From 87acf20d21fef97663115ccc89c844e56730db23 Mon Sep 17 00:00:00 2001 From: guipublic Date: Fri, 12 Jan 2024 12:17:36 +0000 Subject: [PATCH 1/8] Implement Embedded EC add and double opcodes --- .../dsl/acir_format/acir_format.cpp | 4 +- .../acir_format/acir_to_constraint_buf.hpp | 16 +++ .../dsl/acir_format/ec_operations.cpp | 86 ++++++++++-- .../dsl/acir_format/ec_operations.hpp | 6 +- .../dsl/acir_format/ec_operations.test.cpp | 127 ++++++++++++++++++ .../acir/src/circuit/black_box_functions.rs | 10 +- noir/acvm-repo/acvm/Cargo.toml | 3 + .../acvm/src/compiler/transformers/mod.rs | 3 +- .../src/pwg/blackbox/fixed_base_scalar_mul.rs | 40 +++++- noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs | 16 ++- noir/acvm-repo/brillig/src/black_box.rs | 8 +- .../brillig/brillig_gen/brillig_black_box.rs | 5 +- .../ssa/acir_gen/acir_ir/generated_acir.rs | 4 +- .../src/ssa/ir/instruction/call.rs | 2 +- noir/noir_stdlib/src/scalar_mul.nr | 7 + .../execution_success/scalar_mul/src/main.nr | 7 + 16 files changed, 309 insertions(+), 35 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 03a3c1713b3..0e66a0b4473 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -151,12 +151,12 @@ void build_constraints(Builder& builder, acir_format const& constraint_system, b // Add ec add constraints for (const auto& constraint : constraint_system.ec_add_constraints) { - create_ec_add_constraint(builder, constraint); + create_ec_add_constraint(builder, constraint, has_valid_witness_assignments); } // Add ec double for (const auto& constraint : constraint_system.ec_double_constraints) { - create_ec_double_constraint(builder, constraint); + create_ec_double_constraint(builder, constraint, has_valid_witness_assignments); } // Add block constraints diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp index db26416f744..9b7bfccb2d2 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp @@ -169,6 +169,22 @@ void handle_blackbox_func_call(Circuit::Opcode::BlackBoxFuncCall const& arg, aci .pub_key_x = arg.outputs[0].value, .pub_key_y = arg.outputs[1].value, }); + } else if constexpr (std::is_same_v) { + af.ec_add_constraints.push_back(EcAdd{ + .input1_x = arg.input1_x.witness.value, + .input1_y = arg.input1_y.witness.value, + .input2_x = arg.input2_x.witness.value, + .input2_y = arg.input2_y.witness.value, + .result_x = arg.outputs[0].value, + .result_y = arg.outputs[1].value, + }); + } else if constexpr (std::is_same_v) { + af.ec_double_constraints.push_back(EcDouble{ + .input_x = arg.input_x.witness.value, + .input_y = arg.input_y.witness.value, + .result_x = arg.outputs[0].value, + .result_y = arg.outputs[1].value, + }); } else if constexpr (std::is_same_v) { af.keccak_constraints.push_back(KeccakConstraint{ .inputs = map(arg.inputs, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp index fc657ccebb1..148b608f1e7 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp @@ -2,30 +2,92 @@ #include "barretenberg/dsl/types.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "barretenberg/ecc/groups/affine_element.hpp" #include "barretenberg/proof_system/arithmetization/gate_data.hpp" namespace acir_format { -template void create_ec_add_constraint(Builder& builder, const EcAdd& input) +template +void create_ec_add_constraint(Builder& builder, const EcAdd& input, bool has_valid_witness_assignments) { - // TODO - builder.assert_equal(input.input1_x, input.input1_x); - ASSERT(false); + // Input to cycle_group points + using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; + using field_ct = proof_system::plonk::stdlib::field_t; + auto x1 = field_ct::from_witness_index(&builder, input.input1_x); + auto y1 = field_ct::from_witness_index(&builder, input.input1_y); + auto x2 = field_ct::from_witness_index(&builder, input.input2_x); + auto y2 = field_ct::from_witness_index(&builder, input.input2_y); + if (!has_valid_witness_assignments) { + auto g1 = cycle_group_ct(grumpkin::g1::affine_one); + x1 = g1.x; + y1 = g1.y; + x2 = g1.x; + y2 = g1.y; + x1.convert_constant_to_fixed_witness(&builder); + y1.convert_constant_to_fixed_witness(&builder); + x2.convert_constant_to_fixed_witness(&builder); + y2.convert_constant_to_fixed_witness(&builder); + } + + cycle_group_ct input1_point(x1, y1, false); + // grumpkin::g1::affine_element input2_point_var(x2.get_value(), y2.get_value()); + cycle_group_ct input2_point(x2, y2, false); + + // Addition + cycle_group_ct result = input1_point + input2_point; + + if (has_valid_witness_assignments) { + builder.assert_equal(result.x.get_witness_index(), input.result_x); + builder.assert_equal(result.y.get_witness_index(), input.result_y); + } else { + builder.assert_equal(input.input1_x, input.result_x); + builder.assert_equal(input.input1_y, input.result_y); + } } -template void create_ec_add_constraint(UltraCircuitBuilder& builder, const EcAdd& input); +template void create_ec_add_constraint(UltraCircuitBuilder& builder, + const EcAdd& input, + bool has_valid_witness_assignments); template void create_ec_add_constraint(GoblinUltraCircuitBuilder& builder, - const EcAdd& input); + const EcAdd& input, + bool has_valid_witness_assignments); -template void create_ec_double_constraint(Builder& builder, const EcDouble& input) +template +void create_ec_double_constraint(Builder& builder, const EcDouble& input, bool has_valid_witness_assignments) { - // TODO - builder.assert_equal(input.input_x, input.input_x); - ASSERT(false); + using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; + using field_ct = proof_system::plonk::stdlib::field_t; + // Input to cycle_group point + + auto x = field_ct::from_witness_index(&builder, input.input_x); + auto