DSL: Add KeccakVar opcode (AztecProtocol/barretenberg#476)

* add initial KeccakVar code * add result field * add keccak_var_constraints to fields
AztecProtocol · May 25, 2023 · 67cd71f · 67cd71f
1 parent e558287
commit 67cd71f
Show file tree

Hide file tree

Showing 7 changed files with 83 additions and 0 deletions.
diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp
@@ -73,6 +73,9 @@ void create_circuit(Composer& composer, const acir_format& constraint_system)
     for (const auto& constraint : constraint_system.keccak_constraints) {
         create_keccak_constraints(composer, constraint);
     }
+    for (const auto& constraint : constraint_system.keccak_var_constraints) {
+        create_keccak_var_constraints(composer, constraint);
+    }
 
     // Add pedersen constraints
     for (const auto& constraint : constraint_system.pedersen_constraints) {
@@ -161,6 +164,9 @@ Composer create_circuit(const acir_format& constraint_system,
     for (const auto& constraint : constraint_system.keccak_constraints) {
         create_keccak_constraints(composer, constraint);
     }
+    for (const auto& constraint : constraint_system.keccak_var_constraints) {
+        create_keccak_var_constraints(composer, constraint);
+    }
 
     // Add pedersen constraints
     for (const auto& constraint : constraint_system.pedersen_constraints) {
@@ -255,6 +261,9 @@ Composer create_circuit_with_witness(const acir_format& constraint_system,
     for (const auto& constraint : constraint_system.keccak_constraints) {
         create_keccak_constraints(composer, constraint);
     }
+    for (const auto& constraint : constraint_system.keccak_var_constraints) {
+        create_keccak_var_constraints(composer, constraint);
+    }
 
     // Add pedersen constraints
     for (const auto& constraint : constraint_system.pedersen_constraints) {
@@ -346,6 +355,9 @@ Composer create_circuit_with_witness(const acir_format& constraint_system, std::
     for (const auto& constraint : constraint_system.keccak_constraints) {
         create_keccak_constraints(composer, constraint);
     }
+    for (const auto& constraint : constraint_system.keccak_var_constraints) {
+        create_keccak_var_constraints(composer, constraint);
+    }
 
     // Add pedersen constraints
     for (const auto& constraint : constraint_system.pedersen_constraints) {
@@ -435,6 +447,9 @@ void create_circuit_with_witness(Composer& composer, const acir_format& constrai
     for (const auto& constraint : constraint_system.keccak_constraints) {
         create_keccak_constraints(composer, constraint);
     }
+    for (const auto& constraint : constraint_system.keccak_var_constraints) {
+        create_keccak_var_constraints(composer, constraint);
+    }
 
     // Add pedersen constraints
     for (const auto& constraint : constraint_system.pedersen_constraints) {

diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp
@@ -29,6 +29,7 @@ struct acir_format {
     std::vector<Sha256Constraint> sha256_constraints;
     std::vector<Blake2sConstraint> blake2s_constraints;
     std::vector<KeccakConstraint> keccak_constraints;
+    std::vector<KeccakVarConstraint> keccak_var_constraints;
     std::vector<HashToFieldConstraint> hash_to_field_constraints;
     std::vector<PedersenConstraint> pedersen_constraints;
     std::vector<ComputeMerkleRootConstraint> compute_merkle_root_constraints;
@@ -69,6 +70,7 @@ template <typename B> inline void read(B& buf, acir_format& data)
     read(buf, data.ecdsa_constraints);
     read(buf, data.blake2s_constraints);
     read(buf, data.keccak_constraints);
+    read(buf, data.keccak_var_constraints);
     read(buf, data.pedersen_constraints);
     read(buf, data.hash_to_field_constraints);
     read(buf, data.fixed_base_scalar_mul_constraints);
@@ -89,6 +91,7 @@ template <typename B> inline void write(B& buf, acir_format const& data)
     write(buf, data.ecdsa_constraints);
     write(buf, data.blake2s_constraints);
     write(buf, data.keccak_constraints);
+    write(buf, data.keccak_var_constraints);
     write(buf, data.pedersen_constraints);
     write(buf, data.hash_to_field_constraints);
     write(buf, data.fixed_base_scalar_mul_constraints);

diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp
@@ -93,6 +93,7 @@ TEST(acir_format, test_logic_gate_from_noir_circuit)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},
@@ -159,6 +160,7 @@ TEST(acir_format, test_schnorr_verify_pass)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},
@@ -230,6 +232,7 @@ TEST(acir_format, test_schnorr_verify_small_range)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},

diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp
@@ -113,6 +113,7 @@ TEST(up_ram, TestBlockConstraint)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},

diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp
@@ -94,6 +94,7 @@ TEST(ECDSASecp256k1, TestECDSAConstraintSucceed)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},
@@ -130,6 +131,7 @@ TEST(ECDSASecp256k1, TestECDSACompilesForVerifier)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},
@@ -163,6 +165,7 @@ TEST(ECDSASecp256k1, TestECDSAConstraintFail)
         .sha256_constraints = {},
         .blake2s_constraints = {},
         .keccak_constraints = {},
+        .keccak_var_constraints = {},
         .hash_to_field_constraints = {},
         .pedersen_constraints = {},
         .compute_merkle_root_constraints = {},

diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp
@@ -35,4 +35,37 @@ void create_keccak_constraints(Composer& composer, const KeccakConstraint& const
     }
 }
 
+void create_keccak_var_constraints(Composer& composer, const KeccakVarConstraint& constraint)
+{
+
+    // Create byte array struct
+    byte_array_ct arr(&composer);
+
+    // Get the witness assignment for each witness index
+    // Write the witness assignment to the byte_array
+    for (const auto& witness_index_num_bits : constraint.inputs) {
+        auto witness_index = witness_index_num_bits.witness;
+        auto num_bits = witness_index_num_bits.num_bits;
+
+        // XXX: The implementation requires us to truncate the element to the nearest byte and not bit
+        auto num_bytes = round_to_nearest_byte(num_bits);
+
+        field_ct element = field_ct::from_witness_index(&composer, witness_index);
+        byte_array_ct element_bytes(element, num_bytes);
+
+        arr.write(element_bytes);
+    }
+
+    uint32_ct length = field_ct::from_witness_index(&composer, constraint.var_message_size);
+
+    byte_array_ct output_bytes = proof_system::plonk::stdlib::keccak<Composer>::hash(arr, length);
+
+    // Convert byte array to vector of field_t
+    auto bytes = output_bytes.bytes();
+
+    for (size_t i = 0; i < bytes.size(); ++i) {
+        composer.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]);
+    }
+}
+
 } // namespace acir_format
diff --git a/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp b/circuits/cpp/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp
@@ -19,7 +19,16 @@ struct KeccakConstraint {
     friend bool operator==(KeccakConstraint const& lhs, KeccakConstraint const& rhs) = default;
 };
 
+struct KeccakVarConstraint {
+    std::vector<HashInput> inputs;
+    uint32_t var_message_size;
+    std::vector<uint32_t> result;
+
+    friend bool operator==(KeccakVarConstraint const& lhs, KeccakVarConstraint const& rhs) = default;
+};
+
 void create_keccak_constraints(Composer& composer, const KeccakConstraint& constraint);
+void create_keccak_var_constraints(Composer& composer, const KeccakVarConstraint& constraint);
 
 template <typename B> inline void read(B& buf, HashInput& constraint)
 {
@@ -49,4 +58,20 @@ template <typename B> inline void write(B& buf, KeccakConstraint const& constrai
     write(buf, constraint.result);
 }
 
+template <typename B> inline void read(B& buf, KeccakVarConstraint& constraint)
+{
+    using serialize::read;
+    read(buf, constraint.inputs);
+    read(buf, constraint.result);
+    read(buf, constraint.var_message_size);
+}
+
+template <typename B> inline void write(B& buf, KeccakVarConstraint const& constraint)
+{
+    using serialize::write;
+    write(buf, constraint.inputs);
+    write(buf, constraint.result);
+    write(buf, constraint.var_message_size);
+}
+
 } // namespace acir_format