Skip to content

Commit

Permalink
feat: add additional error types to verifier contract and revert early (
Browse files Browse the repository at this point in the history 
#4464)
  • Loading branch information
@TomAFrench
TomAFrench authored Feb 6, 2024
1 parent 078bd17 commit 5e16063
Show file tree
Hide file tree
Showing 2 changed files with 86 additions and 110 deletions.
98 changes: 43 additions & 55 deletions barretenberg/cpp/src/barretenberg/dsl/acir_proofs/contract.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,58 +218,49 @@ abstract contract BaseUltraVerifier {
uint256 internal constant PAIRING_RHS_X_LOC = 0x3220;
uint256 internal constant PAIRING_RHS_Y_LOC = 0x3240;
// ### SUCCESS FLAG MEMORY LOCATIONS
uint256 internal constant GRAND_PRODUCT_SUCCESS_FLAG = 0x3300;
uint256 internal constant ARITHMETIC_TERM_SUCCESS_FLAG = 0x3020;
uint256 internal constant BATCH_OPENING_SUCCESS_FLAG = 0x3340;
uint256 internal constant OPENING_COMMITMENT_SUCCESS_FLAG = 0x3360;
uint256 internal constant PAIRING_PREAMBLE_SUCCESS_FLAG = 0x3380;
uint256 internal constant PAIRING_SUCCESS_FLAG = 0x33a0;
uint256 internal constant RESULT_FLAG = 0x33c0;
// misc stuff
uint256 internal constant OMEGA_INVERSE_LOC = 0x3400;
uint256 internal constant C_ALPHA_SQR_LOC = 0x3420;
uint256 internal constant C_ALPHA_CUBE_LOC = 0x3440;
uint256 internal constant C_ALPHA_QUAD_LOC = 0x3460;
uint256 internal constant C_ALPHA_BASE_LOC = 0x3480;
uint256 internal constant OMEGA_INVERSE_LOC = 0x3300;
uint256 internal constant C_ALPHA_SQR_LOC = 0x3320;
uint256 internal constant C_ALPHA_CUBE_LOC = 0x3340;
uint256 internal constant C_ALPHA_QUAD_LOC = 0x3360;
uint256 internal constant C_ALPHA_BASE_LOC = 0x3380;
// ### RECURSION VARIABLE MEMORY LOCATIONS
uint256 internal constant RECURSIVE_P1_X_LOC = 0x3500;
uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3520;
uint256 internal constant RECURSIVE_P2_X_LOC = 0x3540;
uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3560;
uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3580;
uint256 internal constant RECURSIVE_P1_X_LOC = 0x3400;
uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3420;
uint256 internal constant RECURSIVE_P2_X_LOC = 0x3440;
uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3460;
uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3480;
// sub-identity storage
uint256 internal constant PERMUTATION_IDENTITY = 0x3600;
uint256 internal constant PLOOKUP_IDENTITY = 0x3620;
uint256 internal constant ARITHMETIC_IDENTITY = 0x3640;
uint256 internal constant SORT_IDENTITY = 0x3660;
uint256 internal constant ELLIPTIC_IDENTITY = 0x3680;
uint256 internal constant AUX_IDENTITY = 0x36a0;
uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x36c0;
uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x36e0;
uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3700;
uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3720;
uint256 internal constant AUX_MEMORY_EVALUATION = 0x3740;
uint256 internal constant QUOTIENT_EVAL_LOC = 0x3760;
uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3780;
uint256 internal constant PERMUTATION_IDENTITY = 0x3500;
uint256 internal constant PLOOKUP_IDENTITY = 0x3520;
uint256 internal constant ARITHMETIC_IDENTITY = 0x3540;
uint256 internal constant SORT_IDENTITY = 0x3560;
uint256 internal constant ELLIPTIC_IDENTITY = 0x3580;
uint256 internal constant AUX_IDENTITY = 0x35a0;
uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x35c0;
uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x35e0;
uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3600;
uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3620;
uint256 internal constant AUX_MEMORY_EVALUATION = 0x3640;
uint256 internal constant QUOTIENT_EVAL_LOC = 0x3660;
uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3680;
// when hashing public inputs we use memory at NU_CHALLENGE_INPUT_LOC_A, as the hash input size is unknown at compile time
uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x37a0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x37c0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x37e0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x36a0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x36c0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x36e0;
bytes4 internal constant INVALID_VERIFICATION_KEY_SELECTOR = 0x7e5769bf;
bytes4 internal constant POINT_NOT_ON_CURVE_SELECTOR = 0xa3dad654;
bytes4 internal constant PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR = 0xeba9f4a6;
bytes4 internal constant PUBLIC_INPUT_GE_P_SELECTOR = 0x374a972f;
bytes4 internal constant MOD_EXP_FAILURE_SELECTOR = 0xf894a7bc;
bytes4 internal constant EC_SCALAR_MUL_FAILURE_SELECTOR = 0xf755f369;
bytes4 internal constant PROOF_FAILURE_SELECTOR = 0x0711fcec;
bytes4 internal constant PAIRING_PREAMBLE_FAILED_SELECTOR = 0x01882d81;
bytes4 internal constant OPENING_COMMITMENT_FAILED_SELECTOR = 0x4e719763;
bytes4 internal constant PAIRING_FAILED_SELECTOR = 0xd71fd263;
uint256 internal constant ETA_INPUT_LENGTH = 0xc0; // W1, W2, W3 = 6 * 0x20 bytes
Expand Down Expand Up @@ -300,8 +291,9 @@ abstract contract BaseUltraVerifier {
error PUBLIC_INPUT_INVALID_BN128_G1_POINT();
error PUBLIC_INPUT_GE_P();
error MOD_EXP_FAILURE();
error EC_SCALAR_MUL_FAILURE();
error PROOF_FAILURE();
error PAIRING_PREAMBLE_FAILED();
error OPENING_COMMITMENT_FAILED();
error PAIRING_FAILED();
function getVerificationKeyHash() public pure virtual returns (bytes32);
Expand Down Expand Up @@ -2651,7 +2643,10 @@ abstract contract BaseUltraVerifier {
// accumulator = accumulator + accumulator_2
success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40))
mstore(OPENING_COMMITMENT_SUCCESS_FLAG, success)
if iszero(success) {
mstore(0x0, OPENING_COMMITMENT_FAILED_SELECTOR)
revert(0x00, 0x04)
}
}
/**
Expand Down Expand Up @@ -2756,10 +2751,9 @@ abstract contract BaseUltraVerifier {
}
if iszero(success) {
mstore(0x0, EC_SCALAR_MUL_FAILURE_SELECTOR)
mstore(0x0, PAIRING_PREAMBLE_FAILED_SELECTOR)
revert(0x00, 0x04)
}
mstore(PAIRING_PREAMBLE_SUCCESS_FLAG, success)
}
/**
Expand All @@ -2784,18 +2778,12 @@ abstract contract BaseUltraVerifier {
mstore(0x160, mload(G2X_Y1_LOC))
success := staticcall(gas(), 8, 0x00, 0x180, 0x00, 0x20)
mstore(PAIRING_SUCCESS_FLAG, success)
mstore(RESULT_FLAG, mload(0x00))
}
if iszero(
and(
and(and(mload(PAIRING_SUCCESS_FLAG), mload(RESULT_FLAG)), mload(PAIRING_PREAMBLE_SUCCESS_FLAG)),
mload(OPENING_COMMITMENT_SUCCESS_FLAG)
)
) {
mstore(0x0, PROOF_FAILURE_SELECTOR)
revert(0x00, 0x04)
if iszero(and(success, mload(0x00))) {
mstore(0x0, PAIRING_FAILED_SELECTOR)
revert(0x00, 0x04)
}
}
{
mstore(0x00, 0x01)
return(0x00, 0x20) // Proof succeeded!
Expand Down
98 changes: 43 additions & 55 deletions barretenberg/sol/src/ultra/BaseUltraVerifier.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,58 +215,49 @@ abstract contract BaseUltraVerifier {
uint256 internal constant PAIRING_RHS_X_LOC = 0x3220;
uint256 internal constant PAIRING_RHS_Y_LOC = 0x3240;

