Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Set keccak var inputs to 0 after requested length #646

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp
Original file line number Diff line number Diff line change
@@ -310,4 +310,79 @@ TEST(acir_format, test_schnorr_verify_small_range)
auto verifier = composer.create_ultra_with_keccak_verifier(builder);
EXPECT_EQ(verifier.verify_proof(proof), true);
}

TEST(acir_format, test_var_keccak)
{
HashInput input1;
input1.witness = 1;
input1.num_bits = 8;
HashInput input2;
input2.witness = 2;
input2.num_bits = 8;
HashInput input3;
input3.witness = 3;
input3.num_bits = 8;
KeccakVarConstraint keccak;
keccak.inputs = { input1, input2, input3 };
keccak.var_message_size = 4;
keccak.result = { 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36 };

RangeConstraint range_a{
.witness = 1,
.num_bits = 8,
};
RangeConstraint range_b{
.witness = 2,
.num_bits = 8,
};
RangeConstraint range_c{
.witness = 3,
.num_bits = 8,
};
RangeConstraint range_d{
.witness = 4,
.num_bits = 8,
};

auto dummy = poly_triple{
.a = 1,
.b = 0,
.c = 0,
.q_m = 0,
.q_l = 1,
.q_r = 0,
.q_o = 0,
.q_c = fr::neg_one() * fr(4),
};

acir_format constraint_system{
.varnum = 37,
.public_inputs = {},
.logic_constraints = {},
.range_constraints = { range_a, range_b, range_c, range_d },
.sha256_constraints = {},
.schnorr_constraints = {},
.ecdsa_k1_constraints = {},
.ecdsa_r1_constraints = {},
.blake2s_constraints = {},
.keccak_constraints = {},
.keccak_var_constraints = { keccak },
.pedersen_constraints = {},
.hash_to_field_constraints = {},
.fixed_base_scalar_mul_constraints = {},
.recursion_constraints = {},
.constraints = { dummy },
.block_constraints = {},
};

auto builder = create_circuit_with_witness(constraint_system, { 4, 2, 6, 2 });

auto composer = Composer();
auto prover = composer.create_ultra_with_keccak_prover(builder);
auto proof = prover.construct_proof();
auto verifier = composer.create_ultra_with_keccak_verifier(builder);
EXPECT_EQ(verifier.verify_proof(proof), true);
}

} // namespace acir_format::tests
10 changes: 9 additions & 1 deletion cpp/src/barretenberg/stdlib/hash/keccak/keccak.cpp
Original file line number Diff line number Diff line change
@@ -567,8 +567,16 @@ template <typename Composer> byte_array<Composer> keccak<Composer>::sponge_squee
* @return std::vector<field_t<Composer>>
*/
template <typename Composer>
std::vector<field_t<Composer>> keccak<Composer>::format_input_lanes(byte_array_ct& input, const uint32_ct& num_bytes)
std::vector<field_t<Composer>> keccak<Composer>::format_input_lanes(byte_array_ct& _input, const uint32_ct& num_bytes)
{
byte_array_ct input(_input);

// make sure that every byte past `num_bytes` is zero!
for (size_t i = 0; i < input.size(); ++i) {
bool_ct valid_byte = uint32_ct(static_cast<uint32_t>(i)) < num_bytes;
input.set_byte(i, (input[i] * valid_byte));
}

auto* ctx = input.get_context();

// We require that `num_bytes` does not exceed the size of our input byte array.
27 changes: 27 additions & 0 deletions cpp/src/barretenberg/stdlib/hash/keccak/keccak.test.cpp
Original file line number Diff line number Diff line change
@@ -242,3 +242,30 @@ TEST(stdlib_keccak, test_double_block_variable_length)
bool proof_result = composer.check_circuit();
EXPECT_EQ(proof_result, true);
}

TEST(stdlib_keccak, test_variable_length_nonzero_input_greater_than_byte_array_size)

{
Composer composer = Composer();
std::string input = "";
size_t target_length = 2;
size_t byte_array_length = 200;
for (size_t i = 0; i < target_length; ++i) {
input += "a";
}
std::vector<uint8_t> input_expected(input.begin(), input.end());
std::vector<uint8_t> expected = stdlib::keccak<Composer>::hash_native(input_expected);
for (size_t i = target_length; i < byte_array_length; ++i) {
input += "a";
}
std::vector<uint8_t> input_v(input.begin(), input.end());

byte_array input_arr(&composer, input_v);

uint32_ct length(witness_ct(&composer, 2));
byte_array output = stdlib::keccak<Composer>::hash(input_arr, length);

EXPECT_EQ(output.get_value(), expected);
bool proof_result = composer.check_circuit();
EXPECT_EQ(proof_result, true);
}