Skip to content

Commit

Permalink
Merge pull request #1306 from AztecProtocol/v2.1-testnet
Browse files Browse the repository at this point in the history
V2.1 testnet
  • Loading branch information
joss-aztec authored Aug 15, 2022
2 parents 28a9def + a9be01a commit ddf7ae7
Show file tree
Hide file tree
Showing 40 changed files with 746 additions and 299 deletions.
8 changes: 7 additions & 1 deletion barretenberg/src/aztec/crypto/ecdsa/ecdsa_impl.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

#include <numeric/uint256/uint256.hpp>
#include <common/serialize.hpp>
#include "../hmac/hmac.hpp"

namespace crypto {
namespace ecdsa {
Expand All @@ -10,7 +11,12 @@ template <typename Hash, typename Fq, typename Fr, typename G1>
signature construct_signature(const std::string& message, const key_pair<Fr, G1>& account)
{
signature sig;
Fr k = Fr::random_element(); // TODO replace with HMAC

// use HMAC in PRF mode to derive 32-byte secret `k`
std::vector<uint8_t> pkey_buffer;
write(pkey_buffer, account.private_key);
Fr k = crypto::get_unbiased_field_from_hmac<Hash, Fr>(message, pkey_buffer);

typename G1::affine_element R(G1::one * k);
Fq::serialize_to_buffer(R.x, &sig.r[0]);

Expand Down
38 changes: 38 additions & 0 deletions barretenberg/src/aztec/crypto/hmac/hmac.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
#include <cstdint>
#include <string>
#include <vector>
#include <numeric/uintx/uintx.hpp>

namespace crypto {
/**
Expand Down Expand Up @@ -69,4 +70,41 @@ std::array<uint8_t, Hash::OUTPUT_SIZE> hmac(const MessageContainer& message, con
return result;
}

/**
* @brief Takes a size-HASH_OUTPUT buffer from HMAC and converts into a field element
*
* @details We assume HASH_OUTPUT = 32, which is insufficient entropy. We hash input with `0` and `1` to produce 64
* bytes of input data. This is then converted into a uin512_t, which is taken modulo Fr::modulus to produce our field
* element.
*
* @tparam Hash the hash function we're using
* @tparam Fr field type
* @param input the input buffer
* @return Fr output field element
*/
template <typename Hash, typename Fr, typename MessageContainer, typename KeyContainer>
Fr get_unbiased_field_from_hmac(const MessageContainer& message, const KeyContainer& key)
{
auto input = hmac<Hash, MessageContainer, KeyContainer>(message, key);

std::vector<uint8_t> lo_buffer(input.begin(), input.end());
lo_buffer.push_back(0);
std::vector<uint8_t> hi_buffer(input.begin(), input.end());
hi_buffer.push_back(1);

auto klo = Hash::hash(lo_buffer);
auto khi = Hash::hash(hi_buffer);

std::vector<uint8_t> full_buffer(khi.begin(), khi.end());
for (auto& v : klo) {
full_buffer.push_back(v);
}

uint512_t field_as_u512;
const uint8_t* ptr = &full_buffer[0];
numeric::read(ptr, field_as_u512);

Fr result((field_as_u512 % Fr::modulus).lo);
return result;
}
} // namespace crypto
5 changes: 3 additions & 2 deletions barretenberg/src/aztec/crypto/schnorr/schnorr.tcc
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#include <ecc/fields/field.hpp>

#include <crypto/hmac/hmac.hpp>

namespace crypto {
namespace schnorr {

Expand Down Expand Up @@ -33,9 +34,9 @@ signature construct_signature(const std::string& message, const key_pair<Fr, G1>
// use HMAC in PRF mode to derive 32-byte secret `k`
std::vector<uint8_t> pkey_buffer;
write(pkey_buffer, private_key);
std::array<uint8_t, Hash::OUTPUT_SIZE> k_buffer = crypto::hmac<Hash>(message, pkey_buffer);

Fr k = Fr::serialize_from_buffer(&k_buffer[0]);
Fr k = crypto::get_unbiased_field_from_hmac<Hash, Fr>(message, pkey_buffer);

typename G1::affine_element R(G1::one * k);

std::vector<uint8_t> message_buffer;
Expand Down
17 changes: 15 additions & 2 deletions barretenberg/src/aztec/ecc/groups/affine_element.test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@
#include <fstream>
#include <common/serialize.hpp>

namespace test_affine_element {

using namespace barretenberg;

TEST(AffineElement, ReadWriteBuffer)
TEST(affine_element, read_write_buffer)
{
g1::affine_element P = g1::affine_element(g1::element::random_element());
g1::affine_element Q;
Expand All @@ -22,4 +24,15 @@ TEST(AffineElement, ReadWriteBuffer)