y = field_ct::from_witness_index(&builder, input.input_y); + + if (!has_valid_witness_assignments) { + auto g1 = cycle_group_ct(grumpkin::g1::affine_one); + x = g1.x; + y = g1.y; + x.convert_constant_to_fixed_witness(&builder); + y.convert_constant_to_fixed_witness(&builder); + } + + cycle_group_ct input_point(x, y, false); + // Doubling + cycle_group_ct result = input_point.dbl(); + + if (has_valid_witness_assignments) { + builder.assert_equal(result.x.get_witness_index(), input.result_x); + builder.assert_equal(result.y.get_witness_index(), input.result_y); + } else { + builder.assert_equal(input.input_x, input.result_x); + builder.assert_equal(input.input_y, input.result_y); + } } -template void create_ec_double_constraint(UltraCircuitBuilder& builder, const EcDouble& input); +template void create_ec_double_constraint(UltraCircuitBuilder& builder, + const EcDouble& input, + bool has_valid_witness_assignments); template void create_ec_double_constraint(GoblinUltraCircuitBuilder& builder, - const EcDouble& input); + const EcDouble& input, + bool has_valid_witness_assignments); } // namespace acir_format diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp index f6d8e6168eb..be378192cb9 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp @@ -18,7 +18,8 @@ struct EcAdd { friend bool operator==(EcAdd const& lhs, EcAdd const& rhs) = default; }; -template void create_ec_add_constraint(Builder& builder, const EcAdd& input); +template +void create_ec_add_constraint(Builder& builder, const EcAdd& input, bool has_valid_witness_assignments); struct EcDouble { uint32_t input_x; @@ -31,5 +32,6 @@ struct EcDouble { friend bool operator==(EcDouble const& lhs, EcDouble const& rhs) = default; }; -template void create_ec_double_constraint(Builder& builder, const EcDouble& input); +template +void create_ec_double_constraint(Builder& builder, const EcDouble& input, bool has_valid_witness_assignments); } // namespace acir_format diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp new file mode 100644 index 00000000000..351894a06d7 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -0,0 +1,127 @@ +#include "ec_operations.hpp" +#include "acir_format.hpp" +// #include "barretenberg/crypto/ecdsa/ecdsa.hpp" +#include "barretenberg/plonk/proof_system/types/proof.hpp" +#include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" + +#include +#include + +namespace acir_format::tests { +using curve_ct = proof_system::plonk::stdlib::secp256k1; + +class EcOperations : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; + +size_t generate_ec_add_constraint(EcAdd& ec_add_constraint, WitnessVector& witness_values) +{ + using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; + auto g1 = grumpkin::g1::affine_one; + cycle_group_ct input_point(g1); + // Doubling + cycle_group_ct result = input_point.dbl(); + // add: x,y,x2,y2 + witness_values.push_back(0); + witness_values.push_back(g1.x); + witness_values.push_back(g1.y); + witness_values.push_back(g1.x); + witness_values.push_back(g1.y); + witness_values.push_back(result.x.get_value()); + witness_values.push_back(result.y.get_value()); + ec_add_constraint = EcAdd{ + .input1_x = 1, + .input1_y = 2, + .input2_x = 3, + .input2_y = 4, + .result_x = 5, + .result_y = 6, + }; + return witness_values.size(); +} + +size_t generate_ec_double_constraint(EcDouble& ec_double_constraint, WitnessVector& witness_values) +{ + + using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; + auto g1 = grumpkin::g1::affine_one; + cycle_group_ct input_point(g1); + // Doubling + cycle_group_ct result = input_point.dbl(); + witness_values.push_back(result.x.get_value()); + witness_values.push_back(result.y.get_value()); + ec_double_constraint = EcDouble{ + .input_x = 1, + .input_y = 2, + .result_x = 7, + .result_y = 8, + }; + return witness_values.size(); +} + +TEST_F(EcOperations, TestECOperations) +{ + EcAdd ec_add_constraint; + EcDouble ec_double_constraint; + + WitnessVector witness_values; + generate_ec_add_constraint(ec_add_constraint, witness_values); + size_t num_variables = generate_ec_double_constraint(ec_double_constraint, witness_values); + + poly_triple constrain_5_is_7{ + .a = 5, + .b = 7, + .c = 0, + .q_m = 0, + .q_l = 1, + .q_r = -1, + .q_o = 0, + .q_c = 0, + }; + poly_triple constrain_6_is_8{ + .a = 6, + .b = 8, + .c = 0, + .q_m = 0, + .q_l = 1, + .q_r = -1, + .q_o = 0, + .q_c = 0, + }; + + acir_format constraint_system{ + .varnum = static_cast(num_variables), + .public_inputs = {}, + .logic_constraints = {}, + .range_constraints = {}, + .sha256_constraints = {}, + .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, + .ecdsa_r1_constraints = {}, + .blake2s_constraints = {}, + .blake3_constraints = {}, + .keccak_constraints = {}, + .keccak_var_constraints = {}, + .keccak_permutations = {}, + .pedersen_constraints = {}, + .pedersen_hash_constraints = {}, + .fixed_base_scalar_mul_constraints = {}, + .ec_add_constraints = { ec_add_constraint }, + .ec_double_constraints = { ec_double_constraint }, + .recursion_constraints = {}, + .constraints = { constrain_5_is_7, constrain_6_is_8 }, + .block_constraints = {}, + }; + + auto builder = create_circuit_with_witness(constraint_system, witness_values); + + auto composer = Composer(); + auto prover = composer.create_prover(builder); + + auto proof = prover.construct_proof(); + auto verifier = composer.create_verifier(builder); + EXPECT_EQ(verifier.verify_proof(proof), true); +} + +} // namespace acir_format::tests diff --git a/noir/acvm-repo/acir/src/circuit/black_box_functions.rs b/noir/acvm-repo/acir/src/circuit/black_box_functions.rs