diff --git a/Cargo.lock b/Cargo.lock index 3bcd97d0..5fe88aa5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5,7 +5,7 @@ version = 3 [[package]] name = "acir" version = "0.11.0" -source = "git+https://github.com/noir-lang/acvm?rev=3288b4c7eb01f5621e577d5ff9e7c92c7757e021#3288b4c7eb01f5621e577d5ff9e7c92c7757e021" +source = "git+https://github.com/noir-lang/acvm?rev=a83333b9e270dfcfd40a36271896840ec0201bc4#a83333b9e270dfcfd40a36271896840ec0201bc4" dependencies = [ "acir_field", "flate2", @@ -16,7 +16,7 @@ dependencies = [ [[package]] name = "acir_field" version = "0.11.0" -source = "git+https://github.com/noir-lang/acvm?rev=3288b4c7eb01f5621e577d5ff9e7c92c7757e021#3288b4c7eb01f5621e577d5ff9e7c92c7757e021" +source = "git+https://github.com/noir-lang/acvm?rev=a83333b9e270dfcfd40a36271896840ec0201bc4#a83333b9e270dfcfd40a36271896840ec0201bc4" dependencies = [ "ark-bn254", "ark-ff", @@ -29,7 +29,7 @@ dependencies = [ [[package]] name = "acvm" version = "0.11.0" -source = "git+https://github.com/noir-lang/acvm?rev=3288b4c7eb01f5621e577d5ff9e7c92c7757e021#3288b4c7eb01f5621e577d5ff9e7c92c7757e021" +source = "git+https://github.com/noir-lang/acvm?rev=a83333b9e270dfcfd40a36271896840ec0201bc4#a83333b9e270dfcfd40a36271896840ec0201bc4" dependencies = [ "acir", "acvm_stdlib", @@ -68,7 +68,7 @@ dependencies = [ [[package]] name = "acvm_stdlib" version = "0.11.0" -source = "git+https://github.com/noir-lang/acvm?rev=3288b4c7eb01f5621e577d5ff9e7c92c7757e021#3288b4c7eb01f5621e577d5ff9e7c92c7757e021" +source = "git+https://github.com/noir-lang/acvm?rev=a83333b9e270dfcfd40a36271896840ec0201bc4#a83333b9e270dfcfd40a36271896840ec0201bc4" dependencies = [ "acir", ] @@ -252,7 +252,7 @@ dependencies = [ "cc", "cfg-if", "libc", - "miniz_oxide", + "miniz_oxide 0.6.2", "object 0.30.3", "rustc-demangle", ] @@ -876,12 +876,12 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.25" +version = "1.0.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841" +checksum = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743" dependencies = [ "crc32fast", - "miniz_oxide", + "miniz_oxide 0.7.1", ] [[package]] @@ -1446,6 +1446,15 @@ dependencies = [ "adler", ] +[[package]] +name = "miniz_oxide" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +dependencies = [ + "adler", +] + [[package]] name = "mio" version = "0.8.6" diff --git a/Cargo.toml b/Cargo.toml index 76242462..de88499d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -70,4 +70,4 @@ wasm = [ js = ["wasmer", "dep:rust-embed", "dep:getrandom", "wasmer/js-default"] [patch.crates-io] -acvm = { git = "https://github.com/noir-lang/acvm", rev = "3288b4c7eb01f5621e577d5ff9e7c92c7757e021" } +acvm = { git = "https://github.com/noir-lang/acvm", rev = "a83333b9e270dfcfd40a36271896840ec0201bc4" } diff --git a/src/acvm_interop/pwg.rs b/src/acvm_interop/pwg.rs index 524b6bd8..0cd0ce23 100644 --- a/src/acvm_interop/pwg.rs +++ b/src/acvm_interop/pwg.rs @@ -29,27 +29,29 @@ impl PartialWitnessGenerator for Barretenberg { fn and( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], - outputs: &[Witness], + lhs: &FunctionInput, + rhs: &FunctionInput, + output: &Witness, ) -> Result { - logic::and(initial_witness, inputs, outputs) + logic::and(initial_witness, lhs, rhs, output) } fn xor( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], - outputs: &[Witness], + lhs: &FunctionInput, + rhs: &FunctionInput, + output: &Witness, ) -> Result { - logic::xor(initial_witness, inputs, outputs) + logic::xor(initial_witness, lhs, rhs, output) } fn range( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], + input: &FunctionInput, ) -> Result { - range::solve_range_opcode(initial_witness, inputs) + range::solve_range_opcode(initial_witness, input) } fn sha256( @@ -73,18 +75,17 @@ impl PartialWitnessGenerator for Barretenberg { fn compute_merkle_root( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], - outputs: &[Witness], + leaf: &FunctionInput, + index: &FunctionInput, + hash_path: &[FunctionInput], + output: &Witness, ) -> Result { - let mut inputs_iter = inputs.iter(); - - let _leaf = inputs_iter.next().expect("expected a leaf"); - let leaf = witness_to_value(initial_witness, _leaf.witness)?; + let leaf = witness_to_value(initial_witness, leaf.witness)?; - let _index = inputs_iter.next().expect("expected an index"); - let index = witness_to_value(initial_witness, _index.witness)?; + let index = witness_to_value(initial_witness, index.witness)?; - let hash_path: Result, _> = inputs_iter + let hash_path: Result, _> = hash_path + .iter() .map(|input| witness_to_value(initial_witness, input.witness)) .collect(); @@ -101,29 +102,23 @@ impl PartialWitnessGenerator for Barretenberg { ) })?; - initial_witness.insert(outputs[0], computed_merkle_root); + initial_witness.insert(*output, computed_merkle_root); Ok(OpcodeResolution::Solved) } fn schnorr_verify( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], - outputs: &[Witness], + public_key_x: &FunctionInput, + public_key_y: &FunctionInput, + signature: &[FunctionInput], + message: &[FunctionInput], + output: &Witness, ) -> Result { // In barretenberg, if the signature fails, then the whole thing fails. - let mut inputs_iter = inputs.iter(); - - let _pub_key_x = inputs_iter - .next() - .expect("expected `x` component for public key"); - let pub_key_x = witness_to_value(initial_witness, _pub_key_x.witness)?.to_be_bytes(); - - let _pub_key_y = inputs_iter - .next() - .expect("expected `y` component for public key"); - let pub_key_y = witness_to_value(initial_witness, _pub_key_y.witness)?.to_be_bytes(); + let pub_key_x = witness_to_value(initial_witness, public_key_x.witness)?.to_be_bytes(); + let pub_key_y = witness_to_value(initial_witness, public_key_y.witness)?.to_be_bytes(); let pub_key_bytes: Vec = pub_key_x .iter() @@ -137,25 +132,10 @@ impl PartialWitnessGenerator for Barretenberg { ) })?; - let mut sig_s = [0u8; 32]; - for (i, sig) in sig_s.iter_mut().enumerate() { - let _sig_i = inputs_iter.next().ok_or_else(|| { - OpcodeResolutionError::BlackBoxFunctionFailed( - BlackBoxFunc::SchnorrVerify, - format!("signature should be 64 bytes long, found only {i} bytes"), - ) - })?; - let sig_i = witness_to_value(initial_witness, _sig_i.witness)?; - *sig = *sig_i.to_be_bytes().last().ok_or_else(|| { - OpcodeResolutionError::BlackBoxFunctionFailed( - BlackBoxFunc::SchnorrVerify, - "could not get last bytes".into(), - ) - })?; - } - let mut sig_e = [0u8; 32]; - for (i, sig) in sig_e.iter_mut().enumerate() { - let _sig_i = inputs_iter.next().ok_or_else(|| { + let mut signature = signature.iter(); + let mut signature_bytes = [0u8; 64]; + for (i, sig) in signature_bytes.iter_mut().enumerate() { + let _sig_i = signature.next().ok_or_else(|| { OpcodeResolutionError::BlackBoxFunctionFailed( BlackBoxFunc::SchnorrVerify, format!("signature should be 64 bytes long, found only {i} bytes"), @@ -170,8 +150,11 @@ impl PartialWitnessGenerator for Barretenberg { })?; } - let mut message = Vec::new(); - for msg in inputs_iter { + let sig_s: [u8; 32] = signature_bytes[..32].try_into().unwrap(); + let sig_e: [u8; 32] = signature_bytes[32..].try_into().unwrap(); + + let mut message_bytes = Vec::new(); + for msg in message.iter() { let msg_i_field = witness_to_value(initial_witness, msg.witness)?; let msg_i = *msg_i_field.to_be_bytes().last().ok_or_else(|| { OpcodeResolutionError::BlackBoxFunctionFailed( @@ -179,11 +162,11 @@ impl PartialWitnessGenerator for Barretenberg { "could not get last bytes".into(), ) })?; - message.push(msg_i); + message_bytes.push(msg_i); } let valid_signature = self - .verify_signature(pub_key, sig_s, sig_e, &message) + .verify_signature(pub_key, sig_s, sig_e, &message_bytes) .map_err(|err| { OpcodeResolutionError::BlackBoxFunctionFailed( BlackBoxFunc::SchnorrVerify, @@ -194,7 +177,7 @@ impl PartialWitnessGenerator for Barretenberg { dbg!