ASSERT_FALSE(P == Q);
ASSERT_TRUE(P == R);
}
}

// Regression test to ensure that the point at infinity is not equal to its coordinate-wise reduction, which may lie
// on the curve, depending on the y-coordinate.
TEST(affine_element, infinity_regression)
{
g1::affine_element P;
P.self_set_infinity();
g1::affine_element R(0, P.y);
ASSERT_FALSE(P == R);
}
} // namespace test_affine_element
7 changes: 5 additions & 2 deletions barretenberg/src/aztec/ecc/groups/affine_element_impl.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,11 @@ template <class Fq, class Fr, class T> constexpr bool affine_element<Fq, Fr, T>:
template <class Fq, class Fr, class T>
constexpr bool affine_element<Fq, Fr, T>::operator==(const affine_element& other) const noexcept
{
bool both_infinity = is_point_at_infinity() && other.is_point_at_infinity();
return both_infinity || ((x == other.x) && (y == other.y));
bool this_is_infinity = is_point_at_infinity();
bool other_is_infinity = other.is_point_at_infinity();
bool both_infinity = this_is_infinity && other_is_infinity;
bool only_one_is_infinity = this_is_infinity != other_is_infinity;
return !only_one_is_infinity && (both_infinity || ((x == other.x) && (y == other.y)));
}

/**
Expand Down
6 changes: 1 addition & 5 deletions barretenberg/src/aztec/plonk/composer/composer_base.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -259,12 +259,8 @@ std::shared_ptr<proving_key> ComposerBase::compute_proving_key_base(const size_t
}
poly.ifft(circuit_proving_key->small_domain);
polynomial poly_fft(poly, subgroup_size * 4 + 4);
poly_fft.coset_fft(circuit_proving_key->large_domain);

if (properties.use_mid_for_selectorfft) {
poly_fft.coset_fft(circuit_proving_key->mid_domain);
} else {
poly_fft.coset_fft(circuit_proving_key->large_domain);
}
circuit_proving_key->constraint_selectors.insert({ properties.name, std::move(poly) });
circuit_proving_key->constraint_selector_ffts.insert({ properties.name + "_fft", std::move(poly_fft) });
}
Expand Down
1 change: 0 additions & 1 deletion barretenberg/src/aztec/plonk/composer/composer_base.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,6 @@ class ComposerBase {
public:
struct SelectorProperties {
std::string name;
bool use_mid_for_selectorfft = false; // use middomain instead of large for selectorfft
bool requires_lagrange_base_polynomial = false; // does the prover need the raw lagrange-base selector values?
};

Expand Down
9 changes: 4 additions & 5 deletions barretenberg/src/aztec/plonk/composer/plookup_composer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,10 @@ namespace waffle {
std::vector<ComposerBase::SelectorProperties> plookup_sel_props()
{
std::vector<ComposerBase::SelectorProperties> result{
{ "q_m", false, true }, { "q_c", false, true }, { "q_1", false, false },
{ "q_2", false, true }, { "q_3", false, false }, { "q_4", false, false },
{ "q_5", false, false }, { "q_arith", false, false }, { "q_ecc_1", false, false },
{ "q_range", false, false }, { "q_sort", false, false }, { "q_logic", false, false },
{ "q_elliptic", false, false }, { "table_index", false, true }, { "table_type", false, true },
{ "q_m", true }, { "q_c", true }, { "q_1", false }, { "q_2", true },
{ "q_3", false }, { "q_4", false }, { "q_5", false }, { "q_arith", false },
{ "q_ecc_1", false }, { "q_range", false }, { "q_sort", false }, { "q_logic", false },
{ "q_elliptic", false }, { "table_index", true }, { "table_type", true },
};
return result;
}
Expand Down
6 changes: 1 addition & 5 deletions barretenberg/src/aztec/plonk/composer/standard_composer.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,8 @@ enum StandardSelectors {

inline std::vector<ComposerBase::SelectorProperties> standard_sel_props()
{
// We set the use_quotient_mid variable to false in composer settings so as to
// disallow fft computations of size 2n as the degrees of polynomials slighly change
// on introducing the new vanishing polynomial with some roots cut out.
std::vector<ComposerBase::SelectorProperties> result{
{ "q_m", false, false }, { "q_c", false, false }, { "q_1", false, false },
{ "q_2", false, false }, { "q_3", false, false },
{ "q_m", false }, { "q_c", false }, { "q_1", false }, { "q_2", false }, { "q_3", false },
};
return result;
}
Expand Down
32 changes: 31 additions & 1 deletion barretenberg/src/aztec/plonk/composer/standard_composer.test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,36 @@ namespace {
auto& engine = numeric::random::get_debug_engine();
}