index 0dcfb3bc9f1..e33e6304d0a 100644 --- a/noir/acvm-repo/acir/src/circuit/black_box_functions.rs +++ b/noir/acvm-repo/acir/src/circuit/black_box_functions.rs @@ -48,7 +48,7 @@ pub enum BlackBoxFunc { /// Addition over the embedded curve on which [`FieldElement`][acir_field::FieldElement] is defined. EmbeddedCurveAdd, /// Point doubling over the embedded curve on which [`FieldElement`][acir_field::FieldElement] is defined. - EmbeddedCurveDouble + EmbeddedCurveDouble, } impl std::fmt::Display for BlackBoxFunc { @@ -68,8 +68,8 @@ impl BlackBoxFunc { BlackBoxFunc::PedersenHash => "pedersen_hash", BlackBoxFunc::EcdsaSecp256k1 => "ecdsa_secp256k1", BlackBoxFunc::FixedBaseScalarMul => "fixed_base_scalar_mul", - BlackBoxFunc::EmbeddedCurveAdd => "ec_add", - BlackBoxFunc::EmbeddedCurveDouble => "ec_double", + BlackBoxFunc::EmbeddedCurveAdd => "embedded_curve_add", + BlackBoxFunc::EmbeddedCurveDouble => "embedded_curve_double", BlackBoxFunc::AND => "and", BlackBoxFunc::XOR => "xor", BlackBoxFunc::RANGE => "range", @@ -90,8 +90,8 @@ impl BlackBoxFunc { "ecdsa_secp256k1" => Some(BlackBoxFunc::EcdsaSecp256k1), "ecdsa_secp256r1" => Some(BlackBoxFunc::EcdsaSecp256r1), "fixed_base_scalar_mul" => Some(BlackBoxFunc::FixedBaseScalarMul), - "ec_add" => Some(BlackBoxFunc::EmbeddedCurveAdd), - "ec_double" => Some(BlackBoxFunc::EmbeddedCurveDouble), + "embedded_curve_add" => Some(BlackBoxFunc::EmbeddedCurveAdd), + "embedded_curve_double" => Some(BlackBoxFunc::EmbeddedCurveDouble), "and" => Some(BlackBoxFunc::AND), "xor" => Some(BlackBoxFunc::XOR), "range" => Some(BlackBoxFunc::RANGE), diff --git a/noir/acvm-repo/acvm/Cargo.toml b/noir/acvm-repo/acvm/Cargo.toml index f5819d6fa34..a98f384492c 100644 --- a/noir/acvm-repo/acvm/Cargo.toml +++ b/noir/acvm-repo/acvm/Cargo.toml @@ -24,6 +24,9 @@ acvm_blackbox_solver.workspace = true indexmap = "1.7.0" +grumpkin = { git = "https://github.com/noir-lang/grumpkin", rev = "56d99799381f79e42148aaef0de2b0cf9a4b9a5d", features = ["std"] } +ark-ec = { version = "^0.4.0", default-features = false } + [features] default = ["bn254"] bn254 = [ diff --git a/noir/acvm-repo/acvm/src/compiler/transformers/mod.rs b/noir/acvm-repo/acvm/src/compiler/transformers/mod.rs index 99f1ca23b5b..f8351364eb1 100644 --- a/noir/acvm-repo/acvm/src/compiler/transformers/mod.rs +++ b/noir/acvm-repo/acvm/src/compiler/transformers/mod.rs @@ -124,8 +124,7 @@ pub(super) fn transform_internal( .. } | acir::circuit::opcodes::BlackBoxFuncCall::EmbeddedCurveAdd { - outputs, - .. + outputs, .. } | acir::circuit::opcodes::BlackBoxFuncCall::EmbeddedCurveDouble { outputs, diff --git a/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs b/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs index 582ed56584b..59c922a46b3 100644 --- a/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs +++ b/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs @@ -1,10 +1,12 @@ use acir::{ circuit::opcodes::FunctionInput, native_types::{Witness, WitnessMap}, + FieldElement, }; use acvm_blackbox_solver::BlackBoxFunctionSolver; +use ark_ec::AffineRepr; -use crate::pwg::{insert_value, witness_to_value, OpcodeResolutionError}; +use crate::pwg::{insert_value, witness_to_value, ErrorLocation, OpcodeResolutionError}; pub(super) fn fixed_base_scalar_mul( backend: &impl BlackBoxFunctionSolver, @@ -23,3 +25,39 @@ pub(super) fn fixed_base_scalar_mul( Ok(()) } + +pub(super) fn embedded_curve_double( + initial_witness: &mut WitnessMap, + input_x: FunctionInput, + input_y: FunctionInput, + outputs: (Witness, Witness), +) -> Result<(), OpcodeResolutionError> { + embedded_curve_add(initial_witness, input_x, input_y, input_x, input_y, outputs) +} + +pub(super) fn embedded_curve_add( + initial_witness: &mut WitnessMap, + input1_x: FunctionInput, + input1_y: FunctionInput, + input2_x: FunctionInput, + input2_y: FunctionInput, + outputs: (Witness, Witness), +) -> Result<(), OpcodeResolutionError> { + let input1_x = witness_to_value(initial_witness, input1_x.witness)?; + let input1_y = witness_to_value(initial_witness, input1_y.witness)?; + let input2_x = witness_to_value(initial_witness, input2_x.witness)?; + let input2_y = witness_to_value(initial_witness, input2_y.witness)?; + let mut point1 = grumpkin::SWAffine::new(input1_x.into_repr(), input1_y.into_repr()); + let point2 = grumpkin::SWAffine::new(input2_x.into_repr(), input2_y.into_repr()); + let res = point1 + point2; + point1 = res.into(); + if let Some((res_x, res_y)) = point1.xy() { + insert_value(&outputs.0, FieldElement::from_repr(*res_x), initial_witness)?; + insert_value(&outputs.1, FieldElement::from_repr(*res_y), initial_witness)?; + Ok(()) + } else { + Err(OpcodeResolutionError::UnsatisfiedConstrain { + opcode_location: ErrorLocation::Unresolved, + }) + } +} diff --git a/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs b/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs index eb16c984b00..a6e688b5a15 100644 --- a/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs +++ b/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs @@ -18,6 +18,7 @@ mod range; mod signature; use fixed_base_scalar_mul::fixed_base_scalar_mul; +use fixed_base_scalar_mul::{embedded_curve_add, embedded_curve_double}; // Hash functions should eventually be exposed for external consumers. use hash::solve_generic_256_hash_opcode; use logic::{and, xor}; @@ -177,11 +178,18 @@ pub(crate) fn solve( BlackBoxFuncCall::FixedBaseScalarMul { low, high, outputs } => { fixed_base_scalar_mul(backend, initial_witness, *low, *high, *outputs) } - BlackBoxFuncCall::EmbeddedCurveAdd { .. } => { - todo!