("signature has failed to verify"); } - initial_witness.insert(outputs[0], FieldElement::from(valid_signature)); + initial_witness.insert(*output, FieldElement::from(valid_signature)); Ok(OpcodeResolution::Solved) } @@ -222,27 +205,37 @@ impl PartialWitnessGenerator for Barretenberg { &self, initial_witness: &mut BTreeMap, inputs: &[FunctionInput], - outputs: &[Witness], + output: &Witness, ) -> Result { - hash::hash_to_field_128_security(initial_witness, inputs, outputs) + hash::hash_to_field_128_security(initial_witness, inputs, output) } fn ecdsa_secp256k1( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], - outputs: &[Witness], + public_key_x: &[FunctionInput], + public_key_y: &[FunctionInput], + signature: &[FunctionInput], + message: &[FunctionInput], + outputs: &Witness, ) -> Result { - signature::ecdsa::secp256k1_prehashed(initial_witness, inputs, outputs) + signature::ecdsa::secp256k1_prehashed( + initial_witness, + public_key_x, + public_key_y, + signature, + message, + *outputs, + ) } fn fixed_base_scalar_mul( &self, initial_witness: &mut BTreeMap, - inputs: &[FunctionInput], + input: &FunctionInput, outputs: &[Witness], ) -> Result { - let scalar = witness_to_value(initial_witness, inputs[0].witness)?; + let scalar = witness_to_value(initial_witness, input.witness)?; let (pub_x, pub_y) = self.fixed_base(scalar).map_err(|err| { OpcodeResolutionError::BlackBoxFunctionFailed( diff --git a/src/barretenberg_structures.rs b/src/barretenberg_structures.rs index ec2334a8..16437884 100644 --- a/src/barretenberg_structures.rs +++ b/src/barretenberg_structures.rs @@ -1,3 +1,4 @@ +use acvm::acir::circuit::opcodes::BlackBoxFuncCall; use acvm::acir::circuit::{Circuit, Opcode}; use acvm::acir::native_types::Expression; use acvm::acir::BlackBoxFunc; @@ -671,14 +672,10 @@ impl TryFrom<&Circuit> for ConstraintSystem { constraints.push(constraint); } Opcode::BlackBoxFuncCall(gadget_call) => { - match gadget_call.name { - BlackBoxFunc::RANGE => { - assert_eq!(gadget_call.inputs.len(), 1); - assert_eq!(gadget_call.outputs.len(), 0); - - let function_input = &gadget_call.inputs[0]; - let witness = function_input.witness; - let num_bits = function_input.num_bits; + match gadget_call { + BlackBoxFuncCall::RANGE { input } => { + let witness = input.witness; + let num_bits = input.num_bits; let range_constraint = RangeConstraint { a: witness.witness_index() as i32, @@ -686,57 +683,52 @@ impl TryFrom<&Circuit> for ConstraintSystem { }; range_constraints.push(range_constraint); } - BlackBoxFunc::AND | BlackBoxFunc::XOR => { - assert_eq!(gadget_call.inputs.len(), 2); - assert_eq!(gadget_call.outputs.len(), 1); - - let function_input_lhs = &gadget_call.inputs[0]; - let witness_lhs = function_input_lhs.witness; - - let function_input_rhs = &gadget_call.inputs[1]; - let witness_rhs = function_input_rhs.witness; - - let function_output = &gadget_call.outputs[0]; - - assert_eq!(function_input_lhs.num_bits, function_input_rhs.num_bits); - let num_bits = function_input_rhs.num_bits; - - if gadget_call.name == BlackBoxFunc::AND { - let and = LogicConstraint::and( - witness_lhs.witness_index() as i32, - witness_rhs.witness_index() as i32, - function_output.witness_index() as i32, - num_bits as i32, - ); - logic_constraints.push(and); - } else if gadget_call.name == BlackBoxFunc::XOR { - let xor = LogicConstraint::xor( - witness_lhs.witness_index() as i32, - witness_rhs.witness_index() as i32, - function_output.witness_index() as i32, - num_bits as i32, - ); - logic_constraints.push(xor); - } else { - unreachable!("expected either an AND or XOR opcode") + BlackBoxFuncCall::AND { lhs, rhs, output } + | BlackBoxFuncCall::XOR { lhs, rhs, output } => { + let witness_lhs = lhs.witness; + let witness_rhs = rhs.witness; + + assert_eq!