Skip to content

Commit d2ae2cd

Browse files
kevaundrayguipublicTomAFrench
authored
feat!: Noir development branch (serialization changes) (AztecProtocol#3858)
The report gates diff workflow relies on a compiled from source version of Noir which uses a released version of bb. If any changes are made to bb, it is not reflected in the compiled version of Noir. This can lead to failures if the serialization is changed for example. Since report-gates-diff is a github actions workflow, it doesn't have access the compiled bb binary in CCI. We don't want to recompile it on bb as that would take upwards of half an hour. So that we don't block Noir related PRs that have been reviewed, this branch will be used to merge in the breaking changes to serialization until the issue with reports gate diff has been fixed. # Checklist: Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge. - [ ] If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag. - [ ] I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code. - [ ] Every change is related to the PR description. - [ ] I have [linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) this pull request to relevant issues (if any exist). --------- Co-authored-by: guipublic <guipublic@gmail.com> Co-authored-by: guipublic <47281315+guipublic@users.noreply.github.com> Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com>
1 parent 8cda00d commit d2ae2cd

File tree

35 files changed

+913
-9
lines changed

35 files changed

+913
-9
lines changed

barretenberg/cpp/src/barretenberg/bb/main.cpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -397,7 +397,7 @@ void acvm_info(const std::string& output_path)
397397
"width" : 3
398398
},
399399
"opcodes_supported" : ["arithmetic", "directive", "brillig", "memory_init", "memory_op"],
400-
"black_box_functions_supported" : ["and", "xor", "range", "sha256", "blake2s", "keccak256", "schnorr_verify", "pedersen", "pedersen_hash", "ecdsa_secp256k1", "ecdsa_secp256r1", "fixed_base_scalar_mul", "recursive_aggregation"]
400+
"black_box_functions_supported" : ["and", "xor", "range", "sha256", "blake2s", "keccak256", "keccak_f1600", "schnorr_verify", "pedersen", "pedersen_hash", "ecdsa_secp256k1", "ecdsa_secp256r1", "fixed_base_scalar_mul", "recursive_aggregation"]
401401
})";
402402

403403
size_t length = strlen(jsonData);

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp

+8
Original file line numberDiff line numberDiff line change
@@ -119,13 +119,21 @@ void build_constraints(Builder& builder, acir_format const& constraint_system, b
119119
create_blake2s_constraints(builder, constraint);
120120
}
121121

122+
// Add blake3 constraints
123+
for (const auto& constraint : constraint_system.blake3_constraints) {
124+
create_blake3_constraints(builder, constraint);
125+
}
126+
122127
// Add keccak constraints
123128
for (const auto& constraint : constraint_system.keccak_constraints) {
124129
create_keccak_constraints(builder, constraint);
125130
}
126131
for (const auto& constraint : constraint_system.keccak_var_constraints) {
127132
create_keccak_var_constraints(builder, constraint);
128133
}
134+
for (const auto& constraint : constraint_system.keccak_permutations) {
135+
create_keccak_permutations(builder, constraint);
136+
}
129137

130138
// Add pedersen constraints
131139
for (const auto& constraint : constraint_system.pedersen_constraints) {

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp

+5
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
#include "barretenberg/dsl/types.hpp"
44
#include "barretenberg/serialize/msgpack.hpp"
55
#include "blake2s_constraint.hpp"
6+
#include "blake3_constraint.hpp"
67
#include "block_constraint.hpp"
78
#include "ecdsa_secp256k1.hpp"
89
#include "ecdsa_secp256r1.hpp"
@@ -30,8 +31,10 @@ struct acir_format {
3031
std::vector<EcdsaSecp256k1Constraint> ecdsa_k1_constraints;
3132
std::vector<EcdsaSecp256r1Constraint> ecdsa_r1_constraints;
3233
std::vector<Blake2sConstraint> blake2s_constraints;
34+
std::vector<Blake3Constraint> blake3_constraints;
3335
std::vector<KeccakConstraint> keccak_constraints;
3436
std::vector<KeccakVarConstraint> keccak_var_constraints;
37+
std::vector<Keccakf1600> keccak_permutations;
3538
std::vector<PedersenConstraint> pedersen_constraints;
3639
std::vector<PedersenHashConstraint> pedersen_hash_constraints;
3740
std::vector<FixedBaseScalarMul> fixed_base_scalar_mul_constraints;
@@ -55,8 +58,10 @@ struct acir_format {
5558
ecdsa_k1_constraints,
5659
ecdsa_r1_constraints,
5760
blake2s_constraints,
61+
blake3_constraints,
5862
keccak_constraints,
5963
keccak_var_constraints,
64+
keccak_permutations,
6065
pedersen_constraints,
6166
pedersen_hash_constraints,
6267
fixed_base_scalar_mul_constraints,

