feat: Pedersen hash in acir format (#2990)

Please provide a paragraph or two giving a summary of the change, including relevant motivation and context. # Checklist: Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge. - [ ] If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag. - [ ] I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code. - [ ] Every change is related to the PR description. - [ ] I have [linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) this pull request to relevant issues (if any exist). --------- Co-authored-by: kevaundray <[email protected]>
AztecProtocol · Oct 25, 2023 · 1472b6c · 1472b6c
1 parent 99bbc6c
commit 1472b6c
Show file tree

Hide file tree

Showing 14 changed files with 221 additions and 30 deletions.
diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh
@@ -7,7 +7,7 @@ set -eu
 BIN=${BIN:-../cpp/build/bin/bb}
 FLOW=${FLOW:-prove_and_verify}
 CRS_PATH=~/.bb-crs
-BRANCH=kw/switch-backend
+BRANCH=arv/pedersen_hash
 VERBOSE=${VERBOSE:-}
 NAMED_TEST=${1:-}
 

diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp
@@ -300,7 +300,7 @@ void acvmInfo(const std::string& output_path)
         "width" : 3
     },
     "opcodes_supported" : ["arithmetic", "directive", "brillig", "memory_init", "memory_op"],
-    "black_box_functions_supported" : ["and", "xor", "range", "sha256", "blake2s", "keccak256", "schnorr_verify", "pedersen", "hash_to_field_128_security", "ecdsa_secp256k1", "ecdsa_secp256r1", "fixed_base_scalar_mul", "recursive_aggregation"]
+    "black_box_functions_supported" : ["and", "xor", "range", "sha256", "blake2s", "keccak256", "schnorr_verify", "pedersen", "pedersen_hash", "hash_to_field_128_security", "ecdsa_secp256k1", "ecdsa_secp256r1", "fixed_base_scalar_mul", "recursive_aggregation"]
     })";
 
     size_t length = strlen(jsonData);

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp
@@ -1,5 +1,6 @@
 #include "acir_format.hpp"
 #include "barretenberg/common/log.hpp"
+#include "barretenberg/dsl/acir_format/pedersen.hpp"
 
 namespace acir_format {
 
@@ -83,6 +84,10 @@ void build_constraints(Builder& builder, acir_format const& constraint_system, b
         create_pedersen_constraint(builder, constraint);
     }
 
+    for (const auto& constraint : constraint_system.pedersen_hash_constraints) {
+        create_pedersen_hash_constraint(builder, constraint);
+    }
+
     // Add fixed base scalar mul constraints
     for (const auto& constraint : constraint_system.fixed_base_scalar_mul_constraints) {
         create_fixed_base_constraint(builder, constraint);

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp
@@ -34,6 +34,7 @@ struct acir_format {
     std::vector<KeccakConstraint> keccak_constraints;
     std::vector<KeccakVarConstraint> keccak_var_constraints;
     std::vector<PedersenConstraint> pedersen_constraints;
+    std::vector<PedersenHashConstraint> pedersen_hash_constraints;
     std::vector<HashToFieldConstraint> hash_to_field_constraints;
     std::vector<FixedBaseScalarMul> fixed_base_scalar_mul_constraints;
     std::vector<RecursionConstraint> recursion_constraints;
@@ -58,6 +59,7 @@ struct acir_format {
                    keccak_constraints,
                    keccak_var_constraints,
                    pedersen_constraints,
+                   pedersen_hash_constraints,
                    hash_to_field_constraints,
                    fixed_base_scalar_mul_constraints,
                    recursion_constraints,