(); + BlackBoxFuncCall::EmbeddedCurveAdd { input1_x, input1_y, input2_x, input2_y, outputs } => { + embedded_curve_add( + initial_witness, + *input1_x, + *input1_y, + *input2_x, + *input2_y, + *outputs, + ) } - BlackBoxFuncCall::EmbeddedCurveDouble { .. } => { - todo!(); + BlackBoxFuncCall::EmbeddedCurveDouble { input_x, input_y, outputs } => { + embedded_curve_double(initial_witness, *input_x, *input_y, *outputs) } // Recursive aggregation will be entirely handled by the backend and is not solved by the ACVM BlackBoxFuncCall::RecursiveAggregation { .. } => Ok(()), diff --git a/noir/acvm-repo/brillig/src/black_box.rs b/noir/acvm-repo/brillig/src/black_box.rs index 4c755f8eae2..78220fea049 100644 --- a/noir/acvm-repo/brillig/src/black_box.rs +++ b/noir/acvm-repo/brillig/src/black_box.rs @@ -42,7 +42,13 @@ pub enum BlackBoxOp { /// Performs scalar multiplication over the embedded curve. FixedBaseScalarMul { low: RegisterIndex, high: RegisterIndex, result: HeapArray }, /// Performs addtion over the embedded curve. - EmbeddedCurveAdd { input1_x: RegisterIndex, input1_y: RegisterIndex, input2_x: RegisterIndex, input2_y: RegisterIndex, result: HeapArray }, + EmbeddedCurveAdd { + input1_x: RegisterIndex, + input1_y: RegisterIndex, + input2_x: RegisterIndex, + input2_y: RegisterIndex, + result: HeapArray, + }, /// Performs point doubling over the embedded curve. EmbeddedCurveDouble { input1_x: RegisterIndex, input1_y: RegisterIndex, result: HeapArray }, } diff --git a/noir/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs b/noir/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs index 8235cbf6340..743e71596c8 100644 --- a/noir/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs +++ b/noir/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs @@ -171,8 +171,7 @@ pub(crate) fn convert_black_box_call( } BlackBoxFunc::EmbeddedCurveAdd => { if let ( - [BrilligVariable::Simple(input1_x), BrilligVariable::Simple(input1_y), - BrilligVariable::Simple(input2_x), BrilligVariable::Simple(input2_y)], + [BrilligVariable::Simple(input1_x), BrilligVariable::Simple(input1_y), BrilligVariable::Simple(input2_x), BrilligVariable::Simple(input2_y)], [BrilligVariable::BrilligArray(result_array)], ) = (function_arguments, function_results) { @@ -188,7 +187,7 @@ pub(crate) fn convert_black_box_call( "ICE: EmbeddedCurveAdd expects four register arguments and one array result" ) } - } + } BlackBoxFunc::EmbeddedCurveDouble => { if let ( [BrilligVariable::Simple(input1_x), BrilligVariable::Simple(input1_y)], diff --git a/noir/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs b/noir/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs index 336e88da48a..623810d1bfe 100644 --- a/noir/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs +++ b/noir/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs @@ -591,7 +591,7 @@ fn black_box_func_expected_input_size(name: BlackBoxFunc) -> Option { BlackBoxFunc::FixedBaseScalarMul => Some(2), // Recursive aggregation has a variable number of inputs BlackBoxFunc::RecursiveAggregation => None, - // Addition over the embedded curve: input are coordinates (x1,y1) and (x2,y2) of the Grumpkin points + // Addition over the embedded curve: input are coordinates (x1,y1) and (x2,y2) of the Grumpkin points BlackBoxFunc::EmbeddedCurveAdd => Some(4), // Doubling over the embedded curve: input is (x,y) coordinate of the point. BlackBoxFunc::EmbeddedCurveDouble => Some(2), @@ -624,7 +624,7 @@ fn black_box_expected_output_size(name: BlackBoxFunc) -> Option { | BlackBoxFunc::EcdsaSecp256r1 => Some(1), // Output of operations over the embedded curve // will be 2 field elements representing the point. - BlackBoxFunc::FixedBaseScalarMul + BlackBoxFunc::FixedBaseScalarMul | BlackBoxFunc::EmbeddedCurveAdd | BlackBoxFunc::EmbeddedCurveDouble => Some(2), // Recursive aggregation has a variable number of outputs diff --git a/noir/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs b/noir/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs index 86e855b2cc0..ac8239f97ac 100644 --- a/noir/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs +++ b/noir/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs @@ -424,7 +424,7 @@ fn simplify_black_box_func( BlackBoxFunc::FixedBaseScalarMul | BlackBoxFunc::SchnorrVerify | BlackBoxFunc::PedersenCommitment - | BlackBoxFunc::PedersenHash + | BlackBoxFunc::PedersenHash | BlackBoxFunc::EmbeddedCurveAdd | BlackBoxFunc::EmbeddedCurveDouble => { // Currently unsolvable here as we rely on an implementation in the backend. diff --git a/noir/noir_stdlib/src/scalar_mul.nr b/noir/noir_stdlib/src/scalar_mul.nr index 37cd935cdb9..a09e4db38f3 100644 --- a/noir/noir_stdlib/src/scalar_mul.nr +++ b/noir/noir_stdlib/src/scalar_mul.nr @@ -6,3 +6,10 @@ // underlying proof system. #[foreign(fixed_base_scalar_mul)] pub fn fixed_base_embedded_curve(_low: Field, _high: Field) -> [Field; 2] {} + + +#[foreign(embedded_curve_add)] +pub fn embedded_curve_add(_x1: Field, _x2: Field, _y1: Field, _y2: Field) -> [Field; 2] {} + +#[foreign(embedded_curve_double)] +pub fn embedded_curve_double(_x1: Field, _x2: Field) -> [Field; 2] {} diff --git a/noir/test_programs/execution_success/scalar_mul/src/main.nr b/noir/test_programs/execution_success/scalar_mul/src/main.nr index 2ddf22cf71e..1972b982403 100644 --- a/noir/test_programs/execution_success/scalar_mul/src/main.nr +++ b/noir/test_programs/execution_success/scalar_mul/src/main.nr @@ -20,4 +20,11 @@ fn main( let res = std::scalar_mul::fixed_base_embedded_curve(priv_key, 0); assert(res[0] == pub_x); assert(res[1] == pub_y); + + let g1_y = 