TEST(standard_composer, base_case)
{
waffle::StandardComposer composer = waffle::StandardComposer();
fr a = fr::one();
composer.add_public_variable(a);

waffle::Prover prover = composer.create_prover();
waffle::Verifier verifier = composer.create_verifier();

waffle::plonk_proof proof = prover.construct_proof();

bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2);
EXPECT_EQ(result, true);
}

TEST(standard_composer, base_case_unrolled)
{
waffle::StandardComposer composer = waffle::StandardComposer();
fr a = fr::one();
composer.add_public_variable(a);

waffle::UnrolledProver prover = composer.create_unrolled_prover();
waffle::UnrolledVerifier verifier = composer.create_unrolled_verifier();

waffle::plonk_proof proof = prover.construct_proof();

bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2);
EXPECT_EQ(result, true);
}

TEST(standard_composer, composer_from_serialized_keys)
{
waffle::StandardComposer composer = waffle::StandardComposer();
Expand Down Expand Up @@ -701,4 +731,4 @@ TEST(standard_composer, test_fixed_group_add_gate)
bool result = verifier.verify_proof(proof);

EXPECT_EQ(result, true);
}
}
7 changes: 3 additions & 4 deletions barretenberg/src/aztec/plonk/composer/turbo_composer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,9 @@ namespace waffle {
std::vector<ComposerBase::SelectorProperties> turbo_sel_props()
{
const std::vector<ComposerBase::SelectorProperties> result{
{ "q_m", false, false }, { "q_c", false, false }, { "q_1", false, false },
{ "q_2", false, false }, { "q_3", false, false }, { "q_4", false, false },
{ "q_5", false, false }, { "q_arith", false, false }, { "q_ecc_1", false, false },
{ "q_range", false, false }, { "q_logic", false, false },
{ "q_m", false }, { "q_c", false }, { "q_1", false }, { "q_2", false },
{ "q_3", false }, { "q_4", false }, { "q_5", false }, { "q_arith", false },
{ "q_ecc_1", false }, { "q_range", false }, { "q_logic", false },
};
return result;
}
Expand Down
17 changes: 16 additions & 1 deletion barretenberg/src/aztec/plonk/composer/turbo_composer.test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,21 @@ TEST(turbo_composer, base_case)
EXPECT_EQ(result, true);
}

TEST(turbo_composer, base_case_unrolled)
{
waffle::TurboComposer composer = waffle::TurboComposer();
fr a = fr::one();
composer.add_public_variable(a);

waffle::UnrolledTurboProver prover = composer.create_unrolled_prover();
waffle::UnrolledTurboVerifier verifier = composer.create_unrolled_verifier();

waffle::plonk_proof proof = prover.construct_proof();

bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2);
EXPECT_EQ(result, true);
}

TEST(turbo_composer, composer_from_serialized_keys)
{
waffle::TurboComposer composer = waffle::TurboComposer();
Expand All @@ -37,7 +52,7 @@ TEST(turbo_composer, composer_from_serialized_keys)
auto vk_data = from_buffer<waffle::verification_key_data>(vk_buf);

auto crs = std::make_unique<waffle::FileReferenceStringFactory>("../srs_db");
auto proving_key = std::make_shared<waffle::proving_key>(std::move(pk_data), crs->get_prover_crs(pk_data.n));
auto proving_key = std::make_shared<waffle::proving_key>(std::move(pk_data), crs->get_prover_crs(pk_data.n + 1));
auto verification_key = std::make_shared<waffle::verification_key>(std::move(vk_data), crs->get_verifier_crs());

waffle::TurboComposer composer2 = waffle::TurboComposer(proving_key, verification_key);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,24 @@
using namespace barretenberg;
using namespace waffle;

TEST(commitment_scheme, kate_open)
TEST(commitment_scheme, kate_open)
{
// generate random polynomial F(X) = coeffs
size_t n = 256;
std::vector<fr> coeffs(n);
std::vector<fr> coeffs(n + 1);
for (size_t i = 0; i < n; ++i) {
coeffs[i] = fr::random_element();
}
std::vector<fr> W(coeffs.begin(), coeffs.end());
coeffs[n] = 0;

// generate random evaluation point z
fr z = fr::random_element();

// compute opening polynomial W(X), and evaluation f = F(z)
transcript::StandardTranscript inp_tx = transcript::StandardTranscript({});
waffle::KateCommitmentScheme<turbo_settings> newKate;