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp
@@ -40,6 +40,7 @@ TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -146,6 +147,7 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit)
                                    .keccak_constraints = {},
                                    .keccak_var_constraints = {},
                                    .pedersen_constraints = {},
+                                   .pedersen_hash_constraints = {},
                                    .hash_to_field_constraints = {},
                                    .fixed_base_scalar_mul_constraints = {},
                                    .recursion_constraints = {},
@@ -210,6 +212,7 @@ TEST_F(AcirFormatTests, TestSchnorrVerifyPass)
                                    .keccak_constraints = {},
                                    .keccak_var_constraints = {},
                                    .pedersen_constraints = {},
+                                   .pedersen_hash_constraints = {},
                                    .hash_to_field_constraints = {},
                                    .fixed_base_scalar_mul_constraints = {},
                                    .recursion_constraints = {},
@@ -297,6 +300,7 @@ TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -403,6 +407,7 @@ TEST_F(AcirFormatTests, TestVarKeccak)
         .keccak_constraints = {},
         .keccak_var_constraints = { keccak },
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp
@@ -122,13 +122,19 @@ void handle_blackbox_func_call(Circuit::Opcode::BlackBoxFuncCall const& arg, aci
                     .result = arg.output.value,
                     .signature = map(arg.signature, [](auto& e) { return e.witness.value; }),
                 });
-            } else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::Pedersen>) {
+            } else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::PedersenCommitment>) {
                 af.pedersen_constraints.push_back(PedersenConstraint{
                     .scalars = map(arg.inputs, [](auto& e) { return e.witness.value; }),
                     .hash_index = arg.domain_separator,
                     .result_x = arg.outputs[0].value,
                     .result_y = arg.outputs[1].value,
                 });
+            } else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::PedersenHash>) {
+                af.pedersen_hash_constraints.push_back(PedersenHashConstraint{
+                    .scalars = map(arg.inputs, [](auto& e) { return e.witness.value; }),
+                    .hash_index = arg.domain_separator,
+                    .result = arg.output.value,
+                });
             } else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::HashToField128Security>) {
                 af.hash_to_field_constraints.push_back(HashToFieldConstraint{
                     .inputs = map(arg.inputs,

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp
@@ -121,6 +121,7 @@ TEST_F(UltraPlonkRAM, TestBlockConstraint)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp
@@ -100,6 +100,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -140,6 +141,7 @@ TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -175,6 +177,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintFail)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp
@@ -134,6 +134,7 @@ TEST(ECDSASecp256r1, test_hardcoded)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -175,6 +176,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintSucceed)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -214,6 +216,7 @@ TEST(ECDSASecp256r1, TestECDSACompilesForVerifier)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},
@@ -248,6 +251,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintFail)
         .keccak_constraints = {},
         .keccak_var_constraints = {},
         .pedersen_constraints = {},
+        .pedersen_hash_constraints = {},
         .hash_to_field_constraints = {},
         .fixed_base_scalar_mul_constraints = {},
         .recursion_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/pedersen.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/pedersen.cpp
@@ -20,4 +20,19 @@ void create_pedersen_constraint(Builder& builder, const PedersenConstraint& inpu
     builder.assert_equal(point.y.witness_index, input.result_y);
 }
 
+void create_pedersen_hash_constraint(Builder& builder, const PedersenHashConstraint& input)
+{
+    std::vector<field_ct> scalars;
+
+    for (const auto& scalar : input.scalars) {
+        // convert input indices to field_ct
+        field_ct scalar_as_field = field_ct::from_witness_index(&builder, scalar);
+        scalars.push_back(scalar_as_field);
+    }
+
+    auto result = stdlib::pedersen_hash<Builder>::hash(scalars, input.hash_index);
+
+    builder.assert_equal(result.witness_index, input.result);
+}
+
 } // namespace acir_format
diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/pedersen.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/pedersen.hpp
@@ -15,7 +15,17 @@ struct PedersenConstraint {
     friend bool operator==(PedersenConstraint const& lhs, PedersenConstraint const& rhs) = default;
 };
 
+struct PedersenHashConstraint {
+    std::vector<uint32_t> scalars;
+    uint32_t hash_index;
+
+    uint32_t result;
+
+    friend bool operator==(PedersenHashConstraint const& lhs, PedersenHashConstraint const& rhs) = default;
+};
+
 void create_pedersen_constraint(Builder& builder, const PedersenConstraint& input);
+void create_pedersen_hash_constraint(Builder& builder, const PedersenHashConstraint& input);
 
 template <typename B> inline void read(B& buf, PedersenConstraint& constraint)
 {

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp
@@ -93,6 +93,7 @@ Builder create_inner_circuit()
                                    .keccak_constraints = {},
                                    .keccak_var_constraints = {},
                                    .pedersen_constraints = {},
+                                   .pedersen_hash_constraints = {},
                                    .hash_to_field_constraints = {},
                                    .fixed_base_scalar_mul_constraints = {},
                                    .recursion_constraints = {},
@@ -219,6 +220,7 @@ Builder create_outer_circuit(std::vector<Builder>& inner_circuits)
                                    .keccak_constraints = {},
                                    .keccak_var_constraints = {},
                                    .pedersen_constraints = {},
+                                   .pedersen_hash_constraints = {},
                                    .hash_to_field_constraints = {},
                                    .fixed_base_scalar_mul_constraints = {},
                                    .recursion_constraints = recursion_constraints,