(lhs.num_bits, rhs.num_bits); + let num_bits = rhs.num_bits; + + match gadget_call { + BlackBoxFuncCall::AND { .. } => { + let and = LogicConstraint::and( + witness_lhs.witness_index() as i32, + witness_rhs.witness_index() as i32, + output.witness_index() as i32, + num_bits as i32, + ); + logic_constraints.push(and); + } + BlackBoxFuncCall::XOR { .. } => { + let xor = LogicConstraint::xor( + witness_lhs.witness_index() as i32, + witness_rhs.witness_index() as i32, + output.witness_index() as i32, + num_bits as i32, + ); + logic_constraints.push(xor); + } + _ => unreachable!("expected either an AND or XOR opcode"), } } - BlackBoxFunc::SHA256 => { + BlackBoxFuncCall::SHA256 { inputs, outputs } => { let mut sha256_inputs: Vec<(i32, i32)> = Vec::new(); - for input in gadget_call.inputs.iter() { + for input in inputs.iter() { let witness_index = input.witness.witness_index() as i32; let num_bits = input.num_bits as i32; sha256_inputs.push((witness_index, num_bits)); } - assert_eq!(gadget_call.outputs.len(), 32); + assert_eq!(outputs.len(), 32); - let mut outputs_iter = gadget_call.outputs.iter(); + let mut outputs_iter = outputs.iter(); let mut result = [0i32; 32]; for (i, res) in result.iter_mut().enumerate() { let out_byte = outputs_iter.next().ok_or_else(|| { Error::MalformedBlackBoxFunc( - gadget_call.name, + BlackBoxFunc::SHA256, format!("Missing rest of output. Tried to get byte {i} but failed"), ) })?; @@ -751,23 +743,23 @@ impl TryFrom<&Circuit> for ConstraintSystem { sha256_constraints.push(sha256_constraint); } - BlackBoxFunc::Blake2s => { + BlackBoxFuncCall::Blake2s { inputs, outputs } => { let mut blake2s_inputs: Vec<(i32, i32)> = Vec::new(); - for input in gadget_call.inputs.iter() { + for input in inputs.iter() { let witness_index = input.witness.witness_index() as i32; let num_bits = input.num_bits as i32; blake2s_inputs.push((witness_index, num_bits)); } - assert_eq!(gadget_call.outputs.len(), 32); + assert_eq!(outputs.len(), 32); - let mut outputs_iter = gadget_call.outputs.iter(); + let mut outputs_iter = outputs.iter(); let mut result = [0i32; 32]; for (i, res) in result.iter_mut().enumerate() { let out_byte = outputs_iter.next().ok_or_else(|| { Error::MalformedBlackBoxFunc( - gadget_call.name, + BlackBoxFunc::Blake2s, format!("Missing rest of output. Tried to get byte {i} but failed"), ) })?; @@ -782,43 +774,26 @@ impl TryFrom<&Circuit> for ConstraintSystem { blake2s_constraints.push(blake2s_constraint); } - BlackBoxFunc::ComputeMerkleRoot => { - let mut inputs_iter = gadget_call.inputs.iter().peekable(); - + BlackBoxFuncCall::ComputeMerkleRoot { + leaf, + index, + hash_path: hash_path_inputs, + output, + } => { // leaf - let leaf = { - let leaf_input = inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - "Missing leaf to check membership for".into(), - ) - })?; - leaf_input.witness.witness_index() as i32 - }; + let leaf = leaf.witness.witness_index() as i32; // index - let index = { - let index_input = inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - "Missing index for leaf".into(), - ) - })?; - index_input.witness.witness_index() as i32 - }; - - if inputs_iter.peek().is_none() { - unreachable!("cannot check membership without a hash path") - } + let index = index.witness.witness_index() as i32; let mut hash_path = Vec::new(); - for path_elem in inputs_iter { + for path_elem in hash_path_inputs.iter() { let path_elem_index = path_elem.witness.witness_index() as i32; hash_path.push(path_elem_index); } // computed root - let result = gadget_call.outputs[0].witness_index() as i32; + let result = output.witness_index() as i32; let constraint = ComputeMerkleRootConstraint { hash_path, @@ -829,53 +804,39 @@ impl TryFrom<&Circuit> for ConstraintSystem { compute_merkle_root_constraints.push(constraint); } - BlackBoxFunc::SchnorrVerify => { - let mut inputs_iter = gadget_call.inputs.iter(); - + BlackBoxFuncCall::SchnorrVerify { + public_key_x, + public_key_y, + signature, + message: