feat: Sync from aztec-packages (#6730)

Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com>
Co-authored-by: Tom French <tom@tomfren.ch>

Author: AztecBot

.aztec-sync-commit

@@ -1 +1 @@
-0577c1a70e9746bd06f07d2813af1be39e01ca02
+fca96007d6055dcf00b72a46630c680fcb6d190d

acvm-repo/acir/codegen/acir.cpp

@@ -318,18 +318,6 @@ namespace Program {
             static EcdsaSecp256r1 bincodeDeserialize(std::vector<uint8_t>);
         };
 
-        struct SchnorrVerify {
-            Program::MemoryAddress public_key_x;
-            Program::MemoryAddress public_key_y;
-            Program::HeapVector message;
-            Program::HeapVector signature;
-            Program::MemoryAddress result;
-
-            friend bool operator==(const SchnorrVerify&, const SchnorrVerify&);
-            std::vector<uint8_t> bincodeSerialize() const;
-            static SchnorrVerify bincodeDeserialize(std::vector<uint8_t>);
-        };
-
         struct MultiScalarMul {
             Program::HeapVector points;
             Program::HeapVector scalars;
@@ -444,7 +432,7 @@ namespace Program {
             static ToRadix bincodeDeserialize(std::vector<uint8_t>);
         };
 
-        std::variant<AES128Encrypt, Blake2s, Blake3, Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, SchnorrVerify, MultiScalarMul, EmbeddedCurveAdd, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression, ToRadix> value;
+        std::variant<AES128Encrypt, Blake2s, Blake3, Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression, ToRadix> value;
 
         friend bool operator==(const BlackBoxOp&, const BlackBoxOp&);
         std::vector<uint8_t> bincodeSerialize() const;
@@ -817,18 +805,6 @@ namespace Program {
             static Blake3 bincodeDeserialize(std::vector<uint8_t>);
         };
 
-        struct SchnorrVerify {
-            Program::FunctionInput public_key_x;
-            Program::FunctionInput public_key_y;
-            std::array<Program::FunctionInput, 64> signature;
-            std::vector<Program::FunctionInput> message;
-            Program::Witness output;
-
-            friend bool operator==(const SchnorrVerify&, const SchnorrVerify&);
-            std::vector<uint8_t> bincodeSerialize() const;
-            static SchnorrVerify bincodeDeserialize(std::vector<uint8_t>);
-        };
-
         struct EcdsaSecp256k1 {
             std::array<Program::FunctionInput, 32> public_key_x;
             std::array<Program::FunctionInput, 32> public_key_y;
@@ -973,7 +949,7 @@ namespace Program {
             static Sha256Compression bincodeDeserialize(std::vector<uint8_t>);
         };
 
-        std::variant<AES128Encrypt, AND, XOR, RANGE, Blake2s, Blake3, SchnorrVerify, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, Keccakf1600, RecursiveAggregation, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression> value;
+        std::variant<AES128Encrypt, AND, XOR, RANGE, Blake2s, Blake3, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, Keccakf1600, RecursiveAggregation, BigIntAdd, BigIntSub, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression> value;
 
         friend bool operator==(const BlackBoxFuncCall&, const BlackBoxFuncCall&);
         std::vector<uint8_t> bincodeSerialize() const;
@@ -2528,56 +2504,6 @@ Program::BlackBoxFuncCall::Blake3 serde::Deserializable<Program::BlackBoxFuncCal
     return obj;
 }
 