// std::shared_ptr<ReferenceStringFactory> crs_factory = (new FileReferenceStringFactory("../srs_db"));
auto file_crs = std::make_shared<waffle::FileReferenceStringFactory>("../srs_db");
auto crs = file_crs->get_prover_crs(n);
Expand All @@ -47,29 +48,28 @@ TEST(commitment_scheme, kate_open)
fr f_y = polynomial_arithmetic::evaluate(&coeffs[0], y, n);
fr f = polynomial_arithmetic::evaluate(&coeffs[0], z, n);

newKate.compute_opening_polynomial(&coeffs[0], &W[0], z, n, "W_COMM", fr(0), queue);
newKate.compute_opening_polynomial(&coeffs[0], &W[0], z, n, "W_COMM", fr(0), queue);
queue.process_queue();

// check if W(y)(y - z) = F(y) - F(z)
fr w_y = polynomial_arithmetic::evaluate(&W[0], y, n);
fr w_y = polynomial_arithmetic::evaluate(&W[0], y, n - 1);
fr y_minus_z = y - z;
fr f_y_minus_f = f_y - f;

EXPECT_EQ(w_y * y_minus_z, f_y_minus_f);

}

TEST(commitment_scheme, kate_batch_open)
TEST(commitment_scheme, kate_batch_open)
{
// generate random evaluation points [z_1, z_2, ...]
size_t t = 8;
std::vector<fr> z_points(t);
std::vector<fr> z_points(t);
for (size_t k = 0; k < t; ++k) {
z_points[k] = fr::random_element();
}

// generate random polynomials F(X) = coeffs
//
//
// z_1 -> [F_{1,1}, F_{1,2}, F_{1, 3}, ..., F_{1, m}]
// z_2 -> [F_{2,1}, F_{2,2}, F_{2, 3}, ..., F_{2, m}]
// ...
Expand All @@ -87,11 +87,11 @@ TEST(commitment_scheme, kate_batch_open)
}
}
}

// setting up the Kate commitment scheme class
transcript::StandardTranscript inp_tx = transcript::StandardTranscript({});
waffle::KateCommitmentScheme<turbo_settings> newKate;

auto file_crs = std::make_shared<waffle::FileReferenceStringFactory>("../srs_db");
auto crs = file_crs->get_prover_crs(n);
auto circuit_proving_key = std::make_shared<proving_key>(n, 0, crs);
Expand All @@ -100,9 +100,12 @@ TEST(commitment_scheme, kate_batch_open)
// commit to individual polynomials
for (size_t k = 0; k < t; ++k) {
for (size_t j = 0; j < m; ++j) {
newKate.commit(&coeffs[k * m * n + j * n], "F_{" + std::to_string(k + 1) + ", " + std::to_string(j + 1) + "}", 0, queue);
newKate.commit(&coeffs[k * m * n + j * n],
"F_{" + std::to_string(k + 1) + ", " + std::to_string(j + 1) + "}",
0,
queue);
}
}
}
queue.process_queue();

// create random challenges, tags and item_constants
Expand All @@ -117,7 +120,8 @@ TEST(commitment_scheme, kate_batch_open)

// compute opening polynomials W_1, W_2, ..., W_t
std::vector<fr> W(n * t);
newKate.generic_batch_open(&coeffs[0], &W[0], m, &z_points[0], t, &challenges[0], n, &tags[0], &item_constants[0], queue);
newKate.generic_batch_open(
&coeffs[0], &W[0], m, &z_points[0], t, &challenges[0], n, &tags[0], &item_constants[0], queue);
queue.process_queue();

// check if W_{k}(y) * (y - z_k) = \sum_{j} challenge[k]^{j - 1} * [F_{k, j}(y) - F_{k, j}(z_k)]
Expand All @@ -134,8 +138,8 @@ TEST(commitment_scheme, kate_batch_open)
for (size_t j = 0; j < m; ++j) {

// compute evaluations of source polynomials at y and z_points
fr f_kj_at_y = polynomial_arithmetic::evaluate(&coeffs[k * m * n + j * n], y, n);
fr f_kj_at_z = polynomial_arithmetic::evaluate(&coeffs[k * m * n + j * n], z_points[k], n);
fr f_kj_at_y = polynomial_arithmetic::evaluate(&coeffs[k * m * n + j * n], y, n);
fr f_kj_at_z = polynomial_arithmetic::evaluate(&coeffs[k * m * n + j * n], z_points[k], n);

// compute rhs
fr f_term = f_kj_at_y - f_kj_at_z;
Expand All @@ -146,4 +150,3 @@ TEST(commitment_scheme, kate_batch_open)
EXPECT_EQ(lhs, rhs);
}
}

Loading

0 comments on commit ddf7ae7

Please sign in to comment.