opcode::BlackBoxFuncCall(BlackBoxFuncCall::Keccakf1600 { inputs, outputs })
}
fn schnorr_verify_opcode<F: AcirField>() -> Opcode<F> {
let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits());
let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits());
let signature: Box<[FunctionInput<F>; 64]> =
Box::new(std::array::from_fn(|i| FunctionInput::witness(Witness(i as u32 + 3), 8)));
let message: Vec<FunctionInput<F>> = vec![FunctionInput::witness(Witness(67), 8)];
let output = Witness(68);

Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify {
public_key_x,
public_key_y,
signature,
message,
output,
})
}

#[test]
fn keccakf1600_serialization_roundtrip() {
Expand All @@ -549,12 +505,4 @@ mod tests {
let recovered_opcode = bincode::deserialize(&buf).unwrap();
assert_eq!(opcode, recovered_opcode);
}

#[test]
fn schnorr_serialization_roundtrip() {
let opcode = schnorr_verify_opcode::<FieldElement>();
let buf = bincode::serialize(&opcode).unwrap();
let recovered_opcode = bincode::deserialize(&buf).unwrap();
assert_eq!(opcode, recovered_opcode);
}
}
Loading

0 comments on commit bfa2389

Please sign in to comment.