-namespace Program {
-
-    inline bool operator==(const BlackBoxFuncCall::SchnorrVerify &lhs, const BlackBoxFuncCall::SchnorrVerify &rhs) {
-        if (!(lhs.public_key_x == rhs.public_key_x)) { return false; }
-        if (!(lhs.public_key_y == rhs.public_key_y)) { return false; }
-        if (!(lhs.signature == rhs.signature)) { return false; }
-        if (!(lhs.message == rhs.message)) { return false; }
-        if (!(lhs.output == rhs.output)) { return false; }
-        return true;
-    }
-
-    inline std::vector<uint8_t> BlackBoxFuncCall::SchnorrVerify::bincodeSerialize() const {
-        auto serializer = serde::BincodeSerializer();
-        serde::Serializable<BlackBoxFuncCall::SchnorrVerify>::serialize(*this, serializer);
-        return std::move(serializer).bytes();
-    }
-
-    inline BlackBoxFuncCall::SchnorrVerify BlackBoxFuncCall::SchnorrVerify::bincodeDeserialize(std::vector<uint8_t> input) {
-        auto deserializer = serde::BincodeDeserializer(input);
-        auto value = serde::Deserializable<BlackBoxFuncCall::SchnorrVerify>::deserialize(deserializer);
-        if (deserializer.get_buffer_offset() < input.size()) {
-            throw serde::deserialization_error("Some input bytes were not read");
-        }
-        return value;
-    }
-
-} // end of namespace Program
-
-template <>
-template <typename Serializer>
-void serde::Serializable<Program::BlackBoxFuncCall::SchnorrVerify>::serialize(const Program::BlackBoxFuncCall::SchnorrVerify &obj, Serializer &serializer) {
-    serde::Serializable<decltype(obj.public_key_x)>::serialize(obj.public_key_x, serializer);
-    serde::Serializable<decltype(obj.public_key_y)>::serialize(obj.public_key_y, serializer);
-    serde::Serializable<decltype(obj.signature)>::serialize(obj.signature, serializer);
-    serde::Serializable<decltype(obj.message)>::serialize(obj.message, serializer);
-    serde::Serializable<decltype(obj.output)>::serialize(obj.output, serializer);
-}
-
-template <>
-template <typename Deserializer>
-Program::BlackBoxFuncCall::SchnorrVerify serde::Deserializable<Program::BlackBoxFuncCall::SchnorrVerify>::deserialize(Deserializer &deserializer) {
-    Program::BlackBoxFuncCall::SchnorrVerify obj;
-    obj.public_key_x = serde::Deserializable<decltype(obj.public_key_x)>::deserialize(deserializer);
-    obj.public_key_y = serde::Deserializable<decltype(obj.public_key_y)>::deserialize(deserializer);
-    obj.signature = serde::Deserializable<decltype(obj.signature)>::deserialize(deserializer);
-    obj.message = serde::Deserializable<decltype(obj.message)>::deserialize(deserializer);
-    obj.output = serde::Deserializable<decltype(obj.output)>::deserialize(deserializer);
-    return obj;
-}
-
 namespace Program {
 
     inline bool operator==(const BlackBoxFuncCall::EcdsaSecp256k1 &lhs, const BlackBoxFuncCall::EcdsaSecp256k1 &rhs) {
@@ -3518,56 +3444,6 @@ Program::BlackBoxOp::EcdsaSecp256r1 serde::Deserializable<Program::BlackBoxOp::E
     return obj;
 }
 