// ### SUCCESS FLAG MEMORY LOCATIONS
uint256 internal constant GRAND_PRODUCT_SUCCESS_FLAG = 0x3300;
uint256 internal constant ARITHMETIC_TERM_SUCCESS_FLAG = 0x3020;
uint256 internal constant BATCH_OPENING_SUCCESS_FLAG = 0x3340;
uint256 internal constant OPENING_COMMITMENT_SUCCESS_FLAG = 0x3360;
uint256 internal constant PAIRING_PREAMBLE_SUCCESS_FLAG = 0x3380;
uint256 internal constant PAIRING_SUCCESS_FLAG = 0x33a0;
uint256 internal constant RESULT_FLAG = 0x33c0;

// misc stuff
uint256 internal constant OMEGA_INVERSE_LOC = 0x3400;
uint256 internal constant C_ALPHA_SQR_LOC = 0x3420;
uint256 internal constant C_ALPHA_CUBE_LOC = 0x3440;
uint256 internal constant C_ALPHA_QUAD_LOC = 0x3460;
uint256 internal constant C_ALPHA_BASE_LOC = 0x3480;
uint256 internal constant OMEGA_INVERSE_LOC = 0x3300;
uint256 internal constant C_ALPHA_SQR_LOC = 0x3320;
uint256 internal constant C_ALPHA_CUBE_LOC = 0x3340;
uint256 internal constant C_ALPHA_QUAD_LOC = 0x3360;
uint256 internal constant C_ALPHA_BASE_LOC = 0x3380;

// ### RECURSION VARIABLE MEMORY LOCATIONS
uint256 internal constant RECURSIVE_P1_X_LOC = 0x3500;
uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3520;
uint256 internal constant RECURSIVE_P2_X_LOC = 0x3540;
uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3560;

uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3580;
uint256 internal constant RECURSIVE_P1_X_LOC = 0x3400;
uint256 internal constant RECURSIVE_P1_Y_LOC = 0x3420;
uint256 internal constant RECURSIVE_P2_X_LOC = 0x3440;
uint256 internal constant RECURSIVE_P2_Y_LOC = 0x3460;
uint256 internal constant PUBLIC_INPUTS_HASH_LOCATION = 0x3480;

// sub-identity storage
uint256 internal constant PERMUTATION_IDENTITY = 0x3600;
uint256 internal constant PLOOKUP_IDENTITY = 0x3620;
uint256 internal constant ARITHMETIC_IDENTITY = 0x3640;
uint256 internal constant SORT_IDENTITY = 0x3660;
uint256 internal constant ELLIPTIC_IDENTITY = 0x3680;
uint256 internal constant AUX_IDENTITY = 0x36a0;
uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x36c0;
uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x36e0;
uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3700;
uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3720;
uint256 internal constant AUX_MEMORY_EVALUATION = 0x3740;

uint256 internal constant QUOTIENT_EVAL_LOC = 0x3760;
uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3780;
uint256 internal constant PERMUTATION_IDENTITY = 0x3500;
uint256 internal constant PLOOKUP_IDENTITY = 0x3520;
uint256 internal constant ARITHMETIC_IDENTITY = 0x3540;
uint256 internal constant SORT_IDENTITY = 0x3560;
uint256 internal constant ELLIPTIC_IDENTITY = 0x3580;
uint256 internal constant AUX_IDENTITY = 0x35a0;
uint256 internal constant AUX_NON_NATIVE_FIELD_EVALUATION = 0x35c0;
uint256 internal constant AUX_LIMB_ACCUMULATOR_EVALUATION = 0x35e0;
uint256 internal constant AUX_RAM_CONSISTENCY_EVALUATION = 0x3600;
uint256 internal constant AUX_ROM_CONSISTENCY_EVALUATION = 0x3620;
uint256 internal constant AUX_MEMORY_EVALUATION = 0x3640;

uint256 internal constant QUOTIENT_EVAL_LOC = 0x3660;
uint256 internal constant ZERO_POLY_INVERSE_LOC = 0x3680;