17631683881184975370165255887551781615748388533673675138860; + let res = std::scalar_mul::embedded_curve_double(pub_x, pub_y); + let double = std::scalar_mul::embedded_curve_add(1, g1_y,1, g1_y ); + + assert(double[0] == res[0]); + } From 50db51f7db4ee2982dc0ce745f9b30909feadd11 Mon Sep 17 00:00:00 2001 From: guipublic Date: Fri, 12 Jan 2024 17:39:21 +0000 Subject: [PATCH 2/8] assign dummy witness values properly for verification --- .../dsl/acir_format/ec_operations.cpp | 50 +++++++------------ .../dsl/acir_format/ec_operations.test.cpp | 20 +++++--- .../bn254_blackbox_solver/src/lib.rs | 12 ++--- 3 files changed, 38 insertions(+), 44 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp index 148b608f1e7..5105a010b9b 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp @@ -18,31 +18,24 @@ void create_ec_add_constraint(Builder& builder, const EcAdd& input, bool has_val auto x2 = field_ct::from_witness_index(&builder, input.input2_x); auto y2 = field_ct::from_witness_index(&builder, input.input2_y); if (!has_valid_witness_assignments) { - auto g1 = cycle_group_ct(grumpkin::g1::affine_one); - x1 = g1.x; - y1 = g1.y; - x2 = g1.x; - y2 = g1.y; - x1.convert_constant_to_fixed_witness(&builder); - y1.convert_constant_to_fixed_witness(&builder); - x2.convert_constant_to_fixed_witness(&builder); - y2.convert_constant_to_fixed_witness(&builder); + auto g1 = grumpkin::g1::affine_one; + // We need to have correct values representing points on the curve + builder.variables[input.input1_x] = g1.x; + builder.variables[input.input1_y] = g1.y; + builder.variables[input.input2_x] = g1.x; + builder.variables[input.input2_y] = g1.y; } cycle_group_ct input1_point(x1, y1, false); - // grumpkin::g1::affine_element input2_point_var(x2.get_value(), y2.get_value()); cycle_group_ct input2_point(x2, y2, false); // Addition cycle_group_ct result = input1_point + input2_point; - if (has_valid_witness_assignments) { - builder.assert_equal(result.x.get_witness_index(), input.result_x); - builder.assert_equal(result.y.get_witness_index(), input.result_y); - } else { - builder.assert_equal(input.input1_x, input.result_x); - builder.assert_equal(input.input1_y, input.result_y); - } + auto x_normalized = result.x.normalize(); + auto y_normalized = result.y.normalize(); + builder.assert_equal(x_normalized.witness_index, input.result_x); + builder.assert_equal(y_normalized.witness_index, input.result_y); } template void create_ec_add_constraint(UltraCircuitBuilder& builder, @@ -58,29 +51,24 @@ void create_ec_double_constraint(Builder& builder, const EcDouble& input, bool h using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; using field_ct = proof_system::plonk::stdlib::field_t; // Input to cycle_group point - auto x = field_ct::from_witness_index(&builder, input.input_x); auto y = field_ct::from_witness_index(&builder, input.input_y); if (!has_valid_witness_assignments) { - auto g1 = cycle_group_ct(grumpkin::g1::affine_one); - x = g1.x; - y = g1.y; - x.convert_constant_to_fixed_witness(&builder); - y.convert_constant_to_fixed_witness(&builder); + auto g1 = grumpkin::g1::affine_one; + // We need to have correct values representing point on the curve + builder.variables[input.input_x] = g1.x; + builder.variables[input.input_y] = g1.y; } - cycle_group_ct input_point(x, y, false); + // Doubling cycle_group_ct result = input_point.dbl(); - if (has_valid_witness_assignments) { - builder.assert_equal(result.x.get_witness_index(), input.result_x); - builder.assert_equal(result.y.get_witness_index(), input.result_y); - } else { - builder.assert_equal(input.input_x, input.result_x); - builder.assert_equal(input.input_y, input.result_y); - } + auto x_normalized = result.x.normalize(); + auto y_normalized = result.y.normalize(); + builder.assert_equal(x_normalized.witness_index, input.result_x); + builder.assert_equal(y_normalized.witness_index, input.result_y); } template void create_ec_double_constraint(UltraCircuitBuilder& builder, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp index 351894a06d7..5b4af24335b 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -1,6 +1,5 @@ #include "ec_operations.hpp" #include "acir_format.hpp" -// #include "barretenberg/crypto/ecdsa/ecdsa.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" @@ -23,7 +22,6 @@ size_t generate_ec_add_constraint(EcAdd& ec_add_constraint, WitnessVector& witne // Doubling cycle_group_ct result = input_point.dbl(); // add: x,y,x2,y2 - witness_values.push_back(0); witness_values.push_back(g1.x); witness_values.push_back(g1.y); witness_values.push_back(g1.x); @@ -49,13 +47,18 @@ size_t generate_ec_double_constraint(EcDouble& ec_double_constraint, WitnessVect cycle_group_ct input_point(g1); // Doubling cycle_group_ct result = input_point.dbl(); + // add: x,y,x2,y2 + uint32_t result_x_witness_index = (uint32_t)witness_values.size() + 1; witness_values.push_back(result.x.get_value()); + uint32_t result_y_witness_index = (uint32_t)witness_values.size() + 1; witness_values.push_back(result.y.get_value()); + info("DOUBLE"); + info(result.x.get_value()); ec_double_constraint = EcDouble{ .input_x = 1, .input_y = 2, - .result_x = 7, - .result_y = 8, + .result_x = result_x_witness_index, + .result_y = result_y_witness_index, }; return witness_values.size(); } @@ -91,7 +94,7 @@ TEST_F(EcOperations, TestECOperations) }; acir_format constraint_system{ - .varnum = static_cast(num_variables), + .varnum = static_cast(num_variables + 1), .public_inputs = {}, .logic_constraints = {}, .range_constraints = {}, @@ -115,12 +118,15 @@ TEST_F(EcOperations, TestECOperations) }; auto builder = create_circuit_with_witness(constraint_system, witness_values); - auto