-namespace Program {
-
-    inline bool operator==(const BlackBoxOp::SchnorrVerify &lhs, const BlackBoxOp::SchnorrVerify &rhs) {
-        if (!(lhs.public_key_x == rhs.public_key_x)) { return false; }
-        if (!(lhs.public_key_y == rhs.public_key_y)) { return false; }
-        if (!(lhs.message == rhs.message)) { return false; }
-        if (!(lhs.signature == rhs.signature)) { return false; }
-        if (!(lhs.result == rhs.result)) { return false; }
-        return true;
-    }
-
-    inline std::vector<uint8_t> BlackBoxOp::SchnorrVerify::bincodeSerialize() const {
-        auto serializer = serde::BincodeSerializer();
-        serde::Serializable<BlackBoxOp::SchnorrVerify>::serialize(*this, serializer);
-        return std::move(serializer).bytes();
-    }
-
-    inline BlackBoxOp::SchnorrVerify BlackBoxOp::SchnorrVerify::bincodeDeserialize(std::vector<uint8_t> input) {
-        auto deserializer = serde::BincodeDeserializer(input);
-        auto value = serde::Deserializable<BlackBoxOp::SchnorrVerify>::deserialize(deserializer);
-        if (deserializer.get_buffer_offset() < input.size()) {
-            throw serde::deserialization_error("Some input bytes were not read");
-        }
-        return value;
-    }
-
-} // end of namespace Program
-
-template <>
-template <typename Serializer>
-void serde::Serializable<Program::BlackBoxOp::SchnorrVerify>::serialize(const Program::BlackBoxOp::SchnorrVerify &obj, Serializer &serializer) {
-    serde::Serializable<decltype(obj.public_key_x)>::serialize(obj.public_key_x, serializer);
-    serde::Serializable<decltype(obj.public_key_y)>::serialize(obj.public_key_y, serializer);
-    serde::Serializable<decltype(obj.message)>::serialize(obj.message, serializer);
-    serde::Serializable<decltype(obj.signature)>::serialize(obj.signature, serializer);
-    serde::Serializable<decltype(obj.result)>::serialize(obj.result, serializer);
-}
-
-template <>
-template <typename Deserializer>
-Program::BlackBoxOp::SchnorrVerify serde::Deserializable<Program::BlackBoxOp::SchnorrVerify>::deserialize(Deserializer &deserializer) {
-    Program::BlackBoxOp::SchnorrVerify obj;
-    obj.public_key_x = serde::Deserializable<decltype(obj.public_key_x)>::deserialize(deserializer);
-    obj.public_key_y = serde::Deserializable<decltype(obj.public_key_y)>::deserialize(deserializer);
-    obj.message = serde::Deserializable<decltype(obj.message)>::deserialize(deserializer);
-    obj.signature = serde::Deserializable<decltype(obj.signature)>::deserialize(deserializer);
-    obj.result = serde::Deserializable<decltype(obj.result)>::deserialize(deserializer);
-    return obj;
-}
-
 namespace Program {
 
     inline bool operator==(const BlackBoxOp::MultiScalarMul &lhs, const BlackBoxOp::MultiScalarMul &rhs) {

acvm-repo/acir/src/circuit/black_box_functions.rs

@@ -51,41 +51,13 @@ pub enum BlackBoxFunc {
     /// (witness, 8), constrained to be the blake3 of the inputs.
     Blake3,
 
-    /// Verify a Schnorr signature over the embedded curve
-    /// - inputs are:
-    ///     - Public key as 2 (witness, 254)
-    ///     - signature as a vector of 64 bytes (witness, 8)
-    ///     - message as a vector of (witness, 8)
-    /// - output: A witness representing the result of the signature
-    /// verification; 0 for failure and 1 for success.
-    ///
-    /// Since the scalar field of the embedded curve is NOT the ACIR field, the
-    /// `(r,s)` signature is represented as a 64 bytes array for the two field
-    /// elements. On the other hand, the public key coordinates are ACIR fields.
-    /// The proving system decides how the message is to be hashed. Barretenberg
-    /// uses Blake2s.
-    ///
-    /// Verifies a Schnorr signature over a curve which is "pairing friendly"
-    /// with the curve on which the ACIR circuit is defined.
-    ///
-    /// The exact curve which this signature uses will vary based on the curve
-    /// being used by ACIR. For example, the BN254 curve supports Schnorr
-    /// signatures over the [Grumpkin][grumpkin] curve.
-    ///
-    /// [grumpkin]: https://hackmd.io/@aztec-network/ByzgNxBfd#2-Grumpkin---A-curve-on-top-of-BN-254-for-SNARK-efficient-group-operations
-    SchnorrVerify,
     /// Verifies a ECDSA signature over the secp256k1 curve.
     /// - inputs:
     ///     - x coordinate of public key as 32 bytes
     ///     - y coordinate of public key as 32 bytes
     ///     - the signature, as a 64 bytes array
     ///     - the hash of the message, as a vector of bytes
     /// - output: 0 for failure and 1 for success
-    ///
-    /// Inputs and outputs are similar to SchnorrVerify, except that because we
-    /// use a different curve (secp256k1), the field elements involved in the
-    /// signature and the public key are defined as an array of 32 bytes.
-    /// Another difference is that we assume the message is already hashed.
     EcdsaSecp256k1,
 