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp

+54
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,10 @@ TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs)
3737
.ecdsa_k1_constraints = {},
3838
.ecdsa_r1_constraints = {},
3939
.blake2s_constraints = {},
40+
.blake3_constraints = {},
4041
.keccak_constraints = {},
4142
.keccak_var_constraints = {},
43+
.keccak_permutations = {},
4244
.pedersen_constraints = {},
4345
.pedersen_hash_constraints = {},
4446
.fixed_base_scalar_mul_constraints = {},
@@ -143,8 +145,10 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit)
143145
.ecdsa_k1_constraints = {},
144146
.ecdsa_r1_constraints = {},
145147
.blake2s_constraints = {},
148+
.blake3_constraints = {},
146149
.keccak_constraints = {},
147150
.keccak_var_constraints = {},
151+
.keccak_permutations = {},
148152
.pedersen_constraints = {},
149153
.pedersen_hash_constraints = {},
150154
.fixed_base_scalar_mul_constraints = {},
@@ -207,8 +211,10 @@ TEST_F(AcirFormatTests, TestSchnorrVerifyPass)
207211
.ecdsa_k1_constraints = {},
208212
.ecdsa_r1_constraints = {},
209213
.blake2s_constraints = {},
214+
.blake3_constraints = {},
210215
.keccak_constraints = {},
211216
.keccak_var_constraints = {},
217+
.keccak_permutations = {},
212218
.pedersen_constraints = {},
213219
.pedersen_hash_constraints = {},
214220
.fixed_base_scalar_mul_constraints = {},
@@ -294,8 +300,10 @@ TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange)
294300
.ecdsa_k1_constraints = {},
295301
.ecdsa_r1_constraints = {},
296302
.blake2s_constraints = {},
303+
.blake3_constraints = {},
297304
.keccak_constraints = {},
298305
.keccak_var_constraints = {},
306+
.keccak_permutations = {},
299307
.pedersen_constraints = {},
300308
.pedersen_hash_constraints = {},
301309
.fixed_base_scalar_mul_constraints = {},
@@ -400,8 +408,10 @@ TEST_F(AcirFormatTests, TestVarKeccak)
400408
.ecdsa_k1_constraints = {},
401409
.ecdsa_r1_constraints = {},
402410
.blake2s_constraints = {},
411+
.blake3_constraints = {},
403412
.keccak_constraints = {},
404413
.keccak_var_constraints = { keccak },
414+
.keccak_permutations = {},
405415
.pedersen_constraints = {},
406416
.pedersen_hash_constraints = {},
407417
.fixed_base_scalar_mul_constraints = {},
@@ -419,4 +429,48 @@ TEST_F(AcirFormatTests, TestVarKeccak)
419429
EXPECT_EQ(verifier.verify_proof(proof), true);
420430
}
421431

432+
TEST_F(AcirFormatTests, TestKeccakPermutation)
433+
{
434+
Keccakf1600
435+
keccak_permutation{
436+
.state = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 },
437+
.result = { 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
438+
39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50 },
439+
};
440+
441+
acir_format constraint_system{ .varnum = 51,
442+
.public_inputs = {},
443+
.logic_constraints = {},
444+
.range_constraints = {},
445+
.sha256_constraints = {},
446+
.schnorr_constraints = {},
447+
.ecdsa_k1_constraints = {},
448+
.ecdsa_r1_constraints = {},
449+
.blake2s_constraints = {},
450+
.blake3_constraints = {},
451+
.keccak_constraints = {},
452+
.keccak_var_constraints = {},
453+
.keccak_permutations = { keccak_permutation },
454+
.pedersen_constraints = {},
455+
.pedersen_hash_constraints = {},
456+
.fixed_base_scalar_mul_constraints = {},
457+
.recursion_constraints = {},
458+
.constraints = {},
459+
.block_constraints = {} };
460+
461+
WitnessVector witness{ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
462+
18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
463+
35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50 };
464+
465+
auto builder = create_circuit_with_witness(constraint_system, witness);
466+
467+
auto composer = Composer();
468+
auto prover = composer.create_ultra_with_keccak_prover(builder);
469+
auto proof = prover.construct_proof();
470+
471+
auto verifier = composer.create_ultra_with_keccak_verifier(builder);
472+
473+
EXPECT_EQ(verifier.verify_proof(proof), true);
474+
}
475+
422476
} // namespace acir_format::tests