// when hashing public inputs we use memory at NU_CHALLENGE_INPUT_LOC_A, as the hash input size is unknown at compile time
uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x37a0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x37c0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x37e0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_A = 0x36a0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_B = 0x36c0;
uint256 internal constant NU_CHALLENGE_INPUT_LOC_C = 0x36e0;

bytes4 internal constant INVALID_VERIFICATION_KEY_SELECTOR = 0x7e5769bf;
bytes4 internal constant POINT_NOT_ON_CURVE_SELECTOR = 0xa3dad654;
bytes4 internal constant PUBLIC_INPUT_INVALID_BN128_G1_POINT_SELECTOR = 0xeba9f4a6;
bytes4 internal constant PUBLIC_INPUT_GE_P_SELECTOR = 0x374a972f;
bytes4 internal constant MOD_EXP_FAILURE_SELECTOR = 0xf894a7bc;
bytes4 internal constant EC_SCALAR_MUL_FAILURE_SELECTOR = 0xf755f369;
bytes4 internal constant PROOF_FAILURE_SELECTOR = 0x0711fcec;
bytes4 internal constant PAIRING_PREAMBLE_FAILED_SELECTOR = 0x01882d81;
bytes4 internal constant OPENING_COMMITMENT_FAILED_SELECTOR = 0x4e719763;
bytes4 internal constant PAIRING_FAILED_SELECTOR = 0xd71fd263;

uint256 internal constant ETA_INPUT_LENGTH = 0xc0; // W1, W2, W3 = 6 * 0x20 bytes

Expand Down Expand Up @@ -297,8 +288,9 @@ abstract contract BaseUltraVerifier {
error PUBLIC_INPUT_INVALID_BN128_G1_POINT();
error PUBLIC_INPUT_GE_P();
error MOD_EXP_FAILURE();
error EC_SCALAR_MUL_FAILURE();
error PROOF_FAILURE();
error PAIRING_PREAMBLE_FAILED();
error OPENING_COMMITMENT_FAILED();
error PAIRING_FAILED();

function getVerificationKeyHash() public pure virtual returns (bytes32);

Expand Down Expand Up @@ -2625,7 +2617,10 @@ abstract contract BaseUltraVerifier {
// accumulator = accumulator + accumulator_2
success := and(success, staticcall(gas(), 6, ACCUMULATOR_X_LOC, 0x80, ACCUMULATOR_X_LOC, 0x40))

mstore(OPENING_COMMITMENT_SUCCESS_FLAG, success)
if iszero(success) {
mstore(0x0, OPENING_COMMITMENT_FAILED_SELECTOR)
revert(0x00, 0x04)
}
}

/**
Expand Down Expand Up @@ -2730,10 +2725,9 @@ abstract contract BaseUltraVerifier {
}

if iszero(success) {
mstore(0x0, EC_SCALAR_MUL_FAILURE_SELECTOR)
mstore(0x0, PAIRING_PREAMBLE_FAILED_SELECTOR)
revert(0x00, 0x04)
}
mstore(PAIRING_PREAMBLE_SUCCESS_FLAG, success)
}

/**
Expand All @@ -2758,18 +2752,12 @@ abstract contract BaseUltraVerifier {
mstore(0x160, mload(G2X_Y1_LOC))

success := staticcall(gas(), 8, 0x00, 0x180, 0x00, 0x20)
mstore(PAIRING_SUCCESS_FLAG, success)
mstore(RESULT_FLAG, mload(0x00))
}
if iszero(
and(
and(and(mload(PAIRING_SUCCESS_FLAG), mload(RESULT_FLAG)), mload(PAIRING_PREAMBLE_SUCCESS_FLAG)),
mload(OPENING_COMMITMENT_SUCCESS_FLAG)
)
) {
mstore(0x0, PROOF_FAILURE_SELECTOR)
revert(0x00, 0x04)
if iszero(and(success, mload(0x00))) {
mstore(0x0, PAIRING_FAILED_SELECTOR)
revert(0x00, 0x04)
}
}

{
mstore(0x00, 0x01)
return(0x00, 0x20) // Proof succeeded!
Expand Down

0 comments on commit 5e16063

Please sign in to comment.