     /// Verifies a ECDSA signature over the secp256r1 curve.
@@ -196,7 +168,6 @@ impl BlackBoxFunc {
     pub fn name(&self) -> &'static str {
         match self {
             BlackBoxFunc::AES128Encrypt => "aes128_encrypt",
-            BlackBoxFunc::SchnorrVerify => "schnorr_verify",
             BlackBoxFunc::Blake2s => "blake2s",
             BlackBoxFunc::Blake3 => "blake3",
             BlackBoxFunc::EcdsaSecp256k1 => "ecdsa_secp256k1",
@@ -222,7 +193,6 @@ impl BlackBoxFunc {
     pub fn lookup(op_name: &str) -> Option<BlackBoxFunc> {
         match op_name {
             "aes128_encrypt" => Some(BlackBoxFunc::AES128Encrypt),
-            "schnorr_verify" => Some(BlackBoxFunc::SchnorrVerify),
             "blake2s" => Some(BlackBoxFunc::Blake2s),
             "blake3" => Some(BlackBoxFunc::Blake3),
             "ecdsa_secp256k1" => Some(BlackBoxFunc::EcdsaSecp256k1),

acvm-repo/acir/src/circuit/mod.rs

@@ -406,29 +406,12 @@ mod tests {
         Opcode::BlackBoxFuncCall(BlackBoxFuncCall::Keccakf1600 { inputs, outputs })
     }
 
-    fn schnorr_verify_opcode<F: AcirField>() -> Opcode<F> {
-        let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits());
-        let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits());
-        let signature: Box<[FunctionInput<F>; 64]> =
-            Box::new(std::array::from_fn(|i| FunctionInput::witness(Witness(i as u32 + 3), 8)));
-        let message: Vec<FunctionInput<F>> = vec![FunctionInput::witness(Witness(67), 8)];
-        let output = Witness(68);
-
-        Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify {
-            public_key_x,
-            public_key_y,
-            signature,
-            message,
-            output,
-        })
-    }
-
     #[test]
     fn serialization_roundtrip() {
         let circuit = Circuit {
             current_witness_index: 5,
             expression_width: ExpressionWidth::Unbounded,
-            opcodes: vec![and_opcode::<FieldElement>(), range_opcode(), schnorr_verify_opcode()],
+            opcodes: vec![and_opcode::<FieldElement>(), range_opcode()],
             private_parameters: BTreeSet::new(),
             public_parameters: PublicInputs(BTreeSet::from_iter(vec![Witness(2), Witness(12)])),
             return_values: PublicInputs(BTreeSet::from_iter(vec![Witness(4), Witness(12)])),
@@ -462,7 +445,6 @@ mod tests {
                 range_opcode(),
                 and_opcode(),
                 keccakf1600_opcode(),
-                schnorr_verify_opcode(),
             ],
             private_parameters: BTreeSet::new(),
             public_parameters: PublicInputs(BTreeSet::from_iter(vec![Witness(2)])),

acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs

@@ -108,17 +108,6 @@ pub enum BlackBoxFuncCall<F> {
         inputs: Vec<FunctionInput<F>>,
         outputs: Box<[Witness; 32]>,
     },
-    SchnorrVerify {
-        public_key_x: FunctionInput<F>,
-        public_key_y: FunctionInput<F>,
-        #[serde(
-            serialize_with = "serialize_big_array",
-            deserialize_with = "deserialize_big_array_into_box"
-        )]
-        signature: Box<[FunctionInput<F>; 64]>,
-        message: Vec<FunctionInput<F>>,
-        output: Witness,
-    },
     EcdsaSecp256k1 {
         public_key_x: Box<[FunctionInput<F>; 32]>,
         public_key_y: Box<[FunctionInput<F>; 32]>,
@@ -234,7 +223,6 @@ impl<F: Copy> BlackBoxFuncCall<F> {
             BlackBoxFuncCall::RANGE { .. } => BlackBoxFunc::RANGE,
             BlackBoxFuncCall::Blake2s { .. } => BlackBoxFunc::Blake2s,
             BlackBoxFuncCall::Blake3 { .. } => BlackBoxFunc::Blake3,
-            BlackBoxFuncCall::SchnorrVerify { .. } => BlackBoxFunc::SchnorrVerify,
             BlackBoxFuncCall::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1,
             BlackBoxFuncCall::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1,
             BlackBoxFuncCall::MultiScalarMul { .. } => BlackBoxFunc::MultiScalarMul,
@@ -288,21 +276,6 @@ impl<F: Copy> BlackBoxFuncCall<F> {
                 vec![input1[0], input1[1], input2[0], input2[1]]
             }
             BlackBoxFuncCall::RANGE { input } => vec![*input],
-            BlackBoxFuncCall::SchnorrVerify {
-                public_key_x,
-                public_key_y,
-                signature,
-                message,
-                ..
-            } => {
-                let mut inputs: Vec<FunctionInput<F>> =
-                    Vec::with_capacity(2 + signature.len() + message.len());
-                inputs.push(*public_key_x);
-                inputs.push(*public_key_y);
-                inputs.extend(signature.iter().copied());
-                inputs.extend(message.iter().copied());
-                inputs
-            }
             BlackBoxFuncCall::EcdsaSecp256k1 {
                 public_key_x,
                 public_key_y,
@@ -372,7 +345,6 @@ impl<F: Copy> BlackBoxFuncCall<F> {
 
             BlackBoxFuncCall::AND { output, .. }
             | BlackBoxFuncCall::XOR { output, .. }
-            | BlackBoxFuncCall::SchnorrVerify { output, .. }
             | BlackBoxFuncCall::EcdsaSecp256k1 { output, .. }
             | BlackBoxFuncCall::EcdsaSecp256r1 { output, .. } => vec![*output],
             BlackBoxFuncCall::MultiScalarMul { outputs, .. }
@@ -525,22 +497,6 @@ mod tests {
 
         Opcode::BlackBoxFuncCall(BlackBoxFuncCall::Keccakf1600 { inputs, outputs })
     }
-    fn schnorr_verify_opcode<F: AcirField>() -> Opcode<F> {
-        let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits());
-        let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits());
-        let signature: Box<[FunctionInput<F>; 64]> =
-            Box::new(std::array::from_fn(|i| FunctionInput::witness(Witness(i as u32 + 3), 8)));
-        let message: Vec<FunctionInput<F>> = vec![FunctionInput::witness(Witness(67), 8)];
-        let output = Witness(68);
-
-        Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify {
-            public_key_x,
-            public_key_y,
-            signature,
-            message,
-            output,
-        })
-    }
 
     #[test]
     fn keccakf1600_serialization_roundtrip() {
@@ -549,12 +505,4 @@ mod tests {
         let recovered_opcode = bincode::deserialize(&buf).unwrap();
         assert_eq!(opcode, recovered_opcode);
     }
-
-    #[test]
-    fn schnorr_serialization_roundtrip() {
-        let opcode = schnorr_verify_opcode::<FieldElement>();
-        let buf = bincode::serialize(&opcode).unwrap();
-        let recovered_opcode = bincode::deserialize(&buf).unwrap();
-        assert_eq!(opcode, recovered_opcode);
-    }
 }