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp

+17
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
#include "barretenberg/common/container.hpp"
44
#include "barretenberg/common/throw_or_abort.hpp"
55
#include "barretenberg/dsl/acir_format/blake2s_constraint.hpp"
6+
#include "barretenberg/dsl/acir_format/blake3_constraint.hpp"
67
#include "barretenberg/dsl/acir_format/block_constraint.hpp"
78
#include "barretenberg/dsl/acir_format/ecdsa_secp256k1.hpp"
89
#include "barretenberg/dsl/acir_format/keccak_constraint.hpp"
@@ -113,6 +114,17 @@ void handle_blackbox_func_call(Circuit::Opcode::BlackBoxFuncCall const& arg, aci
113114
}),
114115
.result = map(arg.outputs, [](auto& e) { return e.value; }),
115116
});
117+
} else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::Blake3>) {
118+
af.blake3_constraints.push_back(Blake3Constraint{
119+
.inputs = map(arg.inputs,
120+
[](auto& e) {
121+
return Blake3Input{
122+
.witness = e.witness.value,
123+
.num_bits = e.num_bits,
124+
};
125+
}),
126+
.result = map(arg.outputs, [](auto& e) { return e.value; }),
127+
});
116128
} else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::SchnorrVerify>) {
117129
af.schnorr_constraints.push_back(SchnorrConstraint{
118130
.message = map(arg.message, [](auto& e) { return e.witness.value; }),
@@ -180,6 +192,11 @@ void handle_blackbox_func_call(Circuit::Opcode::BlackBoxFuncCall const& arg, aci
180192
.result = map(arg.outputs, [](auto& e) { return e.value; }),
181193
.var_message_size = arg.var_message_size.witness.value,
182194
});
195+
} else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::Keccakf1600>) {
196+
af.keccak_permutations.push_back(Keccakf1600{
197+
.state = map(arg.inputs, [](auto& e) { return e.witness.value; }),
198+
.result = map(arg.outputs, [](auto& e) { return e.value; }),
199+
});
183200
} else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::RecursiveAggregation>) {
184201
auto c = RecursionConstraint{
185202
.key = map(arg.verification_key, [](auto& e) { return e.witness.value; }),

barretenberg/cpp/src/barretenberg/dsl/acir_format/blake3_constraint.cpp

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
#include "blake3_constraint.hpp"
2+
#include "round.hpp"
3+
4+
namespace acir_format {
5+
6+
template <typename Builder> void create_blake3_constraints(Builder& builder, const Blake3Constraint& constraint)
7+
{
8+
using byte_array_ct = proof_system::plonk::stdlib::byte_array<Builder>;
9+
using field_ct = proof_system::plonk::stdlib::field_t<Builder>;
10+
11+
// Create byte array struct
12+
byte_array_ct arr(&builder);
13+
14+
// Get the witness assignment for each witness index
15+
// Write the witness assignment to the byte_array
16+
for (const auto& witness_index_num_bits : constraint.inputs) {
17+
auto witness_index = witness_index_num_bits.witness;
18+
auto num_bits = witness_index_num_bits.num_bits;
19+
20+
// XXX: The implementation requires us to truncate the element to the nearest byte and not bit
21+
auto num_bytes = round_to_nearest_byte(num_bits);
22+
23+
field_ct element = field_ct::from_witness_index(&builder, witness_index);
24+
byte_array_ct element_bytes(element, num_bytes);
25+
26+
arr.write(element_bytes);
27+
}
28+
29+
byte_array_ct output_bytes = proof_system::plonk::stdlib::blake3s<Builder>(arr);
30+
31+
// Convert byte array to vector of field_t
32+
auto bytes = output_bytes.bytes();
33+
34+
for (size_t i = 0; i < bytes.size(); ++i) {
35+
builder.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]);
36+
}
37+
}
38+
39+
template void create_blake3_constraints<UltraCircuitBuilder>(UltraCircuitBuilder& builder,
40+
const Blake3Constraint& constraint);
41+
template void create_blake3_constraints<GoblinUltraCircuitBuilder>(GoblinUltraCircuitBuilder& builder,
42+
const Blake3Constraint& constraint);
43+
44+
} // namespace acir_format

barretenberg/cpp/src/barretenberg/dsl/acir_format/blake3_constraint.hpp

+29
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
#pragma once
2+
#include "barretenberg/dsl/types.hpp"
3+
#include "barretenberg/serialize/msgpack.hpp"
4+
#include <cstdint>
5+
#include <vector>
6+
7+
namespace acir_format {
8+
9+
struct Blake3Input {
10+
uint32_t witness;
11+
uint32_t num_bits;
12+
13+
// For serialization, update with any new fields
14+
MSGPACK_FIELDS(witness, num_bits);
15+
friend bool operator==(Blake3Input const& lhs, Blake3Input const& rhs) = default;
16+
};
17+
18+
struct Blake3Constraint {
19+
std::vector<Blake3Input> inputs;
20+
std::vector<uint32_t> result;
21+
22+
// For serialization, update with any new fields
23+
MSGPACK_FIELDS(inputs, result);
24+
friend bool operator==(Blake3Constraint const& lhs, Blake3Constraint const& rhs) = default;
25+
};
26+
27+
template <typename Builder> void create_blake3_constraints(Builder& builder, const Blake3Constraint& constraint);
28+
29+
} // namespace acir_format

barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp

+2
Original file line numberDiff line numberDiff line change
@@ -118,8 +118,10 @@ TEST_F(UltraPlonkRAM, TestBlockConstraint)
118118
.ecdsa_k1_constraints = {},
119119
.ecdsa_r1_constraints = {},
120120
.blake2s_constraints = {},
121+
.blake3_constraints = {},
121122
.keccak_constraints = {},
122123
.keccak_var_constraints = {},
124+
.keccak_permutations = {},
123125
.pedersen_constraints = {},
124126
.pedersen_hash_constraints = {},
125127
.fixed_base_scalar_mul_constraints = {},

barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp

+6
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,10 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed)
9797
.ecdsa_k1_constraints = { ecdsa_k1_constraint },
9898
.ecdsa_r1_constraints = {},
9999
.blake2s_constraints = {},
100+
.blake3_constraints = {},
100101
.keccak_constraints = {},
101102
.keccak_var_constraints = {},
103+
.keccak_permutations = {},
102104
.pedersen_constraints = {},
103105
.pedersen_hash_constraints = {},
104106
.fixed_base_scalar_mul_constraints = {},
@@ -137,8 +139,10 @@ TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier)
137139
.ecdsa_k1_constraints = { ecdsa_k1_constraint },
138140
.ecdsa_r1_constraints = {},
139141
.blake2s_constraints = {},
142+
.blake3_constraints = {},
140143
.keccak_constraints = {},
141144
.keccak_var_constraints = {},
145+
.keccak_permutations = {},
142146
.pedersen_constraints = {},
143147
.pedersen_hash_constraints = {},
144148
.fixed_base_scalar_mul_constraints = {},
@@ -172,8 +176,10 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintFail)
172176
.ecdsa_k1_constraints = { ecdsa_k1_constraint },
173177
.ecdsa_r1_constraints = {},
174178
.blake2s_constraints = {},
179+
.blake3_constraints = {},
175180
.keccak_constraints = {},
176181
.keccak_var_constraints = {},
182+
.keccak_permutations = {},
177183
.pedersen_constraints = {},
178184
.pedersen_hash_constraints = {},
179185
.fixed_base_scalar_mul_constraints = {},

barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp

+8
Original file line numberDiff line numberDiff line change
@@ -131,8 +131,10 @@ TEST(ECDSASecp256r1, test_hardcoded)
131131
.ecdsa_k1_constraints = {},
132132
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
133133
.blake2s_constraints = {},
134+
.blake3_constraints = {},
134135
.keccak_constraints = {},
135136
.keccak_var_constraints = {},
137+
.keccak_permutations = {},
136138
.pedersen_constraints = {},
137139
.pedersen_hash_constraints = {},
138140
.fixed_base_scalar_mul_constraints = {},
@@ -172,8 +174,10 @@ TEST(ECDSASecp256r1, TestECDSAConstraintSucceed)
172174
.ecdsa_k1_constraints = {},
173175
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
174176
.blake2s_constraints = {},
177+
.blake3_constraints = {},
175178
.keccak_constraints = {},
176179
.keccak_var_constraints = {},
180+
.keccak_permutations = {},
177181
.pedersen_constraints = {},
178182
.pedersen_hash_constraints = {},
179183
.fixed_base_scalar_mul_constraints = {},
@@ -211,8 +215,10 @@ TEST(ECDSASecp256r1, TestECDSACompilesForVerifier)
211215
.ecdsa_k1_constraints = {},
212216
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
213217
.blake2s_constraints = {},
218+
.blake3_constraints = {},
214219
.keccak_constraints = {},
215220
.keccak_var_constraints = {},
221+
.keccak_permutations = {},
216222
.pedersen_constraints = {},
217223
.pedersen_hash_constraints = {},
218224
.fixed_base_scalar_mul_constraints = {},
@@ -245,8 +251,10 @@ TEST(ECDSASecp256r1, TestECDSAConstraintFail)
245251
.ecdsa_k1_constraints = {},
246252
.ecdsa_r1_constraints = { ecdsa_r1_constraint },
247253
.blake2s_constraints = {},
254+
.blake3_constraints = {},
248255
.keccak_constraints = {},
249256
.keccak_var_constraints = {},
257+
.keccak_permutations = {},
250258
.pedersen_constraints = {},
251259
.pedersen_hash_constraints = {},
252260
.fixed_base_scalar_mul_constraints = {},

0 commit comments

Comments
 (0)