composer = Composer(); auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(builder); + EXPECT_TRUE(builder.check_circuit()); + // We create another builder + auto builder2 = create_circuit(constraint_system); + auto composer2 = Composer(); + auto verifier = composer2.create_verifier(builder2); EXPECT_EQ(verifier.verify_proof(proof), true); } diff --git a/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs b/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs index 80de89490dd..92c45e93dea 100644 --- a/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs +++ b/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs @@ -90,18 +90,18 @@ impl BlackBoxFunctionSolver for Bn254BlackBoxSolver { fn ec_add( &self, - input1_x: &FieldElement, - input1_y: &FieldElement, - input2_x: &FieldElement, - input2_y: &FieldElement, + _input1_x: &FieldElement, + _input1_y: &FieldElement, + _input2_x: &FieldElement, + _input2_y: &FieldElement, ) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> { todo!(); } fn ec_double( &self, - input_x: &FieldElement, - input_y: &FieldElement, + _input_x: &FieldElement, + _input_y: &FieldElement, ) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> { todo!(); } From 19f8119a740584572ee8cc78298bff5af407f55c Mon Sep 17 00:00:00 2001 From: guipublic Date: Mon, 15 Jan 2024 14:31:51 +0000 Subject: [PATCH 3/8] code review --- .../src/pwg/blackbox/fixed_base_scalar_mul.rs | 23 ++++++++----------- noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs | 3 ++- .../src/fixed_base_scalar_mul.rs | 20 ++++++++++++++++ .../bn254_blackbox_solver/src/lib.rs | 18 +++++++-------- 4 files changed, 40 insertions(+), 24 deletions(-) diff --git a/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs b/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs index 59c922a46b3..613795a2636 100644 --- a/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs +++ b/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs @@ -27,15 +27,17 @@ pub(super) fn fixed_base_scalar_mul( } pub(super) fn embedded_curve_double( + backend: &impl BlackBoxFunctionSolver, initial_witness: &mut WitnessMap, input_x: FunctionInput, input_y: FunctionInput, outputs: (Witness, Witness), ) -> Result<(), OpcodeResolutionError> { - embedded_curve_add(initial_witness, input_x, input_y, input_x, input_y, outputs) + embedded_curve_add(backend, initial_witness, input_x, input_y, input_x, input_y, outputs) } pub(super) fn embedded_curve_add( + backend: &impl BlackBoxFunctionSolver, initial_witness: &mut WitnessMap, input1_x: FunctionInput, input1_y: FunctionInput, @@ -47,17 +49,10 @@ pub(super) fn embedded_curve_add( let input1_y = witness_to_value(initial_witness, input1_y.witness)?; let input2_x = witness_to_value(initial_witness, input2_x.witness)?; let input2_y = witness_to_value(initial_witness, input2_y.witness)?; - let mut point1 = grumpkin::SWAffine::new(input1_x.into_repr(), input1_y.into_repr()); - let point2 = grumpkin::SWAffine::new(input2_x.into_repr(), input2_y.into_repr()); - let res = point1 + point2; - point1 = res.into(); - if let Some((res_x, res_y)) = point1.xy() { - insert_value(&outputs.0, FieldElement::from_repr(*res_x), initial_witness)?; - insert_value(&outputs.1, FieldElement::from_repr(*res_y), initial_witness)?; - Ok(()) - } else { - Err(OpcodeResolutionError::UnsatisfiedConstrain { - opcode_location: ErrorLocation::Unresolved, - }) - } + let (res_x, res_y) = backend.ec_add(input1_x, input1_y, input2_x, input2_y)?; + + insert_value(&outputs.0, res_x, initial_witness)?; + insert_value(&outputs.1, res_y, initial_witness)?; + + Ok(()) } diff --git a/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs b/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs index 2b5bd0cdfe4..29dd82a6bed 100644 --- a/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs +++ b/noir/acvm-repo/acvm/src/pwg/blackbox/mod.rs @@ -180,6 +180,7 @@ pub(crate) fn solve( } BlackBoxFuncCall::EmbeddedCurveAdd { input1_x, input1_y, input2_x, input2_y, outputs } => { embedded_curve_add( + backend, initial_witness, *input1_x, *input1_y, @@ -189,7 +190,7 @@ pub(crate) fn solve( ) } BlackBoxFuncCall::EmbeddedCurveDouble { input_x, input_y, outputs } => { - embedded_curve_double(initial_witness, *input_x, *input_y, *outputs) + embedded_curve_double(backend, initial_witness, *input_x, *input_y, *outputs) } // Recursive aggregation will be entirely handled by the backend and is not solved by the ACVM BlackBoxFuncCall::RecursiveAggregation { .. } => Ok(()), diff --git a/noir/acvm-repo/bn254_blackbox_solver/src/fixed_base_scalar_mul.rs b/noir/acvm-repo/bn254_blackbox_solver/src/fixed_base_scalar_mul.rs index 7f004de0fe9..5e68c7d4030 100644 --- a/noir/acvm-repo/bn254_blackbox_solver/src/fixed_base_scalar_mul.rs +++ b/noir/acvm-repo/bn254_blackbox_solver/src/fixed_base_scalar_mul.rs @@ -47,6 +47,26 @@ pub fn fixed_base_scalar_mul( } } +pub fn embedded_curve_add( + input1_x: FieldElement, + input1_y: FieldElement, + input2_x: FieldElement, + input2_y: FieldElement, +) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> { + let mut point1 = grumpkin::SWAffine::new(input1_x.into_repr(), input1_y.into_repr()); + let point2 = grumpkin::SWAffine::new(input2_x.into_repr(), input2_y.into_repr()); + let res = point1 + point2; + point1 = res.into(); + if let Some((res_x, res_y)) = point1.xy() { + Ok((FieldElement::from_repr(*res_x), FieldElement::from_repr(*res_y))) + } else { + Err(BlackBoxResolutionError::Failed( + BlackBoxFunc::EmbeddedCurveAdd, + "Point is not on curve".to_string(), + )) + } +} + #[cfg(test)] mod grumpkin_fixed_base_scalar_mul { use ark_ff::BigInteger; diff --git a/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs b/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs index 92c45e93dea..f4b866b5882 100644 --- a/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs +++ b/noir/acvm-repo/bn254_blackbox_solver/src/lib.rs @@ -8,7 +8,7 @@ use acvm_blackbox_solver::{BlackBoxFunctionSolver, BlackBoxResolutionError}; mod fixed_base_scalar_mul; mod wasm; -pub use fixed_base_scalar_mul::fixed_base_scalar_mul; +pub use fixed_base_scalar_mul::{embedded_curve_add, fixed_base_scalar_mul}; use wasm::Barretenberg; use self::wasm::{Pedersen, SchnorrSig}; @@ -90,19 +90,19 @@ impl BlackBoxFunctionSolver for Bn254BlackBoxSolver { fn ec_add( &self, - _input1_x: &FieldElement, - _input1_y: &FieldElement, - _input2_x: &FieldElement, - _input2_y: &FieldElement, + input1_x: &FieldElement, + input1_y: &FieldElement, + input2_x: &FieldElement, + input2_y: &FieldElement, ) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> { - todo!(); + embedded_curve_add(*input1_x, *input1_y, *input2_x, *input2_y) } fn ec_double( &self, - _input_x: &FieldElement, - _input_y: &FieldElement, + input_x: &FieldElement, + input_y: &FieldElement, ) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> { - todo!(); + embedded_curve_add(*input_x, *input_y, *input_x, *input_y) } } From ebac236ee067a53deda53d7b5282ca26485f8ec9 Mon Sep 17 00:00:00 2001 From: guipublic Date: Mon, 15 Jan 2024 14:43:37 +0000 Subject: [PATCH 4/8] clippy --- noir/acvm-repo/acvm/Cargo.toml | 3 --- noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs | 4 +--- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/noir/acvm-repo/acvm/Cargo.toml b/noir/acvm-repo/acvm/Cargo.toml index a98f384492c..f5819d6fa34 100644 --- a/noir/acvm-repo/acvm/Cargo.toml +++ b/noir/acvm-repo/acvm/Cargo.toml @@ -24,9 +24,6 @@ acvm_blackbox_solver.workspace = true indexmap = "1.7.0" -grumpkin = { git = "https://github.com/noir-lang/grumpkin", rev = "56d99799381f79e42148aaef0de2b0cf9a4b9a5d", features = ["std"] } -ark-ec = { version = "^0.4.0", default-features = false } - [features] default = ["bn254"] bn254 = [ diff --git a/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs b/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs index 613795a2636..2bf16419232 100644 --- a/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs +++ b/noir/acvm-repo/acvm/src/pwg/blackbox/fixed_base_scalar_mul.rs @@ -1,12 +1,10 @@ use acir::{ circuit::opcodes::FunctionInput, native_types::{Witness, WitnessMap}, - FieldElement, }; use acvm_blackbox_solver::BlackBoxFunctionSolver; -use ark_ec::AffineRepr; -use crate::pwg::{insert_value, witness_to_value, ErrorLocation, OpcodeResolutionError}; +use crate::pwg::{insert_value, witness_to_value, OpcodeResolutionError}; pub(super) fn fixed_base_scalar_mul( backend: &impl BlackBoxFunctionSolver, From c877c238e7b7b8f102dc03e52521909f9424d47b Mon Sep 17 00:00:00 2001 From: guipublic Date: Mon, 15 Jan 2024 15:11:45 +0000 Subject: [PATCH 5/8] code review --- noir/noir_stdlib/src/scalar_mul.nr | 9 +++++++-- .../execution_success/scalar_mul/src/main.nr | 17 ++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/noir/noir_stdlib/src/scalar_mul.nr b/noir/noir_stdlib/src/scalar_mul.nr index a09e4db38f3..e1d0ff4d453 100644 --- a/noir/noir_stdlib/src/scalar_mul.nr +++ b/noir/noir_stdlib/src/scalar_mul.nr @@ -1,3 +1,8 @@ +struct EmbeddedCurvePoint { + x: Field, + y: Field, +} + // Computes a fixed base scalar multiplication over the embedded curve. // For bn254, We have Grumpkin and Baby JubJub. // For bls12-381, we have JubJub and Bandersnatch. @@ -9,7 +14,7 @@ pub fn fixed_base_embedded_curve(_low: Field, _high: Field) -> [Field; 2] {} #[foreign(embedded_curve_add)] -pub fn embedded_curve_add(_x1: Field, _x2: Field, _y1: Field, _y2: Field) -> [Field; 2] {} +pub fn embedded_curve_add(_point1: EmbeddedCurvePoint, _point2: EmbeddedCurvePoint) -> EmbeddedCurvePoint {} #[foreign(embedded_curve_double)] -pub fn embedded_curve_double(_x1: Field, _x2: Field) -> [Field; 2] {} +pub fn embedded_curve_double(_point: EmbeddedCurvePoint) -> EmbeddedCurvePoint {} diff --git a/noir/test_programs/execution_success/scalar_mul/src/main.nr b/noir/test_programs/execution_success/scalar_mul/src/main.nr index 1972b982403..a88754da5d3 100644 --- a/noir/test_programs/execution_success/scalar_mul/src/main.nr +++ b/noir/test_programs/execution_success/scalar_mul/src/main.nr @@ -20,11 +20,18 @@ fn main( let res = std::scalar_mul::fixed_base_embedded_curve(priv_key, 0); assert(res[0] == pub_x); assert(res[1] == pub_y); - + let pub_point= std::scalar_mul::EmbeddedCurvePoint { + x: pub_x, + y: pub_y + }; let g1_y = 17631683881184975370165255887551781615748388533673675138860; - let res = std::scalar_mul::embedded_curve_double(pub_x, pub_y); - let double = std::scalar_mul::embedded_curve_add(1, g1_y,1, g1_y ); + let g1= std::scalar_mul::EmbeddedCurvePoint { + x: 1, + y: g1_y + }; + + let res = std::scalar_mul::embedded_curve_double(pub_point); + let double = std::scalar_mul::embedded_curve_add(g1,g1 ); - assert(double[0] == res[0]); - + assert(double.x == res.x); } From 6355f7d9ae0dd7f3d69b185b4e59e7238a56f750 Mon Sep 17 00:00:00 2001 From: guipublic Date: Thu, 25 Jan 2024 11:12:59 +0000 Subject: [PATCH 6/8] fix the build --- .../dsl/acir_format/ec_operations.cpp | 9 ++++---- .../dsl/acir_format/ec_operations.test.cpp | 23 +++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp index 5105a010b9b..0919ec81caa 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.cpp @@ -11,8 +11,9 @@ template void create_ec_add_constraint(Builder& builder, const