message_inputs, + output, + } => { // pub_key_x - let public_key_x = { - let pub_key_x = inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - "Missing `x` component for public key".into(), - ) - })?; - pub_key_x.witness.witness_index() as i32 - }; + let public_key_x = public_key_x.witness.witness_index() as i32; // pub_key_y - let public_key_y = { - let pub_key_y = inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - "Missing `y` component for public key".into(), - ) - })?; - pub_key_y.witness.witness_index() as i32 - }; + let public_key_y = public_key_y.witness.witness_index() as i32; // signature - + let mut signature_iter = signature.iter(); let mut signature = [0i32; 64]; for (i, sig) in signature.iter_mut().enumerate() { let sig_byte = - inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - format!("Missing rest of signature. Tried to get byte {i} but failed"), - ) - })?; + signature_iter.next().ok_or_else(||Error::MalformedBlackBoxFunc( + BlackBoxFunc::SchnorrVerify, + format!("Missing rest of signature. Tried to get byte {i} but failed"), + ))?; let sig_byte_index = sig_byte.witness.witness_index() as i32; *sig = sig_byte_index } // The rest of the input is the message let mut message = Vec::new(); - for msg in inputs_iter { + for msg in message_inputs.iter() { let msg_byte_index = msg.witness.witness_index() as i32; message.push(msg_byte_index); } // result - let result = gadget_call.outputs[0].witness_index() as i32; + let result = output.witness_index() as i32; let constraint = SchnorrConstraint { message, @@ -887,15 +848,19 @@ impl TryFrom<&Circuit> for ConstraintSystem { schnorr_constraints.push(constraint); } - BlackBoxFunc::Pedersen => { + BlackBoxFuncCall::Pedersen { + inputs: gadget_call_inputs, + outputs, + } => { let mut inputs = Vec::new(); - for scalar in gadget_call.inputs.iter() { + for scalar in gadget_call_inputs.iter() { let scalar_index = scalar.witness.witness_index() as i32; inputs.push(scalar_index); } - let result_x = gadget_call.outputs[0].witness_index() as i32; - let result_y = gadget_call.outputs[1].witness_index() as i32; + assert_eq!(outputs.len(), 2); + let result_x = outputs[0].witness_index() as i32; + let result_y = outputs[1].witness_index() as i32; let constraint = PedersenConstraint { inputs, @@ -905,17 +870,15 @@ impl TryFrom<&Circuit> for ConstraintSystem { pedersen_constraints.push(constraint); } - BlackBoxFunc::HashToField128Security => { + BlackBoxFuncCall::HashToField128Security { inputs, output } => { let mut hash_to_field_inputs: Vec<(i32, i32)> = Vec::new(); - for input in gadget_call.inputs.iter() { + for input in inputs.iter() { let witness_index = input.witness.witness_index() as i32; let num_bits = input.num_bits as i32; hash_to_field_inputs.push((witness_index, num_bits)); } - assert_eq!(gadget_call.outputs.len(), 1); - - let result = gadget_call.outputs[0].witness_index() as i32; + let result = output.witness_index() as i32; let hash_to_field_constraint = HashToFieldConstraint { inputs: hash_to_field_inputs, @@ -924,60 +887,63 @@ impl TryFrom<&Circuit> for ConstraintSystem { hash_to_field_constraints.push(hash_to_field_constraint); } - BlackBoxFunc::EcdsaSecp256k1 => { - let mut inputs_iter = gadget_call.inputs.iter(); - + BlackBoxFuncCall::EcdsaSecp256k1 { + public_key_x: public_key_x_inputs, + public_key_y: public_key_y_inputs, + signature: signature_inputs, + hashed_message: hashed_message_inputs, + output, + } => { // public key x + let mut public_key_x_inputs = public_key_x_inputs.iter(); let mut public_key_x = [0i32; 32]; for (i, pkx) in public_key_x.iter_mut().enumerate() { - let x_byte = - inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - format!("Missing rest of `x` component for public key. Tried to get byte {i} but failed"), - ) - })?; + let x_byte = public_key_x_inputs + .next() + .ok_or_else(|| Error::MalformedBlackBoxFunc( + BlackBoxFunc::EcdsaSecp256k1, + format!("Missing rest of `x` component for public key. Tried to get byte {i} but failed"), + ))?; let x_byte_index = x_byte.witness.witness_index() as i32; *pkx = x_byte_index; } // public key y + let mut public_key_y_inputs = public_key_y_inputs.iter(); let mut public_key_y = [0i32; 32]; for (i, pky) in public_key_y.iter_mut().enumerate() { - let y_byte = - inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - format!("Missing rest of `y` component for public key. Tried to get byte {i} but failed"), - ) - })?; + let y_byte = public_key_y_inputs + .next() + .ok_or_else(|| Error::MalformedBlackBoxFunc( + BlackBoxFunc::EcdsaSecp256k1, + format!("Missing rest of `y` component for public key. Tried to get byte {i} but failed"), + ))?; let y_byte_index = y_byte.witness.witness_index() as i32; *pky = y_byte_index; } // signature + let mut signature_inputs = signature_inputs.iter(); let mut signature = [0i32; 64]; for (i, sig) in signature.iter_mut().enumerate() { let sig_byte = - inputs_iter.next().ok_or_else(|| { - Error::MalformedBlackBoxFunc( - gadget_call.name, - format!("Missing rest of signature. Tried to get byte {i} but failed"), - ) - })?; + signature_inputs.next().ok_or_else(|| Error::MalformedBlackBoxFunc( + BlackBoxFunc::EcdsaSecp256k1, + format!("Missing rest of signature. Tried to get byte {i} but failed"), + ))?; let sig_byte_index = sig_byte.witness.witness_index() as i32; *sig = sig_byte_index; } // The rest of the input is the message let mut hashed_message = Vec::new(); - for msg in inputs_iter { + for msg in hashed_message_inputs.iter() { let msg_byte_index = msg.witness.witness_index() as i32; hashed_message.push(msg_byte_index); } // result - let result = gadget_call.outputs[0].witness_index() as i32; + let result = output.witness_index() as i32; let constraint = EcdsaConstraint { hashed_message, @@ -989,13 +955,12 @@ impl TryFrom<&Circuit> for ConstraintSystem { ecdsa_secp256k1_constraints.push(constraint); } - BlackBoxFunc::FixedBaseScalarMul => { - assert_eq!(gadget_call.inputs.len(), 1); - let scalar = gadget_call.inputs[0].witness.witness_index() as i32; + BlackBoxFuncCall::FixedBaseScalarMul { input, outputs } => { + let scalar = input.witness.witness_index() as i32; - assert_eq!(gadget_call.outputs.len(), 2); - let pubkey_x = gadget_call.outputs[0].witness_index() as i32; - let pubkey_y = gadget_call.outputs[1].witness_index() as i32; + assert_eq!(outputs.len(), 2); + let pubkey_x = outputs[0].witness_index() as i32; + let pubkey_y = outputs[1].witness_index() as i32; let fixed_base_scalar_mul = FixedBaseScalarMulConstraint { scalar, @@ -1005,23 +970,23 @@ impl TryFrom<&Circuit> for ConstraintSystem { fixed_base_scalar_mul_constraints.push(fixed_base_scalar_mul); } - BlackBoxFunc::Keccak256 => { + BlackBoxFuncCall::Keccak256 { inputs, outputs } => { let mut keccak_inputs: Vec<(i32, i32)> = Vec::new(); - for input in gadget_call.inputs.iter() { + for input in inputs.iter() { let witness_index = input.witness.witness_index() as i32; let num_bits = input.num_bits as i32; keccak_inputs.push((witness_index, num_bits)); } - assert_eq!(gadget_call.outputs.len(), 32); + assert_eq!(outputs.len(), 32); - let mut outputs_iter = gadget_call.outputs.iter(); + let mut outputs_iter = outputs.iter(); let mut result = [0i32; 32]; for (i, res) in result.iter_mut().enumerate() { let out_byte = outputs_iter.next().ok_or_else(|| { Error::MalformedBlackBoxFunc( - gadget_call.name, + BlackBoxFunc::Keccak256, format!("Missing rest of output. Tried to get byte {i} but failed"), ) })?; @@ -1036,8 +1001,8 @@ impl TryFrom<&Circuit> for ConstraintSystem { keccak_constraints.push(keccak_constraint); } - BlackBoxFunc::AES => { - return Err(Error::UnsupportedBlackBoxFunc(gadget_call.name)) + BlackBoxFuncCall::AES { .. } => { + return Err(Error::UnsupportedBlackBoxFunc(BlackBoxFunc::AES)) } }; }