EcAdd& input, bool has_valid_witness_assignments) { // Input to cycle_group points - using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; - using field_ct = proof_system::plonk::stdlib::field_t; + using cycle_group_ct = bb::stdlib::cycle_group; + using field_ct = bb::stdlib::field_t; + auto x1 = field_ct::from_witness_index(&builder, input.input1_x); auto y1 = field_ct::from_witness_index(&builder, input.input1_y); auto x2 = field_ct::from_witness_index(&builder, input.input2_x); @@ -48,8 +49,8 @@ template void create_ec_add_constraint(GoblinUltraCir template void create_ec_double_constraint(Builder& builder, const EcDouble& input, bool has_valid_witness_assignments) { - using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; - using field_ct = proof_system::plonk::stdlib::field_t; + using cycle_group_ct = bb::stdlib::cycle_group; + using field_ct = bb::stdlib::field_t; // Input to cycle_group point auto x = field_ct::from_witness_index(&builder, input.input_x); auto y = field_ct::from_witness_index(&builder, input.input_y); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp index 5b4af24335b..72773ffacab 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -7,16 +7,17 @@ #include namespace acir_format::tests { -using curve_ct = proof_system::plonk::stdlib::secp256k1; +using curve_ct = bb::stdlib::secp256k1; class EcOperations : public ::testing::Test { protected: - static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } + static void SetUpTestSuite() { bb::srs::init_crs_factory("../srs_db/ignition"); } }; size_t generate_ec_add_constraint(EcAdd& ec_add_constraint, WitnessVector& witness_values) { - using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; + using cycle_group_ct = bb::stdlib::cycle_group; + auto g1 = grumpkin::g1::affine_one; cycle_group_ct input_point(g1); // Doubling @@ -42,15 +43,15 @@ size_t generate_ec_add_constraint(EcAdd& ec_add_constraint, WitnessVector& witne size_t generate_ec_double_constraint(EcDouble& ec_double_constraint, WitnessVector& witness_values) { - using cycle_group_ct = proof_system::plonk::stdlib::cycle_group; + using cycle_group_ct = bb::stdlib::cycle_group; auto g1 = grumpkin::g1::affine_one; cycle_group_ct input_point(g1); // Doubling cycle_group_ct result = input_point.dbl(); // add: x,y,x2,y2 - uint32_t result_x_witness_index = (uint32_t)witness_values.size() + 1; + uint32_t result_x_witness_index = static_cast(witness_values.size()) + 1; witness_values.push_back(result.x.get_value()); - uint32_t result_y_witness_index = (uint32_t)witness_values.size() + 1; + uint32_t result_y_witness_index = static_cast(witness_values.size()) + 1; witness_values.push_back(result.y.get_value()); info("DOUBLE"); info(result.x.get_value()); @@ -93,7 +94,7 @@ TEST_F(EcOperations, TestECOperations) .q_c = 0, }; - acir_format constraint_system{ + AcirFormat constraint_system{ .varnum = static_cast(num_variables + 1), .public_inputs = {}, .logic_constraints = {}, @@ -117,16 +118,14 @@ TEST_F(EcOperations, TestECOperations) .block_constraints = {}, }; - auto builder = create_circuit_with_witness(constraint_system, witness_values); + auto builder = create_circuit(constraint_system, /*size_hint*/ 0, witness_values); + auto composer = Composer(); auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); EXPECT_TRUE(builder.check_circuit()); - // We create another builder - auto builder2 = create_circuit(constraint_system); - auto composer2 = Composer(); - auto verifier = composer2.create_verifier(builder2); + auto verifier = composer.create_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } From 4b41f37b1feddf12c8d7dd6cd16eb91f8dd636dc Mon Sep 17 00:00:00 2001 From: guipublic Date: Thu, 25 Jan 2024 11:25:54 +0000 Subject: [PATCH 7/8] fix the build(2) --- .../cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp index 72773ffacab..aad4dc54c56 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -114,6 +114,8 @@ TEST_F(EcOperations, TestECOperations) .ec_add_constraints = { ec_add_constraint }, .ec_double_constraints = { ec_double_constraint }, .recursion_constraints = {}, + .bigint_from_le_bytes_constraints = {}, + .bigint_operations = {}, .constraints = { constrain_5_is_7, constrain_6_is_8 }, .block_constraints = {}, }; From 348364e7ef10434d20d6dc635c252cd99966e438 Mon Sep 17 00:00:00 2001 From: guipublic Date: Thu, 25 Jan 2024 12:20:23 +0000 Subject: [PATCH 8/8] fix ec_operations test --- .../barretenberg/dsl/acir_format/ec_operations.test.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp index aad4dc54c56..ea5fb82c5d2 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -17,7 +17,7 @@ class EcOperations : public ::testing::Test { size_t generate_ec_add_constraint(EcAdd& ec_add_constraint, WitnessVector& witness_values) { using cycle_group_ct = bb::stdlib::cycle_group; - + witness_values.push_back(0); auto g1 = grumpkin::g1::affine_one; cycle_group_ct input_point(g1); // Doubling @@ -49,12 +49,11 @@ size_t generate_ec_double_constraint(EcDouble& ec_double_constraint, WitnessVect // Doubling cycle_group_ct result = input_point.dbl(); // add: x,y,x2,y2 - uint32_t result_x_witness_index = static_cast(witness_values.size()) + 1; + uint32_t result_x_witness_index = static_cast(witness_values.size()); + witness_values.push_back(result.x.get_value()); - uint32_t result_y_witness_index = static_cast(witness_values.size()) + 1; + uint32_t result_y_witness_index = static_cast(witness_values.size()); witness_values.push_back(result.y.get_value()); - info("DOUBLE"); - info(result.x.get_value()); ec_double_constraint = EcDouble{ .input_x = 1, .input_y = 2,